aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-05-09 12:31:39 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-05-09 12:31:39 +0200
commit408246a7cd0f8931f224d9d4d8e4469ab7bc6a21 (patch)
tree9726e6807e9cc0ca4b7603068f314a31a14349d1 /id
parentbb06ad890498e2428c3f4268ae2f732a0f75bd77 (diff)
parent719b06ae04a8d96bf24268a4e25a0cd7b0768e95 (diff)
downloadmoa-id-spss-408246a7cd0f8931f224d9d4d8e4469ab7bc6a21.tar.gz
moa-id-spss-408246a7cd0f8931f224d9d4d8e4469ab7bc6a21.tar.bz2
moa-id-spss-408246a7cd0f8931f224d9d4d8e4469ab7bc6a21.zip
merge SSO interfederation into Snapshot branch
Conflicts: id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
Diffstat (limited to 'id')
-rw-r--r--id/ConfigWebTool/pom.xml39
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java172
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java50
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java421
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java17
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java64
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java542
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java767
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java186
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java72
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java73
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java77
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java58
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java78
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java368
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/BasicOAActionException.java61
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java56
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java14
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java452
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java1070
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java46
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java441
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java13
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java59
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java75
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java1
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java1
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java (renamed from id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java)142
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java135
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java7
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java154
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_de.properties24
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_en.properties24
-rw-r--r--id/ConfigWebTool/src/main/resources/struts.xml77
-rw-r--r--id/ConfigWebTool/src/main/webapp/css/index.css6
-rw-r--r--id/ConfigWebTool/src/main/webapp/js/common.js2
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp651
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/interfederation/idplist.jsp60
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/interfederation/moa_idp.jsp66
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/interfederation/vidp.jsp70
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/listOAs.jsp4
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp97
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/blank.jsp8
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/formCustomization.jsp209
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/generalInformation.jsp43
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/interfederation.jsp33
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/openIDConnect.jsp21
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/pvp2.jsp28
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/saml1.jsp66
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/sso.jsp39
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp38
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp115
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/vidp.jsp36
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp4
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/oas_list.jsp14
-rw-r--r--id/oa/pom.xml24
-rw-r--r--id/pom.xml25
-rw-r--r--id/server/auth/pom.xml24
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml6
-rw-r--r--id/server/doc/handbook/config/config.html10
-rw-r--r--id/server/idserverlib/pom.xml23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java121
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java628
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java109
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java40
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java85
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java148
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java166
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java386
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java1067
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java86
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java155
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java58
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java89
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java227
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java183
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java80
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java178
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java347
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java424
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java92
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java361
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java124
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java144
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java55
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java185
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java152
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java25
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java186
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java198
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java40
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java35
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java)46
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java50
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java)112
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java66
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java77
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java154
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java111
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java85
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java93
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java124
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java76
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java82
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java)7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java58
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java177
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java84
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java45
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java35
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java80
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java58
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java586
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java105
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java25
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties3
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java3
-rw-r--r--id/server/moa-id-commons/pom.xml37
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java43
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java195
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java36
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java18
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java42
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java129
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java)21
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java)5
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ObservableImpl.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java)2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java)10
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java)4
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java)4
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java71
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java186
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ValidationConfigurationImpl.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java)14
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/TargetValidator.java (renamed from id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java)2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java (renamed from id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java)9
-rw-r--r--id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java100
-rw-r--r--id/server/moa-id-commons/src/main/resources/config/bindings.xjb5
-rw-r--r--id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd33
-rw-r--r--id/server/pom.xml2
-rw-r--r--id/server/proxy/pom.xml2
262 files changed, 13435 insertions, 5058 deletions
diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml
index 57aa5c794..aaadb1969 100644
--- a/id/ConfigWebTool/pom.xml
+++ b/id/ConfigWebTool/pom.xml
@@ -3,13 +3,13 @@
<parent>
<groupId>MOA</groupId>
<artifactId>id</artifactId>
- <version>2.0.1</version>
+ <version>2.0.x</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>MOA.id</groupId>
<artifactId>moa-id-configuration</artifactId>
- <version>1.0.1</version>
+ <version>${configtool-version}</version>
<packaging>war</packaging>
<name>MOA-ID 2.0 Configuration Tool</name>
<description>Web based Configuration Tool for MOA-ID 2.x</description>
@@ -73,7 +73,6 @@
<dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
- <!-- <version>1.9.98-SNAPSHOT</version> -->
<exclusions>
<exclusion>
<groupId>*</groupId>
@@ -142,20 +141,42 @@
</dependencies>
<build>
+ <pluginManagement>
<plugins>
- <plugin>
+
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
+ <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>2.4</version>
<configuration>
<archive>
<manifestEntries>
- <version>${project.version}</version>
+ <version>${configtool-version}</version>
</manifestEntries>
- </archive>
- </configuration>
-</plugin>
- </plugins>
+ </archive>
+ </configuration>
+ </plugin>
+ </plugins>
+ </pluginManagement>
</build>
</project>
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
index 70241fafb..df1faa7c0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
@@ -82,9 +82,7 @@ public class Constants {
public static final String DEFAULT_LOCALBKU_URL = "https://127.0.0.1:3496/https-security-layer-request";
public static final String DEFAULT_HANDYBKU_URL = "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx";
-
- public static final String PUBLICSERVICE_URL_POSTFIX = ".gv.at";
-
+
public static final String IDENIFICATIONTYPE_FN = "FN";
public static final String IDENIFICATIONTYPE_ERSB = "ERSB";
public static final String IDENIFICATIONTYPE_ZVR = "ZVR";
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java
index b7da86db7..330ed7036 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java
@@ -24,6 +24,9 @@ package at.gv.egovernment.moa.id.configuration.auth;
import java.util.Date;
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom;
import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper;
public class AuthenticatedUser {
@@ -39,27 +42,89 @@ public class AuthenticatedUser {
private String institute;
private String userName;
private Date lastLogin;
-
- public AuthenticatedUser() {
+
+ private boolean onlyBusinessService = false;
+ private String businessServiceType;
+ private String businessServiceNumber;
+
+ private AuthenticatedUser() {
}
- public AuthenticatedUser(long userID, String givenName, String familyName, String institute,
- String userName, boolean isAuthenticated, boolean isAdmin, boolean isMandateUser,
+ public static AuthenticatedUser generateDefaultUser() {
+
+ AuthenticatedUser user = new AuthenticatedUser();
+ user.familyName = "TestUser";
+ user.givenName = "Max";
+ user.userName = "maxtestuser";
+ user.userID = 0;
+ user.institute = new String();
+ user.isAdmin = true;
+ user.isAuthenticated = true;
+ user.isMandateUser = false;
+ user.isPVP2Login = false;
+ user.lastLogin = new Date();
+
+ return user;
+ }
+
+ public static AuthenticatedUser generateUserRequestUser(UserDatabaseFrom form) {
+
+ AuthenticatedUser user = new AuthenticatedUser();
+ user.familyName = form.getFamilyName();
+ user.givenName = form.getGivenName();
+ user.userName = form.getUsername();
+ user.userID = 0;
+ user.institute = form.getInstitut();
+ user.isAdmin = false;
+ user.isAuthenticated = false;
+ user.isMandateUser = form.isIsmandateuser();
+ user.isPVP2Login = form.isPVPGenerated();
+ user.lastLogin = new Date();
+
+ return user;
+ }
+
+ public AuthenticatedUser(UserDatabase userdb, boolean isAuthenticated, boolean isMandateUser,
boolean isPVP2Login) {
- this.familyName = familyName;
- this.givenName = givenName;
- this.userName = userName;
- this.userID = userID;
- this.institute = institute;
- this.isAdmin = isAdmin;
+ this.familyName = userdb.getFamilyname();
+ this.givenName = userdb.getGivenname();
+ this.userName = userdb.getUsername();
+ this.userID = userdb.getHjid();
+ this.institute = userdb.getInstitut();
+ this.isAdmin = userdb.isIsAdmin();
this.isAuthenticated = isAuthenticated;
this.isMandateUser = isMandateUser;
this.isPVP2Login = isPVP2Login;
this.lastLogin = new Date();
+
+ if (!this.isAdmin) generateUserSpecificConfigurationOptions(userdb);
}
+
+ private void generateUserSpecificConfigurationOptions(UserDatabase userdb) {
+
+ if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) {
+ String bpk = userdb.getBpk();
+ if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN) || bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_ZVR) || bpk.startsWith(Constants.IDENIFICATIONTYPE_STORK)) {
+ onlyBusinessService = true;
+
+ String[] split = bpk.split("\\+");
+ this.businessServiceType = split[1].substring(1);
+
+ if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN))
+ this.businessServiceNumber = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(split[2]);
+ else
+ this.businessServiceNumber = split[2];
+
+ } else
+ onlyBusinessService = false;
+
+ }
+
+ }
+
public String getFormatedLastLogin() {
return DateTimeHelper.getDateTime(lastLogin);
}
@@ -72,13 +137,6 @@ public class AuthenticatedUser {
}
/**
- * @param isAuthenticated the isAuthenticated to set
- */
- public void setAuthenticated(boolean isAuthenticated) {
- this.isAuthenticated = isAuthenticated;
- }
-
- /**
* @return the isAdmin
*/
public boolean isAdmin() {
@@ -86,13 +144,6 @@ public class AuthenticatedUser {
}
/**
- * @param isAdmin the isAdmin to set
- */
- public void setAdmin(boolean isAdmin) {
- this.isAdmin = isAdmin;
- }
-
- /**
* @return the userID
*/
public long getUserID() {
@@ -100,13 +151,6 @@ public class AuthenticatedUser {
}
/**
- * @param userID the userID to set
- */
- public void setUserID(long userID) {
- this.userID = userID;
- }
-
- /**
* @return the givenName
*/
public String getGivenName() {
@@ -114,13 +158,6 @@ public class AuthenticatedUser {
}
/**
- * @param givenName the givenName to set
- */
- public void setGivenName(String givenName) {
- this.givenName = givenName;
- }
-
- /**
* @return the familyName
*/
public String getFamilyName() {
@@ -128,25 +165,11 @@ public class AuthenticatedUser {
}
/**
- * @param familyName the familyName to set
- */
- public void setFamilyName(String familyName) {
- this.familyName = familyName;
- }
-
- /**
* @return the lastLogin
*/
public Date getLastLogin() {
return lastLogin;
}
-
- /**
- * @param lastLogin the lastLogin to set
- */
- public void setLastLogin(Date lastLogin) {
- this.lastLogin = lastLogin;
- }
/**
* @return the userName
@@ -156,54 +179,57 @@ public class AuthenticatedUser {
}
/**
- * @param userName the userName to set
+ * @return the institute
*/
- public void setUserName(String userName) {
- this.userName = userName;
+ public String getInstitute() {
+ return institute;
}
/**
- * @return the institute
+ * @return the isPVP2Login
*/
- public String getInstitute() {
- return institute;
+ public boolean isPVP2Login() {
+ return isPVP2Login;
}
/**
- * @param institute the institute to set
+ * @return the isMandateUser
*/
- public void setInstitute(String institute) {
- this.institute = institute;
+ public boolean isMandateUser() {
+ return isMandateUser;
}
/**
- * @return the isPVP2Login
+ * @return the onlyBusinessService
*/
- public boolean isPVP2Login() {
- return isPVP2Login;
+ public boolean isOnlyBusinessService() {
+ return onlyBusinessService;
}
/**
- * @param isPVP2Login the isPVP2Login to set
+ * @return the businessServiceType
*/
- public void setPVP2Login(boolean isPVP2Login) {
- this.isPVP2Login = isPVP2Login;
+ public String getBusinessServiceType() {
+ return businessServiceType;
}
/**
- * @return the isMandateUser
+ * @return the businessServiceNumber
*/
- public boolean isMandateUser() {
- return isMandateUser;
+ public String getBusinessServiceNumber() {
+ return businessServiceNumber;
}
/**
- * @param isMandateUser the isMandateUser to set
+ * @param lastLogin the lastLogin to set
*/
- public void setMandateUser(boolean isMandateUser) {
- this.isMandateUser = isMandateUser;
+ public void setLastLogin(Date lastLogin) {
+ this.lastLogin = lastLogin;
}
+
+
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index bcc9a87ab..84af0d225 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -41,7 +41,7 @@ import java.util.jar.Manifest;
import javax.servlet.http.HttpServletRequest;
-import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
import org.apache.log4j.Logger;
import org.opensaml.DefaultBootstrap;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
@@ -49,7 +49,11 @@ import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.x509.BasicX509Credential;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter;
import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
@@ -436,6 +440,26 @@ public class ConfigurationProvider {
return parseVersionFromManifest();
}
+ public String getCertStoreDirectory() throws CertificateException {
+ String dir = props.getProperty("general.ssl.certstore");
+ if (MiscUtil.isNotEmpty(dir))
+ return FileUtils.makeAbsoluteURL(dir, configRootDir);
+
+ else
+ throw new CertificateException("No SSLCertStore configured use default JAVA TrustStore.");
+
+ }
+
+ public String getTrustStoreDirectory() throws CertificateException {
+ String dir = props.getProperty("general.ssl.truststore");
+ if (MiscUtil.isNotEmpty(dir))
+ return FileUtils.makeAbsoluteURL(dir, configRootDir);
+
+ else
+ throw new CertificateException("No SSLTrustStore configured use default JAVA TrustStore.");
+
+ }
+
private void initalPVP2Login() throws ConfigurationException {
try {
@@ -458,8 +482,28 @@ public class ConfigurationProvider {
log.info("NO IDP Metadata URL.");
throw new ConfigurationException("NO IDP Metadata URL.");
}
-
- idpMetadataProvider = new HTTPMetadataProvider(new Timer(), new HttpClient(), metadataurl);
+
+ MOAHttpClient httpClient = new MOAHttpClient();
+
+ if (metadataurl.startsWith("https:")) {
+ try {
+ MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+ "MOAMetaDataProvider",
+ AuthConfigurationProvider.getInstance().getCertstoreDirectory(),
+ AuthConfigurationProvider.getInstance().getTrustedCACertificates(),
+ null,
+ ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()),
+ AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking());
+
+ httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory);
+
+ } catch (MOAHttpProtocolSocketFactoryException e) {
+ log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
+
+ }
+ }
+
+ idpMetadataProvider = new HTTPMetadataProvider(new Timer(), httpClient, metadataurl);
idpMetadataProvider.setRequireValidMetadata(true);
idpMetadataProvider.setParserPool(new BasicParserPool());
idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential));
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
index 687925c18..25f20372a 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
@@ -22,20 +22,40 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.configuration.data;
+import java.io.File;
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.apache.log4j.Logger;
+
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationType;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
+import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData;
+import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationValitator;
+import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation;
import at.gv.egovernment.moa.id.util.FormBuildUtils;
import at.gv.egovernment.moa.util.MiscUtil;
-public class FormularCustomization {
+public class FormularCustomization implements IOnlineApplicationData {
+ private static final Logger log = Logger.getLogger(FormularCustomization.class);
+
private boolean showMandateLoginButton = true;
private boolean onlyMandateAllowed = false;
@@ -52,25 +72,79 @@ public class FormularCustomization {
private String applet_height = null;
private String applet_width = null;
+ private Map<String, String> map = null;
private String appletRedirectTarget = null;
public static List<String> appletRedirectTargetList = null;
-
+
public static List<String> fontTypeList = null;
public String fontTypeListValue = null;
+ private Map<String, byte[]> sendAssertionForm = new HashMap<String, byte[]>();
+ private Map<String, byte[]> bkuSelectionForm = new HashMap<String, byte[]>();
+
+ private List<File> bkuSelectionFileUpload = null;
+ private List<String> bkuSelectionFileUploadContentType = null;
+ private List<String> bkuSelectionFileUploadFileName = new ArrayList<String>();
+ private boolean deleteBKUTemplate = false;
+
+ private List<File> sendAssertionFileUpload = null;
+ private List<String> sendAssertionFileUploadContentType = null;
+ private List<String> sendAssertionFileUploadFileName = new ArrayList<String>();;
+ private boolean deleteSendAssertionTemplate = false;
+
+ private String aditionalAuthBlockText = null;
+ private boolean isHideBPKAuthBlock = false;
+
public FormularCustomization() {
+ new FormularCustomization(null);
+ }
+
+ public FormularCustomization(Map<String, String> map) {
appletRedirectTargetList = Arrays.asList("","_blank","_self","_parent","_top");
fontTypeList = Arrays.asList("","Verdana","Geneva","Arial","Helvetica","sans-serif","Times New Roman");
Collections.sort(fontTypeList);
+
+ if (map == null)
+ this.map = new HashMap<String, String>();
+ else
+ this.map = map;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
+ */
+ @Override
+ public String getName() {
+ return "OAFormularCustomization";
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) {
+ AuthComponentOA auth = dbOA.getAuthComponentOA();
+
+ if (dbOA.getAuthComponentOA() != null)
+ isHideBPKAuthBlock = dbOA.isRemoveBPKFromAuthBlock();
- public void parse(OnlineApplication dbOAConfig, Map<String, String> map) {
- AuthComponentOA auth = dbOAConfig.getAuthComponentOA();
-
if (auth != null) {
TemplatesType templates = auth.getTemplates();
- if (templates != null) {
+
+ if (templates != null) {
+ aditionalAuthBlockText = templates.getAditionalAuthBlockText();
+
+ TransformsInfoType bkuSelectTemplate = templates.getBKUSelectionTemplate();
+ if (bkuSelectTemplate != null && MiscUtil.isNotEmpty(bkuSelectTemplate.getFilename())) {
+ bkuSelectionFileUploadFileName.add(bkuSelectTemplate.getFilename());
+ }
+
+ TransformsInfoType sendAssertionTemplate = templates.getSendAssertionTemplate();
+ if (sendAssertionTemplate != null && MiscUtil.isNotEmpty(sendAssertionTemplate.getFilename())) {
+ sendAssertionFileUploadFileName.add(sendAssertionTemplate.getFilename());
+ }
+
BKUSelectionCustomizationType formcustom = templates.getBKUSelectionCustomization();
if (formcustom != null) {
@@ -140,8 +214,179 @@ public class FormularCustomization {
}
}
}
+
+ request.getSession().setAttribute(Constants.SESSION_BKUFORMPREVIEW, map);
+
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+
+ AuthComponentOA authoa = dbOA.getAuthComponentOA();
+ if (authoa == null) {
+ authoa = new AuthComponentOA();
+ dbOA.setAuthComponentOA(authoa);
+ }
+
+ dbOA.setRemoveBPKFromAuthBlock(isHideBPKAuthBlock());
+
+ TemplatesType templates = authoa.getTemplates();
+ if (templates == null) {
+ templates = new TemplatesType();
+ authoa.setTemplates(templates);
+ }
+
+ templates.setAditionalAuthBlockText(getAditionalAuthBlockText());
+
+ //store BKU-selection and send-assertion templates
+ if (authUser.isAdmin()) {
+
+ if (isDeleteBKUTemplate())
+ templates.setBKUSelectionTemplate(null);
+
+ if (isDeleteSendAssertionTemplate())
+ templates.setSendAssertionTemplate(null);
+
+
+ if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) {
+ TransformsInfoType template = new TransformsInfoType();
+
+ Iterator<String> interator = bkuSelectionForm.keySet().iterator();
+ template.setFilename(interator.next());
+ template.setTransformation(bkuSelectionForm.get(
+ template.getFilename()));
+
+ templates.setBKUSelectionTemplate(template);
+ }
+
+ if (sendAssertionForm != null && sendAssertionForm.size() > 0) {
+ TransformsInfoType template = new TransformsInfoType();
+
+ Iterator<String> interator = sendAssertionForm.keySet().iterator();
+ template.setFilename(interator.next());
+ template.setTransformation(sendAssertionForm.get(
+ template.getFilename()));
+
+ templates.setSendAssertionTemplate(template);
+ }
+ }
+
+ BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization();
+ if (bkuselectioncustom == null) {
+ bkuselectioncustom = new BKUSelectionCustomizationType();
+ templates.setBKUSelectionCustomization(bkuselectioncustom);
+ }
+
+ if (authoa.getMandates() != null &&
+ (authoa.getMandates().getProfileName() != null
+ && authoa.getMandates().getProfileName().size() > 0)
+ || MiscUtil.isNotEmpty(authoa.getMandates().getProfiles()))
+
+ bkuselectioncustom.setMandateLoginButton(true);
+ else
+ bkuselectioncustom.setMandateLoginButton(false);
+
+ bkuselectioncustom.setOnlyMandateLoginAllowed(isOnlyMandateAllowed());
+
+ bkuselectioncustom.setBackGroundColor(parseColor(getBackGroundColor()));
+ bkuselectioncustom.setFrontColor(parseColor(getFrontColor()));
+
+ bkuselectioncustom.setHeaderBackGroundColor(parseColor(getHeader_BackGroundColor()));
+ bkuselectioncustom.setHeaderFrontColor(parseColor(getHeader_FrontColor()));
+ bkuselectioncustom.setHeaderText(getHeader_text());
+
+ bkuselectioncustom.setButtonBackGroundColor(parseColor(getButton_BackGroundColor()));
+ bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(getButton_BackGroundColorFocus()));
+ bkuselectioncustom.setButtonFontColor(parseColor(getButton_FrontColor()));
+
+ if (MiscUtil.isNotEmpty(getAppletRedirectTarget()))
+ bkuselectioncustom.setAppletRedirectTarget(getAppletRedirectTarget());
+
+ bkuselectioncustom.setFontType(getFontType());
+
+ bkuselectioncustom.setAppletHeight(getApplet_height());
+ bkuselectioncustom.setAppletWidth(getApplet_width());
+
+
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+
+ HttpSession session = request.getSession();
+ List<String> errors = new ArrayList<String>();
+
+ String check = null;
+ if (authUser.isAdmin()) {
+ //validate aditionalAuthBlockText
+ check = getAditionalAuthBlockText();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ }
+ }
+ }
+
+ OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation();
+ //validate BKU-selection template
+ List<String> templateError = valiator_fileUpload.validate(getBkuSelectionFileUploadFileName()
+ , getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm, request);
+ if (templateError != null && templateError.size() == 0) {
+ if (bkuSelectionForm != null && bkuSelectionForm.size() > 0)
+ session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm);
+
+ else
+ bkuSelectionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE);
+
+ } else {
+ errors.addAll(templateError);
+
+ }
+
+ //validate send-assertion template
+ templateError = valiator_fileUpload.validate(getSendAssertionFileUploadFileName()
+ , getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm, request);
+ if (templateError != null && templateError.size() == 0) {
+ if (sendAssertionForm != null && sendAssertionForm.size() > 0)
+ session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm);
+
+ else
+ sendAssertionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE);
+
+ } else {
+ errors.addAll(templateError);
+
+ }
+
+ //validate BKUFormCustomization
+ errors.addAll(new FormularCustomizationValitator().validate(this, request));
+
+ return errors;
}
+ private String parseColor(String color) {
+ String value = "";
+
+ if (MiscUtil.isNotEmpty(color)) {
+ if (!color.startsWith("#"))
+ value = "#" + color;
+ else
+ value = color;
+ }
+ return value;
+ }
/**
* @return the showMandateLoginButton
@@ -389,9 +634,165 @@ public class FormularCustomization {
public void setApplet_width(String applet_width) {
this.applet_width = applet_width;
}
-
-
-
-
+
+
+ /**
+ * @return the bkuSelectionFileUpload
+ */
+ public List<File> getBkuSelectionFileUpload() {
+ return bkuSelectionFileUpload;
+ }
+
+
+ /**
+ * @param bkuSelectionFileUpload the bkuSelectionFileUpload to set
+ */
+ public void setBkuSelectionFileUpload(List<File> bkuSelectionFileUpload) {
+ this.bkuSelectionFileUpload = bkuSelectionFileUpload;
+ }
+
+
+ /**
+ * @return the bkuSelectionFileUploadContentType
+ */
+ public List<String> getBkuSelectionFileUploadContentType() {
+ return bkuSelectionFileUploadContentType;
+ }
+
+
+ /**
+ * @param bkuSelectionFileUploadContentType the bkuSelectionFileUploadContentType to set
+ */
+ public void setBkuSelectionFileUploadContentType(
+ List<String> bkuSelectionFileUploadContentType) {
+ this.bkuSelectionFileUploadContentType = bkuSelectionFileUploadContentType;
+ }
+
+
+ /**
+ * @return the bkuSelectionFileUploadFileName
+ */
+ public List<String> getBkuSelectionFileUploadFileName() {
+ return bkuSelectionFileUploadFileName;
+ }
+
+
+ /**
+ * @param bkuSelectionFileUploadFileName the bkuSelectionFileUploadFileName to set
+ */
+ public void setBkuSelectionFileUploadFileName(
+ List<String> bkuSelectionFileUploadFileName) {
+ this.bkuSelectionFileUploadFileName = bkuSelectionFileUploadFileName;
+ }
+
+
+ /**
+ * @return the sendAssertionFileUpload
+ */
+ public List<File> getSendAssertionFileUpload() {
+ return sendAssertionFileUpload;
+ }
+
+
+ /**
+ * @param sendAssertionFileUpload the sendAssertionFileUpload to set
+ */
+ public void setSendAssertionFileUpload(List<File> sendAssertionFileUpload) {
+ this.sendAssertionFileUpload = sendAssertionFileUpload;
+ }
+
+
+ /**
+ * @return the sendAssertionFileUploadContentType
+ */
+ public List<String> getSendAssertionFileUploadContentType() {
+ return sendAssertionFileUploadContentType;
+ }
+
+
+ /**
+ * @param sendAssertionFileUploadContentType the sendAssertionFileUploadContentType to set
+ */
+ public void setSendAssertionFileUploadContentType(
+ List<String> sendAssertionFileUploadContentType) {
+ this.sendAssertionFileUploadContentType = sendAssertionFileUploadContentType;
+ }
+
+
+ /**
+ * @return the sendAssertionFileUploadFileName
+ */
+ public List<String> getSendAssertionFileUploadFileName() {
+ return sendAssertionFileUploadFileName;
+ }
+
+
+ /**
+ * @param sendAssertionFileUploadFileName the sendAssertionFileUploadFileName to set
+ */
+ public void setSendAssertionFileUploadFileName(
+ List<String> sendAssertionFileUploadFileName) {
+ this.sendAssertionFileUploadFileName = sendAssertionFileUploadFileName;
+ }
+
+
+ /**
+ * @return the deleteBKUTemplate
+ */
+ public boolean isDeleteBKUTemplate() {
+ return deleteBKUTemplate;
+ }
+
+
+ /**
+ * @param deleteBKUTemplate the deleteBKUTemplate to set
+ */
+ public void setDeleteBKUTemplate(boolean deleteBKUTemplate) {
+ this.deleteBKUTemplate = deleteBKUTemplate;
+ }
+
+
+ /**
+ * @return the deleteSendAssertionTemplate
+ */
+ public boolean isDeleteSendAssertionTemplate() {
+ return deleteSendAssertionTemplate;
+ }
+
+
+ /**
+ * @param deleteSendAssertionTemplate the deleteSendAssertionTemplate to set
+ */
+ public void setDeleteSendAssertionTemplate(boolean deleteSendAssertionTemplate) {
+ this.deleteSendAssertionTemplate = deleteSendAssertionTemplate;
+ }
+
+ /**
+ * @return the aditionalAuthBlockText
+ */
+ public String getAditionalAuthBlockText() {
+ return aditionalAuthBlockText;
+ }
+
+ /**
+ * @param aditionalAuthBlockText the aditionalAuthBlockText to set
+ */
+ public void setAditionalAuthBlockText(String aditionalAuthBlockText) {
+ this.aditionalAuthBlockText = aditionalAuthBlockText;
+ }
+
+ /**
+ * @return the isHideBPKAuthBlock
+ */
+ public boolean isHideBPKAuthBlock() {
+ return isHideBPKAuthBlock;
+ }
+
+ /**
+ * @param isHideBPKAuthBlock the isHideBPKAuthBlock to set
+ */
+ public void setHideBPKAuthBlock(boolean isHideBPKAuthBlock) {
+ this.isHideBPKAuthBlock = isHideBPKAuthBlock;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java
index 69bf5dc0c..c4a825589 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java
@@ -24,11 +24,21 @@ package at.gv.egovernment.moa.id.configuration.data;
public class OAListElement {
+ public enum ServiceType {OA, VIDP, IDP}
+
private long dataBaseID;
private String oaIdentifier;
private String oaFriendlyName;
private String oaType;
private boolean isActive;
+ private ServiceType serviceType;
+
+ /**
+ *
+ */
+ public OAListElement(ServiceType type) {
+ this.serviceType = type;
+ }
/**
@@ -95,5 +105,10 @@ public class OAListElement {
public String getIsActive(){
return String.valueOf(isActive);
}
-
+ /**
+ * @return the serviceType
+ */
+ public String getServiceType() {
+ return serviceType.name();
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java
new file mode 100644
index 000000000..37f8fbc07
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.configuration.data.oa;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IOnlineApplicationData {
+
+ public String getName();
+
+ /**
+ * Parse OnlineApplication database object to formData
+ * @param dbOAConfig
+ * @return List of Errors
+ */
+ public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request);
+
+ /**
+ * Store formData to OnlineApplication database object
+ * @param dboa: Database data object
+ * @param authUser
+ * @param request:
+ * @return Error description
+ */
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request);
+
+ /**
+ * Validate formData
+ * @param general
+ * @param request
+ * @return
+ */
+ public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser, HttpServletRequest request);
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
new file mode 100644
index 000000000..cb60a21a0
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
@@ -0,0 +1,542 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.configuration.data.oa;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
+import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
+import at.gv.egovernment.moa.id.configuration.validation.oa.OAAuthenticationDataValidation;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class OAAuthenticationData implements IOnlineApplicationData {
+
+ private String bkuOnlineURL = null;
+ private String bkuHandyURL = null;
+ private String bkuLocalURL = null;
+
+ private String mandateProfiles = null;
+ private boolean useMandates = false;
+
+ private boolean calculateHPI = false;
+
+ private String keyBoxIdentifier = null;
+ private static Map<String, String> keyBoxIdentifierList;
+
+ private boolean legacy = false;
+ List<String> SLTemplates = null;
+
+ private Map<String, byte[]> transformations;
+
+ /**
+ *
+ */
+ public OAAuthenticationData() {
+ keyBoxIdentifierList = new HashMap<String, String>();
+ MOAKeyBoxSelector[] values = MOAKeyBoxSelector.values();
+ for (int i=0; i<values.length; i++) {
+ keyBoxIdentifierList.put(values[i].value(), values[i].value());
+ }
+
+ keyBoxIdentifier = MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR.value();
+
+ bkuLocalURL = Constants.DEFAULT_LOCALBKU_URL;
+ bkuHandyURL = Constants.DEFAULT_HANDYBKU_URL;
+
+ MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
+ if (moaidconfig != null) {
+ DefaultBKUs defaultbkus = moaidconfig.getDefaultBKUs();
+ if (defaultbkus != null) {
+ setBkuHandyURL(defaultbkus.getHandyBKU());
+ setBkuLocalURL(defaultbkus.getLocalBKU());
+ setBkuOnlineURL(defaultbkus.getOnlineBKU());
+ }
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
+ */
+ @Override
+ public String getName() {
+ return "OAAuthenticationData";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) {
+ keyBoxIdentifier = dbOA.getKeyBoxIdentifier().value();
+
+ AuthComponentOA oaauth = dbOA.getAuthComponentOA();
+ if (oaauth != null) {
+ BKUURLS bkuurls = oaauth.getBKUURLS();
+
+ String defaulthandy = "";
+ String defaultlocal = "";
+ String defaultonline = "";
+
+ MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration();
+ if (dbconfig != null) {
+ DefaultBKUs defaultbkus = dbconfig.getDefaultBKUs();
+ if (defaultbkus != null) {
+ defaulthandy = defaultbkus.getHandyBKU();
+ defaultlocal = defaultbkus.getLocalBKU();
+ defaultonline = defaultbkus.getOnlineBKU();
+ }
+ }
+
+ if (bkuurls != null) {
+
+ if (MiscUtil.isEmpty(bkuurls.getHandyBKU()))
+ bkuHandyURL = defaulthandy;
+ else
+ bkuHandyURL = bkuurls.getHandyBKU();
+
+ if (MiscUtil.isEmpty(bkuurls.getLocalBKU()))
+ bkuLocalURL = defaultlocal;
+ else
+ bkuLocalURL = bkuurls.getLocalBKU();
+
+ if (MiscUtil.isEmpty(bkuurls.getOnlineBKU()))
+ bkuOnlineURL = defaultonline;
+ else
+ bkuOnlineURL = bkuurls.getOnlineBKU();
+ }
+
+ Mandates mandates = oaauth.getMandates();
+ if (mandates != null) {
+
+ mandateProfiles = null;
+
+ List<String> profileList = mandates.getProfileName();
+ for (String el : profileList) {
+ if (mandateProfiles == null)
+ mandateProfiles = el;
+
+ else
+ mandateProfiles += "," + el;
+ }
+
+ //TODO: only for RC1
+ if (MiscUtil.isNotEmpty(mandates.getProfiles())) {
+ if (mandateProfiles == null)
+ mandateProfiles = mandates.getProfiles();
+
+ else
+ mandateProfiles += "," + mandates.getProfiles();
+
+ }
+
+ if (mandateProfiles != null)
+ useMandates = true;
+
+ else
+ useMandates = false;
+
+ }
+
+ TemplatesType templates = oaauth.getTemplates();
+ if (templates != null) {
+ List<TemplateType> templatetype = templates.getTemplate();
+
+ if (templatetype != null) {
+ if (SLTemplates == null) {
+ SLTemplates = new ArrayList<String>();
+ }
+
+ for (TemplateType el : templatetype) {
+ SLTemplates.add(el.getURL());
+ }
+ }
+ }
+
+ if (SLTemplates != null && SLTemplates.size() > 0)
+ legacy = true;
+
+ List<TransformsInfoType> transforminfos = oaauth.getTransformsInfo();
+ transformations = new HashMap<String, byte[]>();
+ for (TransformsInfoType el : transforminfos) {
+ transformations.put(el.getFilename(), el.getTransformation());
+ }
+ }
+
+ return null;
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+ AuthComponentOA authoa = dbOA.getAuthComponentOA();
+ if (authoa == null) {
+ authoa = new AuthComponentOA();
+ dbOA.setAuthComponentOA(authoa);
+ }
+
+ dbOA.setCalculateHPI(isCalculateHPI());
+
+ if (authUser.isAdmin()) {
+
+ //store BKU-URLs
+ BKUURLS bkuruls = new BKUURLS();
+ authoa.setBKUURLS(bkuruls);
+ bkuruls.setHandyBKU(getBkuHandyURL());
+ bkuruls.setLocalBKU(getBkuLocalURL());
+ bkuruls.setOnlineBKU(getBkuOnlineURL());
+
+ //store SecurtiyLayerTemplates
+ TemplatesType templates = authoa.getTemplates();
+ if (templates == null) {
+ templates = new TemplatesType();
+ authoa.setTemplates(templates);
+ }
+ List<TemplateType> template = templates.getTemplate();
+ if (isLegacy()) {
+
+ if (template == null)
+ template = new ArrayList<TemplateType>();
+ else
+ template.clear();
+
+ if (MiscUtil.isNotEmpty(getSLTemplateURL1())) {
+ TemplateType el = new TemplateType();
+ el.setURL(getSLTemplateURL1());
+ template.add(el);
+ } else
+ template.add(new TemplateType());
+ if (MiscUtil.isNotEmpty(getSLTemplateURL2())) {
+ TemplateType el = new TemplateType();
+ el.setURL(getSLTemplateURL2());
+ template.add(el);
+ } else
+ template.add(new TemplateType());
+ if (MiscUtil.isNotEmpty(getSLTemplateURL3())) {
+ TemplateType el = new TemplateType();
+ el.setURL(getSLTemplateURL3());
+ template.add(el);
+ } else
+ template.add(new TemplateType());
+
+ } else {
+ if (template != null && template.size() > 0) template.clear();
+ }
+
+
+ //store keyBox Identifier
+ dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(getKeyBoxIdentifier()));
+ } else {
+ if (dbOA.isIsNew()) dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR);
+ }
+
+ Mandates mandates = new Mandates();
+ if (isUseMandates()) {
+
+ String[] profileList = getMandateProfiles().split(",");
+
+ List<String> dbProfiles = mandates.getProfileName();
+ if (dbProfiles == null) {
+ dbProfiles = new ArrayList<String>();
+ mandates.setProfileName(dbProfiles);
+
+ }
+
+ for (String el: profileList)
+ dbProfiles.add(el.trim());
+
+ mandates.setProfiles(null);
+
+ } else {
+ mandates.setProfiles(null);
+ mandates.getProfileName().clear();
+ }
+ authoa.setMandates(mandates);
+
+ // set default transformation if it is empty
+ List<TransformsInfoType> transformsInfo = authoa.getTransformsInfo();
+ if (transformsInfo == null) {
+ // TODO: set OA specific transformation if it is required
+
+ }
+
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+ return new OAAuthenticationDataValidation().validate(this, authUser.isAdmin(), request);
+ }
+
+
+ /**
+ * @return the bkuOnlineURL
+ */
+ public String getBkuOnlineURL() {
+ return bkuOnlineURL;
+ }
+
+
+ /**
+ * @param bkuOnlineURL the bkuOnlineURL to set
+ */
+ public void setBkuOnlineURL(String bkuOnlineURL) {
+ this.bkuOnlineURL = bkuOnlineURL;
+ }
+
+
+ /**
+ * @return the bkuHandyURL
+ */
+ public String getBkuHandyURL() {
+ return bkuHandyURL;
+ }
+
+
+ /**
+ * @param bkuHandyURL the bkuHandyURL to set
+ */
+ public void setBkuHandyURL(String bkuHandyURL) {
+ this.bkuHandyURL = bkuHandyURL;
+ }
+
+
+ /**
+ * @return the bkuLocalURL
+ */
+ public String getBkuLocalURL() {
+ return bkuLocalURL;
+ }
+
+
+ /**
+ * @param bkuLocalURL the bkuLocalURL to set
+ */
+ public void setBkuLocalURL(String bkuLocalURL) {
+ this.bkuLocalURL = bkuLocalURL;
+ }
+
+
+ /**
+ * @return the mandateProfiles
+ */
+ public String getMandateProfiles() {
+ return mandateProfiles;
+ }
+
+
+ /**
+ * @param mandateProfiles the mandateProfiles to set
+ */
+ public void setMandateProfiles(String mandateProfiles) {
+ this.mandateProfiles = mandateProfiles;
+ }
+
+
+ /**
+ * @return the useMandates
+ */
+ public boolean isUseMandates() {
+ return useMandates;
+ }
+
+
+ /**
+ * @param useMandates the useMandates to set
+ */
+ public void setUseMandates(boolean useMandates) {
+ this.useMandates = useMandates;
+ }
+
+
+ /**
+ * @return the calculateHPI
+ */
+ public boolean isCalculateHPI() {
+ return calculateHPI;
+ }
+
+
+ /**
+ * @param calculateHPI the calculateHPI to set
+ */
+ public void setCalculateHPI(boolean calculateHPI) {
+ this.calculateHPI = calculateHPI;
+ }
+
+
+ /**
+ * @return the keyBoxIdentifier
+ */
+ public String getKeyBoxIdentifier() {
+ return keyBoxIdentifier;
+ }
+
+
+ /**
+ * @param keyBoxIdentifier the keyBoxIdentifier to set
+ */
+ public void setKeyBoxIdentifier(String keyBoxIdentifier) {
+ this.keyBoxIdentifier = keyBoxIdentifier;
+ }
+
+
+ /**
+ * @return the keyBoxIdentifierList
+ */
+ public Map<String, String> getKeyBoxIdentifierList() {
+ return keyBoxIdentifierList;
+ }
+
+
+ /**
+ * @return the legacy
+ */
+ public boolean isLegacy() {
+ return legacy;
+ }
+
+
+ /**
+ * @param legacy the legacy to set
+ */
+ public void setLegacy(boolean legacy) {
+ this.legacy = legacy;
+ }
+
+
+ /**
+ * @return the transformations
+ */
+ public Map<String, byte[]> getTransformations() {
+ return transformations;
+ }
+
+
+ /**
+ * @param transformations the transformations to set
+ */
+ public void setTransformations(Map<String, byte[]> transformations) {
+ this.transformations = transformations;
+ }
+
+
+ /**
+ * @return the sLTemplates
+ */
+ public List<String> getSLTemplates() {
+ return SLTemplates;
+ }
+
+ /**
+ * @return the sLTemplateURL1
+ */
+ public String getSLTemplateURL1() {
+ if (SLTemplates != null && SLTemplates.size() > 0)
+ return SLTemplates.get(0);
+ else
+ return null;
+ }
+
+
+ /**
+ * @param sLTemplateURL1 the sLTemplateURL1 to set
+ */
+ public void setSLTemplateURL1(String sLTemplateURL1) {
+ if (SLTemplates == null)
+ SLTemplates = new ArrayList<String>();
+ SLTemplates.add(sLTemplateURL1);
+ }
+
+
+ /**
+ * @return the sLTemplateURL2
+ */
+ public String getSLTemplateURL2() {
+ if (SLTemplates != null && SLTemplates.size() > 1)
+ return SLTemplates.get(1);
+ else
+ return null;
+ }
+
+
+ /**
+ * @param sLTemplateURL2 the sLTemplateURL2 to set
+ */
+ public void setSLTemplateURL2(String sLTemplateURL2) {
+ if (SLTemplates == null)
+ SLTemplates = new ArrayList<String>();
+ SLTemplates.add(sLTemplateURL2);
+ }
+
+
+ /**
+ * @return the sLTemplateURL3
+ */
+ public String getSLTemplateURL3() {
+ if (SLTemplates != null && SLTemplates.size() > 2)
+ return SLTemplates.get(2);
+ else
+ return null;
+ }
+
+
+ /**
+ * @param sLTemplateURL3 the sLTemplateURL3 to set
+ */
+ public void setSLTemplateURL3(String sLTemplateURL3) {
+ if (SLTemplates == null)
+ SLTemplates = new ArrayList<String>();
+ SLTemplates.add(sLTemplateURL3);
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
index d43c97aed..05e163c23 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
@@ -22,273 +22,125 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.configuration.data.oa;
-import java.io.File;
import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
import java.util.List;
-import java.util.Map;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.log4j.Logger;
+
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
-import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
-import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs;
-import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
-import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
-import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector;
-import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
-import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
-import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
-import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
-import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.Constants;
-import at.gv.egovernment.moa.id.configuration.validation.TargetValidator;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.MiscUtil;
-public class OAGeneralConfig {
-
+public class OAGeneralConfig implements IOnlineApplicationData{
+ private static final Logger log = Logger.getLogger(OAGeneralConfig.class);
+
+ private boolean isActive = false;
+
private String dbID = null;
- private String bkuOnlineURL = null;
- private String bkuHandyURL = null;
- private String bkuLocalURL = null;
-
private String identifier = null;
private String friendlyName = null;
+ private boolean businessService = false;
- private boolean businessService = false;
-
- private String target = null;
- private String target_subsector = null;
- private String target_admin = null;
- private static List<String> targetList = null;
- private String targetFriendlyName = null;
- private boolean isAdminTarget = false;
-
- private String identificationNumber = null;
- private String identificationType = null;
- private static List<String> identificationTypeList = null;
-
- private String aditionalAuthBlockText = null;
-
- private String mandateProfiles = null;
- private boolean useMandates = false;
-
- private boolean isActive = false;
- private boolean calculateHPI = false;
-
- private String keyBoxIdentifier = null;
- private static Map<String, String> keyBoxIdentifierList;
-
- private boolean legacy = false;
- List<String> SLTemplates = null;
-
- private boolean isHideBPKAuthBlock = false;
-
- private Map<String, byte[]> transformations;
-
- private List<File> bkuSelectionFileUpload = null;
- private List<String> bkuSelectionFileUploadContentType = null;
- private List<String> bkuSelectionFileUploadFileName = new ArrayList<String>();
-
- private List<File> sendAssertionFileUpload = null;
- private List<String> sendAssertionFileUploadContentType = null;
- private List<String> sendAssertionFileUploadFileName = new ArrayList<String>();;
-
- private boolean deleteBKUTemplate = false;
- private boolean deleteSendAssertionTemplate = false;
-
- public OAGeneralConfig() {
- keyBoxIdentifierList = new HashMap<String, String>();
- MOAKeyBoxSelector[] values = MOAKeyBoxSelector.values();
- for (int i=0; i<values.length; i++) {
- keyBoxIdentifierList.put(values[i].value(), values[i].value());
- }
-
- keyBoxIdentifier = MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR.value();
-
- bkuLocalURL = Constants.DEFAULT_LOCALBKU_URL;
- bkuHandyURL = Constants.DEFAULT_HANDYBKU_URL;
-
- targetList = TargetValidator.getListOfTargets();
- target = "";
-
- identificationTypeList = Arrays.asList(
- Constants.IDENIFICATIONTYPE_FN,
- Constants.IDENIFICATIONTYPE_ZVR,
- Constants.IDENIFICATIONTYPE_ERSB,
- Constants.IDENIFICATIONTYPE_STORK);
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
+ */
+ @Override
+ public String getName() {
+ return "OAGeneralInformation";
}
-
- public void parse(OnlineApplication dbOAConfig) {
-
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) {
isActive = dbOAConfig.isIsActive();
- friendlyName = dbOAConfig.getFriendlyName();
-
- keyBoxIdentifier = dbOAConfig.getKeyBoxIdentifier().value();
-
+ friendlyName = dbOAConfig.getFriendlyName();
identifier = dbOAConfig.getPublicURLPrefix();
- String target_full = dbOAConfig.getTarget();
- if (MiscUtil.isNotEmpty(target_full)) {
- if (TargetValidator.isValidTarget(target_full)) {
- target = target_full;
-
- } else {
- String[] target_split = target_full.split("-");
-
- if (TargetValidator.isValidTarget(target_split[0])) {
- target = target_split[0];
- if (target_split.length > 1)
- target_subsector = target_split[1];
-
- } else {
- target = "";
- target_subsector = null;
- target_admin = target_full;
- isAdminTarget = true;
- }
- }
- targetFriendlyName = dbOAConfig.getTargetFriendlyName();
- }
-
if (dbOAConfig.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE))
businessService = true;
else
businessService = false;
+
+ return null;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+ AuthComponentOA authoa = dbOA.getAuthComponentOA();
+ if (authoa == null) {
+ authoa = new AuthComponentOA();
+ dbOA.setAuthComponentOA(authoa);
+ }
+
+ if (authUser.isAdmin()) dbOA.setIsActive(isActive());
+
+ dbOA.setPublicURLPrefix(getIdentifier());
+ dbOA.setFriendlyName(getFriendlyName());
+
+ if (isBusinessService() || authUser.isOnlyBusinessService()) {
+ dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE);
+
+ } else {
+ dbOA.setType(null);
+ }
+
+ return null;
+
+ }
- AuthComponentOA oaauth = dbOAConfig.getAuthComponentOA();
- if (oaauth != null) {
- BKUURLS bkuurls = oaauth.getBKUURLS();
-
- String defaulthandy = "";
- String defaultlocal = "";
- String defaultonline = "";
-
- MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration();
- if (dbconfig != null) {
- DefaultBKUs defaultbkus = dbconfig.getDefaultBKUs();
- if (defaultbkus != null) {
- defaulthandy = defaultbkus.getHandyBKU();
- defaultlocal = defaultbkus.getLocalBKU();
- defaultonline = defaultbkus.getOnlineBKU();
- }
- }
-
- if (bkuurls != null) {
-
- if (MiscUtil.isEmpty(bkuurls.getHandyBKU()))
- bkuHandyURL = defaulthandy;
- else
- bkuHandyURL = bkuurls.getHandyBKU();
-
- if (MiscUtil.isEmpty(bkuurls.getLocalBKU()))
- bkuLocalURL = defaultlocal;
- else
- bkuLocalURL = bkuurls.getLocalBKU();
-
- if (MiscUtil.isEmpty(bkuurls.getOnlineBKU()))
- bkuOnlineURL = defaultonline;
- else
- bkuOnlineURL = bkuurls.getOnlineBKU();
- }
-
- IdentificationNumber idnumber = oaauth.getIdentificationNumber();
- if (idnumber != null) {
- String number = idnumber.getValue();
- if (MiscUtil.isNotEmpty(number)) {
- String[] split = number.split("\\+");
-
- if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) {
- identificationType = split[1];
- identificationNumber = split[2];
- } else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) {
- //identificationType = split[1]; // setting at as iden category ?
- identificationType = Constants.IDENIFICATIONTYPE_STORK;
- identificationNumber = split[2]; // setting sp country as ident type -> sp ident
- }
- }
- }
-
- Mandates mandates = oaauth.getMandates();
- if (mandates != null) {
-
- mandateProfiles = null;
-
- List<MandatesProfileNameItem> profileList = mandates.getProfileNameItems();
- for (MandatesProfileNameItem el : profileList) {
- if (mandateProfiles == null)
- mandateProfiles = el.getItem();
-
- else
- mandateProfiles += "," + el.getItem();
- }
-
- //TODO: only for RC1
- if (MiscUtil.isNotEmpty(mandates.getProfiles())) {
- if (mandateProfiles == null)
- mandateProfiles = mandates.getProfiles();
-
- else
- mandateProfiles += "," + mandates.getProfiles();
-
- }
-
- if (mandateProfiles != null)
- useMandates = true;
-
- else
- useMandates = false;
-
- }
-
- TemplatesType templates = oaauth.getTemplates();
- if (templates != null) {
- aditionalAuthBlockText = templates.getAditionalAuthBlockText();
- List<TemplateType> templatetype = templates.getTemplate();
-
- if (templatetype != null) {
- if (SLTemplates == null) {
- SLTemplates = new ArrayList<String>();
- }
-
- for (TemplateType el : templatetype) {
- SLTemplates.add(el.getURL());
- }
- }
-
- TransformsInfoType bkuSelectTemplate = templates.getBKUSelectionTemplate();
- if (bkuSelectTemplate != null && MiscUtil.isNotEmpty(bkuSelectTemplate.getFilename())) {
- bkuSelectionFileUploadFileName.add(bkuSelectTemplate.getFilename());
- }
-
- TransformsInfoType sendAssertionTemplate = templates.getSendAssertionTemplate();
- if (sendAssertionTemplate != null && MiscUtil.isNotEmpty(sendAssertionTemplate.getFilename())) {
- sendAssertionFileUploadFileName.add(sendAssertionTemplate.getFilename());
- }
- }
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
- if (SLTemplates != null && SLTemplates.size() > 0)
- legacy = true;
+ List<String> errors = new ArrayList<String>();
+ String check;
- List<TransformsInfoType> transforminfos = oaauth.getTransformsInfo();
- transformations = new HashMap<String, byte[]>();
- for (TransformsInfoType el : transforminfos) {
- transformations.put(el.getFilename(), el.getTransformation());
+ //check OA FriendlyName
+ check = getFriendlyName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("OAFriendlyName contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
}
-
+ } else {
+ log.info("OA friendlyName is empty");
+ errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request));
}
- isHideBPKAuthBlock = dbOAConfig.isRemoveBPKFromAuthBlock();
+ return errors;
}
+ public boolean isBusinessService() {
+ return businessService;
+ }
+
+ public void setBusinessService(boolean businessService) {
+ this.businessService = businessService;
+ }
+
public String getIdentifier() {
return identifier;
}
@@ -305,54 +157,6 @@ public class OAGeneralConfig {
this.friendlyName = friendlyName;
}
- public String getTarget() {
- return target;
- }
-
- public void setTarget(String target) {
- this.target = target;
- }
-
- public String getTargetFriendlyName() {
- return targetFriendlyName;
- }
-
- public void setTargetFriendlyName(String targetFriendlyName) {
- this.targetFriendlyName = targetFriendlyName;
- }
-
- public String getIdentificationNumber() {
- return identificationNumber;
- }
-
- public void setIdentificationNumber(String identificationNumber) {
- this.identificationNumber = identificationNumber;
- }
-
- public String getIdentificationType() {
- return identificationType;
- }
-
- public void setIdentificationType(String identificationType) {
- this.identificationType = identificationType;
- }
-
- public String getAditionalAuthBlockText() {
- return aditionalAuthBlockText;
- }
-
- public void setAditionalAuthBlockText(String aditionalAuthBlockText) {
- this.aditionalAuthBlockText = aditionalAuthBlockText;
- }
-
- public String getMandateProfiles() {
- return mandateProfiles;
- }
-
- public void setMandateProfiles(String mandateProfiles) {
- this.mandateProfiles = mandateProfiles;
- }
-
public boolean isActive() {
return isActive;
}
@@ -361,67 +165,6 @@ public class OAGeneralConfig {
this.isActive = isActive;
}
- public boolean isBusinessService() {
- return businessService;
- }
-
- public void setBusinessService(boolean businessService) {
- this.businessService = businessService;
- }
-
- public String getBkuOnlineURL() {
- return bkuOnlineURL;
- }
-
- public void setBkuOnlineURL(String bkuOnlineURL) {
- this.bkuOnlineURL = bkuOnlineURL;
- }
-
- public String getBkuHandyURL() {
- return bkuHandyURL;
- }
-
- public void setBkuHandyURL(String bkuHandyURL) {
- this.bkuHandyURL = bkuHandyURL;
- }
-
- public String getBkuLocalURL() {
- return bkuLocalURL;
- }
-
- public void setBkuLocalURL(String bkuLocalURL) {
- this.bkuLocalURL = bkuLocalURL;
- }
-
- /**
- * @return the keyBoxIdentifier
- */
- public String getKeyBoxIdentifier() {
- return keyBoxIdentifier;
- }
-
- /**
- * @param keyBoxIdentifier the keyBoxIdentifier to set
- */
- public void setKeyBoxIdentifier(String keyBoxIdentifier) {
- this.keyBoxIdentifier = keyBoxIdentifier;
- }
-
- /**
- * @return the transformations
- */
- public Map<String, byte[]> getTransformations() {
- return transformations;
- }
-
- /**
- * @param transformations the transformations to set
- */
- public void setTransformations(Map<String, byte[]> transformations) {
- this.transformations = transformations;
- }
-
-
/**
* @return the dbID
*/
@@ -443,346 +186,4 @@ public class OAGeneralConfig {
public void setDbID(String dbID) {
this.dbID = dbID;
}
-
-
- /**
- * @return the calculateHPI
- */
- public boolean isCalculateHPI() {
- return calculateHPI;
- }
-
-
- /**
- * @param calculateHPI the calculateHPI to set
- */
- public void setCalculateHPI(boolean calculateHPI) {
- this.calculateHPI = calculateHPI;
- }
-
-
- /**
- * @return the keyBoxIdentifierList
- */
- public Map<String, String> getKeyBoxIdentifierList() {
- return keyBoxIdentifierList;
- }
-
-
- /**
- * @param keyBoxIdentifierList the keyBoxIdentifierList to set
- */
- public void setKeyBoxIdentifierList(Map<String, String> list) {
- keyBoxIdentifierList = list;
- }
-
-
- /**
- * @return the legacy
- */
- public boolean isLegacy() {
- return legacy;
- }
-
-
- /**
- * @param legacy the legacy to set
- */
- public void setLegacy(boolean legacy) {
- this.legacy = legacy;
- }
-
-
- /**
- * @return the sLTemplateURL1
- */
- public String getSLTemplateURL1() {
- if (SLTemplates != null && SLTemplates.size() > 0)
- return SLTemplates.get(0);
- else
- return null;
- }
-
-
- /**
- * @param sLTemplateURL1 the sLTemplateURL1 to set
- */
- public void setSLTemplateURL1(String sLTemplateURL1) {
- if (SLTemplates == null)
- SLTemplates = new ArrayList<String>();
- SLTemplates.add(sLTemplateURL1);
- }
-
-
- /**
- * @return the sLTemplateURL2
- */
- public String getSLTemplateURL2() {
- if (SLTemplates != null && SLTemplates.size() > 1)
- return SLTemplates.get(1);
- else
- return null;
- }
-
-
- /**
- * @param sLTemplateURL2 the sLTemplateURL2 to set
- */
- public void setSLTemplateURL2(String sLTemplateURL2) {
- if (SLTemplates == null)
- SLTemplates = new ArrayList<String>();
- SLTemplates.add(sLTemplateURL2);
- }
-
-
- /**
- * @return the sLTemplateURL3
- */
- public String getSLTemplateURL3() {
- if (SLTemplates != null && SLTemplates.size() > 2)
- return SLTemplates.get(2);
- else
- return null;
- }
-
-
- /**
- * @param sLTemplateURL3 the sLTemplateURL3 to set
- */
- public void setSLTemplateURL3(String sLTemplateURL3) {
- if (SLTemplates == null)
- SLTemplates = new ArrayList<String>();
- SLTemplates.add(sLTemplateURL3);
- }
-
-
- /**
- * @return the target_subsector
- */
- public String getTarget_subsector() {
- return target_subsector;
- }
-
-
- /**
- * @param target_subsector the target_subsector to set
- */
- public void setTarget_subsector(String target_subsector) {
- this.target_subsector = target_subsector;
- }
-
-
- /**
- * @return the target_admin
- */
- public String getTarget_admin() {
- return target_admin;
- }
-
-
- /**
- * @param target_admin the target_admin to set
- */
- public void setTarget_admin(String target_admin) {
- this.target_admin = target_admin;
- }
-
-
- /**
- * @return the targetList
- */
- public List<String> getTargetList() {
- return targetList;
- }
-
-
- /**
- * @return the identificationTypeList
- */
- public List<String> getIdentificationTypeList() {
- return identificationTypeList;
- }
-
-
- /**
- * @return the isAdminTarget
- */
- public boolean isAdminTarget() {
- return isAdminTarget;
- }
-
-
- /**
- * @param isAdminTarget the isAdminTarget to set
- */
- public void setAdminTarget(boolean isAdminTarget) {
- this.isAdminTarget = isAdminTarget;
- }
-
-
- /**
- * @return the isHideBPKAuthBlock
- */
- public boolean isHideBPKAuthBlock() {
- return isHideBPKAuthBlock;
- }
-
-
- /**
- * @param isHideBPKAuthBlock the isHideBPKAuthBlock to set
- */
- public void setHideBPKAuthBlock(boolean isHideBPKAuthBlock) {
- this.isHideBPKAuthBlock = isHideBPKAuthBlock;
- }
-
-
- /**
- * @return the useMandates
- */
- public boolean isUseMandates() {
- return useMandates;
- }
-
-
- /**
- * @param useMandates the useMandates to set
- */
- public void setUseMandates(boolean useMandates) {
- this.useMandates = useMandates;
- }
-
-
- /**
- * @return the bkuSelectionFileUpload
- */
- public List<File> getBkuSelectionFileUpload() {
- return bkuSelectionFileUpload;
- }
-
-
- /**
- * @param bkuSelectionFileUpload the bkuSelectionFileUpload to set
- */
- public void setBkuSelectionFileUpload(List<File> bkuSelectionFileUpload) {
- this.bkuSelectionFileUpload = bkuSelectionFileUpload;
- }
-
-
- /**
- * @return the bkuSelectionFileUploadContentType
- */
- public List<String> getBkuSelectionFileUploadContentType() {
- return bkuSelectionFileUploadContentType;
- }
-
-
- /**
- * @param bkuSelectionFileUploadContentType the bkuSelectionFileUploadContentType to set
- */
- public void setBkuSelectionFileUploadContentType(
- List<String> bkuSelectionFileUploadContentType) {
- this.bkuSelectionFileUploadContentType = bkuSelectionFileUploadContentType;
- }
-
-
- /**
- * @return the bkuSelectionFileUploadFileName
- */
- public List<String> getBkuSelectionFileUploadFileName() {
- return bkuSelectionFileUploadFileName;
- }
-
-
- /**
- * @param bkuSelectionFileUploadFileName the bkuSelectionFileUploadFileName to set
- */
- public void setBkuSelectionFileUploadFileName(
- List<String> bkuSelectionFileUploadFileName) {
- this.bkuSelectionFileUploadFileName = bkuSelectionFileUploadFileName;
- }
-
-
- /**
- * @return the sendAssertionFileUpload
- */
- public List<File> getSendAssertionFileUpload() {
- return sendAssertionFileUpload;
- }
-
-
- /**
- * @param sendAssertionFileUpload the sendAssertionFileUpload to set
- */
- public void setSendAssertionFileUpload(List<File> sendAssertionFileUpload) {
- this.sendAssertionFileUpload = sendAssertionFileUpload;
- }
-
-
- /**
- * @return the sendAssertionFileUploadContentType
- */
- public List<String> getSendAssertionFileUploadContentType() {
- return sendAssertionFileUploadContentType;
- }
-
-
- /**
- * @param sendAssertionFileUploadContentType the sendAssertionFileUploadContentType to set
- */
- public void setSendAssertionFileUploadContentType(
- List<String> sendAssertionFileUploadContentType) {
- this.sendAssertionFileUploadContentType = sendAssertionFileUploadContentType;
- }
-
-
- /**
- * @return the sendAssertionFileUploadFileName
- */
- public List<String> getSendAssertionFileUploadFileName() {
- return sendAssertionFileUploadFileName;
- }
-
-
- /**
- * @param sendAssertionFileUploadFileName the sendAssertionFileUploadFileName to set
- */
- public void setSendAssertionFileUploadFileName(
- List<String> sendAssertionFileUploadFileName) {
- this.sendAssertionFileUploadFileName = sendAssertionFileUploadFileName;
- }
-
-
- /**
- * @return the deleteBKUTemplate
- */
- public boolean isDeleteBKUTemplate() {
- return deleteBKUTemplate;
- }
-
-
- /**
- * @param deleteBKUTemplate the deleteBKUTemplate to set
- */
- public void setDeleteBKUTemplate(boolean deleteBKUTemplate) {
- this.deleteBKUTemplate = deleteBKUTemplate;
- }
-
-
- /**
- * @return the deleteSendAssertionTemplate
- */
- public boolean isDeleteSendAssertionTemplate() {
- return deleteSendAssertionTemplate;
- }
-
-
- /**
- * @param deleteSendAssertionTemplate the deleteSendAssertionTemplate to set
- */
- public void setDeleteSendAssertionTemplate(boolean deleteSendAssertionTemplate) {
- this.deleteSendAssertionTemplate = deleteSendAssertionTemplate;
- }
-
-
-
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java
new file mode 100644
index 000000000..5db9029bd
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java
@@ -0,0 +1,186 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.configuration.data.oa;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationIDPType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class OAMOAIDPInterfederationConfig implements IOnlineApplicationData {
+
+ private static final Logger log = Logger.getLogger(OAMOAIDPInterfederationConfig.class);
+
+ private String queryURL;
+ private boolean inboundSSO = true;
+ private boolean outboundSSO = true;
+ private boolean storeSSOSession = true;
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
+ */
+ @Override
+ public String getName() {
+ return "MOAIDPInterfederation";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> parse(OnlineApplication dbOA,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+
+ InterfederationIDPType moaIDP = dbOA.getInterfederationIDP();
+ if (moaIDP != null) {
+ this.queryURL = moaIDP.getAttributeQueryURL();
+ this.inboundSSO = moaIDP.isInboundSSO();
+ this.outboundSSO = moaIDP.isOutboundSSO();
+ this.storeSSOSession = moaIDP.isStoreSSOSession();
+ }
+
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+
+ if (authUser.isAdmin()) {
+ dbOA.setIsInterfederationIDP(true);
+
+ InterfederationIDPType moaIDP = dbOA.getInterfederationIDP();
+ if (moaIDP == null) {
+ moaIDP = new InterfederationIDPType();
+ dbOA.setInterfederationIDP(moaIDP);
+ }
+
+ moaIDP.setAttributeQueryURL(queryURL);
+ moaIDP.setInboundSSO(inboundSSO);
+ moaIDP.setOutboundSSO(outboundSSO);
+ moaIDP.setStoreSSOSession(storeSSOSession);
+ }
+
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+
+ List<String> errors = new ArrayList<String>();
+
+ if (MiscUtil.isNotEmpty(queryURL)) {
+ if (!ValidationHelper.validateURL(queryURL)) {
+ log.info("AttributeQuery URL is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.valid", request));
+
+ }
+ }
+
+ if (inboundSSO && MiscUtil.isEmpty(queryURL)) {
+ log.info("Inbound Single Sign-On requires AttributQueryURL configuration.");
+ errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.empty", request));
+ }
+
+ return errors;
+ }
+
+ /**
+ * @return the queryURL
+ */
+ public String getQueryURL() {
+ return queryURL;
+ }
+
+ /**
+ * @param queryURL the queryURL to set
+ */
+ public void setQueryURL(String queryURL) {
+ this.queryURL = queryURL;
+ }
+
+ /**
+ * @return the inboundSSO
+ */
+ public boolean isInboundSSO() {
+ return inboundSSO;
+ }
+
+ /**
+ * @param inboundSSO the inboundSSO to set
+ */
+ public void setInboundSSO(boolean inboundSSO) {
+ this.inboundSSO = inboundSSO;
+ }
+
+ /**
+ * @return the outboundSSO
+ */
+ public boolean isOutboundSSO() {
+ return outboundSSO;
+ }
+
+ /**
+ * @param outboundSSO the outboundSSO to set
+ */
+ public void setOutboundSSO(boolean outboundSSO) {
+ this.outboundSSO = outboundSSO;
+ }
+
+ /**
+ * @return the storeSSOSession
+ */
+ public boolean isStoreSSOSession() {
+ return storeSSOSession;
+ }
+
+ /**
+ * @param storeSSOSession the storeSSOSession to set
+ */
+ public void setStoreSSOSession(boolean storeSSOSession) {
+ this.storeSSOSession = storeSSOSession;
+ }
+
+
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java
index 3617c192e..b95090a55 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java
@@ -27,6 +27,7 @@ import java.util.List;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
@@ -34,10 +35,13 @@ import org.apache.log4j.Logger;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.validation.oa.OAOAUTH20ConfigValidation;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
-public class OAOAuth20Config {
+public class OAOAuth20Config implements IOnlineApplicationData{
private final Logger log = Logger.getLogger(OAOAuth20Config.class);
@@ -45,12 +49,24 @@ public class OAOAuth20Config {
private String clientSecret = null;
private String redirectUri = null;
- public OAOAuth20Config() {
+ public OAOAuth20Config() {
+ this.generateClientSecret();
+
}
- public List<String> parse(OnlineApplication dbOAConfig, HttpServletRequest request) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
+ */
+ @Override
+ public String getName() {
+ return "OAOpenIDConnect";
+ }
+
+ public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) {
List<String> errors = new ArrayList<String>();
+ HttpSession session = request.getSession();
+
AuthComponentOA authdata = dbOAConfig.getAuthComponentOA();
if (authdata != null) {
// set client id to public url prefix
@@ -77,7 +93,52 @@ public class OAOAuth20Config {
}
}
- return errors;
+ session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.getClientSecret());
+
+ return null;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+ return new OAOAUTH20ConfigValidation().validate(this, request);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+ AuthComponentOA authoa = dbOA.getAuthComponentOA();
+ if (authoa == null) {
+ authoa = new AuthComponentOA();
+ dbOA.setAuthComponentOA(authoa);
+ }
+
+ log.debug("Saving OAuth 2.0 configuration:");
+ OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20();
+ if (oaOAuth20 == null) {
+ oaOAuth20 = new OAOAUTH20();
+ authoa.setOAOAUTH20(oaOAuth20);
+ }
+
+ oaOAuth20.setOAuthClientId(dbOA.getPublicURLPrefix());
+ // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret());
+ oaOAuth20.setOAuthRedirectUri(getRedirectUri());
+ log.debug("client id: " + getClientId());
+ log.debug("client secret: " + getClientSecret());
+ log.debug("redirect uri:" + getRedirectUri());
+
+ oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute(Constants.SESSION_OAUTH20SECRET));
+ request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null);
+
+ return null;
}
public String getClientId() {
@@ -106,6 +167,5 @@ public class OAOAuth20Config {
public void generateClientSecret() {
this.clientSecret = UUID.randomUUID().toString();
- }
-
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java
index a61e1ea96..bcac63a5f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java
@@ -27,6 +27,7 @@ import java.io.FileInputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
+import java.util.Date;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
@@ -37,10 +38,12 @@ import iaik.x509.X509Certificate;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation;
import at.gv.egovernment.moa.util.MiscUtil;
-public class OAPVP2Config {
+public class OAPVP2Config implements IOnlineApplicationData{
private final Logger log = Logger.getLogger(OAPVP2Config.class);
@@ -56,7 +59,72 @@ public class OAPVP2Config {
public OAPVP2Config() {
}
- public List<String> parse(OnlineApplication dbOAConfig, HttpServletRequest request) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
+ */
+ @Override
+ public String getName() {
+ return "OAPVP2";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser)
+ */
+ @Override
+ public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) {
+ AuthComponentOA authoa = dboa.getAuthComponentOA();
+ if (authoa == null) {
+ authoa = new AuthComponentOA();
+ dboa.setAuthComponentOA(authoa);
+ }
+ OAPVP2 pvp2 = authoa.getOAPVP2();
+ if (pvp2 == null) {
+ pvp2 = new OAPVP2();
+ authoa.setOAPVP2(pvp2);
+ }
+
+ try {
+
+ if (getFileUpload() != null) {
+ pvp2.setCertificate(getCertificate());
+ setReLoad(true);
+ }
+
+ } catch (CertificateException e) {
+ log.info("Uploaded Certificate can not be found", e);
+ return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request);
+ } catch (IOException e) {
+ log.info("Uploaded Certificate can not be parsed", e);
+ return LanguageHelper.getErrorString("validation.pvp2.certificate.format", request);
+ }
+
+ if (getMetaDataURL() != null &&
+ !getMetaDataURL().equals(pvp2.getMetadataURL()))
+ setReLoad(true);
+ pvp2.setMetadataURL(getMetaDataURL());
+
+ if (isReLoad())
+ pvp2.setUpdateRequiredItem(new Date());
+
+ return null;
+
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+ return new OAPVP2ConfigValidation().validate(this, general.getIdentifier(), request);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication)
+ */
+ @Override
+ public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) {
List<String> errors = new ArrayList<String>();
AuthComponentOA authdata = dbOAConfig.getAuthComponentOA();
@@ -158,7 +226,6 @@ public class OAPVP2Config {
this.reLoad = reLoad;
}
-
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java
index bb5baf53e..8d7d02048 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java
@@ -22,11 +22,18 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.configuration.data.oa;
+import java.math.BigInteger;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
+import at.gv.egovernment.moa.id.configuration.validation.oa.OASAML1ConfigValidation;
-public class OASAML1Config {
+public class OASAML1Config implements IOnlineApplicationData{
private Boolean isActive = false;
private Boolean provideStammZahl = false;
@@ -41,8 +48,20 @@ public class OASAML1Config {
public OASAML1Config() {
}
- public void parse(OnlineApplication dbOAConfig) {
- AuthComponentOA authdata = dbOAConfig.getAuthComponentOA();
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
+ */
+ @Override
+ public String getName() {
+ return "OASAML1";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) {
+ AuthComponentOA authdata = dbOA.getAuthComponentOA();
if (authdata != null) {
OASAML1 saml1 = authdata.getOASAML1();
if (saml1 != null) {
@@ -62,8 +81,55 @@ public class OASAML1Config {
isActive = saml1.isIsActive();
}
}
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+ return new OASAML1ConfigValidation().validate(this, general, request);
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) {
+ AuthComponentOA authoa = dbOA.getAuthComponentOA();
+ if (authoa == null) {
+ authoa = new AuthComponentOA();
+ dbOA.setAuthComponentOA(authoa);
+ }
+
+ OASAML1 saml1 = authoa.getOASAML1();
+ if (saml1 == null) {
+ saml1 = new OASAML1();
+ authoa.setOASAML1(saml1);
+ saml1.setIsActive(false);
+ }
+
+ if (authUser.isAdmin()) {
+ saml1.setIsActive(isActive());
+ }
+
+ if (saml1.isIsActive() != null && saml1.isIsActive()) {
+ saml1.setProvideAUTHBlock(isProvideAuthBlock());
+ saml1.setProvideCertificate(isProvideCertificate());
+ saml1.setProvideFullMandatorData(isProvideFullMandateData());
+ saml1.setProvideIdentityLink(isProvideIdentityLink());
+ saml1.setProvideStammzahl(isProvideStammZahl());
+ saml1.setUseCondition(isUseCondition());
+ saml1.setConditionLength(BigInteger.valueOf(getConditionLength()));
+ // TODO: set sourceID
+ // saml1.setSourceID("");
+ }
+
+ return null;
+ }
+
public boolean isProvideStammZahl() {
return provideStammZahl;
}
@@ -119,8 +185,5 @@ public class OASAML1Config {
*/
public void setActive(boolean isActive) {
this.isActive = isActive;
- }
-
-
-
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java
index 593c2291f..28144666b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java
@@ -22,11 +22,17 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.configuration.data.oa;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
+import at.gv.egovernment.moa.id.configuration.validation.oa.OASSOConfigValidation;
-public class OASSOConfig {
+public class OASSOConfig implements IOnlineApplicationData{
private boolean useSSO = false;
private boolean showAuthDataFrame = true;
@@ -36,7 +42,15 @@ public class OASSOConfig {
}
- public void parse(OnlineApplication dbOAConfig) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
+ */
+ @Override
+ public String getName() {
+ return "OASingleSignOn";
+ }
+
+ public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) {
AuthComponentOA authdata = dbOAConfig.getAuthComponentOA();
if (authdata != null) {
OASSO ssoconfig = authdata.getOASSO();
@@ -46,6 +60,42 @@ public class OASSOConfig {
singleLogOutURL = ssoconfig.getSingleLogOutURL();
}
}
+
+ return null;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+ return new OASSOConfigValidation().validate(this, authUser.isAdmin(), request);
+ }
+
+ public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) {
+
+ AuthComponentOA authoa = dboa.getAuthComponentOA();
+ if (authoa == null) {
+ authoa = new AuthComponentOA();
+ dboa.setAuthComponentOA(authoa);
+ }
+
+ OASSO sso = authoa.getOASSO();
+ if (sso == null) {
+ sso = new OASSO();
+ authoa.setOASSO(sso);
+ sso.setAuthDataFrame(true);
+ }
+ sso.setUseSSO(this.useSSO);
+
+ if (authUser.isAdmin())
+ sso.setAuthDataFrame(this.showAuthDataFrame);
+
+ sso.setSingleLogOutURL(this.singleLogOutURL);
+
+ return null;
}
public boolean isUseSSO() {
@@ -65,7 +115,5 @@ public class OASSOConfig {
}
public void setSingleLogOutURL(String singleLogOutURL) {
this.singleLogOutURL = singleLogOutURL;
- }
-
-
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
index b43e76d53..f5c92fec9 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
@@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.configuration.data.oa;
import java.util.ArrayList;
import java.util.List;
+import javax.servlet.http.HttpServletRequest;
+
import org.apache.log4j.Logger;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
@@ -35,10 +37,11 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OASTORK;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
-import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
+import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation;
import at.gv.egovernment.moa.id.protocols.stork2.AttributeProviderFactory;
-public class OASTORKConfig {
+public class OASTORKConfig implements IOnlineApplicationData{
private static final Logger log = Logger.getLogger(OASTORKConfig.class);
@@ -62,15 +65,24 @@ public class OASTORKConfig {
for(CPEPS current : ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS()) {
citizenCountries.add(current.getCountryCode());
}
+
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
+ */
+ @Override
+ public String getName() {
+ return "OASTORK2";
+ }
+
/**
* Parses the OA config for stork entities.
*
* @param dbOAConfig
* the db oa config
*/
- public void parse(OnlineApplication dbOAConfig) {
+ public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) {
AuthComponentOA authdata = dbOAConfig.getAuthComponentOA();
if (authdata != null) {
OASTORK config = authdata.getOASTORK();
@@ -128,8 +140,53 @@ public class OASTORKConfig {
}
}
}
+
+ return null;
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+ return new OASTORKConfigValidation().validate(this, request);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+ AuthComponentOA authoa = dbOA.getAuthComponentOA();
+ if (authoa == null) {
+ authoa = new AuthComponentOA();
+ dbOA.setAuthComponentOA(authoa);
+ }
+
+ // fetch stork configuration from database model
+ OASTORK stork = authoa.getOASTORK();
+ if (stork == null) {
+ // if there is none, create a new one with default values.
+ stork = new OASTORK();
+ authoa.setOASTORK(stork);
+ stork.setStorkLogonEnabled(false);
+ }
+ // transfer the incoming data to the database model
+ stork.setStorkLogonEnabled(isStorkLogonEnabled());
+ stork.setQaa(getQaa());
+ stork.setOAAttributes(getAttributes());
+ stork.setVidpEnabled(isVidpEnabled());
+ stork.setRequireConsent(isRequireConsent());
+ stork.setAttributeProviders(getAttributeProviderPlugins());
+ stork.setCPEPS(getEnabledCPEPS());
+
+ return null;
+
+ }
+
public boolean isStorkLogonEnabled() {
return isStorkLogonEnabled;
}
@@ -189,12 +246,17 @@ public class OASTORKConfig {
}
public List<CPEPS> getEnabledCPEPS() {
- List<CPEPS> result = new ArrayList<CPEPS>();
- for(CPEPS current : ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS()) {
- if(enabledCitizenCountries.contains(current.getCountryCode()))
- result.add(current);
+ if (enabledCitizenCountries != null) {
+ List<CPEPS> result = new ArrayList<CPEPS>();
+ for(CPEPS current : ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS()) {
+ if(enabledCitizenCountries.contains(current.getCountryCode()))
+ result.add(current);
+ }
+ return result;
}
- return result;
+
+ return null;
+
}
public List<String> getAvailableAttributeProviderPlugins() {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
new file mode 100644
index 000000000..4036bc25f
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
@@ -0,0 +1,368 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.configuration.data.oa;
+
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.validation.TargetValidator;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
+import at.gv.egovernment.moa.id.configuration.validation.oa.OATargetConfigValidation;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class OATargetConfiguration implements IOnlineApplicationData {
+
+ private boolean deaktivededBusinessService = false;
+
+ private boolean subTargetSet = false;
+
+ private String target = null;
+ private String target_subsector = null;
+ private String target_admin = null;
+ private static List<String> targetList = null;
+ private String targetFriendlyName = null;
+ private boolean isAdminTarget = false;
+
+ private String identificationNumber = null;
+ private String identificationType = null;
+ private static List<String> identificationTypeList = null;
+
+ public OATargetConfiguration() {
+ targetList = TargetValidator.getListOfTargets();
+ target = "";
+
+ identificationTypeList = Arrays.asList(
+ Constants.IDENIFICATIONTYPE_FN,
+ Constants.IDENIFICATIONTYPE_ZVR,
+ Constants.IDENIFICATIONTYPE_ERSB,
+ Constants.IDENIFICATIONTYPE_STORK);
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
+ */
+ @Override
+ public String getName() {
+ return "OATargetConfig";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> parse(OnlineApplication dbOA,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+ subTargetSet = MiscUtil.isNotEmpty(getTarget_subsector());
+
+ String target_full = dbOA.getTarget();
+ if (MiscUtil.isNotEmpty(target_full)) {
+ if (TargetValidator.isValidTarget(target_full)) {
+ target = target_full;
+
+ } else {
+ String[] target_split = target_full.split("-");
+
+ if (TargetValidator.isValidTarget(target_split[0])) {
+ target = target_split[0];
+ if (target_split.length > 1)
+ target_subsector = target_split[1];
+
+ } else {
+ target = "";
+ target_subsector = null;
+ target_admin = target_full;
+ isAdminTarget = true;
+ }
+ }
+ targetFriendlyName = dbOA.getTargetFriendlyName();
+ }
+
+ AuthComponentOA oaauth = dbOA.getAuthComponentOA();
+ if (oaauth != null) {
+
+ IdentificationNumber idnumber = oaauth.getIdentificationNumber();
+ if (idnumber != null) {
+ String number = idnumber.getValue();
+ if (MiscUtil.isNotEmpty(number)) {
+ String[] split = number.split("\\+");
+
+ if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) {
+ identificationType = split[1];
+ identificationNumber = split[2];
+ } else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) {
+ //identificationType = split[1]; // setting at as iden category ?
+ identificationType = Constants.IDENIFICATIONTYPE_STORK;
+ identificationNumber = split[2]; // setting sp country as ident type -> sp ident
+ }
+ }
+
+ if (authUser.isOnlyBusinessService()) {
+ deaktivededBusinessService = authUser.isOnlyBusinessService();
+
+ identificationType = authUser.getBusinessServiceType();
+ identificationNumber = authUser.getBusinessServiceNumber();
+
+ }
+
+ }
+ }
+
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+
+ AuthComponentOA authoa = dbOA.getAuthComponentOA();
+ if (authoa == null) {
+ authoa = new AuthComponentOA();
+ dbOA.setAuthComponentOA(authoa);
+ }
+
+ if (isBusinessService(dbOA) || authUser.isOnlyBusinessService()) {
+
+ dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE);
+
+ String num = null;
+ if (authUser.isOnlyBusinessService()) {
+ deaktivededBusinessService = authUser.isOnlyBusinessService();
+ num = authUser.getBusinessServiceType() + authUser.getBusinessServiceNumber();
+
+ } else {
+
+ num = getIdentificationNumber().replaceAll(" ", "");
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) {
+ num = num.substring(Constants.IDENIFICATIONTYPE_FN.length());
+
+ num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num);
+
+ // num = StringUtils.leftPad(num, 7, '0');
+ }
+
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR))
+ num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length());
+
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB))
+ num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length());
+ }
+
+ IdentificationNumber idnumber = new IdentificationNumber();
+
+ if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) {
+ idnumber.setValue(Constants.PREFIX_STORK + "AT" + "+" + num);
+ idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType()));
+ } else {
+ idnumber.setValue(Constants.PREFIX_WPBK + getIdentificationType() + "+" + num);
+ idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType()));
+ }
+
+ authoa.setIdentificationNumber(idnumber);
+
+ } else {
+ dbOA.setType(null);
+
+ if (authUser.isAdmin()) {
+ if (MiscUtil.isNotEmpty(getTarget_admin()) && isAdminTarget()) {
+ dbOA.setTarget(getTarget_admin());
+ dbOA.setTargetFriendlyName(getTargetFriendlyName());
+
+ } else {
+
+ String target = getTarget();
+
+ if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet)
+ dbOA.setTarget(target + "-" + getTarget_subsector());
+ else
+ dbOA.setTarget(target);
+
+ String targetname = TargetValidator.getTargetFriendlyName(target);
+ if (MiscUtil.isNotEmpty(targetname)) dbOA.setTargetFriendlyName(targetname);
+
+ }
+
+ } else {
+
+ if (MiscUtil.isNotEmpty(getTarget())) {
+
+ String target = getTarget();
+
+ if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet)
+ dbOA.setTarget(target + "-" + getTarget_subsector());
+
+ else
+ dbOA.setTarget(target);
+
+ String targetname = TargetValidator.getTargetFriendlyName(target);
+ if (MiscUtil.isNotEmpty(targetname)) dbOA.setTargetFriendlyName(targetname);
+
+ }
+ }
+ }
+ return null;
+ }
+
+ /**
+ * @return
+ */
+ private boolean isBusinessService(OnlineApplication dbOA) {
+ if (dbOA.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE))
+ return true;
+ else
+ return false;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+ return new OATargetConfigValidation().validate(this, authUser.isAdmin(), general, request);
+ }
+
+ public String getTarget() {
+ return target;
+ }
+
+ public void setTarget(String target) {
+ this.target = target;
+ }
+
+ public String getTargetFriendlyName() {
+ return targetFriendlyName;
+ }
+
+ public void setTargetFriendlyName(String targetFriendlyName) {
+ this.targetFriendlyName = targetFriendlyName;
+ }
+
+ public String getIdentificationNumber() {
+ return identificationNumber;
+ }
+
+ public void setIdentificationNumber(String identificationNumber) {
+ this.identificationNumber = identificationNumber;
+ }
+
+ public String getIdentificationType() {
+ return identificationType;
+ }
+
+ public void setIdentificationType(String identificationType) {
+ this.identificationType = identificationType;
+ }
+
+ /**
+ * @return the target_subsector
+ */
+ public String getTarget_subsector() {
+ return target_subsector;
+ }
+
+
+ /**
+ * @param target_subsector the target_subsector to set
+ */
+ public void setTarget_subsector(String target_subsector) {
+ this.target_subsector = target_subsector;
+ }
+
+
+ /**
+ * @return the target_admin
+ */
+ public String getTarget_admin() {
+ return target_admin;
+ }
+
+
+ /**
+ * @param target_admin the target_admin to set
+ */
+ public void setTarget_admin(String target_admin) {
+ this.target_admin = target_admin;
+ }
+
+
+ /**
+ * @return the targetList
+ */
+ public List<String> getTargetList() {
+ return targetList;
+ }
+
+
+ /**
+ * @return the identificationTypeList
+ */
+ public List<String> getIdentificationTypeList() {
+ return identificationTypeList;
+ }
+
+
+ /**
+ * @return the isAdminTarget
+ */
+ public boolean isAdminTarget() {
+ return isAdminTarget;
+ }
+
+
+ /**
+ * @param isAdminTarget the isAdminTarget to set
+ */
+ public void setAdminTarget(boolean isAdminTarget) {
+ this.isAdminTarget = isAdminTarget;
+ }
+
+ /**
+ * @return the deaktivededBusinessService
+ */
+ public boolean isDeaktivededBusinessService() {
+ return deaktivededBusinessService;
+ }
+
+
+ /**
+ * @param deaktivededBusinessService the deaktivededBusinessService to set
+ */
+ public void setDeaktivededBusinessService(boolean deaktivededBusinessService) {
+ this.deaktivededBusinessService = deaktivededBusinessService;
+ }
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/BasicOAActionException.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/BasicOAActionException.java
new file mode 100644
index 000000000..0bca3be0d
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/BasicOAActionException.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.configuration.exception;
+
+/**
+ * @author tlenz
+ *
+ */
+public class BasicOAActionException extends Exception {
+
+ private String strutsError;
+ private String strutsReturnValue;
+
+ private static final long serialVersionUID = -7989218660771842780L;
+
+ /**
+ *
+ */
+ public BasicOAActionException(String strutsError, String strutsReturnValue) {
+ this.strutsError = strutsError;
+ this.strutsReturnValue = strutsReturnValue;
+ }
+
+ /**
+ * @return the strutsError
+ */
+ public String getStrutsError() {
+ return strutsError;
+ }
+
+ /**
+ * @return the strutsReturnValue
+ */
+ public String getStrutsReturnValue() {
+ return strutsReturnValue;
+ }
+
+
+
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
index 0d52234bc..190773bf0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
@@ -150,7 +150,7 @@ public class AuthenticationFilter implements Filter{
if (authuser == null) {
- authuser = new AuthenticatedUser(0, "Max", "TestUser", null, "maxtestuser", true, true, false, false);
+ authuser = AuthenticatedUser.generateDefaultUser();
//authuser = new AuthenticatedUser(1, "Max", "TestUser", true, false);
httpServletRequest.getSession().setAttribute(Constants.SESSION_AUTH, authuser);
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
index d3a9ffcd4..24ee653f3 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
@@ -29,26 +29,53 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.data.OAListElement;
+import at.gv.egovernment.moa.id.configuration.data.OAListElement.ServiceType;
public class FormDataHelper {
- public static ArrayList<OAListElement> addFormOAs(List<OnlineApplication> dbOAs) {
+ public static ArrayList<OAListElement> populateFormWithInderfederationIDPs(List<OnlineApplication> dbOAs) {
ArrayList<OAListElement> formOAs = new ArrayList<OAListElement>();
for (OnlineApplication dboa : dbOAs) {
- OAListElement listoa = new OAListElement();
- listoa.setActive(dboa.isIsActive());
- listoa.setDataBaseID(dboa.getHjid());
- listoa.setOaFriendlyName(dboa.getFriendlyName());
- listoa.setOaIdentifier(dboa.getPublicURLPrefix());
- listoa.setOaType(dboa.getType());
- formOAs.add(listoa);
- }
+
+ if (dboa.isIsInterfederationIDP()!= null && dboa.isIsInterfederationIDP())
+ formOAs.add(addOAFormListElement(dboa, ServiceType.IDP));
+
+ else if (dboa.getAuthComponentOA().getOASTORK() != null
+ && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null
+ && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled())
+ formOAs.add(addOAFormListElement(dboa, ServiceType.VIDP));
+ }
+ return formOAs;
+ }
+
+ public static ArrayList<OAListElement> populateFormWithOAs(List<OnlineApplication> dbOAs) {
+ ArrayList<OAListElement> formOAs = new ArrayList<OAListElement>();
+
+ for (OnlineApplication dboa : dbOAs) {
+
+ if ( !((dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) ||
+ (dboa.getAuthComponentOA().getOASTORK() != null
+ && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null
+ && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()))) {
+ formOAs.add(addOAFormListElement(dboa, ServiceType.OA));
+ }
+ }
return formOAs;
}
+ private static OAListElement addOAFormListElement(OnlineApplication dboa, ServiceType type) {
+ OAListElement listoa = new OAListElement(type);
+ listoa.setActive(dboa.isIsActive());
+ listoa.setDataBaseID(dboa.getHjid());
+ listoa.setOaFriendlyName(dboa.getFriendlyName());
+ listoa.setOaIdentifier(dboa.getPublicURLPrefix());
+ listoa.setOaType(dboa.getType());
+ return listoa;
+ }
+
public static ArrayList<AuthenticatedUser> addFormUsers(List<UserDatabase> dbuserlist) {
ArrayList<AuthenticatedUser> userlist = new ArrayList<AuthenticatedUser>();
@@ -57,16 +84,9 @@ public class FormDataHelper {
boolean ismandate = false;
if (dbuser.isIsMandateUser() != null)
ismandate = dbuser.isIsMandateUser();
-
-
- userlist.add(new AuthenticatedUser(
- dbuser.getHjid(),
- dbuser.getGivenname(),
- dbuser.getFamilyname(),
- dbuser.getInstitut(),
- dbuser.getUsername(),
+
+ userlist.add(new AuthenticatedUser(dbuser,
dbuser.isIsActive(),
- dbuser.isIsAdmin(),
ismandate,
false));
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java
index 67bd13dd2..9630bc232 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java
@@ -54,6 +54,7 @@ public class BasicAction extends ActionSupport implements ServletRequestAware,
protected ConfigurationProvider configuration = null;
protected AuthenticatedUser authUser = null;
protected HttpSession session = null;
+ protected String formID;
protected void populateBasicInformations() throws BasicActionException {
try {
@@ -101,6 +102,19 @@ public class BasicAction extends ActionSupport implements ServletRequestAware,
}
+ /**
+ * @return the formID
+ */
+ public String getFormID() {
+ return formID;
+ }
+
+ /**
+ * @param formID the formID to set
+ */
+ public void setFormID(String formID) {
+ this.formID = formID;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
new file mode 100644
index 000000000..43954828c
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -0,0 +1,452 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.configuration.struts.action;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.LinkedHashMap;
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData;
+import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig;
+import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
+import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException;
+import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class BasicOAAction extends BasicAction {
+
+ private static final long serialVersionUID = 5676123696807646246L;
+ private final Logger log = Logger.getLogger(BasicOAAction.class);
+
+ protected LinkedHashMap<String, IOnlineApplicationData> formList;
+ protected long oaid = -1;
+
+ private String oaidobj;
+ private boolean newOA;
+ private boolean isMetaDataRefreshRequired = false;
+
+ /**
+ *
+ */
+ public BasicOAAction() {
+ formList = new LinkedHashMap<String, IOnlineApplicationData>();
+
+ OAGeneralConfig generalOA = new OAGeneralConfig();
+ formList.put(generalOA.getName(), generalOA);
+
+ }
+
+ protected OnlineApplication populateOnlineApplicationFromRequest() throws BasicOAActionException{
+ if (!ValidationHelper.validateOAID(oaidobj)) {
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("errors.edit.oa.oaid", request),
+ Constants.STRUTS_ERROR);
+
+ }
+ oaid = Long.valueOf(oaidobj);
+
+ UserDatabase userdb = null;
+ OnlineApplication onlineapplication = null;
+
+ if (authUser.isAdmin())
+ onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid);
+
+ else {
+ userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+
+ if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
+ log.info("Online-Applikation managemant disabled. Mail address is not verified.");
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("error.editoa.mailverification", request),
+ Constants.STRUTS_SUCCESS);
+
+ }
+
+ // TODO: change to direct Database operation
+ List<OnlineApplication> oas = userdb.getOnlineApplication();
+ for (OnlineApplication oa : oas) {
+ if (oa.getHjid() == oaid) {
+ onlineapplication = oa;
+ break;
+ }
+ }
+ if (onlineapplication == null) {
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("errors.edit.oa.oaid", request),
+ Constants.STRUTS_ERROR);
+ }
+ }
+
+ return onlineapplication;
+
+ }
+
+ protected void populateBasicNewOnlineApplicationInformation() {
+ session.setAttribute(Constants.SESSION_OAID, null);
+
+ setNewOA(true);
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null);
+ }
+
+ protected OnlineApplication postProcessSaveOnlineApplication(OnlineApplication onlineapplication ) throws BasicOAActionException {
+ if (onlineapplication == null) {
+ onlineapplication = new OnlineApplication();
+ onlineapplication.setIsNew(true);
+ onlineapplication.setIsActive(false);
+
+ if (!authUser.isAdmin()) {
+ onlineapplication.setIsAdminRequired(true);
+
+ } else
+ isMetaDataRefreshRequired = true;
+
+ } else {
+ onlineapplication.setIsNew(false);
+ if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(getGeneralOA().getIdentifier())) {
+
+ onlineapplication.setIsAdminRequired(true);
+ onlineapplication.setIsActive(false);
+ log.info("User with ID " + authUser.getUserID() + " change OA-PublicURLPrefix. Reaktivation is required.");
+ }
+
+ }
+
+ if ((onlineapplication.isIsAdminRequired() == null)
+ || (authUser.isAdmin() && getGeneralOA().isActive() && onlineapplication.isIsAdminRequired())) {
+
+ onlineapplication.setIsAdminRequired(false);
+ isMetaDataRefreshRequired = true;
+
+ UserDatabase userdb = null;
+ if (onlineapplication.getHjid() != null)
+ userdb = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid());
+
+ if (userdb != null && !userdb.isIsAdmin()) {
+ try {
+ MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(),
+ userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail());
+ } catch (ConfigurationException e) {
+ log.warn("Sending Mail to User " + userdb.getMail() + " failed", e);
+ }
+ }
+ }
+
+ //save OA configuration
+ String error = saveOAConfigToDatabase(onlineapplication);
+ if (MiscUtil.isNotEmpty(error)) {
+ log.warn("OA configuration can not be stored!");
+ addActionError(error);
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ throw new BasicOAActionException(error, Constants.STRUTS_ERROR_VALIDATION);
+ }
+
+ //set metadata reload flag if reload is required
+
+ if (getPvp2OA() != null && getPvp2OA().getMetaDataURL() != null) {
+
+ try {
+ if (isMetaDataRefreshRequired
+ || !getPvp2OA().getMetaDataURL().equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())
+ || getPvp2OA().getFileUpload() != null
+ || getPvp2OA().isReLoad()) {
+
+ log.debug("Set PVP2 Metadata refresh flag.");
+ MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration();
+ moaconfig.setPvp2RefreshItem(new Date());
+ ConfigurationDBUtils.saveOrUpdate(moaconfig);
+
+ }
+ } catch (Throwable e) {
+ log.info("Found no MetadataURL in OA-Databaseconfig!", e);
+ }
+
+ }
+
+ return onlineapplication;
+ }
+
+ protected OnlineApplication preProcessSaveOnlineApplication() throws BasicOAActionException {
+ try {
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ throw new BasicOAActionException(
+ "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID(),
+ Constants.STRUTS_ERROR);
+ }
+ } else {
+ throw new BasicOAActionException(
+ "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID(),
+ Constants.STRUTS_ERROR);
+
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
+ UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+ if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
+ log.info("Online-Applikation managemant disabled. Mail address is not verified.");
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("error.editoa.mailverification", request),
+ Constants.STRUTS_SUCCESS);
+ }
+
+ OnlineApplication onlineapplication = null;
+
+ Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID);
+ Long oaid = (long) -1;
+
+ if (oadbid != null) {
+ try {
+ oaid = (Long) oadbid;
+ if (oaid < 0 || oaid > Long.MAX_VALUE) {
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("errors.edit.oa.oaid", request),
+ Constants.STRUTS_ERROR);
+ }
+
+ } catch (Throwable t) {
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("errors.edit.oa.oaid", request),
+ Constants.STRUTS_ERROR);
+ }
+ }
+
+ // valid DBID and check entry
+ OAGeneralConfig oaGeneralForm = ((OAGeneralConfig)formList.get(new OAGeneralConfig().getName()));
+ String oaidentifier = oaGeneralForm.getIdentifier();
+ if (MiscUtil.isEmpty(oaidentifier)) {
+ log.info("Empty OA identifier");
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request),
+ Constants.STRUTS_ERROR_VALIDATION);
+
+ } else {
+
+ if (!ValidationHelper.validateURL(oaidentifier)) {
+ log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier);
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
+ new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request),
+ Constants.STRUTS_ERROR_VALIDATION);
+
+ } else {
+
+ if (oaid == -1) {
+ onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier);
+ setNewOA(true);
+ if (onlineapplication != null) {
+ log.info("The OAIdentifier is not unique");
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request),
+ Constants.STRUTS_ERROR_VALIDATION);
+
+ }
+
+ } else {
+ onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid);
+ if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) {
+
+ if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) {
+ log.info("The OAIdentifier is not unique");
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request),
+ Constants.STRUTS_ERROR_VALIDATION);
+
+ }
+ }
+ }
+ }
+ }
+
+ return onlineapplication;
+
+ } catch (BasicOAActionException e) {
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ throw e;
+ }
+
+ }
+
+ protected String preProcessDeleteOnlineApplication() throws BasicOAActionException {
+ try {
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID());
+ throw new BasicOAActionException(
+ "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID(),
+ Constants.STRUTS_ERROR);
+
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID());
+ throw new BasicOAActionException(
+ "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID(),
+ Constants.STRUTS_ERROR);
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
+ UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+ if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
+ log.info("Online-Applikation managemant disabled. Mail address is not verified.");
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("error.editoa.mailverification", request),
+ Constants.STRUTS_SUCCESS);
+
+ }
+
+ String oaidentifier = getGeneralOA().getIdentifier();
+ if (MiscUtil.isEmpty(oaidentifier)) {
+ log.info("Empty OA identifier");
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request),
+ Constants.STRUTS_ERROR_VALIDATION);
+
+ } else {
+ if (ValidationHelper.isValidOAIdentifier(oaidentifier)) {
+ log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier);
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
+ new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request),
+ Constants.STRUTS_ERROR_VALIDATION);
+ }
+ }
+
+ return oaidentifier;
+
+ } catch (BasicOAActionException e) {
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ throw e;
+ }
+ }
+
+ private String saveOAConfigToDatabase(OnlineApplication dboa) {
+
+ for (IOnlineApplicationData form : formList.values())
+ form.store(dboa, authUser, request);
+
+ try {
+ if (dboa.isIsNew()) {
+ ConfigurationDBUtils.save(dboa);
+
+ if (!authUser.isAdmin()) {
+ UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+
+ List<OnlineApplication> useroas = user.getOnlineApplication();
+ if (useroas == null) useroas = new ArrayList<OnlineApplication>();
+
+ useroas.add(dboa);
+ ConfigurationDBUtils.saveOrUpdate(user);
+ }
+ } else
+ ConfigurationDBUtils.saveOrUpdate(dboa);
+
+ } catch (MOADatabaseException e) {
+ log.warn("Online-Application can not be stored.", e);
+ return LanguageHelper.getErrorString("error.db.oa.store", request);
+ }
+
+ return null;
+ }
+
+ /**
+ * @param oaidobj the oaidobj to set
+ */
+ public void setOaidobj(String oaidobj) {
+ this.oaidobj = oaidobj;
+ }
+
+ /**
+ * @return the newOA
+ */
+ public boolean isNewOA() {
+ return newOA;
+ }
+
+ /**
+ * @param newOA the newOA to set
+ */
+ public void setNewOA(boolean newOA) {
+ this.newOA = newOA;
+ }
+
+ public OAGeneralConfig getGeneralOA() {
+ return (OAGeneralConfig) formList.get(new OAGeneralConfig().getName());
+ }
+
+ public void setGeneralOA(OAGeneralConfig generalOA) {
+ formList.put(generalOA.getName(), generalOA);
+ }
+
+
+ public OAPVP2Config getPvp2OA() {
+ return (OAPVP2Config) formList.get(new OAPVP2Config().getName());
+ }
+
+ public void setPvp2OA(OAPVP2Config pvp2oa) {
+ formList.put(pvp2oa.getName(), pvp2oa);
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
index a54d6c74a..0a308a354 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
@@ -65,6 +65,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor;
import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock;
import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig;
@@ -72,7 +73,6 @@ import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig;
import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.helper.StringHelper;
-import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator;
import at.gv.egovernment.moa.id.configuration.validation.moaconfig.StorkConfigValidator;
import at.gv.egovernment.moa.id.util.Random;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
index d2a2cfdf7..6d735a85b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
@@ -28,147 +28,98 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.*;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.configuration.Constants;
-import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.data.FormularCustomization;
import at.gv.egovernment.moa.id.configuration.data.oa.*;
import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
+import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException;
import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
-import at.gv.egovernment.moa.id.configuration.helper.StringHelper;
-import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationValitator;
-import at.gv.egovernment.moa.id.configuration.validation.TargetValidator;
-import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
-import at.gv.egovernment.moa.id.configuration.validation.oa.*;
import at.gv.egovernment.moa.id.util.FormBuildUtils;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.util.MiscUtil;
-import com.opensymphony.xwork2.ActionSupport;
import iaik.utils.URLDecoder;
import org.apache.log4j.Logger;
-import org.apache.struts2.interceptor.ServletRequestAware;
-import org.apache.struts2.interceptor.ServletResponseAware;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
import java.io.*;
-import java.math.BigInteger;
-import java.security.cert.CertificateException;
import java.util.*;
-public class EditOAAction extends BasicAction {
+public class EditOAAction extends BasicOAAction {
private final Logger log = Logger.getLogger(EditOAAction.class);
private static final long serialVersionUID = 1L;
-
- private String oaidobj;
- private boolean newOA;
- private String formID;
-
- private boolean onlyBusinessService = false;
- private boolean subTargetSet = false;
- private boolean deaktivededBusinessService = false;
- private boolean isMetaDataRefreshRequired = false;
-
+
private String nextPage;
-
- private OAGeneralConfig generalOA = new OAGeneralConfig();
- private OAPVP2Config pvp2OA = new OAPVP2Config();
- private OASAML1Config saml1OA = new OASAML1Config();
- private OASSOConfig ssoOA = new OASSOConfig();
- private OAOAuth20Config oauth20OA = new OAOAuth20Config();
- private OASTORKConfig storkOA = new OASTORKConfig();
- private FormularCustomization formOA = new FormularCustomization();
-
private InputStream stream;
-
- private Map<String, byte[]> sendAssertionForm = new HashMap<String, byte[]>();
- private Map<String, byte[]> bkuSelectionForm = new HashMap<String, byte[]>();
+
+ public EditOAAction() {
+ super();
+
+ OATargetConfiguration oaTarget = new OATargetConfiguration();
+ formList.put(oaTarget.getName(), oaTarget);
+
+ OAAuthenticationData authOA = new OAAuthenticationData();
+ formList.put(authOA.getName(), authOA);
+
+ OASSOConfig ssoOA = new OASSOConfig();
+ formList.put(ssoOA.getName(), ssoOA);
+
+ OASAML1Config saml1OA = new OASAML1Config();
+ formList.put(saml1OA.getName(), saml1OA);
+
+ OAPVP2Config pvp2OA = new OAPVP2Config();
+ formList.put(pvp2OA.getName(), pvp2OA);
+
+ OAOAuth20Config oauth20OA = new OAOAuth20Config();
+ formList.put(oauth20OA.getName(), oauth20OA);
+
+ OASTORKConfig storkOA = new OASTORKConfig();
+ formList.put(storkOA.getName(), storkOA);
+
+ Map<String, String> map = new HashMap<String, String>();
+ map.putAll(FormBuildUtils.getDefaultMap());
+ FormularCustomization formOA = new FormularCustomization(map);
+ formList.put(formOA.getName(), formOA);
+
+ }
+
// STRUTS actions
public String inital() {
try {
populateBasicInformations();
+
+ OnlineApplication onlineapplication = populateOnlineApplicationFromRequest();
+ List<String> errors = new ArrayList<String>();
+ for (IOnlineApplicationData form : formList.values()) {
+ List<String> error = form.parse(onlineapplication, authUser, request);
+ if (error != null)
+ errors.addAll(error);
+ }
+ if (errors.size() > 0) {
+ for (String el : errors)
+ addActionError(el);
+ }
+
+ setNewOA(false);
+
+ ConfigurationDBUtils.closeSession();
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ session.setAttribute(Constants.SESSION_OAID, oaid);
+
+ return Constants.STRUTS_OA_EDIT;
+
} catch (BasicActionException e) {
return Constants.STRUTS_ERROR;
+ } catch (BasicOAActionException e) {
+ addActionError(e.getStrutsError());
+ return e.getStrutsReturnValue();
}
-
- long oaid = -1;
-
- if (!ValidationHelper.validateOAID(oaidobj)) {
- addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request));
- return Constants.STRUTS_ERROR;
- }
- oaid = Long.valueOf(oaidobj);
-
- UserDatabase userdb = null;
- OnlineApplication onlineapplication = null;
-
- if (authUser.isAdmin())
- onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid);
-
- else {
- userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
-
- if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
- log.info("Online-Applikation managemant disabled. Mail address is not verified.");
- addActionError(LanguageHelper.getErrorString("error.editoa.mailverification", request));
- return Constants.STRUTS_SUCCESS;
- }
-
- // TODO: change to direct Database operation
- List<OnlineApplication> oas = userdb.getOnlineApplication();
- for (OnlineApplication oa : oas) {
- if (oa.getHjid() == oaid) {
- onlineapplication = oa;
- break;
- }
- }
- if (onlineapplication == null) {
- addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request));
- return Constants.STRUTS_ERROR;
- }
- }
-
- generalOA.parse(onlineapplication);
- ssoOA.parse(onlineapplication);
- saml1OA.parse(onlineapplication);
- oauth20OA.parse(onlineapplication, request);
- session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret());
-
- storkOA.parse(onlineapplication);
-
- Map<String, String> map = new HashMap<String, String>();
- map.putAll(FormBuildUtils.getDefaultMap());
- formOA.parse(onlineapplication, map);
-
- session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, map);
-
- List<String> errors = pvp2OA.parse(onlineapplication, request);
-
- if (errors.size() > 0) {
- for (String el : errors)
- addActionError(el);
- }
-
- subTargetSet = MiscUtil.isNotEmpty(generalOA.getTarget_subsector());
-
- // set UserSpezific OA Parameters
- if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb);
-
- ConfigurationDBUtils.closeSession();
- session.setAttribute(Constants.SESSION_OAID, oaid);
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- newOA = false;
-
- return Constants.STRUTS_OA_EDIT;
}
public String newOA() {
@@ -177,14 +128,19 @@ public class EditOAAction extends BasicAction {
try {
populateBasicInformations();
+ populateBasicNewOnlineApplicationInformation();
+
+ // prepare attribute helper list
+ ArrayList<AttributeHelper> attributes = new ArrayList<AttributeHelper>();
+ for(StorkAttribute current : ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getAttributes())
+ attributes.add(new AttributeHelper(current));
+ getStorkOA().setHelperAttributes(attributes);
+
} catch (BasicActionException e) {
return Constants.STRUTS_ERROR;
}
-
- session.setAttribute(Constants.SESSION_OAID, null);
- nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
-
+
UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
@@ -193,183 +149,45 @@ public class EditOAAction extends BasicAction {
return Constants.STRUTS_SUCCESS;
}
- MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
- if (moaidconfig != null) {
- DefaultBKUs defaultbkus = moaidconfig.getDefaultBKUs();
- if (defaultbkus != null) {
- generalOA.setBkuHandyURL(defaultbkus.getHandyBKU());
- generalOA.setBkuLocalURL(defaultbkus.getLocalBKU());
- generalOA.setBkuOnlineURL(defaultbkus.getOnlineBKU());
- }
- }
-
- // set UserSpezific OA Parameters
- if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb);
-
ConfigurationDBUtils.closeSession();
-
- //VIDP attribute provider configuration
- storkOA = new OASTORKConfig();
- storkOA.getAttributeProviderPlugins().add(new AttributeProviderPlugin());
+ session.setAttribute(Constants.SESSION_OAUTH20SECRET, ((OAOAuth20Config)formList.get(new OAOAuth20Config().getName())).getClientSecret());
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
- newOA = true;
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null);
-
- this.oauth20OA.generateClientSecret();
- session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret());
-
return Constants.STRUTS_OA_EDIT;
}
public String saveOA() {
+
+ OnlineApplication onlineapplication= null;
+
try {
populateBasicInformations();
+ onlineapplication = preProcessSaveOnlineApplication();
+
} catch (BasicActionException e) {
return Constants.STRUTS_ERROR;
+ } catch (BasicOAActionException e) {
+ addActionError(e.getStrutsError());
+ return e.getStrutsReturnValue();
+
}
- Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
- if (formidobj != null && formidobj instanceof String) {
- String formid = (String) formidobj;
- if (!formid.equals(formID)) {
- log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
- + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- } else {
- log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
- + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- session.setAttribute(Constants.SESSION_FORMID, null);
-
- UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
- if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
- log.info("Online-Applikation managemant disabled. Mail address is not verified.");
- addActionError(LanguageHelper.getErrorString("error.editoa.mailverification", request));
- return Constants.STRUTS_SUCCESS;
- }
-
- OnlineApplication onlineapplication = null;
List<String> errors = new ArrayList<String>();
-
- Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID);
- Long oaid = (long) -1;
-
- if (oadbid != null) {
- try {
- oaid = (Long) oadbid;
- if (oaid < 0 || oaid > Long.MAX_VALUE) {
- addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request));
- return Constants.STRUTS_ERROR;
- }
-
- } catch (Throwable t) {
- addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request));
- return Constants.STRUTS_ERROR;
- }
- }
-
- // valid DBID and check entry
- String oaidentifier = generalOA.getIdentifier();
- if (MiscUtil.isEmpty(oaidentifier)) {
- log.info("Empty OA identifier");
- errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request));
-
- } else {
-
- if (!ValidationHelper.validateURL(oaidentifier)) {
- log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier);
- errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
- new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request));
- } else {
-
- if (oaid == -1) {
- onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier);
- newOA = true;
- if (onlineapplication != null) {
- log.info("The OAIdentifier is not unique");
- errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request));
- }
-
- } else {
- onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid);
- if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) {
-
- if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) {
- log.info("The OAIdentifier is not unique");
- errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request));
- }
- }
- }
- }
- }
-
- // set UserSpezific OA Parameters
- if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb);
-
- // check form
- OAGeneralConfigValidation validatior_general = new OAGeneralConfigValidation();
- OAPVP2ConfigValidation validatior_pvp2 = new OAPVP2ConfigValidation();
- OASAML1ConfigValidation validatior_saml1 = new OASAML1ConfigValidation();
- OASSOConfigValidation validatior_sso = new OASSOConfigValidation();
- OASTORKConfigValidation validator_stork = new OASTORKConfigValidation();
- FormularCustomizationValitator validator_form = new FormularCustomizationValitator();
- OAOAUTH20ConfigValidation validatior_oauth20 = new OAOAUTH20ConfigValidation();
- OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation();
-
- errors.addAll(validatior_general.validate(generalOA, authUser.isAdmin(), request));
- errors.addAll(validatior_pvp2.validate(pvp2OA, request));
- errors.addAll(validatior_saml1.validate(saml1OA, generalOA, request));
- errors.addAll(validatior_sso.validate(ssoOA, authUser.isAdmin(), request));
- errors.addAll(validator_stork.validate(storkOA, request));
- errors.addAll(validator_form.validate(formOA, request));
- errors.addAll(validatior_oauth20.validate(oauth20OA, request));
-
- //validate BKU-selection template
- List<String> templateError = valiator_fileUpload.validate(generalOA.getBkuSelectionFileUploadFileName()
- , generalOA.getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm, request);
- if (templateError != null && templateError.size() == 0) {
- if (bkuSelectionForm != null && bkuSelectionForm.size() > 0)
- session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm);
-
- else
- bkuSelectionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE);
-
- } else {
- errors.addAll(templateError);
-
- }
-
- //validate send-assertion template
- templateError = valiator_fileUpload.validate(generalOA.getSendAssertionFileUploadFileName()
- , generalOA.getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm, request);
- if (templateError != null && templateError.size() == 0) {
- if (sendAssertionForm != null && sendAssertionForm.size() > 0)
- session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm);
-
- else
- sendAssertionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE);
-
- } else {
- errors.addAll(templateError);
-
- }
-
+
+ //validate forms
+ for (IOnlineApplicationData form : formList.values())
+ errors.addAll(form.validate(getGeneralOA(), authUser, request));
// Do not allow SSO in combination with special BKUSelection features
- if (ssoOA.isUseSSO() && (formOA.isOnlyMandateAllowed() || !formOA.isShowMandateLoginButton())) {
+ if (getSsoOA().isUseSSO() && (getFormOA().isOnlyMandateAllowed() || !getFormOA().isShowMandateLoginButton())) {
log.warn("Special BKUSelection features can not be used in combination with SSO");
errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.valid", request));
}
if (errors.size() > 0) {
- log.info("OAConfiguration with ID " + generalOA.getIdentifier() + " has some errors.");
+ log.info("OAConfiguration with ID " + getGeneralOA().getIdentifier() + " has some errors.");
for (String el : errors)
addActionError(el);
@@ -378,80 +196,14 @@ public class EditOAAction extends BasicAction {
return Constants.STRUTS_ERROR_VALIDATION;
} else {
-
- boolean newentry = false;
-
- if (onlineapplication == null) {
- onlineapplication = new OnlineApplication();
- newentry = true;
- onlineapplication.setIsActive(false);
-
- if (!authUser.isAdmin()) {
- onlineapplication.setIsAdminRequired(true);
-
- } else
- isMetaDataRefreshRequired = true;
-
- } else {
- if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(generalOA.getIdentifier())) {
-
- onlineapplication.setIsAdminRequired(true);
- onlineapplication.setIsActive(false);
- log.info("User with ID " + authUser.getUserID() + " change OA-PublicURLPrefix. Reaktivation is required.");
- }
-
- }
-
- if ((onlineapplication.isIsAdminRequired() == null)
- || (authUser.isAdmin() && generalOA.isActive() && onlineapplication.isIsAdminRequired())) {
-
- onlineapplication.setIsAdminRequired(false);
- isMetaDataRefreshRequired = true;
-
- if (onlineapplication.getHjid() != null)
- userdb = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid());
-
- if (userdb != null && !userdb.isIsAdmin()) {
- try {
- MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(),
- userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail());
- } catch (ConfigurationException e) {
- log.warn("Sending Mail to User " + userdb.getMail() + " failed", e);
- }
- }
- }
-
- //save OA configuration
- String error = saveOAConfigToDatabase(onlineapplication, newentry);
- if (MiscUtil.isNotEmpty(error)) {
- log.warn("OA configuration can not be stored!");
- addActionError(error);
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_ERROR_VALIDATION;
- }
-
- //set metadata reload flag if reload is required
- if (pvp2OA.getMetaDataURL() != null) {
-
- try {
- if (isMetaDataRefreshRequired
- || !pvp2OA.getMetaDataURL().equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())
- || pvp2OA.getFileUpload() != null
- || pvp2OA.isReLoad()) {
-
- log.debug("Set PVP2 Metadata refresh flag.");
- MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration();
- moaconfig.setPvp2RefreshItem(new Date());
- ConfigurationDBUtils.saveOrUpdate(moaconfig);
-
- }
- } catch (Throwable e) {
- log.info("Found no MetadataURL in OA-Databaseconfig!", e);
- }
-
- }
+ try {
+ onlineapplication = postProcessSaveOnlineApplication(onlineapplication);
+
+ } catch (BasicOAActionException e) {
+ addActionError(e.getStrutsError());
+ return e.getStrutsReturnValue();
+ }
+
}
Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
@@ -474,7 +226,7 @@ public class EditOAAction extends BasicAction {
if (openUsers != null) numusers = openUsers.size();
try {
- addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success.admin", generalOA.getIdentifier(), request));
+ addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success.admin", getGeneralOA().getIdentifier(), request));
if (numusers > 0 || numoas > 0) MailHelper.sendAdminMail(numoas, numusers);
@@ -483,7 +235,7 @@ public class EditOAAction extends BasicAction {
}
} else
- addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request));
+ addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", getGeneralOA().getIdentifier(), request));
//remove session attributes
session.setAttribute(Constants.SESSION_OAID, null);
@@ -514,7 +266,7 @@ public class EditOAAction extends BasicAction {
session.setAttribute(Constants.SESSION_OAID, null);
- addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.cancle", generalOA.getIdentifier(), request));
+ addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.cancle", getGeneralOA().getIdentifier(), request));
ConfigurationDBUtils.closeSession();
@@ -522,65 +274,30 @@ public class EditOAAction extends BasicAction {
}
public String deleteOA() {
+ String oaidentifier = null;
try {
populateBasicInformations();
+
+ Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String) {
+ nextPage = (String) nextPageAttr;
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
+ }
+
+ oaidentifier = preProcessDeleteOnlineApplication();
+
} catch (BasicActionException e) {
return Constants.STRUTS_ERROR;
+ } catch (BasicOAActionException e) {
+ addActionError(e.getStrutsError());
+ return e.getStrutsReturnValue();
+
}
- Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
- if (formidobj != null && formidobj instanceof String) {
- String formid = (String) formidobj;
- if (!formid.equals(formID)) {
- log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
- + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- } else {
- log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
- + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- session.setAttribute(Constants.SESSION_FORMID, null);
-
- Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
- if (nextPageAttr != null && nextPageAttr instanceof String) {
- nextPage = (String) nextPageAttr;
-
- } else {
- nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
- }
-
- UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
- if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
- log.info("Online-Applikation managemant disabled. Mail address is not verified.");
- addActionError(LanguageHelper.getErrorString("error.editoa.mailverification", request));
- return Constants.STRUTS_SUCCESS;
- }
-
- String oaidentifier = generalOA.getIdentifier();
- if (MiscUtil.isEmpty(oaidentifier)) {
- log.info("Empty OA identifier");
- addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request));
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_ERROR_VALIDATION;
-
- } else {
- if (ValidationHelper.isValidOAIdentifier(oaidentifier)) {
- log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier);
- addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
- new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request));
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_ERROR_VALIDATION;
- }
- }
-
OnlineApplication onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier);
request.getSession().setAttribute(Constants.SESSION_OAID, null);
@@ -620,13 +337,13 @@ public class EditOAAction extends BasicAction {
ConfigurationDBUtils.closeSession();
- addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", generalOA.getIdentifier(), request));
+ addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", oaidentifier, request));
return Constants.STRUTS_SUCCESS;
} else {
ConfigurationDBUtils.closeSession();
- addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", generalOA.getIdentifier(), request));
+ addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", oaidentifier, request));
return Constants.STRUTS_SUCCESS;
}
@@ -711,490 +428,37 @@ public class EditOAAction extends BasicAction {
return Constants.STRUTS_SUCCESS;
}
-
- private String saveOAConfigToDatabase(OnlineApplication dboa, boolean newentry) {
-
- AuthComponentOA authoa = dboa.getAuthComponentOA();
- if (authoa == null) {
- authoa = new AuthComponentOA();
- dboa.setAuthComponentOA(authoa);
- }
-
- if (authUser.isAdmin()) dboa.setIsActive(generalOA.isActive());
-
- dboa.setFriendlyName(generalOA.getFriendlyName());
- dboa.setCalculateHPI(generalOA.isCalculateHPI());
- dboa.setRemoveBPKFromAuthBlock(generalOA.isHideBPKAuthBlock());
-
- if (authUser.isAdmin())
- dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier()));
- else {
- if (newentry) dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR);
- }
-
- dboa.setPublicURLPrefix(generalOA.getIdentifier());
-
- if (generalOA.isBusinessService() || onlyBusinessService) {
-
- dboa.setType(Constants.MOA_CONFIG_BUSINESSSERVICE);
-
- String num = generalOA.getIdentificationNumber().replaceAll(" ", "");
- if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) {
- num = num.substring(Constants.IDENIFICATIONTYPE_FN.length());
-
- num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num);
-
- // num = StringUtils.leftPad(num, 7, '0');
- }
-
- if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR))
- num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length());
-
- if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB))
- num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length());
-
- IdentificationNumber idnumber = new IdentificationNumber();
-
- if (generalOA.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) {
- idnumber.setValue(Constants.PREFIX_STORK + "AT" + "+" + num);
- idnumber.setType(Constants.BUSINESSSERVICENAMES.get(generalOA.getIdentificationType()));
- } else {
- idnumber.setValue(Constants.PREFIX_WPBK + generalOA.getIdentificationType() + "+" + num);
- idnumber.setType(Constants.BUSINESSSERVICENAMES.get(generalOA.getIdentificationType()));
- }
-
-
- authoa.setIdentificationNumber(idnumber);
-
- } else {
- dboa.setType(null);
-
- if (authUser.isAdmin()) {
- if (MiscUtil.isNotEmpty(generalOA.getTarget_admin()) && generalOA.isAdminTarget()) {
- dboa.setTarget(generalOA.getTarget_admin());
- dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName());
-
- } else {
-
- String target = generalOA.getTarget();
-
- if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()) && subTargetSet)
- dboa.setTarget(target + "-" + generalOA.getTarget_subsector());
- else
- dboa.setTarget(target);
-
- String targetname = TargetValidator.getTargetFriendlyName(target);
- if (MiscUtil.isNotEmpty(targetname)) dboa.setTargetFriendlyName(targetname);
-
- }
-
- } else {
-
- if (MiscUtil.isNotEmpty(generalOA.getTarget())) {
-
- String target = generalOA.getTarget();
-
- if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()) && subTargetSet)
- dboa.setTarget(target + "-" + generalOA.getTarget_subsector());
-
- else
- dboa.setTarget(target);
-
- String targetname = TargetValidator.getTargetFriendlyName(target);
- if (MiscUtil.isNotEmpty(targetname)) dboa.setTargetFriendlyName(targetname);
-
- }
- }
- }
-
- //store BKU-URLs
- BKUURLS bkuruls = new BKUURLS();
- authoa.setBKUURLS(bkuruls);
- if (authUser.isAdmin()) {
- bkuruls.setHandyBKU(generalOA.getBkuHandyURL());
- bkuruls.setLocalBKU(generalOA.getBkuLocalURL());
- bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL());
- }
-
- TemplatesType templates = authoa.getTemplates();
- if (templates == null) {
- templates = new TemplatesType();
- authoa.setTemplates(templates);
- }
-
- //store BKU-selection and send-assertion templates
- if (authUser.isAdmin()) {
-
- if (generalOA.isDeleteBKUTemplate())
- templates.setBKUSelectionTemplate(null);
-
- if (generalOA.isDeleteSendAssertionTemplate())
- templates.setSendAssertionTemplate(null);
-
-
- if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) {
- TransformsInfoType template = new TransformsInfoType();
-
- Iterator<String> interator = bkuSelectionForm.keySet().iterator();
- template.setFilename(interator.next());
- template.setTransformation(bkuSelectionForm.get(
- template.getFilename()));
-
- templates.setBKUSelectionTemplate(template);
- }
-
- if (sendAssertionForm != null && sendAssertionForm.size() > 0) {
- TransformsInfoType template = new TransformsInfoType();
-
- Iterator<String> interator = sendAssertionForm.keySet().iterator();
- template.setFilename(interator.next());
- template.setTransformation(sendAssertionForm.get(
- template.getFilename()));
-
- templates.setSendAssertionTemplate(template);
- }
- }
-
-
- //store BKU-selection customization
- BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization();
- if (bkuselectioncustom == null) {
- bkuselectioncustom = new BKUSelectionCustomizationType();
- templates.setBKUSelectionCustomization(bkuselectioncustom);
- }
-
- Mandates mandates = new Mandates();
- if (generalOA.isUseMandates()) {
- if (MiscUtil.isNotEmpty(generalOA.getMandateProfiles())) {
- List<MandatesProfileNameItem> profileList = new ArrayList<MandatesProfileNameItem>();
- String[] inputList = generalOA.getMandateProfiles().split(",");
- for (int i=0; i<inputList.length; i++) {
-
- MandatesProfileNameItem item = new MandatesProfileNameItem();
- item.setItem(inputList[i]);
- profileList.add(item);
- }
- mandates.setProfileNameItems(profileList );
- mandates.setProfiles(null);
- }
-
-
- } else {
- mandates.setProfiles(null);
- mandates.setProfileNameItems(null);
- }
-
- authoa.setMandates(mandates);
- bkuselectioncustom.setMandateLoginButton(MiscUtil.isNotEmpty(generalOA.getMandateProfiles()));
- bkuselectioncustom.setOnlyMandateLoginAllowed(formOA.isOnlyMandateAllowed());
-
- if (authUser.isAdmin()) {
- templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText());
-
- List<TemplateType> template = templates.getTemplate();
- if (generalOA.isLegacy()) {
-
- if (template == null)
- template = new ArrayList<TemplateType>();
- else
- template.clear();
-
- if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL1())) {
- TemplateType el = new TemplateType();
- el.setURL(generalOA.getSLTemplateURL1());
- template.add(el);
- } else
- template.add(new TemplateType());
- if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL2())) {
- TemplateType el = new TemplateType();
- el.setURL(generalOA.getSLTemplateURL2());
- template.add(el);
- } else
- template.add(new TemplateType());
- if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL3())) {
- TemplateType el = new TemplateType();
- el.setURL(generalOA.getSLTemplateURL3());
- template.add(el);
- } else
- template.add(new TemplateType());
-
- } else {
- if (template != null && template.size() > 0) template.clear();
- }
-
- bkuselectioncustom.setBackGroundColor(parseColor(formOA.getBackGroundColor()));
- bkuselectioncustom.setFrontColor(parseColor(formOA.getFrontColor()));
-
- bkuselectioncustom.setHeaderBackGroundColor(parseColor(formOA.getHeader_BackGroundColor()));
- bkuselectioncustom.setHeaderFrontColor(parseColor(formOA.getHeader_FrontColor()));
- bkuselectioncustom.setHeaderText(formOA.getHeader_text());
-
- bkuselectioncustom.setButtonBackGroundColor(parseColor(formOA.getButton_BackGroundColor()));
- bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(formOA.getButton_BackGroundColorFocus()));
- bkuselectioncustom.setButtonFontColor(parseColor(formOA.getButton_FrontColor()));
-
- if (MiscUtil.isNotEmpty(formOA.getAppletRedirectTarget()))
- bkuselectioncustom.setAppletRedirectTarget(formOA.getAppletRedirectTarget());
-
- bkuselectioncustom.setFontType(formOA.getFontType());
-
- bkuselectioncustom.setAppletHeight(formOA.getApplet_height());
- bkuselectioncustom.setAppletWidth(formOA.getApplet_width());
-
- }
-
- // set default transformation if it is empty
- List<TransformsInfoType> transformsInfo = authoa.getTransformsInfo();
- if (transformsInfo == null) {
- // TODO: set OA specific transformation if it is required
-
- }
-
- OAPVP2 pvp2 = authoa.getOAPVP2();
- if (pvp2 == null) {
- pvp2 = new OAPVP2();
- authoa.setOAPVP2(pvp2);
- }
-
- try {
-
- if (pvp2OA.getFileUpload() != null) {
- pvp2.setCertificate(pvp2OA.getCertificate());
- pvp2OA.setReLoad(true);
- }
-
- } catch (CertificateException e) {
- log.info("Uploaded Certificate can not be found", e);
- return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request);
- } catch (IOException e) {
- log.info("Uploaded Certificate can not be parsed", e);
- return LanguageHelper.getErrorString("validation.pvp2.certificate.format", request);
- }
-
- if (pvp2OA.getMetaDataURL() != null &&
- !pvp2OA.getMetaDataURL().equals(pvp2.getMetadataURL()))
- pvp2OA.setReLoad(true);
- pvp2.setMetadataURL(pvp2OA.getMetaDataURL());
-
- if (pvp2OA.isReLoad())
- pvp2.setUpdateRequiredItem(new Date());
-
- OASAML1 saml1 = authoa.getOASAML1();
- if (saml1 == null) {
- saml1 = new OASAML1();
- authoa.setOASAML1(saml1);
- saml1.setIsActive(false);
- }
-
- if (authUser.isAdmin()) {
- saml1.setIsActive(saml1OA.isActive());
- }
-
- if (saml1.isIsActive() != null && saml1.isIsActive()) {
- saml1.setProvideAUTHBlock(saml1OA.isProvideAuthBlock());
- saml1.setProvideCertificate(saml1OA.isProvideCertificate());
- saml1.setProvideFullMandatorData(saml1OA.isProvideFullMandateData());
- saml1.setProvideIdentityLink(saml1OA.isProvideIdentityLink());
- saml1.setProvideStammzahl(saml1OA.isProvideStammZahl());
- saml1.setUseCondition(saml1OA.isUseCondition());
- saml1.setConditionLength(BigInteger.valueOf(saml1OA.getConditionLength()));
- // TODO: set sourceID
- // saml1.setSourceID("");
- }
-
- OASSO sso = authoa.getOASSO();
- if (sso == null) {
- sso = new OASSO();
- authoa.setOASSO(sso);
- sso.setAuthDataFrame(true);
- }
- sso.setUseSSO(ssoOA.isUseSSO());
-
- if (authUser.isAdmin()) sso.setAuthDataFrame(ssoOA.isShowAuthDataFrame());
-
- sso.setSingleLogOutURL(ssoOA.getSingleLogOutURL());
-
- if (oauth20OA != null) {
- log.debug("Saving OAuth 2.0 configuration:");
- OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20();
- if (oaOAuth20 == null) {
- oaOAuth20 = new OAOAUTH20();
- authoa.setOAOAUTH20(oaOAuth20);
- }
-
- oaOAuth20.setOAuthClientId(generalOA.getIdentifier());
- // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret());
- oaOAuth20.setOAuthRedirectUri(oauth20OA.getRedirectUri());
- log.debug("client id: " + oauth20OA.getClientId());
- log.debug("client secret: " + oauth20OA.getClientSecret());
- log.debug("redirect uri:" + oauth20OA.getRedirectUri());
-
- oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute(Constants.SESSION_OAUTH20SECRET));
- request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null);
-
- }
-
-
- // fetch stork configuration from database model
- OASTORK stork = authoa.getOASTORK();
- if (stork == null) {
- // if there is none, create a new one with default values.
- stork = new OASTORK();
- authoa.setOASTORK(stork);
- stork.setStorkLogonEnabled(false);
- }
- // transfer the incoming data to the database model
- stork.setStorkLogonEnabled(storkOA.isStorkLogonEnabled());
- stork.setQaa(storkOA.getQaa());
- stork.setOAAttributes(storkOA.getAttributes());
- stork.setVidpEnabled(storkOA.isVidpEnabled());
- stork.setRequireConsent(storkOA.isRequireConsent());
- stork.setAttributeProviders(storkOA.getAttributeProviderPlugins());
- stork.setCPEPS(storkOA.getEnabledCPEPS());
-
- try {
- if (newentry) {
- ConfigurationDBUtils.save(dboa);
-
- if (!authUser.isAdmin()) {
- UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID());
-
- List<OnlineApplication> useroas = user.getOnlineApplication();
- if (useroas == null) useroas = new ArrayList<OnlineApplication>();
-
- useroas.add(dboa);
- ConfigurationDBUtils.saveOrUpdate(user);
- }
- } else
- ConfigurationDBUtils.saveOrUpdate(dboa);
-
- } catch (MOADatabaseException e) {
- log.warn("Online-Application can not be stored.", e);
- return LanguageHelper.getErrorString("error.db.oa.store", request);
- }
-
- return null;
+
+ public OAAuthenticationData getAuthOA() {
+ return (OAAuthenticationData) formList.get(new OAAuthenticationData().getName());
}
- private String parseColor(String color) {
- String value = "";
-
- if (MiscUtil.isNotEmpty(color)) {
- if (!color.startsWith("#"))
- value = "#" + color;
- else
- value = color;
- }
- return value;
- }
-
- private void generateUserSpecificConfigurationOptions(UserDatabase userdb) {
-
- if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) {
- String bpk = userdb.getBpk();
- if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN) || bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_ZVR) || bpk.startsWith(Constants.IDENIFICATIONTYPE_STORK)) {
- onlyBusinessService = true;
- generalOA.setBusinessService(true);
- }
-
- deaktivededBusinessService = true;
-
- String[] split = bpk.split("\\+");
- generalOA.setIdentificationType(split[1].substring(1));
-
- if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN))
- generalOA.setIdentificationNumber(at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(split[2]));
- else
- generalOA.setIdentificationNumber(split[2]);
-
- }
-
- }
-
- public String setGeneralOAConfig() {
-
- return Constants.STRUTS_SUCCESS;
- }
-
- public String setSAML1OAConfig() {
-
- return Constants.STRUTS_SUCCESS;
- }
-
- public String setPVP2OAConfig() {
-
- return Constants.STRUTS_SUCCESS;
- }
-
- public String setSSOOAConfig() {
-
- return Constants.STRUTS_SUCCESS;
- }
-
- public String setSTORKOAConfig() {
-
- return Constants.STRUTS_SUCCESS;
- }
-
- public OAGeneralConfig getGeneralOA() {
- return generalOA;
- }
-
- public void setGeneralOA(OAGeneralConfig generalOA) {
- this.generalOA = generalOA;
- }
-
- public OAPVP2Config getPvp2OA() {
- return pvp2OA;
- }
-
- public void setPvp2OA(OAPVP2Config pvp2oa) {
- pvp2OA = pvp2oa;
+ public void setAuthOA(OAAuthenticationData generalOA) {
+ formList.put(generalOA.getName(), generalOA);
}
public OASAML1Config getSaml1OA() {
- return saml1OA;
+ return (OASAML1Config) formList.get(new OASAML1Config().getName());
}
public void setSaml1OA(OASAML1Config saml1oa) {
- saml1OA = saml1oa;
+ formList.put(saml1oa.getName(), saml1oa);
}
public OASSOConfig getSsoOA() {
- return ssoOA;
+ return (OASSOConfig) formList.get(new OASSOConfig().getName());
}
public void setSsoOA(OASSOConfig ssoOA) {
- this.ssoOA = ssoOA;
+ formList.put(ssoOA.getName(), ssoOA);
}
public OASTORKConfig getStorkOA() {
- return storkOA;
+ return (OASTORKConfig) formList.get(new OASTORKConfig().getName());
}
public void setStorkOA(OASTORKConfig storkOA) {
- this.storkOA = storkOA;
- }
-
- /**
- * @param oaidobj the oaidobj to set
- */
- public void setOaidobj(String oaidobj) {
- this.oaidobj = oaidobj;
- }
-
- /**
- * @return the newOA
- */
- public boolean isNewOA() {
- return newOA;
- }
-
- /**
- * @param newOA the newOA to set
- */
- public void setNewOA(boolean newOA) {
- this.newOA = newOA;
+ formList.put(storkOA.getName(), storkOA);
}
/**
@@ -1205,75 +469,17 @@ public class EditOAAction extends BasicAction {
}
/**
- * @return the formID
- */
- public String getFormID() {
- return formID;
- }
-
- /**
- * @param formID the formID to set
- */
- public void setFormID(String formID) {
- this.formID = formID;
- }
-
- /**
- * @return the onlyBusinessService
- */
- public boolean isOnlyBusinessService() {
- return onlyBusinessService;
- }
-
- /**
- * @param onlyBusinessService the onlyBusinessService to set
- */
- public void setOnlyBusinessService(boolean onlyBusinessService) {
- this.onlyBusinessService = onlyBusinessService;
- }
-
-
- /**
- * @return the subTargetSet
- */
- public boolean isSubTargetSet() {
- return subTargetSet;
- }
-
- /**
- * @param subTargetSet the subTargetSet to set
- */
- public void setSubTargetSet(boolean subTargetSet) {
- this.subTargetSet = subTargetSet;
- }
-
- /**
- * @return the deaktivededBusinessService
- */
- public boolean isDeaktivededBusinessService() {
- return deaktivededBusinessService;
- }
-
-
- /**
- * @param deaktivededBusinessService the deaktivededBusinessService to set
- */
- public void setDeaktivededBusinessService(boolean deaktivededBusinessService) {
- this.deaktivededBusinessService = deaktivededBusinessService;
- }
-
- /**
* @return the formOA
*/
public FormularCustomization getFormOA() {
- return formOA;
+ return (FormularCustomization) formList.get(new FormularCustomization(null).getName());
}
/**
* @param formOA the formOA to set
*/
public void setFormOA(FormularCustomization formOA) {
- this.formOA = formOA;
+ formList.put(formOA.getName(), formOA);
}
/**
@@ -1284,11 +490,25 @@ public class EditOAAction extends BasicAction {
}
public OAOAuth20Config getOauth20OA() {
- return oauth20OA;
+ return (OAOAuth20Config) formList.get(new OAOAuth20Config().getName());
}
public void setOauth20OA(OAOAuth20Config oauth20OA) {
- this.oauth20OA = oauth20OA;
+ formList.put(oauth20OA.getName(), oauth20OA);
+ }
+
+ /**
+ * @return the formOA
+ */
+ public OATargetConfiguration getTargetConfig() {
+ return (OATargetConfiguration) formList.get(new OATargetConfiguration().getName());
+ }
+
+ /**
+ * @param formOA the formOA to set
+ */
+ public void setTargetConfig(OATargetConfiguration formOA) {
+ formList.put(formOA.getName(), formOA);
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index d04592aa3..e019b70bb 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -77,13 +77,12 @@ import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
-import com.opensymphony.xwork2.ActionSupport;
-
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
@@ -94,7 +93,6 @@ import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
-import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -215,14 +213,8 @@ public class IndexAction extends BasicAction {
if (dbuser.isIsMandateUser() != null)
ismandateuser = dbuser.isIsMandateUser();
- AuthenticatedUser authuser = new AuthenticatedUser(
- dbuser.getHjid(),
- dbuser.getGivenname(),
- dbuser.getFamilyname(),
- dbuser.getInstitut(),
- dbuser.getUsername(),
+ AuthenticatedUser authuser = new AuthenticatedUser(dbuser,
true,
- dbuser.isIsAdmin(),
ismandateuser,
false);
@@ -424,16 +416,7 @@ public class IndexAction extends BasicAction {
user.setIsusernamepasswordallowed(false);
user.setIsmandateuser(false);
user.setPVPGenerated(true);
-
- authUser = new AuthenticatedUser();
- authUser.setAdmin(false);
- authUser.setAuthenticated(false);
- authUser.setLastLogin(null);
- authUser.setUserID(-1);
- authUser.setUserName(null);
- authUser.setPVP2Login(true);
- authUser.setMandateUser(false);
-
+
//loop through the nodes to get what we want
List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements();
for (int i = 0; i < attributeStatements.size(); i++)
@@ -445,26 +428,24 @@ public class IndexAction extends BasicAction {
if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) {
user.setFamilyName(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent());
- authUser.setFamilyName(user.getFamilyName());
}
if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) {
user.setGivenName(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent());
- authUser.setGivenName(user.getGivenName());
}
if (strAttributeName.equals(PVPConstants.MANDATE_TYPE_NAME)) {
- authUser.setMandateUser(true);
user.setIsmandateuser(true);
}
if (strAttributeName.equals(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)) {
user.setInstitut(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent());
- authUser.setInstitute(user.getInstitut());
}
}
}
+ authUser = AuthenticatedUser.generateUserRequestUser(user);
+
//set Random value
formID = Random.nextRandom();
session.setAttribute(Constants.SESSION_FORMID, formID);
@@ -484,14 +465,8 @@ public class IndexAction extends BasicAction {
session.setAttribute(Constants.SESSION_FORMID, formID);
user = new UserDatabaseFrom(dbuser);
- authUser = new AuthenticatedUser(
- dbuser.getHjid(),
- dbuser.getGivenname(),
- dbuser.getFamilyname(),
- dbuser.getInstitut(),
- dbuser.getUsername(),
+ authUser = new AuthenticatedUser(dbuser,
false,
- false,
dbuser.isIsMandateUser(),
true);
session.setAttribute(Constants.SESSION_FORM, user);
@@ -511,14 +486,7 @@ public class IndexAction extends BasicAction {
if (dbuser.isIsMandateUser() != null)
ismandateuser = dbuser.isIsMandateUser();
- authUser = new AuthenticatedUser(
- dbuser.getHjid(),
- dbuser.getGivenname(),
- dbuser.getFamilyname(),
- dbuser.getInstitut(),
- dbuser.getUsername(),
- true,
- dbuser.isIsAdmin(),
+ authUser = new AuthenticatedUser(dbuser, true,
ismandateuser,
true);
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
new file mode 100644
index 000000000..7a05d6497
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
@@ -0,0 +1,441 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.configuration.struts.action;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.data.FormularCustomization;
+import at.gv.egovernment.moa.id.configuration.data.OAListElement;
+import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData;
+import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData;
+import at.gv.egovernment.moa.id.configuration.data.oa.OAMOAIDPInterfederationConfig;
+import at.gv.egovernment.moa.id.configuration.data.oa.OAOAuth20Config;
+import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig;
+import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration;
+import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
+import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException;
+import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class InterfederationIDPAction extends BasicOAAction {
+ private static final Logger log = Logger.getLogger(InterfederationIDPAction.class);
+ private static final long serialVersionUID = 2879192135387083131L;
+
+ public static final String STRUTS_IDP_VIDP = "-VIDP";
+ public static final String STRUTS_IDP_MOA = "-MOAIDP";
+
+ private List<OAListElement> formOAs;
+
+ private String interfederationType;
+
+ public InterfederationIDPAction() {
+ super();
+
+ }
+
+ public String listAllIDPs() {
+ try {
+ populateBasicInformations();
+
+ if (authUser.isAdmin()) {
+ List<OnlineApplication> dbOAs = ConfigurationDBRead.getAllOnlineApplications();
+
+ if (dbOAs == null || dbOAs.size() == 0) {
+ addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request));
+
+ } else {
+ formOAs = FormDataHelper.populateFormWithInderfederationIDPs(dbOAs);
+ }
+
+ session.setAttribute(Constants.SESSION_RETURNAREA,
+ Constants.STRUTS_RETURNAREA_VALUES.main.name());
+
+ ConfigurationDBUtils.closeSession();
+
+ return Constants.STRUTS_SUCCESS;
+
+ } else {
+ log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs.");
+ addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
+ return Constants.STRUTS_NOTALLOWED;
+ }
+
+ } catch (BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+ }
+
+ public String newIDP() {
+ log.debug("insert new interfederation IDP");
+
+ try {
+ populateBasicInformations();
+
+ if (!authUser.isAdmin()) {
+ log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs.");
+ addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
+ return Constants.STRUTS_NOTALLOWED;
+ }
+
+ if (STRUTS_IDP_MOA.equals(interfederationType)) {
+ formList.putAll(MOAIDPAction.buildMOAIDPFormList());
+
+ } else if (STRUTS_IDP_VIDP.equals(interfederationType)) {
+ formList.putAll(VIDPAction.buildVIDPFormList());
+ getStorkOA().setVidpEnabled(true);
+ getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin());
+
+ } else {
+ log.warn("Unkown interfederation IDP type");
+ addActionError("Unkown interfederation IDP type");
+ return Constants.STRUTS_ERROR;
+ }
+
+ populateBasicNewOnlineApplicationInformation();
+
+ } catch (BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ return Constants.STRUTS_OA_EDIT + interfederationType;
+
+ }
+
+ public String loadIDPInformation() {
+ try {
+ populateBasicInformations();
+
+ if (!authUser.isAdmin()) {
+ log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs.");
+ addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
+ return Constants.STRUTS_NOTALLOWED;
+ }
+
+ OnlineApplication oa = populateOnlineApplicationFromRequest();
+
+ if (oa.isIsInterfederationIDP() != null
+ && oa.isIsInterfederationIDP()) {
+
+ formList.putAll(MOAIDPAction.buildMOAIDPFormList());
+ interfederationType = STRUTS_IDP_MOA;
+
+ } else if (oa.getAuthComponentOA().getOASTORK() != null
+ && oa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null
+ && oa.getAuthComponentOA().getOASTORK().isVidpEnabled()) {
+
+ formList.putAll(VIDPAction.buildVIDPFormList());
+ if (getStorkOA().getAttributeProviderPlugins() == null ||
+ getStorkOA().getAttributeProviderPlugins().size() == 0)
+ getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin());
+ interfederationType = STRUTS_IDP_VIDP;
+
+ } else {
+ log.warn("Requested application is not an interfederation IDP.");
+ return Constants.STRUTS_NOTALLOWED;
+ }
+
+ parseOAToForm(oa);
+ return Constants.STRUTS_SUCCESS + interfederationType;
+
+
+ } catch (BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ } catch (BasicOAActionException e) {
+ addActionError(e.getStrutsError());
+ return e.getStrutsReturnValue();
+
+ }
+ }
+
+ public String saveIDP() {
+
+ OnlineApplication onlineapplication= null;
+
+ try {
+ populateBasicInformations();
+
+ if (!authUser.isAdmin()) {
+ log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs.");
+ addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
+ return Constants.STRUTS_NOTALLOWED;
+ }
+
+ onlineapplication = preProcessSaveOnlineApplication();
+
+ if ( onlineapplication != null &&
+ !((onlineapplication.isIsInterfederationIDP() != null && onlineapplication.isIsInterfederationIDP()) ||
+ (onlineapplication.getAuthComponentOA().getOASTORK() != null
+ && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled() != null
+ && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled()))) {
+ log.warn("IDP which should be stored is not of type interfederation IDP.");
+ addActionError("IDP which should be stored is not of type MOA-ID interfederation IDP.");
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ List<String> errors = new ArrayList<String>();
+
+ //validate forms
+ for (IOnlineApplicationData form : formList.values())
+ errors.addAll(form.validate(getGeneralOA(), authUser, request));
+
+
+ boolean publicServiceAllowed = ValidationHelper.isPublicServiceAllowed(getPvp2OA().getMetaDataURL());
+ if (!publicServiceAllowed && !getGeneralOA().isBusinessService()) {
+ log.info("Metadata URL " + getPvp2OA().getMetaDataURL() + " does not allow PublicService.");
+ errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.metadataurl.publicservice",
+ new Object[] {getPvp2OA().getMetaDataURL()}, request ));
+ getGeneralOA().setBusinessService(true);
+
+ }
+
+
+ if (errors.size() > 0) {
+ log.info("IDP-Configuration with ID " + getGeneralOA().getIdentifier() + " has some errors.");
+ for (String el : errors)
+ addActionError(el);
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ return Constants.STRUTS_ERROR_VALIDATION;
+
+ } else {
+ postProcessSaveOnlineApplication(onlineapplication);
+
+ }
+
+ //remove session attributes
+ session.setAttribute(Constants.SESSION_OAID, null);
+ ConfigurationDBUtils.closeSession();
+
+ addActionMessage(LanguageHelper.getGUIString("webpages.idp.success", getGeneralOA().getIdentifier(), request));
+ return Constants.STRUTS_SUCCESS;
+
+
+ } catch (BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ } catch (BasicOAActionException e) {
+ addActionError(e.getStrutsError());
+ return e.getStrutsReturnValue();
+
+ }
+ }
+
+ public String cancleAndBackIDP() {
+ try {
+ populateBasicInformations();
+
+ if (!authUser.isAdmin()) {
+ log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs.");
+ addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
+ return Constants.STRUTS_NOTALLOWED;
+ }
+
+ } catch (BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ session.setAttribute(Constants.SESSION_OAID, null);
+ addActionMessage(LanguageHelper.getGUIString("webpages.idp.cancle", getGeneralOA().getIdentifier(), request));
+ ConfigurationDBUtils.closeSession();
+
+ return Constants.STRUTS_SUCCESS;
+ }
+
+ public String deleteIDP() {
+ String oaidentifier = null;
+ try {
+ populateBasicInformations();
+
+ if (!authUser.isAdmin()) {
+ log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs.");
+ addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
+ return Constants.STRUTS_NOTALLOWED;
+ }
+
+ oaidentifier = preProcessDeleteOnlineApplication();
+
+
+ } catch (BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ } catch (BasicOAActionException e) {
+ addActionError(e.getStrutsError());
+ return e.getStrutsReturnValue();
+
+ }
+
+ session.setAttribute(Constants.SESSION_OAID, null);
+ OnlineApplication onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier);
+
+ try {
+ if (MiscUtil.isNotEmpty(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) {
+
+ MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration();
+ moaconfig.setPvp2RefreshItem(new Date());
+ ConfigurationDBUtils.saveOrUpdate(moaconfig);
+
+ }
+ } catch (Throwable e) {
+ log.info("Found no MetadataURL in OA-Databaseconfig!", e);
+ }
+
+ if (ConfigurationDBUtils.delete(onlineapplication)) {
+
+ ConfigurationDBUtils.closeSession();
+ addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", oaidentifier, request));
+ return Constants.STRUTS_SUCCESS;
+
+ } else {
+ ConfigurationDBUtils.closeSession();
+ addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", oaidentifier, request));
+ return Constants.STRUTS_SUCCESS;
+ }
+
+ }
+
+ /**
+ * @param oa
+ */
+ private void parseOAToForm(OnlineApplication oa) {
+ List<String> errors = new ArrayList<String>();
+ for (IOnlineApplicationData form : formList.values()) {
+ List<String> error = form.parse(oa, authUser, request);
+ if (error != null)
+ errors.addAll(error);
+ }
+ if (errors.size() > 0) {
+ for (String el : errors)
+ addActionError(el);
+ }
+
+ setNewOA(false);
+
+ ConfigurationDBUtils.closeSession();
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ session.setAttribute(Constants.SESSION_OAID, oaid);
+ }
+
+ /**
+ * @return the formOAs
+ */
+ public List<OAListElement> getFormOAs() {
+ return formOAs;
+ }
+
+ public OAMOAIDPInterfederationConfig getMoaIDP() {
+ return (OAMOAIDPInterfederationConfig) formList.get(new OAMOAIDPInterfederationConfig().getName());
+ }
+
+ public void setMoaIDP(OAMOAIDPInterfederationConfig pvp2oa) {
+ formList.put(pvp2oa.getName(), pvp2oa);
+ }
+
+ /**
+ * @return the formOA
+ */
+ public OATargetConfiguration getTargetConfig() {
+ return (OATargetConfiguration) formList.get(new OATargetConfiguration().getName());
+ }
+
+ /**
+ * @param formOA the formOA to set
+ */
+ public void setTargetConfig(OATargetConfiguration formOA) {
+ formList.put(formOA.getName(), formOA);
+ }
+
+ /**
+ * @return the formOA
+ */
+ public FormularCustomization getFormOA() {
+ return (FormularCustomization) formList.get(new FormularCustomization(null).getName());
+ }
+
+ /**
+ * @param formOA the formOA to set
+ */
+ public void setFormOA(FormularCustomization formOA) {
+ formList.put(formOA.getName(), formOA);
+ }
+
+ public OASTORKConfig getStorkOA() {
+ return (OASTORKConfig) formList.get(new OASTORKConfig().getName());
+ }
+
+ public void setStorkOA(OASTORKConfig storkOA) {
+ formList.put(storkOA.getName(), storkOA);
+ }
+
+
+ public OAAuthenticationData getAuthOA() {
+ return (OAAuthenticationData) formList.get(new OAAuthenticationData().getName());
+ }
+
+ public void setAuthOA(OAAuthenticationData generalOA) {
+ formList.put(generalOA.getName(), generalOA);
+ }
+
+
+ /**
+ * @return the interfederationType
+ */
+ public String getInterfederationType() {
+ return interfederationType;
+ }
+
+ /**
+ * @param interfederationType the interfederationType to set
+ */
+ public void setInterfederationType(String interfederationType) {
+ this.interfederationType = interfederationType;
+ }
+
+
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
index e51ee7ca6..7f7f083c9 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
@@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.data.OAListElement;
@@ -46,7 +47,6 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
import at.gv.egovernment.moa.util.MiscUtil;
public class ListOAsAction extends BasicAction {
@@ -88,7 +88,7 @@ public class ListOAsAction extends BasicAction {
addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request));
} else {
- formOAs = FormDataHelper.addFormOAs(dbOAs);
+ formOAs = FormDataHelper.populateFormWithOAs(dbOAs);
}
session.setAttribute(Constants.SESSION_RETURNAREA,
@@ -160,14 +160,11 @@ public class ListOAsAction extends BasicAction {
}
if (dbOAs == null || dbOAs.size() == 0) {
- log.debug("No OAs found with Identifier " + friendlyname);
+ log.debug("No IDPs found with Identifier " + friendlyname);
addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request));
- } else {
-
- formOAs = FormDataHelper.addFormOAs(dbOAs);
- session.setAttribute(Constants.SESSION_RETURNAREA,
- Constants.STRUTS_RETURNAREA_VALUES.main.name());
+ } else {
+ formOAs = FormDataHelper.populateFormWithOAs(dbOAs);
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java
new file mode 100644
index 000000000..8c04a382a
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.configuration.struts.action;
+
+import java.util.LinkedHashMap;
+
+import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData;
+import at.gv.egovernment.moa.id.configuration.data.oa.OAMOAIDPInterfederationConfig;
+import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAIDPAction extends InterfederationIDPAction {
+
+ private static final long serialVersionUID = -2047128481980413334L;
+
+ public MOAIDPAction() {
+ super();
+ formList.putAll(buildMOAIDPFormList());
+ }
+
+ public static LinkedHashMap<String, IOnlineApplicationData> buildMOAIDPFormList() {
+
+ LinkedHashMap<String, IOnlineApplicationData> forms =
+ new LinkedHashMap<String, IOnlineApplicationData>();
+
+
+ OAPVP2Config pvp2OA = new OAPVP2Config();
+ forms.put(pvp2OA.getName(), pvp2OA);
+
+ OAMOAIDPInterfederationConfig moaidp = new OAMOAIDPInterfederationConfig();
+ forms.put(moaidp.getName(), moaidp);
+
+ return forms;
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java
index a4c768eda..283b3604a 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java
@@ -67,7 +67,7 @@ public class OpenAdminRequestsAction extends BasicAction {
List<OnlineApplication> dbOAs = ConfigurationDBRead.getAllNewOnlineApplications();
if (dbOAs != null) {
- formOAs = FormDataHelper.addFormOAs(dbOAs);
+ formOAs = FormDataHelper.populateFormWithOAs(dbOAs);
}
List<UserDatabase> dbUsers = ConfigurationDBRead.getAllNewUsers();
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
index 382dc6372..5799c88b2 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
@@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom;
@@ -48,7 +49,6 @@ import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator;
-import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java
new file mode 100644
index 000000000..8588dd286
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.configuration.struts.action;
+
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.configuration.data.FormularCustomization;
+import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData;
+import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData;
+import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig;
+import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration;
+import at.gv.egovernment.moa.id.util.FormBuildUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class VIDPAction extends InterfederationIDPAction {
+
+ private static final long serialVersionUID = 1981465294474566533L;
+
+
+ public VIDPAction() {
+ super();
+ formList.putAll(buildVIDPFormList());
+ }
+
+ /**
+ * @return
+ *
+ */
+ public static LinkedHashMap<String, IOnlineApplicationData> buildVIDPFormList() {
+ LinkedHashMap<String, IOnlineApplicationData> forms =
+ new LinkedHashMap<String, IOnlineApplicationData>();
+
+ OATargetConfiguration oaTarget = new OATargetConfiguration();
+ forms.put(oaTarget.getName(), oaTarget);
+
+ OAAuthenticationData authOA = new OAAuthenticationData();
+ forms.put(authOA.getName(), authOA);
+
+ OASTORKConfig storkOA = new OASTORKConfig();
+ forms.put(storkOA.getName(), storkOA);
+
+ Map<String, String> map = new HashMap<String, String>();
+ map.putAll(FormBuildUtils.getDefaultMap());
+ FormularCustomization formOA = new FormularCustomization(map);
+ forms.put(formOA.getName(), formOA);
+
+ return forms;
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java
index ae7ee3c8e..c9a174813 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java
@@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.data.FormularCustomization;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
index 3ed0157da..662694ce7 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
@@ -31,6 +31,7 @@ import org.apache.log4j.Logger;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom;
import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
index cfa00f0e1..c64ae35d3 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
@@ -34,13 +34,13 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig;
import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.helper.StringHelper;
import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator;
-import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java
index f7adc1a67..e4a091c7e 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java
@@ -30,9 +30,9 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
index a63b3a7b1..8bc916e5a 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
@@ -9,9 +9,9 @@ import org.apache.log4j.Logger;
import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
import at.gv.egovernment.moa.util.MiscUtil;
public class StorkConfigValidator {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
index 7b68f04d8..0bbf2116d 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
@@ -30,33 +30,21 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
-import at.gv.egovernment.moa.id.configuration.Constants;
-import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator;
-import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
import at.gv.egovernment.moa.util.MiscUtil;
-public class OAGeneralConfigValidation {
+public class OAAuthenticationDataValidation {
private static final Logger log = Logger.getLogger(OASSOConfigValidation.class);
- public List<String> validate(OAGeneralConfig form, boolean isAdmin, HttpServletRequest request) {
+ public List<String> validate(OAAuthenticationData form, boolean isAdmin, HttpServletRequest request) {
List<String> errors = new ArrayList<String>();
String check;
- if (isAdmin) {
- //validate aditionalAuthBlockText
- check = form.getAditionalAuthBlockText();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
- log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
- }
- }
- }
+
//Check BKU URLs
if (isAdmin) {
@@ -97,19 +85,6 @@ public class OAGeneralConfigValidation {
}
}
- //check OA FriendlyName
- check = form.getFriendlyName();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
- log.warn("OAFriendlyName contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
- }
- } else {
- log.info("OA friendlyName is empty");
- errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request));
- }
-
if (isAdmin) {
//check KeyBoxIdentifier
check = form.getKeyBoxIdentifier();
@@ -170,114 +145,7 @@ public class OAGeneralConfigValidation {
new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
}
}
-
-
-
- boolean businessservice = form.isBusinessService();
-
- if (businessservice) {
-
- //check identification type
- check = form.getIdentificationType();
- if (!form.getIdentificationTypeList().contains(check)) {
- log.info("IdentificationType is not known.");
- errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget", request));
- }
-
- //check identification number
- check = form.getIdentificationNumber();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty IdentificationNumber");
- errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request));
-
- } else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
- log.warn("IdentificationNumber contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
- }
-
- if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) {
- CompanyNumberValidator val = new CompanyNumberValidator();
- if (!val.validate(check)) {
- log.info("Not valid CompanyNumber");
- errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid", request));
- }
- }
- }
-
- } else {
-
- check = form.getTarget_subsector();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.isValidAdminTarget(check)) {
- log.info("Not valid Target-Subsector");
- errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid", request));
- }
- }
-
-
- if (!isAdmin) {
- //check PublicURL Prefix allows PublicService
- if (!ValidationHelper.isPublicServiceAllowed(form.getIdentifier())) {
- log.warn("PublicURLPrefix does not allow PublicService: " + form.getIdentifier());
- errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl",
- new Object[] {form.getIdentifier()}, request ));
- form.setBusinessService(true);
- return errors;
-
- }
-
- //check Target
- check = form.getTarget();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty Target");
- errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request));
-
- } else {
- if (!ValidationHelper.isValidTarget(check)) {
- log.info("Not valid Target");
- errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request));
- }
- }
-
- } else {
- //check targetFrindlyName();
- check = form.getTargetFriendlyName();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
- log.warn("TargetFriendlyName contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
- }
- }
-
- if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) {
- log.info("Empty Target");
- errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request));
- }
-
- //check Target
- check = form.getTarget();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.isValidTarget(check)) {
- log.info("Not valid Target");
- errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request));
- }
- }
-
- //check Admin Target
- check = form.getTarget_admin();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.isValidAdminTarget(check)) {
- log.info("Not valid Target");
- errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid", request));
- }
- }
- }
- }
-
return errors;
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java
index bee2ba06c..de32d31c7 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java
@@ -36,9 +36,9 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.commons.io.IOUtils;
import org.apache.log4j.Logger;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index b26f2d9d5..62fc83ab9 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -22,31 +22,68 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.configuration.validation.oa;
+import iaik.x509.X509Certificate;
+
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.List;
+import java.util.Timer;
+import javax.net.ssl.SSLHandshakeException;
import javax.servlet.http.HttpServletRequest;
+import org.apache.commons.httpclient.MOAHttpClient;
import org.apache.log4j.Logger;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter;
+import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
+import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
-import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
public class OAPVP2ConfigValidation {
private static final Logger log = Logger.getLogger(OAPVP2ConfigValidation.class);
- public List<String> validate(OAPVP2Config form, HttpServletRequest request) {
+ public List<String> validate(OAPVP2Config form, String oaID, HttpServletRequest request) {
+
+ Timer timer = null;
+ MOAHttpClient httpClient = null;
+ HTTPMetadataProvider httpProvider = null;
List<String> errors = new ArrayList<String>();
try {
- byte[] metadata = null;
-// byte[] cert = null;
+ byte[] certSerialized = null;
+ if (form.getFileUpload() != null)
+ certSerialized = form.getCertificate();
+ else {
+ OnlineApplication oa = ConfigurationDBRead.getOnlineApplication(oaID);
+ if (oa != null &&
+ oa.getAuthComponentOA() != null &&
+ oa.getAuthComponentOA().getOAPVP2() != null) {
+ certSerialized = oa.getAuthComponentOA().getOAPVP2().getCertificate();
+ }
+ }
+
+ if (certSerialized == null) {
+ log.info("No certificate for metadata validation");
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request));
+ }
+
String check = form.getMetaDataURL();
if (MiscUtil.isNotEmpty(check)) {
@@ -55,37 +92,48 @@ public class OAPVP2ConfigValidation {
errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid", request));
} else {
- metadata = FileUtils.readURL(check);
- if (MiscUtil.isEmpty(metadata)) {
- log.info("Filecontent can not be read form MetaDataURL.");
- errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request));
+
+ if (certSerialized != null) {
+ X509Certificate cert = new X509Certificate(certSerialized);
+ BasicX509Credential credential = new BasicX509Credential();
+ credential.setEntityCertificate(cert);
+
+ timer = new Timer();
+ httpClient = new MOAHttpClient();
+
+ if (form.getMetaDataURL().startsWith("https:"))
+ try {
+ MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+ "MOAMetaDataProvider",
+ ConfigurationProvider.getInstance().getCertStoreDirectory(),
+ ConfigurationProvider.getInstance().getTrustStoreDirectory(),
+ null,
+ ChainingModeType.PKIX,
+ true);
+
+ httpClient.setCustomSSLTrustStore(
+ form.getMetaDataURL(),
+ protoSocketFactory);
+
+ } catch (MOAHttpProtocolSocketFactoryException e) {
+ log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
+
+ } catch (ConfigurationException e) {
+ log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.");
+
+ }
+
+ httpProvider =
+ new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL());
+ httpProvider.setParserPool(new BasicParserPool());
+ httpProvider.setRequireValidMetadata(true);
+ MetadataFilter filter = new MetaDataVerificationFilter(credential);
+ httpProvider.setMetadataFilter(filter);
+ httpProvider.initialize();
}
}
}
-
- if (form.getFileUpload() != null)
- form.getCertificate();
-
-// else {
-// if (metadata != null) {
-// log.info("No certificate to verify the Metadata defined.");
-// errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"));
-// }
-// }
-
-// if (cert != null && metadata != null) {
-// HTTPMetadataProvider httpProvider = new HTTPMetadataProvider(
-// check, 20000);
-// httpProvider.setParserPool(new BasicParserPool());
-// httpProvider.setRequireValidMetadata(true);
-// MetadataFilter filter = new MetadataSignatureFilter(
-// check, cert);
-// httpProvider.setMetadataFilter(filter);
-// httpProvider.initialize();
-//
-// }
-
-
+
} catch (CertificateException e) {
log.info("Uploaded Certificate can not be found", e);
errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request));
@@ -94,9 +142,24 @@ public class OAPVP2ConfigValidation {
log.info("Metadata can not be loaded from URL", e);
errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request));
-// } catch (MetadataProviderException e) {
-// log.info("MetaDate verification failed");
-// errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify"));
+ } catch (MetadataProviderException e) {
+
+ if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+ log.info("SSL Server certificate not trusted.", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request));
+
+ } else {
+ log.info("MetaDate verification failed", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify", request));
+ }
+
+ } finally {
+ if (httpProvider != null)
+ httpProvider.destroy();
+
+ if (timer != null)
+ timer.cancel();
+
}
return errors;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java
index 6de966b8d..971e11cc4 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java
@@ -29,9 +29,9 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
import at.gv.egovernment.moa.util.MiscUtil;
public class OASSOConfigValidation {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
index 7bdcb65cf..60209542b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
@@ -23,6 +23,7 @@
package at.gv.egovernment.moa.id.configuration.validation.oa;
import java.util.ArrayList;
+import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
@@ -30,9 +31,9 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
import at.gv.egovernment.moa.util.MiscUtil;
public class OASTORKConfigValidation {
@@ -52,7 +53,9 @@ public class OASTORKConfigValidation {
}
if (oageneral.isVidpEnabled()) {
- for(AttributeProviderPlugin current : oageneral.getAttributeProviderPlugins()) {
+ Iterator<AttributeProviderPlugin> interator = oageneral.getAttributeProviderPlugins().iterator();
+ while (interator.hasNext()) {
+ AttributeProviderPlugin current = interator.next();
if (MiscUtil.isEmpty(current.getUrl()) || !ValidationHelper.validateURL(current.getUrl())) {
log.info("AttributeProviderPlugin URL has no valid form.");
errors.add(LanguageHelper.getErrorString("validation.stork.ap.url.valid", request));
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java
new file mode 100644
index 000000000..650553ab3
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java
@@ -0,0 +1,154 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.configuration.validation.oa;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig;
+import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class OATargetConfigValidation {
+
+ private static final Logger log = Logger.getLogger(OATargetConfigValidation.class);
+
+ public List<String> validate(OATargetConfiguration form, boolean isAdmin, OAGeneralConfig general, HttpServletRequest request) {
+
+ List<String> errors = new ArrayList<String>();
+ String check;
+
+ if (general.isBusinessService()) {
+
+ //check identification type
+ check = form.getIdentificationType();
+ if (!form.getIdentificationTypeList().contains(check)) {
+ log.info("IdentificationType is not known.");
+ errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget", request));
+ }
+
+ //check identification number
+ check = form.getIdentificationNumber();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty IdentificationNumber");
+ errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request));
+
+ } else {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("IdentificationNumber contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ }
+
+ if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) {
+ CompanyNumberValidator val = new CompanyNumberValidator();
+ if (!val.validate(check)) {
+ log.info("Not valid CompanyNumber");
+ errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid", request));
+ }
+ }
+ }
+
+ } else {
+
+ check = form.getTarget_subsector();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.isValidAdminTarget(check)) {
+ log.info("Not valid Target-Subsector");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid", request));
+ }
+ }
+
+
+ if (!isAdmin) {
+ //check PublicURL Prefix allows PublicService
+ if (!ValidationHelper.isPublicServiceAllowed(general.getIdentifier())) {
+ log.warn("PublicURLPrefix does not allow PublicService: " + general.getIdentifier());
+ errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl",
+ new Object[] {general.getIdentifier()}, request ));
+ general.setBusinessService(true);
+ return errors;
+
+ }
+
+ //check Target
+ check = form.getTarget();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request));
+
+ } else {
+ if (!ValidationHelper.isValidTarget(check)) {
+ log.info("Not valid Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request));
+ }
+ }
+
+ } else {
+
+ //check targetFrindlyName();
+ check = form.getTargetFriendlyName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("TargetFriendlyName contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ }
+ }
+
+ if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) {
+ log.info("Empty Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request));
+ }
+
+ //check Target
+ check = form.getTarget();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.isValidTarget(check)) {
+ log.info("Not valid Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request));
+ }
+ }
+
+ //check Admin Target
+ check = form.getTarget_admin();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.isValidAdminTarget(check)) {
+ log.info("Not valid Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid", request));
+ }
+ }
+ }
+ }
+
+ return errors;
+ }
+}
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index 916206cf1..acadde847 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -11,6 +11,7 @@ error.title=Fehler:
error.login.internal=W\u00E4hrend der Verarbeitung ist ein interner Fehler auftetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator.
error.general.text=W\u00E4hrend der Verarbeitung ist ein interner Fehler auftetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator.
errors.listOAs.noOA=Es wurden keine Online-Applikationen in der Datenbank gefunden.
+errors.listIDPs.noIDP=Es wurden kein IdentityProvider f\u00FCr Interfederation in der Datenbank gefunden.
errors.edit.oa.oaid=Es wurde keine g\u00FCtige Online-Applikations-ID \u00FCbergeben.
errors.edit.oa.oaid.allowed=Sie besitzen nicht die ben\u00F6tigen Rechte um auf diese Online-Applikation zuzugreifen.
error.oa.pvp2.certificate=Das hinterlegte PVP2 Zertifikat konnte nicht gelesen werden.
@@ -94,6 +95,21 @@ webpages.mainpage.menu.general.importexport=Importieren/Exportieren
webpages.mainpage.menu.general.config.moaid=Allgemeine Konfiguration
webpages.mainpage.menu.general.usermanagement=Benutzerverwaltung
webpages.mainpage.menu.general.adminrequests=Offene Anfragen
+webpages.mainpage.menu.interfederation=Interfederation
+
+webpages.interfederation.header=IDP Interfederation Konfiguration
+webpages.interfederation.list.header=Liste aller konfiguerierten IDPs
+webpages.inderfederation.moaid.header=Interfederation
+webpages.inderfederation.moaid.businessServiceIDP=Privatwirtschaftlicher IDP
+webpages.inderfederation.moaid.inboundSSO=Eingehendes SSO erlauben
+webpages.inderfederation.moaid.outboundSSO=Ausgehendes SSO erlauben
+webpages.inderfederation.moaid.storeSSOSession=SSO Session speichern
+webpages.inderfederation.moaid.attributQueryURL=AttributQuery Service URL
+webpages.interfederation.new.header=Neuen Identity Provider hinzuf\u00FCgen
+webpages.interfederation.new.vidp=STORK VIDP
+webpages.interfederation.new.moaid=MOA-ID IDP
+
+
webpages.moaconfig.save.success=Die MOA-ID Konfiguration wurde erfolgreich gespeichert.
webpages.moaconfig.header=Allgemeine Konfiguration
@@ -152,6 +168,7 @@ webpages.moaconfig.sl.transormations.header=SecurityLayer Transformationen
webpages.moaconfig.sl.transormations.filename=Dateiname
webpages.moaconfig.sl.transormations.upload=Neue Transformation hochladen
+webpages.listOAs.list.elInfo=Type
webpages.listOAs.list.first=Eindeutige Kennung
webpages.listOAs.list.second=Name der Online-Applikation
@@ -294,6 +311,8 @@ message.title=Meldung:
webpages.oaconfig.success=Die Online-Applikation {0} konnte erfolgreich gespeichert werden.
webpages.oaconfig.success.admin=Die Online-Applikation {0} konnte erfolgreich gespeichert werden. Es ist jedoch eine Aktivierung durch den Administrator erforderlich.
webpages.oaconfig.cancle=Die Bearbeitung der Online-Applikation {0} wurde abgebrochen.
+webpages.idp.success=Der IdentityProvider {0} konnte erfolgreich gespeichert werden.
+webpages.idp.cancle=Die Bearbeitung des IdentityProvider {0} wurde abgebrochen.
webpages.oaconfig.delete.message=Die Online-Applikation {0} wurde erfolgreich gel\u00F6scht.
webpages.oaconfig.delete.error=Die Online-Applikation {0} konnte nicht gel\u00F6scht werden.
@@ -439,10 +458,15 @@ validation.pvp2.metadataurl.read=Unter der angegebenen Metadaten URL konnten kei
validation.pvp2.metadata.verify=Die Metadaten konnten nicht mit dem angegebenen Zertifikat verifziert werden.
validation.pvp2.certificate.format=Das angegebene PVP2 Zertifikat wei\u00DFt kein g\u00FCltiges Format auf.
validation.pvp2.certificate.notfound=Kein PVP2 Zertifikat eingef\u00FCgt.
+validation.pvp2.metadata.ssl=Das SSL Serverzertifikat des Metadaten Service ist nicht vertrauensw\u00FCrdig.
validation.sso.logouturl.empty=Eine URL zum Single Log-Out Service ist erforderlich.
validation.sso.logouturl.valid=Die URL zum Single Log-Out Service wei\u00DFt kein g\u00FCltiges Format auf.
+validation.interfederation.moaidp.queryurl.valid=Die URL zum zum AttributQuery Service wei\u00DFt kein g\u00FCltiges Format auf.
+validation.interfederation.moaidp.queryurl.empty=Die URL zum zum AttributQuery Service muss f\u00FCr eingehende Single Sign-On Interfederation konfiguriert werden.
+validation.interfederation.moaidp.metadataurl.publicservice=Die Domain des Metadaten Services f\u00FCr diesen IDP erlaubt nur Applikationen aus dem privatwirtschaftlichen Bereich.
+
validation.saml1.providestammzahl=ProvideStammZahl kann nicht mit Applikationen aus dem privatwirtschaftlichen Bereich kombiniert werden.
validation.general.bkuselection.specialfeatures.valid=Die speziellen Einstellungen f\u00FCr die BKU Auswahl (Vollmachtsanmeldung ausblenden / zwingend voraussetzen) k\u00F6nnen nicht in Kombination mit SSO verwendet werden.
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index 4d76ec1ac..7733be5d0 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -11,6 +11,7 @@ error.title=Error:
error.login.internal=The error occurred during the processing. Please try again or contact Administrator.
error.general.text=During the processing the error condition occured. Please try again or contact the administrator.
errors.listOAs.noOA=There is no Online-Application found in the database.
+errors.listIDPs.noIDP=There is no interfederation IdentityProvider found in the database.
errors.edit.oa.oaid=There is no valid Online-Application ID transfered.
errors.edit.oa.oaid.allowed=You do not possess the necessary rights in order to access this Online-Application.
error.oa.pvp2.certificate=Provided PVP2 certificate could not be read.
@@ -95,6 +96,19 @@ webpages.mainpage.menu.general.config.moaid=General configuration
webpages.mainpage.menu.general.usermanagement=User management
webpages.mainpage.menu.general.adminrequests=Open requests
+webpages.mainpage.menu.interfederation=Interfederation
+webpages.interfederation.header=IDP Interfederation Configuration
+webpages.interfederation.list.header=List of all interfederation IDPs
+webpages.inderfederation.moaid.businessServiceIDP=BusinessService IDP
+webpages.inderfederation.moaid.header=Interfederation
+webpages.inderfederation.moaid.inboundSSO=Allow inbound SSO
+webpages.inderfederation.moaid.outboundSSO=Allow outbound SSO
+webpages.inderfederation.moaid.storeSSOSession=Store SSO session
+webpages.inderfederation.moaid.attributQueryURL=AttributQuery service URL
+webpages.interfederation.new.header=Add new Identity Provider
+webpages.interfederation.new.vidp=STORK VIDP
+webpages.interfederation.new.moaid=MOA-ID IDP
+
webpages.moaconfig.save.success=MOA-ID has been successfully saved.
webpages.moaconfig.header=General configuration
webpages.oaconfig.general.publicURLPreFix=Public URL Prefix
@@ -152,6 +166,7 @@ webpages.moaconfig.sl.transormations.header=SecurityLayer Transformations
webpages.moaconfig.sl.transormations.filename=File name
webpages.moaconfig.sl.transormations.upload=Upload new transformations
+webpages.listOAs.list.elInfo=Type
webpages.listOAs.list.first=Unique identifier
webpages.listOAs.list.second=Name of the Online-Application
@@ -294,6 +309,8 @@ message.title=Announcement:
webpages.oaconfig.success=The Online-Application {0} could be saved.
webpages.oaconfig.success.admin=Online-Applikation {0} could be saved. The activation by the Administrator is necessary.
webpages.oaconfig.cancle=The processing of Online-Applikation {0} was interrupted.
+webpages.idp.success=IdentityProvider {0} could be saved.
+webpages.idp.cancle=The processing of IdentityProvider {0} was interrupted.
webpages.oaconfig.delete.message=Online-Application {0} was succesfully removed.
webpages.oaconfig.delete.error=Online-Application {0} could not be removed.
@@ -439,14 +456,19 @@ validation.pvp2.metadataurl.read=No information could be found under provided UR
validation.pvp2.metadata.verify=The metadata could not be verified with the provided certificate.
validation.pvp2.certificate.format=The provided PVP2 certificate has invalid format.
validation.pvp2.certificate.notfound=There is no PVP2 inserted.
+validation.pvp2.metadata.ssl=The SSL server certificate is not trusted.
validation.sso.logouturl.empty=URL for Single Log-Out Service is necessary.
validation.sso.logouturl.valid=URL for Single Log-Out Service has incorrect format.
+validation.interfederation.moaidp.queryurl.valid=URL for AttributQuery Service has incorrect format.
+validation.interfederation.moaidp.queryurl.empty=URL for AttributQuery Service is necessary for inbound Single Sign-On interfederation.
+validation.interfederation.moaidp.metadataurl.publicservice=The domain of Metadata service for that IDP permits private sector only.
+
validation.saml1.providestammzahl=ProvideSourcePIN cannot be combined with applications from private sector.
validation.general.bkuselection.specialfeatures.valid=The special settings for the selection of CCE (Hide mandate login / compulsory required) could not be used in combination with SSO.
-validation.general.bkuselection.specialfeatures.combination=Required mandate based in combination with hidden checkfbox for selection of mandating is not possible.
+validation.general.bkuselection.specialfeatures.combination=Required mandate based in combination with hidden checkbox for selection of mandating is not possible.
validation.general.form.color.background=Background color for CCE selection contains invalid hexadecimal value. (e.g. \\\#FFFFFF)
validation.general.form.color.front=Foreground color for CCE selection contains invalid hexadecimal value. (e.g. \\\#FFFFFF)
validation.general.form.header.color.back=Background color for the caption of CCE selection contains no valid hexadecimal value. (e.g. \\\#FFFFFF)
diff --git a/id/ConfigWebTool/src/main/resources/struts.xml b/id/ConfigWebTool/src/main/resources/struts.xml
index 4b006ffd9..3fc82f83f 100644
--- a/id/ConfigWebTool/src/main/resources/struts.xml
+++ b/id/ConfigWebTool/src/main/resources/struts.xml
@@ -365,6 +365,83 @@
<interceptor-ref name="OwnStack"/>
</action>
+ <action name="listallinterfederationidps" method="listAllIDPs" class="at.gv.egovernment.moa.id.configuration.struts.action.InterfederationIDPAction">
+ <result name="success">/jsp/interfederation/idplist.jsp</result>
+ <result name="notallowed" type="chain">main</result>
+ <result name="error">/error.jsp</result>
+ <result name="reauthentication" type="redirectAction">
+ <param name="actionName">logout</param>
+ <param name="namespace">/</param>
+ </result>
+ <interceptor-ref name="OwnStack"/>
+ </action>
+
+ <action name="loadIDP" method="loadIDPInformation" class="at.gv.egovernment.moa.id.configuration.struts.action.InterfederationIDPAction">
+ <result name="success-VIDP">/jsp/interfederation/vidp.jsp</result>
+ <result name="success-MOAIDP">/jsp/interfederation/moa_idp.jsp</result>
+ <result name="notallowed" type="chain">main</result>
+ <result name="error">/error.jsp</result>
+ <result name="reauthentication" type="redirectAction">
+ <param name="actionName">logout</param>
+ <param name="namespace">/</param>
+ </result>
+ <interceptor-ref name="OwnStack"/>
+ </action>
+
+ <action name="newIDP" method="newIDP" class="at.gv.egovernment.moa.id.configuration.struts.action.InterfederationIDPAction">
+ <result name="editOA-VIDP">/jsp/interfederation/vidp.jsp</result>
+ <result name="editOA-MOAIDP">/jsp/interfederation/moa_idp.jsp</result>
+ <result name="success" type="chain">main</result>
+ <result name="error">/error.jsp</result>
+ <result name="reauthentication" type="redirectAction">
+ <param name="actionName">logout</param>
+ <param name="namespace">/</param>
+ </result>
+ <interceptor-ref name="OwnStack"/>
+ </action>
+
+
+ <action name="saveMOAIDP" method="saveIDP" class="at.gv.egovernment.moa.id.configuration.struts.action.MOAIDPAction">
+ <result name="success" type="chain">main</result>
+ <result name="error_validation">/jsp/interfederation/moa_idp.jsp</result>
+ <result name="error">/error.jsp</result>
+ <result name="reauthentication" type="redirectAction">
+ <param name="actionName">logout</param>
+ <param name="namespace">/</param>
+ </result>
+ <interceptor-ref name="OwnStack"/>
+ </action>
+
+ <action name="saveVIDP" method="saveIDP" class="at.gv.egovernment.moa.id.configuration.struts.action.VIDPAction">
+ <result name="success" type="chain">main</result>
+ <result name="error_validation">/jsp/interfederation/vidp.jsp</result>
+ <result name="error">/error.jsp</result>
+ <result name="reauthentication" type="redirectAction">
+ <param name="actionName">logout</param>
+ <param name="namespace">/</param>
+ </result>
+ <interceptor-ref name="OwnStack"/>
+ </action>
+
+ <action name="cancleandbackIDP" method="cancleAndBackIDP" class="at.gv.egovernment.moa.id.configuration.struts.action.InterfederationIDPAction">
+ <result type="chain">main</result>
+ <result name="reauthentication" type="redirectAction">
+ <param name="actionName">logout</param>
+ <param name="namespace">/</param>
+ </result>
+ <interceptor-ref name="OwnStack"/>
+ </action>
+
+ <action name="deleteIDP" method="deleteIDP" class="at.gv.egovernment.moa.id.configuration.struts.action.InterfederationIDPAction">
+ <result name="success" type="chain">main</result>
+ <result name="error_validation">/jsp/editOAGeneral.jsp</result>
+ <result name="reauthentication" type="redirectAction">
+ <param name="actionName">logout</param>
+ <param name="namespace">/</param>
+ </result>
+ <interceptor-ref name="OwnStack"/>
+ </action>
+
</package>
</struts> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/css/index.css b/id/ConfigWebTool/src/main/webapp/css/index.css
index eb984a896..2c7a880f0 100644
--- a/id/ConfigWebTool/src/main/webapp/css/index.css
+++ b/id/ConfigWebTool/src/main/webapp/css/index.css
@@ -356,6 +356,12 @@ div .wwgrp br {
font-size: 1.1em;
}
+.listElInfo {
+ position: relative;
+ width: 50px;
+ float: left;
+}
+
.listFirst {
position: relative;
width: 450px;
diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js
index 18c755f4b..32e79bb66 100644
--- a/id/ConfigWebTool/src/main/webapp/js/common.js
+++ b/id/ConfigWebTool/src/main/webapp/js/common.js
@@ -204,7 +204,7 @@ function oaOnLoad() {
AdminTarget();
oaTargetSubSector();
- oaVIDP();
+// oaVIDP();
$(".colorfield").each(
function() {
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp
index 20a5ad1ea..a3541c9a7 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp
@@ -34,352 +34,16 @@
<s:form namespace="/secure" method="POST" enctype="multipart/form-data">
-
- <div class="oa_config_block">
-
- <s:if test="authUser.isAdmin()">
- <s:checkbox name="generalOA.Active"
- value="%{generalOA.Active}"
- labelposition="left"
- key="webpages.oaconfig.general.isActive"
- cssClass="checkbox">
- </s:checkbox>
- </s:if>
+ <s:include value="snippets/OA/generalInformation.jsp"></s:include>
+
+ <s:include value="snippets/OA/targetConfiguration.jsp"></s:include>
+
+ <s:include value="snippets/OA/authentication.jsp"></s:include>
- <s:textfield name="generalOA.identifier"
- value="%{generalOA.identifier}"
- labelposition="left"
- key="webpages.oaconfig.general.identification"
- cssClass="textfield_long">
- </s:textfield>
-
- <s:textfield name="generalOA.friendlyName"
- value="%{generalOA.friendlyName}"
- labelposition="left"
- key="webpages.oaconfig.general.friendlyname"
- cssClass="textfield_long">
- </s:textfield>
-
- <s:checkbox name="generalOA.businessService"
- value="%{generalOA.businessService}"
- labelposition="left"
- key="webpages.oaconfig.general.isbusinessservice"
- cssClass="checkbox"
- onclick="oaBusinessService();"
- id="OAisbusinessservice"
- >
- </s:checkbox>
-
-
- </div>
+ <s:include value="snippets/OA/sso.jsp"></s:include>
- <div id="oa_config_businessservice" class="oa_config_block">
- <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.business.header", request) %></h3>
-
- <s:select list="generalOA.identificationTypeList"
- key="webpages.oaconfig.general.business.value"
- labelposition="left"
- cssClass="selectfield"
- value="%{generalOA.identificationType}"
- name="generalOA.identificationType"
- disabled="%{isDeaktivededBusinessService()}">
- </s:select>
-
- <s:textfield name="generalOA.identificationNumber"
- value="%{generalOA.identificationNumber}"
- cssClass="textfield_middle"
- disabled="%{isDeaktivededBusinessService()}">
- </s:textfield>
- </div>
-
- <s:if test="!isOnlyBusinessService()">
- <div id="oa_config_publicservice" class="oa_config_block">
- <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.public.header", request) %></h3>
-
- <s:if test="authUser.isAdmin()">
- <s:select list="generalOA.targetList"
- key="webpages.oaconfig.general.target"
- labelposition="left"
- cssClass="selectfield"
- value="%{generalOA.target}"
- name="generalOA.target"
- onchange="HideAdminTarget();">
- </s:select>
- </s:if>
- <s:else>
- <s:select list="generalOA.targetList"
- key="webpages.oaconfig.general.target"
- labelposition="left"
- cssClass="selectfield"
- value="%{generalOA.target}"
- name="generalOA.target">
- </s:select>
- </s:else>
+ <s:include value="snippets/OA/stork.jsp"></s:include>
- <s:checkbox name="subTargetSet"
- value="%{subTargetSet}"
- labelposition="left"
- key="webpages.oaconfig.general.target.subsector.checkbox"
- cssClass="checkbox"
- onclick="oaTargetSubSector();"
- id="OAisTargetSubSector">
- </s:checkbox>
-
- <s:textfield name="generalOA.target_subsector"
- value="%{generalOA.target_subsector}"
- labelposition="left"
- key="webpages.oaconfig.general.target.subsector"
- cssClass="selectfield"
- id="OAtarget_subsector">
- </s:textfield>
-
-
- <s:if test="authUser.isAdmin()">
- <s:checkbox
- name="generalOA.AdminTarget"
- value="%{generalOA.AdminTarget}"
- cssClass="checkbox"
- onclick="AdminTarget();"
- labelposition="left"
- key="webpages.oaconfig.general.target.admin.checkbox"
- id="adminTarget">
- </s:checkbox>
-
- <div id="admin_target_area">
- <s:textfield name="generalOA.target_admin"
- value="%{generalOA.target_admin}"
- labelposition="left"
- key="webpages.oaconfig.general.target.admin"
- cssClass="textfield_short">
- </s:textfield>
- <s:textfield name="generalOA.targetFriendlyName"
- value="%{generalOA.targetFriendlyName}"
- labelposition="left"
- key="webpages.oaconfig.general.target.friendlyname"
- cssClass="textfield_long">
- </s:textfield>
- </div>
- </s:if>
- <s:else>
- <s:if test="generalOA.target_admin neq null">
- <s:textfield name="generalOA.target_admin"
- value="%{generalOA.target_admin}"
- labelposition="left"
- key="webpages.oaconfig.general.target.admin.disabled"
- cssClass="textfield_short"
- disabled="true">
- </s:textfield>
- </s:if>
- <%-- <s:if test="generalOA.targetFriendlyName neq null">
- <s:textfield name="generalOA.targetFriendlyName"
- value="%{generalOA.targetFriendlyName}"
- labelposition="left"
- key="webpages.oaconfig.general.target.friendlyname.disabled"
- cssClass="textfield_long">
- </s:textfield>
- </s:if> --%>
- </s:else>
- </div>
- </s:if>
-
- <s:if test="authUser.isAdmin()">
- <div class="oa_config_block">
- <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.header", request) %></h3>
-
- <s:textfield name="generalOA.bkuOnlineURL"
- value="%{generalOA.bkuOnlineURL}"
- labelposition="left"
- key="webpages.oaconfig.general.bku.online"
- cssClass="textfield_long">
- </s:textfield>
-
- <s:textfield name="generalOA.bkuHandyURL"
- value="%{generalOA.bkuHandyURL}"
- labelposition="left"
- key="webpages.oaconfig.general.bku.handy"
- cssClass="textfield_long">
- </s:textfield>
-
- <s:textfield name="generalOA.bkuLocalURL"
- value="%{generalOA.bkuLocalURL}"
- labelposition="left"
- key="webpages.oaconfig.general.bku.local"
- cssClass="textfield_long">
- </s:textfield>
-
- <s:radio list="generalOA.keyBoxIdentifierList"
- name="generalOA.keyBoxIdentifier"
- value="%{generalOA.keyBoxIdentifier}"
- labelposition="left"
- key="webpages.oaconfig.general.bku.keyboxidentifier"
- cssClass="radio">
- </s:radio>
- <s:checkbox name="generalOA.legacy"
- value="%{generalOA.legacy}"
- labelposition="left"
- key="webpages.oaconfig.general.bku.legacy"
- cssClass="checkbox"
- onclick="oaLegacyService();"
- id="OAislegacy">
- </s:checkbox>
- <div id="oa_config_sltemplates">
- <s:textfield name="generalOA.SLTemplateURL1"
- value="%{generalOA.SLTemplateURL1}"
- labelposition="left"
- key="webpages.oaconfig.general.bku.sltemplate.first"
- cssClass="textfield_long">
- </s:textfield>
- <s:textfield name="generalOA.SLTemplateURL2"
- value="%{generalOA.SLTemplateURL2}"
- labelposition="left"
- key="webpages.oaconfig.general.bku.sltemplate.second"
- cssClass="textfield_long">
- </s:textfield>
- <s:textfield name="generalOA.SLTemplateURL3"
- value="%{generalOA.SLTemplateURL3}"
- labelposition="left"
- key="webpages.oaconfig.general.bku.sltemplate.third"
- cssClass="textfield_long">
- </s:textfield>
- </div>
-
- <div class="oa_protocol_area">
- <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.bkuselection.header", request) %></h4>
- <s:iterator value="%{generalOA.bkuSelectionFileUploadFileName}" var="fileNameBKU">
- <div class="floatClass">
- <s:label key="webpages.oaconfig.general.bku.bkuselection.filename" value="%{fileNameBKU}"/>
- <s:checkbox key="webpages.oaconfig.general.bku.delete"
- labelposition="left"
- cssClass="checkbox"
- name="generalOA.deleteBKUTemplate"></s:checkbox>
- </div>
- <div id="pvp2_certificate_upload">
- <s:file name="generalOA.bkuSelectionFileUpload" key="webpages.oaconfig.general.bku.bkuselection.upload" cssClass="textfield_long"></s:file>
- </div>
- </s:iterator>
- <s:if test="generalOA.bkuSelectionFileUploadFileName.size() == 0">
- <div id="pvp2_certificate_upload">
- <s:file name="generalOA.bkuSelectionFileUpload" key="webpages.oaconfig.general.bku.bkuselection.upload" cssClass="textfield_long"></s:file>
- </div>
- </s:if>
- </div>
- <div class="oa_protocol_area">
- <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.sendassertion.header", request) %></h4>
- <s:iterator value="%{generalOA.sendAssertionFileUploadFileName}" var="fileNameBKU">
- <div class="floatClass">
- <s:label key="webpages.oaconfig.general.bku.sendassertion.filename"
- value="%{fileNameBKU}"/>
- <s:checkbox key="webpages.oaconfig.general.bku.delete"
- labelposition="left"
- cssClass="checkbox"
- name="generalOA.deleteSendAssertionTemplate"></s:checkbox>
- </div>
- <div id="pvp2_certificate_upload">
- <s:file name="generalOA.sendAssertionFileUpload" key="webpages.oaconfig.general.bku.sendassertion.upload" cssClass="textfield_long"></s:file>
- </div>
- </s:iterator>
- <s:if test="generalOA.sendAssertionFileUploadFileName.size() == 0">
- <div id="pvp2_certificate_upload">
- <s:file name="generalOA.sendAssertionFileUpload" key="webpages.oaconfig.general.bku.sendassertion.upload" cssClass="textfield_long"></s:file>
- </div>
- </s:if>
- </div>
-
- </div>
- </s:if>
-
- <div class="oa_config_block">
- <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.mandate.header", request) %></h3>
-
-
- <s:checkbox name="generalOA.useMandates"
- value="%{generalOA.useMandates}"
- labelposition="left"
- key="webpages.oaconfig.general.mandate.usemandate"
- cssClass="checkbox">
- </s:checkbox>
-
- <s:textfield name="generalOA.mandateProfiles"
- value="%{generalOA.mandateProfiles}"
- labelposition="left"
- key="webpages.oaconfig.general.mandate.profiles"
- cssClass="textfield_long">
- </s:textfield>
-
- <s:checkbox name="formOA.onlyMandateAllowed"
- value="%{formOA.onlyMandateAllowed}"
- labelposition="left"
- key="webpages.oaconfig.general.BKUSelection.isOnlyMandateLoginAllowed"
- cssClass="checkbox">
- </s:checkbox>
-
- </div>
-
- <div class="oa_config_block">
- <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.sso.header", request) %></h3>
-
- <s:checkbox name="ssoOA.useSSO"
- value="%{ssoOA.useSSO}"
- labelposition="left"
- key="webpages.oaconfig.sso.usesso"
- cssClass="checkbox"
- onclick="oaSSOService();"
- id="OAuseSSO">
- </s:checkbox>
-
- <div id="sso_bock">
- <s:if test="authUser.isAdmin()">
- <s:checkbox name="ssoOA.showAuthDataFrame"
- value="%{ssoOA.showAuthDataFrame}"
- labelposition="left"
- key="webpages.oaconfig.sso.useauthdataframe"
- cssClass="checkbox"
- onclick="oaBusinessService();">
- </s:checkbox>
- </s:if>
-
-<%--TODO: insert if SLO is implemented!!!--%>
-<%-- <s:textfield name="ssoOA.singleLogOutURL"
- value="%{ssoOA.singleLogOutURL}"
- labelposition="left"
- key="webpages.oaconfig.sso.singlelogouturl"
- cssClass="textfield_long">
- </s:textfield> --%>
- </div>
- </div>
-
- <div class="oa_config_block">
- <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %></h3>
-
- <s:checkbox name="storkOA.storkLogonEnabled"
- value="%{storkOA.storkLogonEnabled}"
- labelposition="left"
- key="webpages.oaconfig.stork.usestork"
- cssClass="checkbox"
- onclick="oaStork();"
- id="OAuseSTORKLogon" />
- <div id="stork_block">
- <s:select list="#{1:'1', 2:'2', 3:'3', 4:'4'}"
- value="#{storkOA.qaa}"
- name="storkOA.qaa"
- key="webpages.moaconfig.stork.qaa"
- labelposition="left" />
- <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.enabledcpeps", request) %></h4>
- <s:checkboxlist name="storkOA.enabledCitizenCountries" list="storkOA.availableCitizenCountries" value="storkOA.enabledCitizenCountries" />
- <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.header", request) %></h4>
- <table>
- <tr><th><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.used", request) %></th>
- <th><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.name", request) %></th>
- <th><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.mandatory", request) %></th></tr>
- <s:iterator value="storkOA.helperAttributes" status="stat">
- <tr><td><s:checkbox name="storkOA.helperAttributes[%{#stat.index}].used" value="%{used}" disabled="%{readOnly}" /></td>
- <td><s:property value="%{name}" /><s:hidden name="storkOA.helperAttributes[%{#stat.index}].name" value="%{name}" /></td>
- <td><s:checkbox name="storkOA.helperAttributes[%{#stat.index}].mandatory" value="%{mandatory}" /></td></tr>
- </s:iterator>
- </table>
- </div>
- </div>
-
<div class="oa_config_block">
<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.header", request) %></h3>
@@ -390,13 +54,6 @@
<button type="button" class="oa_buttons" onclick="oaSAML1();" id="button_saml1_hidden">
<%=LanguageHelper.getGUIString("webpages.oaconfig.menu.saml1.hidden", request) %>
</button>
-
- <button type="button" class="oa_buttons" onclick="oaVIDP();" id="button_vidp_show">
- <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.vidp.show", request) %>
- </button>
- <button type="button" style="display:none" class="oa_buttons" onclick="oaVIDP();" id="button_vidp_hidden">
- <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.vidp.hidden", request) %>
- </button>
</s:if>
<button type="button" class="oa_buttons" onclick="oaPVP2();" id="button_pvp2_show">
@@ -412,297 +69,19 @@
<button type="button" style="display:none" class="oa_buttons" onclick="oaOAuth20();" id="button_oauth20_hidden">
<%=LanguageHelper.getGUIString("webpages.oaconfig.menu.oauth20.hidden", request) %>
</button>
-
- <div id="oa_saml1_area" class="oa_protocol_area hidden">
- <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.saml1.header", request) %></h4>
-
- <s:if test="authUser.isAdmin()">
- <s:checkbox name="saml1OA.Active"
- value="%{saml1OA.Active}"
- labelposition="left"
- key="webpages.oaconfig.saml1.isActice"
- cssClass="checkbox">
- </s:checkbox>
- </s:if>
- <s:checkbox name="saml1OA.provideStammZahl"
- value="%{saml1OA.provideStammZahl}"
- labelposition="left"
- key="webpages.oaconfig.saml1.provideStammZahl"
- cssClass="checkbox">
- </s:checkbox>
- <s:checkbox name="saml1OA.provideAuthBlock"
- value="%{saml1OA.provideAuthBlock}"
- labelposition="left"
- key="webpages.oaconfig.saml1.provideAuthBlock"
- cssClass="checkbox">
- </s:checkbox>
- <br>
- <s:checkbox name="saml1OA.provideIdentityLink"
- value="%{saml1OA.provideIdentityLink}"
- labelposition="left"
- key="webpages.oaconfig.saml1.provideIdentityLink"
- cssClass="checkbox">
- </s:checkbox>
- <s:checkbox name="saml1OA.provideCertificate"
- value="%{saml1OA.provideCertificate}"
- labelposition="left"
- key="webpages.oaconfig.saml1.provideCertificate"
- cssClass="checkbox">
- </s:checkbox>
- <s:checkbox name="saml1OA.provideFullMandateData"
- value="%{saml1OA.provideFullMandateData}"
- labelposition="left"
- key="webpages.oaconfig.saml1.provideFullMandateData"
- cssClass="checkbox">
- </s:checkbox>
-<%-- <br>
- <br>
- <br>
- <s:checkbox name="saml1OA.useCondition"
- value="%{saml1OA.useCondition}"
- labelposition="left"
- key="webpages.oaconfig.saml1.useCondition"
- cssClass="checkbox">
- </s:checkbox>
- <s:textfield name="saml1OA.conditionLength"
- value="%{saml1OA.conditionLength}"
- labelposition="left"
- key="webpages.oaconfig.saml1.conditionLength"
- cssClass="textfield_short">
- </s:textfield> --%>
-
- </div>
-
- <div id="oa_pvp2_area" class="oa_protocol_area hidden">
- <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.pvp2.header", request) %></h4>
-
- <s:checkbox key="webpages.oaconfig.pvp2.reload"
- labelposition="left"
- cssClass="checkbox"
- name="pvp2OA.reLoad"></s:checkbox>
-
- <s:textfield name="pvp2OA.metaDataURL"
- value="%{pvp2OA.metaDataURL}"
- labelposition="left"
- key="webpages.oaconfig.pvp2.metaDataURL"
- cssClass="textfield_long">
- </s:textfield>
-
- <s:label key="webpages.oaconfig.pvp2.certifcate.info" value="%{pvp2OA.certificateDN}"/>
-
- <div id="pvp2_certificate_upload">
- <s:file name="pvp2OA.fileUpload" key="webpages.oaconfig.pvp2.certifcate" cssClass="textfield_long"></s:file>
- </div>
- </div>
-
- <div id="oa_oauth20_area" class="oa_protocol_area hidden">
- <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.oauth20.header", request) %></h4>
-
- <s:label key="webpages.oaconfig.oauth20.clientId" value="%{oauth20OA.clientId}"/>
-
- <s:label key="webpages.oaconfig.oauth20.clientSecret" value="%{oauth20OA.clientSecret}"/>
-
- <s:textfield name="oauth20OA.redirectUri"
- value="%{oauth20OA.redirectUri}"
- labelposition="left"
- key="webpages.oaconfig.oauth20.redirectUri"
- cssClass="textfield_long">
- </s:textfield>
- </div>
-
-
- <div id="oa_vidp_area" class="oa_protocol_area">
- <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %></h4>
-
- <p><s:checkbox name="storkOA.vidpEnabled"
- value="%{storkOA.vidpEnabled}"
- labelposition="left"
- key="webpages.oaconfig.vidp.enabled"
- cssClass="checkbox"
- id="OAuseVidp" /></p>
-
- <p><s:checkbox name="storkOA.requireConsent"
- value="%{storkOA.requireConsent}"
- labelposition="left"
- key="webpages.oaconfig.vidp.requireconsent"
- cssClass="checkbox"
- id="OArequireConsent" /></p>
- <h5><%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.list", request) %></h5>
- <table id="stork_aplist">
- <tr><th>AP Plugin</th><th>URL</th><th>Attribute (CSV)</th></tr>
- <s:iterator value="storkOA.attributeProviderPlugins" status="stat">
- <tr><td><s:select name="storkOA.attributeProviderPlugins[%{#stat.index}].name" value="%{name}" list="%{storkOA.availableAttributeProviderPlugins}"/></td>
- <td><s:textfield name="storkOA.attributeProviderPlugins[%{#stat.index}].url" value="%{url}" cssClass="textfield_mail"/></td>
- <td><s:textfield name="storkOA.attributeProviderPlugins[%{#stat.index}].attributes" value="%{attributes}" cssClass="textfield_mail"/></td>
- <td><input type="button" value="<%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.remove", request) %>" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/></td></tr>
- </s:iterator>
- </table>
- <input type="button" value="<%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.new", request) %>" onclick='newAp();' />
-
- </div>
- </div>
- <div class="oa_config_block">
- <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.aditional.header", request) %></h3>
-
-<%-- <s:checkbox name="generalOA.calculateHPI"
- value="%{generalOA.calculateHPI}"
- labelposition="left"
- key="webpages.oaconfig.general.aditional.calculateHPI"
- cssClass="textfield_long">
- </s:checkbox> --%>
-
- <s:checkbox name="generalOA.HideBPKAuthBlock"
- value="%{generalOA.HideBPKAuthBlock}"
- labelposition="left"
- key="webpages.oaconfig.general.isHideBPKAuthBlock"
- cssClass="checkbox">
- </s:checkbox>
+ <s:include value="snippets/OA/saml1.jsp"></s:include>
+
+ <s:include value="snippets/OA/pvp2.jsp">
+ <s:param name="hideBlock">hidden</s:param>
+ </s:include>
- <s:if test="authUser.isAdmin()">
- <s:textarea name="generalOA.aditionalAuthBlockText"
- value="%{generalOA.aditionalAuthBlockText}"
- labelposition="left"
- key="webpages.oaconfig.general.aditional.authblocktext"
- cssClass="textfield_large">
- </s:textarea>
-
-
- <button type="button" class="oa_buttons" onclick="oaFormCustom();" id="formcustom_button_show">
- <%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.button.show", request) %>
- </button>
- <button type="button" class="oa_buttons" onclick="oaFormCustom();" id="formcustom_button_hidden">
- <%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.button.hidden", request) %>
- </button>
-
- <div id="formcustom_area" class="oa_protocol_area hidden">
- <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.header", request) %></h4>
-
- <div id="formCustomValues">
- <s:textfield name="formOA.backGroundColor"
- value="%{formOA.backGroundColor}"
- labelposition="left"
- key="webpages.oaconfig.general.BKUSelection.backgroundcolor"
- cssClass="textfield_middle colorfield"
- onchange='updateBKUFormPreview("MAIN_BACKGOUNDCOLOR")'
- id="MAIN_BACKGOUNDCOLOR">
- </s:textfield>
- <s:textfield name="formOA.frontColor"
- value="%{formOA.frontColor}"
- labelposition="left"
- key="webpages.oaconfig.general.BKUSelection.frontcolor"
- cssClass="textfield_middle colorfield"
- onchange='updateBKUFormPreview("MAIN_COLOR")'
- id="MAIN_COLOR">
- </s:textfield>
-
- <s:textfield name="formOA.header_BackGroundColor"
- value="%{formOA.header_BackGroundColor}"
- labelposition="left"
- key="webpages.oaconfig.general.BKUSelection.header.backgroundcolor"
- cssClass="textfield_middle colorfield"
- onchange='updateBKUFormPreview("HEADER_BACKGROUNDCOLOR")'
- id="HEADER_BACKGROUNDCOLOR">
- </s:textfield>
- <s:textfield name="formOA.header_FrontColor"
- value="%{formOA.header_FrontColor}"
- labelposition="left"
- key="webpages.oaconfig.general.BKUSelection.header.frontcolor"
- cssClass="textfield_middle colorfield"
- onchange='updateBKUFormPreview("HEADER_COLOR")'
- id="HEADER_COLOR">
- </s:textfield>
- <s:textfield name="formOA.header_text"
- value="%{formOA.header_text}"
- labelposition="left"
- key="webpages.oaconfig.general.BKUSelection.header.text"
- cssClass="textfield_middle"
- onchange='updateBKUFormPreview("HEADER_TEXT")'
- id="HEADER_TEXT">
- </s:textfield>
-
- <%-- <s:textfield name="formOA.button_BackGroundColor"
- value="%{formOA.button_BackGroundColor}"
- labelposition="left"
- key="webpages.oaconfig.general.BKUSelection.header.button.background"
- cssClass="textfield_middle colorfield"
- onchange='updateBKUFormPreview("BUTTON_BACKGROUNDCOLOR")'
- id="BUTTON_BACKGROUNDCOLOR">
- </s:textfield>
- <s:textfield name="formOA.button_BackGroundColorFocus"
- value="%{formOA.button_BackGroundColorFocus}"
- labelposition="left"
- key="webpages.oaconfig.general.BKUSelection.header.button.background.focus"
- cssClass="textfield_middle colorfield"
- onchange='updateBKUFormPreview("BUTTON_BACKGROUNDCOLOR_FOCUS")'
- id="BUTTON_BACKGROUNDCOLOR_FOCUS">
- </s:textfield>
- <s:textfield name="formOA.button_FrontColor"
- value="%{formOA.button_FrontColor}"
- labelposition="left"
- key="webpages.oaconfig.general.BKUSelection.header.button.front"
- cssClass="textfield_middle colorfield"
- onchange='updateBKUFormPreview("BUTTON_COLOR")'
- id="BUTTON_COLOR">
- </s:textfield> --%>
-
- <s:select list="formOA.appletRedirectTargetList"
- key="webpages.oaconfig.general.BKUSelection.redirectTarget"
- labelposition="left"
- cssClass="selectfield"
- value="%{formOA.appletRedirectTarget}"
- name="formOA.appletRedirectTarget">
- </s:select>
-
- <s:textfield name="formOA.applet_height"
- value="%{formOA.applet_height}"
- labelposition="left"
- key="webpages.oaconfig.general.BKUSelection.header.applet.height"
- cssClass="textfield_middle"
- id="HEADER_HEIGHT">
- </s:textfield>
-
- <s:textfield name="formOA.applet_width"
- value="%{formOA.applet_width}"
- labelposition="left"
- key="webpages.oaconfig.general.BKUSelection.header.applet.width"
- cssClass="textfield_middle"
- id="HEADER_WIDTH">
- </s:textfield>
-
- <s:select list="formOA.fontTypeList"
- key="webpages.oaconfig.general.BKUSelection.fonttype.list"
- labelposition="left"
- cssClass="selectfield"
- value="%{formOA.fontType}"
- name="formOA.fontTypeListValue"
- id="fontTypeList"
- onchange='$("#FONTTYPE").val($("#fontTypeList").val());updateBKUFormPreview("FONTTYPE");'>
- </s:select>
-
- <s:textfield name="formOA.fontType"
- value="%{formOA.fontType}"
- labelposition="left"
- key="webpages.oaconfig.general.BKUSelection.fonttype"
- cssClass="textfield_mail"
- onchange='updateBKUFormPreview("FONTTYPE")'
- id="FONTTYPE">
- </s:textfield>
- </div>
-
- <div id="formCustomPreview">
- <iframe scrolling="none"
- title="BKUForm Preview"
- height="260"
- width="250">
- </iframe>
- </div>
-
- </div>
- </s:if>
+ <s:include value="snippets/OA/openIDConnect.jsp"></s:include>
</div>
+
+ <s:include value="snippets/OA/formCustomization.jsp"></s:include>
<s:hidden name="formID"
value="%{formID}"></s:hidden>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/interfederation/idplist.jsp b/id/ConfigWebTool/src/main/webapp/jsp/interfederation/idplist.jsp
new file mode 100644
index 000000000..3e7404dfc
--- /dev/null
+++ b/id/ConfigWebTool/src/main/webapp/jsp/interfederation/idplist.jsp
@@ -0,0 +1,60 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib prefix="s" uri="/struts-tags" %>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+ <head>
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+ <link rel="stylesheet" type="text/css" href="../css/index.css">
+ <title><%=LanguageHelper.getGUIString("title", request) %></title>
+ <script type="text/javascript" src="../js/common.js"></script>
+ <script src="../js/jquery.js"></script>
+ </head>
+
+ <body>
+
+ <jsp:include page="../snippets/header_userinfos.jsp"></jsp:include>
+
+ <jsp:include page="../snippets/main_menu.jsp"></jsp:include>
+
+ <div id="information_area">
+ <s:if test="hasActionErrors()">
+ <div id="error_area">
+ <label><%=LanguageHelper.getGUIString("error.title", request) %></label>
+ <s:actionerror/>
+ </div>
+ </s:if>
+
+ <s:if test="authUser.isAdmin()">
+
+ <div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.interfederation.list.header", request) %></h3>
+ <s:include value="../snippets/oas_list.jsp">
+ <s:param name="editAction">loadIDP</s:param>
+ </s:include>
+ </div>
+ <br>
+ <br>
+ <div id="button_area">
+ <h3><%=LanguageHelper.getGUIString("webpages.interfederation.new.header", request) %></h3>
+ <s:form action="newIDP" namespace="/secure" method="POST" >
+ <s:hidden name="interfederationType" value="-MOAIDP"></s:hidden>
+ <s:submit key="webpages.interfederation.new.moaid"/>
+ </s:form>
+ <s:form action="newIDP" namespace="/secure" method="POST" >
+ <s:hidden name="interfederationType" value="-VIDP"></s:hidden>
+ <s:submit key="webpages.interfederation.new.vidp"/>
+ </s:form>
+ </div>
+
+
+ </s:if>
+
+ </div>
+
+ <jsp:include page="../snippets/footer.jsp"></jsp:include>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/interfederation/moa_idp.jsp b/id/ConfigWebTool/src/main/webapp/jsp/interfederation/moa_idp.jsp
new file mode 100644
index 000000000..f0d0671bf
--- /dev/null
+++ b/id/ConfigWebTool/src/main/webapp/jsp/interfederation/moa_idp.jsp
@@ -0,0 +1,66 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib prefix="s" uri="/struts-tags" %>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+ <head>
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+ <link rel="stylesheet" type="text/css" href="../css/index.css">
+ <title><%=LanguageHelper.getGUIString("title", request) %></title>
+ <script type="text/javascript" src="../js/common.js"></script>
+ <script src="../js/jquery.js"></script>
+ </head>
+
+ <body>
+
+ <jsp:include page="../snippets/header_userinfos.jsp"></jsp:include>
+
+ <jsp:include page="../snippets/main_menu.jsp"></jsp:include>
+
+ <div id="information_area">
+ <s:if test="hasActionErrors()">
+ <div id="error_area">
+ <label><%=LanguageHelper.getGUIString("error.title", request) %></label>
+ <s:actionerror/>
+ </div>
+ </s:if>
+
+ <s:if test="authUser.isAdmin()">
+ <div id="list_area">
+ <h2><%=LanguageHelper.getGUIString("webpages.interfederation.header", request) %></h2>
+
+ <s:form namespace="/secure" method="POST" enctype="multipart/form-data">
+
+ <s:include value="../snippets/OA/generalInformation.jsp"></s:include>
+
+ <s:include value="../snippets/OA/interfederation.jsp"></s:include>
+
+ <s:include value="../snippets/OA/pvp2.jsp">
+ <s:param name="hideBlock">""</s:param>
+ </s:include>
+
+ <s:hidden name="formID" value="%{formID}"></s:hidden>
+ <s:hidden name="interfederationType" value="%{interfederationType}"></s:hidden>
+
+
+ <div id="button_area">
+ <s:submit key="webpages.edit.back" action="cancleandbackIDP"/>
+ <s:submit key="webpages.edit.save" action="saveMOAIDP"/>
+ <s:if test="!isNewOA()">
+ <s:submit key="webpages.edit.delete" action="deleteIDP"/>
+ </s:if>
+ </div>
+
+ </s:form>
+
+ </div>
+ </s:if>
+
+ </div>
+
+ <jsp:include page="../snippets/footer.jsp"></jsp:include>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/interfederation/vidp.jsp b/id/ConfigWebTool/src/main/webapp/jsp/interfederation/vidp.jsp
new file mode 100644
index 000000000..3a5dd68c9
--- /dev/null
+++ b/id/ConfigWebTool/src/main/webapp/jsp/interfederation/vidp.jsp
@@ -0,0 +1,70 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib prefix="s" uri="/struts-tags" %>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+ <head>
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+ <link rel="stylesheet" type="text/css" href="../css/index.css">
+ <title><%=LanguageHelper.getGUIString("title", request) %></title>
+ <script type="text/javascript" src="../js/common.js"></script>
+ <script src="../js/jquery.js"></script>
+ </head>
+
+ <body onload="oaOnLoad()">
+
+ <jsp:include page="../snippets/header_userinfos.jsp"></jsp:include>
+
+ <jsp:include page="../snippets/main_menu.jsp"></jsp:include>
+
+ <div id="information_area">
+ <s:if test="hasActionErrors()">
+ <div id="error_area">
+ <label><%=LanguageHelper.getGUIString("error.title", request) %></label>
+ <s:actionerror/>
+ </div>
+ </s:if>
+
+ <s:if test="authUser.isAdmin()">
+ <div id="list_area">
+ <h2><%=LanguageHelper.getGUIString("webpages.interfederation.header", request) %></h2>
+
+ <s:form namespace="/secure" method="POST" enctype="multipart/form-data">
+
+ <s:include value="../snippets/OA/generalInformation.jsp"></s:include>
+
+ <s:include value="../snippets/OA/targetConfiguration.jsp"></s:include>
+
+ <s:include value="../snippets/OA/authentication.jsp"></s:include>
+
+ <s:include value="../snippets/OA/vidp.jsp">
+ <s:param name="hideBlock"></s:param>
+ </s:include>
+
+ <s:include value="../snippets/OA/formCustomization.jsp"></s:include>
+
+ <s:hidden name="formID" value="%{formID}"></s:hidden>
+ <s:hidden name="interfederationType" value="%{interfederationType}"></s:hidden>
+
+
+ <div id="button_area">
+ <s:submit key="webpages.edit.back" action="cancleandbackIDP"/>
+ <s:submit key="webpages.edit.save" action="saveVIDP"/>
+ <s:if test="!isNewOA()">
+ <s:submit key="webpages.edit.delete" action="deleteIDP"/>
+ </s:if>
+ </div>
+
+ </s:form>
+
+ </div>
+ </s:if>
+
+ </div>
+
+ <jsp:include page="../snippets/footer.jsp"></jsp:include>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/listOAs.jsp b/id/ConfigWebTool/src/main/webapp/jsp/listOAs.jsp
index 11953ec86..bad50262d 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/listOAs.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/listOAs.jsp
@@ -27,7 +27,9 @@
</div>
</s:if>
- <jsp:include page="snippets/oas_list.jsp"></jsp:include>
+ <s:include value="snippets/oas_list.jsp">
+ <s:param name="editAction">loadOA</s:param>
+ </s:include>
</div>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
new file mode 100644
index 000000000..a659104ed
--- /dev/null
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
@@ -0,0 +1,97 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib prefix="s" uri="/struts-tags" %>
+
+<html>
+
+ <s:if test="authUser.isAdmin()">
+ <div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.header", request) %></h3>
+
+ <s:textfield name="authOA.bkuOnlineURL"
+ value="%{authOA.bkuOnlineURL}"
+ labelposition="left"
+ key="webpages.oaconfig.general.bku.online"
+ cssClass="textfield_long">
+ </s:textfield>
+
+ <s:textfield name="authOA.bkuHandyURL"
+ value="%{authOA.bkuHandyURL}"
+ labelposition="left"
+ key="webpages.oaconfig.general.bku.handy"
+ cssClass="textfield_long">
+ </s:textfield>
+
+ <s:textfield name="authOA.bkuLocalURL"
+ value="%{authOA.bkuLocalURL}"
+ labelposition="left"
+ key="webpages.oaconfig.general.bku.local"
+ cssClass="textfield_long">
+ </s:textfield>
+
+ <s:radio list="authOA.keyBoxIdentifierList"
+ name="authOA.keyBoxIdentifier"
+ value="%{authOA.keyBoxIdentifier}"
+ labelposition="left"
+ key="webpages.oaconfig.general.bku.keyboxidentifier"
+ cssClass="radio">
+ </s:radio>
+ <s:checkbox name="authOA.legacy"
+ value="%{authOA.legacy}"
+ labelposition="left"
+ key="webpages.oaconfig.general.bku.legacy"
+ cssClass="checkbox"
+ onclick="oaLegacyService();"
+ id="OAislegacy">
+ </s:checkbox>
+ <div id="oa_config_sltemplates">
+ <s:textfield name="authOA.SLTemplateURL1"
+ value="%{authOA.SLTemplateURL1}"
+ labelposition="left"
+ key="webpages.oaconfig.general.bku.sltemplate.first"
+ cssClass="textfield_long">
+ </s:textfield>
+ <s:textfield name="authOA.SLTemplateURL2"
+ value="%{authOA.SLTemplateURL2}"
+ labelposition="left"
+ key="webpages.oaconfig.general.bku.sltemplate.second"
+ cssClass="textfield_long">
+ </s:textfield>
+ <s:textfield name="authOA.SLTemplateURL3"
+ value="%{authOA.SLTemplateURL3}"
+ labelposition="left"
+ key="webpages.oaconfig.general.bku.sltemplate.third"
+ cssClass="textfield_long">
+ </s:textfield>
+ </div>
+ </div>
+ </s:if>
+
+ <div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.mandate.header", request) %></h3>
+
+
+ <s:checkbox name="authOA.useMandates"
+ value="%{authOA.useMandates}"
+ labelposition="left"
+ key="webpages.oaconfig.general.mandate.usemandate"
+ cssClass="checkbox">
+ </s:checkbox>
+
+ <s:textfield name="authOA.mandateProfiles"
+ value="%{authOA.mandateProfiles}"
+ labelposition="left"
+ key="webpages.oaconfig.general.mandate.profiles"
+ cssClass="textfield_long">
+ </s:textfield>
+
+ <s:checkbox name="formOA.onlyMandateAllowed"
+ value="%{formOA.onlyMandateAllowed}"
+ labelposition="left"
+ key="webpages.oaconfig.general.BKUSelection.isOnlyMandateLoginAllowed"
+ cssClass="checkbox">
+ </s:checkbox>
+
+ </div>
+
+</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/blank.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/blank.jsp
new file mode 100644
index 000000000..ba7dc2cc4
--- /dev/null
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/blank.jsp
@@ -0,0 +1,8 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib prefix="s" uri="/struts-tags" %>
+
+<html>
+
+
+</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/formCustomization.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/formCustomization.jsp
new file mode 100644
index 000000000..008a8b521
--- /dev/null
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/formCustomization.jsp
@@ -0,0 +1,209 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib prefix="s" uri="/struts-tags" %>
+
+<html>
+ <div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.aditional.header", request) %></h3>
+
+<%-- <s:checkbox name="generalOA.calculateHPI"
+ value="%{generalOA.calculateHPI}"
+ labelposition="left"
+ key="webpages.oaconfig.general.aditional.calculateHPI"
+ cssClass="textfield_long">
+ </s:checkbox> --%>
+
+ <s:checkbox name="formOA.HideBPKAuthBlock"
+ value="%{formOA.HideBPKAuthBlock}"
+ labelposition="left"
+ key="webpages.oaconfig.general.isHideBPKAuthBlock"
+ cssClass="checkbox">
+ </s:checkbox>
+
+ <s:if test="authUser.isAdmin()">
+ <s:textarea name="formOA.aditionalAuthBlockText"
+ value="%{formOA.aditionalAuthBlockText}"
+ labelposition="left"
+ key="webpages.oaconfig.general.aditional.authblocktext"
+ cssClass="textfield_large">
+ </s:textarea>
+
+ <button type="button" class="oa_buttons" onclick="oaFormCustom();" id="formcustom_button_show">
+ <%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.button.show", request) %>
+ </button>
+ <button type="button" class="oa_buttons" onclick="oaFormCustom();" id="formcustom_button_hidden">
+ <%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.button.hidden", request) %>
+ </button>
+
+ <div id="formcustom_area" class="oa_protocol_area hidden">
+ <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.header", request) %></h4>
+
+ <div id="formCustomValues">
+ <s:textfield name="formOA.backGroundColor"
+ value="%{formOA.backGroundColor}"
+ labelposition="left"
+ key="webpages.oaconfig.general.BKUSelection.backgroundcolor"
+ cssClass="textfield_middle colorfield"
+ onchange='updateBKUFormPreview("MAIN_BACKGOUNDCOLOR")'
+ id="MAIN_BACKGOUNDCOLOR">
+ </s:textfield>
+ <s:textfield name="formOA.frontColor"
+ value="%{formOA.frontColor}"
+ labelposition="left"
+ key="webpages.oaconfig.general.BKUSelection.frontcolor"
+ cssClass="textfield_middle colorfield"
+ onchange='updateBKUFormPreview("MAIN_COLOR")'
+ id="MAIN_COLOR">
+ </s:textfield>
+
+ <s:textfield name="formOA.header_BackGroundColor"
+ value="%{formOA.header_BackGroundColor}"
+ labelposition="left"
+ key="webpages.oaconfig.general.BKUSelection.header.backgroundcolor"
+ cssClass="textfield_middle colorfield"
+ onchange='updateBKUFormPreview("HEADER_BACKGROUNDCOLOR")'
+ id="HEADER_BACKGROUNDCOLOR">
+ </s:textfield>
+ <s:textfield name="formOA.header_FrontColor"
+ value="%{formOA.header_FrontColor}"
+ labelposition="left"
+ key="webpages.oaconfig.general.BKUSelection.header.frontcolor"
+ cssClass="textfield_middle colorfield"
+ onchange='updateBKUFormPreview("HEADER_COLOR")'
+ id="HEADER_COLOR">
+ </s:textfield>
+ <s:textfield name="formOA.header_text"
+ value="%{formOA.header_text}"
+ labelposition="left"
+ key="webpages.oaconfig.general.BKUSelection.header.text"
+ cssClass="textfield_middle"
+ onchange='updateBKUFormPreview("HEADER_TEXT")'
+ id="HEADER_TEXT">
+ </s:textfield>
+
+ <%-- <s:textfield name="formOA.button_BackGroundColor"
+ value="%{formOA.button_BackGroundColor}"
+ labelposition="left"
+ key="webpages.oaconfig.general.BKUSelection.header.button.background"
+ cssClass="textfield_middle colorfield"
+ onchange='updateBKUFormPreview("BUTTON_BACKGROUNDCOLOR")'
+ id="BUTTON_BACKGROUNDCOLOR">
+ </s:textfield>
+ <s:textfield name="formOA.button_BackGroundColorFocus"
+ value="%{formOA.button_BackGroundColorFocus}"
+ labelposition="left"
+ key="webpages.oaconfig.general.BKUSelection.header.button.background.focus"
+ cssClass="textfield_middle colorfield"
+ onchange='updateBKUFormPreview("BUTTON_BACKGROUNDCOLOR_FOCUS")'
+ id="BUTTON_BACKGROUNDCOLOR_FOCUS">
+ </s:textfield>
+ <s:textfield name="formOA.button_FrontColor"
+ value="%{formOA.button_FrontColor}"
+ labelposition="left"
+ key="webpages.oaconfig.general.BKUSelection.header.button.front"
+ cssClass="textfield_middle colorfield"
+ onchange='updateBKUFormPreview("BUTTON_COLOR")'
+ id="BUTTON_COLOR">
+ </s:textfield> --%>
+
+ <s:select list="formOA.appletRedirectTargetList"
+ key="webpages.oaconfig.general.BKUSelection.redirectTarget"
+ labelposition="left"
+ cssClass="selectfield"
+ value="%{formOA.appletRedirectTarget}"
+ name="formOA.appletRedirectTarget">
+ </s:select>
+
+ <s:textfield name="formOA.applet_height"
+ value="%{formOA.applet_height}"
+ labelposition="left"
+ key="webpages.oaconfig.general.BKUSelection.header.applet.height"
+ cssClass="textfield_middle"
+ id="HEADER_HEIGHT">
+ </s:textfield>
+
+ <s:textfield name="formOA.applet_width"
+ value="%{formOA.applet_width}"
+ labelposition="left"
+ key="webpages.oaconfig.general.BKUSelection.header.applet.width"
+ cssClass="textfield_middle"
+ id="HEADER_WIDTH">
+ </s:textfield>
+
+ <s:select list="formOA.fontTypeList"
+ key="webpages.oaconfig.general.BKUSelection.fonttype.list"
+ labelposition="left"
+ cssClass="selectfield"
+ value="%{formOA.fontType}"
+ name="formOA.fontTypeListValue"
+ id="fontTypeList"
+ onchange='$("#FONTTYPE").val($("#fontTypeList").val());updateBKUFormPreview("FONTTYPE");'>
+ </s:select>
+
+ <s:textfield name="formOA.fontType"
+ value="%{formOA.fontType}"
+ labelposition="left"
+ key="webpages.oaconfig.general.BKUSelection.fonttype"
+ cssClass="textfield_mail"
+ onchange='updateBKUFormPreview("FONTTYPE")'
+ id="FONTTYPE">
+ </s:textfield>
+ </div>
+
+ <div id="formCustomPreview">
+ <iframe scrolling="none"
+ title="BKUForm Preview"
+ height="260"
+ width="250">
+ </iframe>
+ </div>
+
+ </div>
+
+ <div class="oa_protocol_area">
+ <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.bkuselection.header", request) %></h4>
+ <s:iterator value="%{formOA.bkuSelectionFileUploadFileName}" var="fileNameBKU">
+ <div class="floatClass">
+ <s:label key="webpages.oaconfig.general.bku.bkuselection.filename" value="%{fileNameBKU}"/>
+ <s:checkbox key="webpages.oaconfig.general.bku.delete"
+ labelposition="left"
+ cssClass="checkbox"
+ name="formOA.deleteBKUTemplate"></s:checkbox>
+ </div>
+ <div id="pvp2_certificate_upload">
+ <s:file name="formOA.bkuSelectionFileUpload" key="webpages.oaconfig.general.bku.bkuselection.upload" cssClass="textfield_long"></s:file>
+ </div>
+ </s:iterator>
+ <s:if test="formOA.bkuSelectionFileUploadFileName.size() == 0">
+ <div id="pvp2_certificate_upload">
+ <s:file name="formOA.bkuSelectionFileUpload" key="webpages.oaconfig.general.bku.bkuselection.upload" cssClass="textfield_long"></s:file>
+ </div>
+ </s:if>
+ </div>
+ <div class="oa_protocol_area">
+ <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.sendassertion.header", request) %></h4>
+ <s:iterator value="%{formOA.sendAssertionFileUploadFileName}" var="fileNameBKU">
+ <div class="floatClass">
+ <s:label key="webpages.oaconfig.general.bku.sendassertion.filename"
+ value="%{fileNameBKU}"/>
+ <s:checkbox key="webpages.oaconfig.general.bku.delete"
+ labelposition="left"
+ cssClass="checkbox"
+ name="formOA.deleteSendAssertionTemplate"></s:checkbox>
+ </div>
+ <div id="pvp2_certificate_upload">
+ <s:file name="formOA.sendAssertionFileUpload" key="webpages.oaconfig.general.bku.sendassertion.upload" cssClass="textfield_long"></s:file>
+ </div>
+ </s:iterator>
+ <s:if test="formOA.sendAssertionFileUploadFileName.size() == 0">
+ <div id="pvp2_certificate_upload">
+ <s:file name="formOA.sendAssertionFileUpload" key="webpages.oaconfig.general.bku.sendassertion.upload" cssClass="textfield_long"></s:file>
+ </div>
+ </s:if>
+ </div>
+
+ </s:if>
+
+ </div>
+
+</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/generalInformation.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/generalInformation.jsp
new file mode 100644
index 000000000..ade5bb185
--- /dev/null
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/generalInformation.jsp
@@ -0,0 +1,43 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib prefix="s" uri="/struts-tags" %>
+
+<html>
+
+ <div class="oa_config_block">
+
+ <s:if test="authUser.isAdmin()">
+ <s:checkbox name="generalOA.Active"
+ value="%{generalOA.Active}"
+ labelposition="left"
+ key="webpages.oaconfig.general.isActive"
+ cssClass="checkbox">
+ </s:checkbox>
+ </s:if>
+
+ <s:textfield name="generalOA.identifier"
+ value="%{generalOA.identifier}"
+ labelposition="left"
+ key="webpages.oaconfig.general.identification"
+ cssClass="textfield_long">
+ </s:textfield>
+
+ <s:textfield name="generalOA.friendlyName"
+ value="%{generalOA.friendlyName}"
+ labelposition="left"
+ key="webpages.oaconfig.general.friendlyname"
+ cssClass="textfield_long">
+ </s:textfield>
+
+ <s:checkbox name="generalOA.businessService"
+ value="%{generalOA.businessService}"
+ labelposition="left"
+ key="webpages.oaconfig.general.isbusinessservice"
+ cssClass="checkbox"
+ onclick="oaBusinessService();"
+ id="OAisbusinessservice"
+ >
+ </s:checkbox>
+
+ </div>
+</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/interfederation.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/interfederation.jsp
new file mode 100644
index 000000000..97d21bcb4
--- /dev/null
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/interfederation.jsp
@@ -0,0 +1,33 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib prefix="s" uri="/struts-tags" %>
+
+<html>
+ <div id="oa_pvp2_area" class="oa_protocol_area">
+ <h4><%=LanguageHelper.getGUIString("webpages.inderfederation.moaid.header", request) %></h4>
+
+ <s:checkbox key="webpages.inderfederation.moaid.inboundSSO"
+ labelposition="left"
+ cssClass="checkbox"
+ name="moaIDP.inboundSSO"></s:checkbox>
+
+ <s:checkbox key="webpages.inderfederation.moaid.outboundSSO"
+ labelposition="left"
+ cssClass="checkbox"
+ name="moaIDP.outboundSSO"></s:checkbox>
+
+ <s:checkbox key="webpages.inderfederation.moaid.storeSSOSession"
+ labelposition="left"
+ cssClass="checkbox"
+ name="moaIDP.storeSSOSession"></s:checkbox>
+
+ <s:textfield name="moaIDP.queryURL"
+ value="%{moaIDP.queryURL}"
+ labelposition="left"
+ key="webpages.inderfederation.moaid.attributQueryURL"
+ cssClass="textfield_long">
+ </s:textfield>
+
+ </div>
+
+</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/openIDConnect.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/openIDConnect.jsp
new file mode 100644
index 000000000..a9b1f88a2
--- /dev/null
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/openIDConnect.jsp
@@ -0,0 +1,21 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib prefix="s" uri="/struts-tags" %>
+
+<html>
+ <div id="oa_oauth20_area" class="oa_protocol_area hidden">
+ <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.oauth20.header", request) %></h4>
+
+ <s:label key="webpages.oaconfig.oauth20.clientId" value="%{oauth20OA.clientId}"/>
+
+ <s:label key="webpages.oaconfig.oauth20.clientSecret" value="%{oauth20OA.clientSecret}"/>
+
+ <s:textfield name="oauth20OA.redirectUri"
+ value="%{oauth20OA.redirectUri}"
+ labelposition="left"
+ key="webpages.oaconfig.oauth20.redirectUri"
+ cssClass="textfield_long">
+ </s:textfield>
+ </div>
+
+</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/pvp2.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/pvp2.jsp
new file mode 100644
index 000000000..398e6d110
--- /dev/null
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/pvp2.jsp
@@ -0,0 +1,28 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib prefix="s" uri="/struts-tags" %>
+
+<html>
+ <div id="oa_pvp2_area" class="oa_protocol_area ${param.hideBlock}">
+ <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.pvp2.header", request) %></h4>
+
+ <s:checkbox key="webpages.oaconfig.pvp2.reload"
+ labelposition="left"
+ cssClass="checkbox"
+ name="pvp2OA.reLoad"></s:checkbox>
+
+ <s:textfield name="pvp2OA.metaDataURL"
+ value="%{pvp2OA.metaDataURL}"
+ labelposition="left"
+ key="webpages.oaconfig.pvp2.metaDataURL"
+ cssClass="textfield_long">
+ </s:textfield>
+
+ <s:label key="webpages.oaconfig.pvp2.certifcate.info" value="%{pvp2OA.certificateDN}"/>
+
+ <div id="pvp2_certificate_upload">
+ <s:file name="pvp2OA.fileUpload" key="webpages.oaconfig.pvp2.certifcate" cssClass="textfield_long"></s:file>
+ </div>
+ </div>
+
+</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/saml1.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/saml1.jsp
new file mode 100644
index 000000000..4fd02aa61
--- /dev/null
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/saml1.jsp
@@ -0,0 +1,66 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib prefix="s" uri="/struts-tags" %>
+
+<html>
+ <div id="oa_saml1_area" class="oa_protocol_area hidden">
+ <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.saml1.header", request) %></h4>
+
+ <s:if test="authUser.isAdmin()">
+ <s:checkbox name="saml1OA.Active"
+ value="%{saml1OA.Active}"
+ labelposition="left"
+ key="webpages.oaconfig.saml1.isActice"
+ cssClass="checkbox">
+ </s:checkbox>
+ </s:if>
+ <s:checkbox name="saml1OA.provideStammZahl"
+ value="%{saml1OA.provideStammZahl}"
+ labelposition="left"
+ key="webpages.oaconfig.saml1.provideStammZahl"
+ cssClass="checkbox">
+ </s:checkbox>
+ <s:checkbox name="saml1OA.provideAuthBlock"
+ value="%{saml1OA.provideAuthBlock}"
+ labelposition="left"
+ key="webpages.oaconfig.saml1.provideAuthBlock"
+ cssClass="checkbox">
+ </s:checkbox>
+ <br>
+ <s:checkbox name="saml1OA.provideIdentityLink"
+ value="%{saml1OA.provideIdentityLink}"
+ labelposition="left"
+ key="webpages.oaconfig.saml1.provideIdentityLink"
+ cssClass="checkbox">
+ </s:checkbox>
+ <s:checkbox name="saml1OA.provideCertificate"
+ value="%{saml1OA.provideCertificate}"
+ labelposition="left"
+ key="webpages.oaconfig.saml1.provideCertificate"
+ cssClass="checkbox">
+ </s:checkbox>
+ <s:checkbox name="saml1OA.provideFullMandateData"
+ value="%{saml1OA.provideFullMandateData}"
+ labelposition="left"
+ key="webpages.oaconfig.saml1.provideFullMandateData"
+ cssClass="checkbox">
+ </s:checkbox>
+<%-- <br>
+ <br>
+ <br>
+ <s:checkbox name="saml1OA.useCondition"
+ value="%{saml1OA.useCondition}"
+ labelposition="left"
+ key="webpages.oaconfig.saml1.useCondition"
+ cssClass="checkbox">
+ </s:checkbox>
+ <s:textfield name="saml1OA.conditionLength"
+ value="%{saml1OA.conditionLength}"
+ labelposition="left"
+ key="webpages.oaconfig.saml1.conditionLength"
+ cssClass="textfield_short">
+ </s:textfield> --%>
+
+ </div>
+
+</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/sso.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/sso.jsp
new file mode 100644
index 000000000..f39668bd5
--- /dev/null
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/sso.jsp
@@ -0,0 +1,39 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib prefix="s" uri="/struts-tags" %>
+
+<html>
+ <div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.sso.header", request) %></h3>
+
+ <s:checkbox name="ssoOA.useSSO"
+ value="%{ssoOA.useSSO}"
+ labelposition="left"
+ key="webpages.oaconfig.sso.usesso"
+ cssClass="checkbox"
+ onclick="oaSSOService();"
+ id="OAuseSSO">
+ </s:checkbox>
+
+ <div id="sso_bock">
+ <s:if test="authUser.isAdmin()">
+ <s:checkbox name="ssoOA.showAuthDataFrame"
+ value="%{ssoOA.showAuthDataFrame}"
+ labelposition="left"
+ key="webpages.oaconfig.sso.useauthdataframe"
+ cssClass="checkbox"
+ onclick="oaBusinessService();">
+ </s:checkbox>
+ </s:if>
+
+<%--TODO: insert if SLO is implemented!!!--%>
+<%-- <s:textfield name="ssoOA.singleLogOutURL"
+ value="%{ssoOA.singleLogOutURL}"
+ labelposition="left"
+ key="webpages.oaconfig.sso.singlelogouturl"
+ cssClass="textfield_long">
+ </s:textfield> --%>
+ </div>
+ </div>
+
+</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
new file mode 100644
index 000000000..f1853dbeb
--- /dev/null
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
@@ -0,0 +1,38 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib prefix="s" uri="/struts-tags" %>
+
+<html>
+ <div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %></h3>
+
+ <s:checkbox name="storkOA.storkLogonEnabled"
+ value="%{storkOA.storkLogonEnabled}"
+ labelposition="left"
+ key="webpages.oaconfig.stork.usestork"
+ cssClass="checkbox"
+ onclick="oaStork();"
+ id="OAuseSTORKLogon" />
+ <div id="stork_block">
+ <s:select list="#{1:'1', 2:'2', 3:'3', 4:'4'}"
+ value="#{storkOA.qaa}"
+ name="storkOA.qaa"
+ key="webpages.moaconfig.stork.qaa"
+ labelposition="left" />
+ <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.enabledcpeps", request) %></h4>
+ <s:checkboxlist name="storkOA.enabledCitizenCountries" list="storkOA.availableCitizenCountries" value="storkOA.enabledCitizenCountries" />
+ <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.header", request) %></h4>
+ <table>
+ <tr><th><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.used", request) %></th>
+ <th><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.name", request) %></th>
+ <th><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.mandatory", request) %></th></tr>
+ <s:iterator value="storkOA.helperAttributes" status="stat">
+ <tr><td><s:checkbox name="storkOA.helperAttributes[%{#stat.index}].used" value="%{used}" disabled="%{readOnly}" /></td>
+ <td><s:property value="%{name}" /><s:hidden name="storkOA.helperAttributes[%{#stat.index}].name" value="%{name}" /></td>
+ <td><s:checkbox name="storkOA.helperAttributes[%{#stat.index}].mandatory" value="%{mandatory}" /></td></tr>
+ </s:iterator>
+ </table>
+ </div>
+ </div>
+
+</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
new file mode 100644
index 000000000..261966a86
--- /dev/null
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
@@ -0,0 +1,115 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib prefix="s" uri="/struts-tags" %>
+
+<html>
+ <div id="oa_config_businessservice" class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.business.header", request) %></h3>
+
+ <s:select list="targetConfig.identificationTypeList"
+ key="webpages.oaconfig.general.business.value"
+ labelposition="left"
+ cssClass="selectfield"
+ value="%{targetConfig.identificationType}"
+ name="targetConfig.identificationType"
+ disabled="%{isDeaktivededBusinessService()}">
+ </s:select>
+
+ <s:textfield name="targetConfig.identificationNumber"
+ value="%{targetConfig.identificationNumber}"
+ cssClass="textfield_middle"
+ disabled="%{isDeaktivededBusinessService()}">
+ </s:textfield>
+ </div>
+
+ <s:if test="!isOnlyBusinessService()">
+ <div id="oa_config_publicservice" class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.public.header", request) %></h3>
+
+ <s:if test="authUser.isAdmin()">
+ <s:select list="targetConfig.targetList"
+ key="webpages.oaconfig.general.target"
+ labelposition="left"
+ cssClass="selectfield"
+ value="%{targetConfig.target}"
+ name="targetConfig.target"
+ onchange="HideAdminTarget();">
+ </s:select>
+ </s:if>
+ <s:else>
+ <s:select list="targetConfig.targetList"
+ key="webpages.oaconfig.general.target"
+ labelposition="left"
+ cssClass="selectfield"
+ value="%{targetConfig.target}"
+ name="targetConfig.target">
+ </s:select>
+ </s:else>
+
+ <s:checkbox name="subTargetSet"
+ value="%{subTargetSet}"
+ labelposition="left"
+ key="webpages.oaconfig.general.target.subsector.checkbox"
+ cssClass="checkbox"
+ onclick="oaTargetSubSector();"
+ id="OAisTargetSubSector">
+ </s:checkbox>
+
+ <s:textfield name="targetConfig.target_subsector"
+ value="%{targetConfig.target_subsector}"
+ labelposition="left"
+ key="webpages.oaconfig.general.target.subsector"
+ cssClass="selectfield"
+ id="OAtarget_subsector">
+ </s:textfield>
+
+
+ <s:if test="authUser.isAdmin()">
+ <s:checkbox
+ name="targetConfig.AdminTarget"
+ value="%{targetConfig.AdminTarget}"
+ cssClass="checkbox"
+ onclick="AdminTarget();"
+ labelposition="left"
+ key="webpages.oaconfig.general.target.admin.checkbox"
+ id="adminTarget">
+ </s:checkbox>
+
+ <div id="admin_target_area">
+ <s:textfield name="targetConfig.target_admin"
+ value="%{targetConfig.target_admin}"
+ labelposition="left"
+ key="webpages.oaconfig.general.target.admin"
+ cssClass="textfield_short">
+ </s:textfield>
+ <s:textfield name="targetConfig.targetFriendlyName"
+ value="%{targetConfig.targetFriendlyName}"
+ labelposition="left"
+ key="webpages.oaconfig.general.target.friendlyname"
+ cssClass="textfield_long">
+ </s:textfield>
+ </div>
+ </s:if>
+ <s:else>
+ <s:if test="targetConfig.target_admin neq null">
+ <s:textfield name="targetConfig.target_admin"
+ value="%{targetConfig.target_admin}"
+ labelposition="left"
+ key="webpages.oaconfig.general.target.admin.disabled"
+ cssClass="textfield_short"
+ disabled="true">
+ </s:textfield>
+ </s:if>
+ <%-- <s:if test="targetConfig.targetFriendlyName neq null">
+ <s:textfield name="targetConfig.targetFriendlyName"
+ value="%{targetConfig.targetFriendlyName}"
+ labelposition="left"
+ key="webpages.oaconfig.general.target.friendlyname.disabled"
+ cssClass="textfield_long">
+ </s:textfield>
+ </s:if> --%>
+ </s:else>
+ </div>
+ </s:if>
+
+</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/vidp.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/vidp.jsp
new file mode 100644
index 000000000..e8f1c86d3
--- /dev/null
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/vidp.jsp
@@ -0,0 +1,36 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib prefix="s" uri="/struts-tags" %>
+
+<html>
+ <div id="oa_vidp_area" class="oa_protocol_area ${param.hideBlock}">
+ <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %></h4>
+
+ <p><s:checkbox name="storkOA.vidpEnabled"
+ value="%{storkOA.vidpEnabled}"
+ labelposition="left"
+ key="webpages.oaconfig.vidp.enabled"
+ cssClass="checkbox"
+ id="OAuseVidp" /></p>
+
+ <p><s:checkbox name="storkOA.requireConsent"
+ value="%{storkOA.requireConsent}"
+ labelposition="left"
+ key="webpages.oaconfig.vidp.requireconsent"
+ cssClass="checkbox"
+ id="OArequireConsent" /></p>
+ <h5><%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.list", request) %></h5>
+ <table id="stork_aplist">
+ <tr><th>AP Plugin</th><th>URL</th><th>Attribute (CSV)</th></tr>
+ <s:iterator value="storkOA.attributeProviderPlugins" status="stat">
+ <tr><td><s:select name="storkOA.attributeProviderPlugins[%{#stat.index}].name" value="%{name}" list="%{storkOA.availableAttributeProviderPlugins}"/></td>
+ <td><s:textfield name="storkOA.attributeProviderPlugins[%{#stat.index}].url" value="%{url}" cssClass="textfield_mail"/></td>
+ <td><s:textfield name="storkOA.attributeProviderPlugins[%{#stat.index}].attributes" value="%{attributes}" cssClass="textfield_mail"/></td>
+ <td><input type="button" value="<%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.remove", request) %>" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/></td></tr>
+ </s:iterator>
+ </table>
+ <input type="button" value="<%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.new", request) %>" onclick='newAp();' />
+
+ </div>
+
+</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp
index 4d02f4bda..95d6de912 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp
@@ -19,6 +19,10 @@
<s:if test="authUser.isAdmin()">
<div class="menu_element">
+ <s:url action="listallinterfederationidps" var="interfederationConfig" namespace="/secure"/>
+ <a href="<s:property value="#interfederationConfig" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.interfederation", request) %></a>
+ </div>
+ <div class="menu_element">
<s:url action="loadGeneralConfig" var="generalConfig" namespace="/secure"/>
<a href="<s:property value="#generalConfig" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.general.config.moaid", request) %></a>
</div>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/oas_list.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/oas_list.jsp
index 113e822f8..e2af292d7 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/oas_list.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/oas_list.jsp
@@ -1,4 +1,5 @@
<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+<%@page import="at.gv.egovernment.moa.id.configuration.data.OAListElement.ServiceType"%>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib prefix="s" uri="/struts-tags" %>
@@ -6,6 +7,11 @@
<s:if test="formOAs && formOAs.size > 0">
<div id="list_area">
<div id="listHeader" class="listElement">
+ <s:if test="formOAs[0].serviceType != 'OA'">
+ <div class="listElInfo">
+ <%=LanguageHelper.getGUIString("webpages.listOAs.list.elInfo", request) %>
+ </div>
+ </s:if>
<div class="listFirst">
<%=LanguageHelper.getGUIString("webpages.listOAs.list.first", request) %>
</div>
@@ -17,6 +23,11 @@
<s:iterator var="OAelement" value="formOAs">
<div class="listElement" onclick="editOA(<s:property value='dataBaseID'/>);">
+ <s:if test="serviceType != 'OA'">
+ <div class="listElInfo">
+ <s:property value="serviceType"/>
+ </div>
+ </s:if>
<div class="listFirst">
<s:property value="oaIdentifier"/>
</div>
@@ -28,7 +39,8 @@
</s:iterator>
</div>
- <s:form method="POST" id="selectOAForm" action="loadOA" namespace="/secure">
+ <s:set var="myUrl">${param.editAction}</s:set>
+ <s:form method="POST" id="selectOAForm" action="%{#myUrl}" namespace="/secure">
<s:hidden id="selectOAForm_OAID" name="oaidobj"></s:hidden>
</s:form>
</s:if>
diff --git a/id/oa/pom.xml b/id/oa/pom.xml
index b88f560fb..63533c0bc 100644
--- a/id/oa/pom.xml
+++ b/id/oa/pom.xml
@@ -4,14 +4,14 @@
<parent>
<groupId>MOA</groupId>
<artifactId>id</artifactId>
- <version>2.0.1</version>
+ <version>2.0.x</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>MOA.id</groupId>
<artifactId>moa-id-oa</artifactId>
<packaging>war</packaging>
- <version>2.0.1</version>
+ <version>${demo-oa-version}</version>
<name>MOA Sample OA</name>
<properties>
@@ -33,7 +33,26 @@
<build>
<finalName>oa</finalName>
+ <pluginManagement>
<plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
@@ -43,6 +62,7 @@
</configuration>
</plugin>
</plugins>
+ </pluginManagement>
</build>
<dependencies>
diff --git a/id/pom.xml b/id/pom.xml
index 7bf09edfa..18631a8d1 100644
--- a/id/pom.xml
+++ b/id/pom.xml
@@ -3,13 +3,13 @@
<parent>
<groupId>MOA</groupId>
<artifactId>MOA</artifactId>
- <version>2.0.1</version>
+ <version>2.0.2</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>id</artifactId>
+ <version>2.0.x</version>
<packaging>pom</packaging>
- <version>2.0.1</version>
<name>MOA ID</name>
<modules>
@@ -25,7 +25,27 @@
</properties>
<build>
+ <pluginManagement>
<plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
<plugin>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.1.1</version>
@@ -59,6 +79,7 @@
</executions>
</plugin>
</plugins>
+ </pluginManagement>
</build>
</project>
diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index 618429a8e..72da9ea47 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -2,12 +2,13 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>2.0.1</version>
+ <version>2.0.x</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-auth</artifactId>
+ <version>${moa-id-version}</version>
<packaging>war</packaging>
<name>MOA ID-Auth WebService</name>
@@ -26,7 +27,27 @@
<build>
<!--sourceDirectory>${basedir}/../idserverlib/src/main/java</sourceDirectory-->
<!--testSourceDirectory>${basedir}/../idserverlib/src/test/java</testSourceDirectory-->
+ <pluginManagement>
<plugins>
+
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
@@ -58,6 +79,7 @@
</configuration>
</plugin>
</plugins>
+ </pluginManagement>
</build>
<dependencies>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
index 6f451ec79..6da7396a1 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
@@ -48,9 +48,13 @@
<to type="forward">/dispatcher?mod=id_pvp2x&amp;action=Post&amp;%{query-string}</to>
</rule>
<rule match-type="regex">
- <from>^/PVP2Soap$</from>
+ <from>^/pvp2/Soap$</from>
<to type="forward">/dispatcher?mod=id_pvp2x&amp;action=Soap</to>
</rule>
+ <rule match-type="regex">
+ <from>^/pvp2/attributequery$</from>
+ <to type="forward">/dispatcher?mod=id_pvp2x&amp;action=AttributeQuery</to>
+ </rule>
<rule match-type="regex">
<from>^/stork2/StartAuthentication$</from>
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index 21d146b4d..57ed9a760 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -713,6 +713,16 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
<td>password</td>
<td>Passwort des Schl&uuml;ssels mit dem die PVP 2.1 Assertion durch MOA-ID-Auth unterschieben wird</td>
</tr>
+ <tr>
+ <td>protocols.pvp2.sp.ks.assertion.encryption.alias</td>
+ <td>pvp_encryption</td>
+ <td>Name des Schl&uuml;ssels mit dem PVP 2.1 Assertion f&uuml;r MOA-ID-Auth als Service Provider durch einen weiteren IDP Verschl&uuml;sselt werden sollen (siehe Kapitel <a href="./../interfederation/interfederation.html">Interfederation</a>)</td>
+ </tr>
+ <tr>
+ <td>protocols.pvp2.sp.ks.assertion.encryption.keypassword</td>
+ <td>password</td>
+ <td>Passwort des Schl&uuml;ssels mit dem PVP 2.1 Assertion f&uuml;r MOA-ID-Auth als Service Provider durch einen weiteren IDP Verschl&uuml;sselt werden sollen (siehe Kapitel <a href="./../interfederation/interfederation.html">Interfederation</a>)</td>
+ </tr>
</table>
<p>&nbsp;</p>
<h5><a name="basisconfig_moa_id_auth_param_protocol_openid" id="uebersicht_bekanntmachung11"></a>2.2.2.3.2 OpenID Connect</h5>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 285a5da9c..5ce26814a 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -3,12 +3,13 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>2.0.1</version>
+ <version>2.0.x</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
+ <version>${moa-id-version}</version>
<packaging>jar</packaging>
<name>MOA ID API</name>
@@ -270,7 +271,26 @@
</dependencies>
<build>
+ <pluginManagement>
<plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
@@ -339,6 +359,7 @@
</executions>
</plugin>
</plugins>
+ </pluginManagement>
</build>
</project>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index d4b5d1c05..0e5f9bcc3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -51,7 +51,8 @@ import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
@@ -97,9 +98,9 @@ public class StatisticLogger {
}
}
- public void logSuccessOperation(IRequest protocolRequest, AuthenticationSession moasession, boolean isSSOSession) {
+ public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSSOSession) {
- if ( isAktive && protocolRequest != null && moasession != null) {
+ if ( isAktive && protocolRequest != null && authData != null) {
OnlineApplication dbOA = ConfigurationDBRead.getOnlineApplication(protocolRequest.getOAURL());
@@ -128,9 +129,18 @@ public class StatisticLogger {
dblog.setOatarget(dbOA.getAuthComponentOA().getIdentificationNumber().getValue());
else
dblog.setOatarget(dbOA.getTarget());
+
+ dblog.setInterfederatedSSOSession(authData.isInterfederatedSSOSession());
- dblog.setBkuurl(moasession.getBkuURL());
- dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA));
+ if (authData.isInterfederatedSSOSession()) {
+ dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP);
+ dblog.setBkuurl(authData.getInterfederatedIDP());
+
+ } else {
+ dblog.setBkuurl(authData.getBkuURL());
+ dblog.setBkutype(findBKUType(authData.getBkuURL(), dbOA));
+
+ }
dblog.setProtocoltype(protocolRequest.requestedModule());
dblog.setProtocolsubtype(protocolRequest.requestedAction());
@@ -138,10 +148,10 @@ public class StatisticLogger {
//log MandateInforamtion
- if (moasession.getUseMandate()) {
- dblog.setMandatelogin(moasession.getUseMandate());
+ if (authData.isUseMandate()) {
+ dblog.setMandatelogin(authData.isUseMandate());
- MISMandate mandate = moasession.getMISMandate();
+ MISMandate mandate = authData.getMISMandate();
if (mandate != null) {
if (MiscUtil.isNotEmpty(mandate.getProfRep())) {
@@ -333,13 +343,13 @@ public class StatisticLogger {
BKUURLS bkuurls = oaAuth.getBKUURLS();
if (bkuurls != null) {
if (bkuURL.equals(bkuurls.getHandyBKU()))
- return OAAuthParameter.HANDYBKU;
+ return IOAAuthParameters.HANDYBKU;
if (bkuURL.equals(bkuurls.getLocalBKU()))
- return OAAuthParameter.LOCALBKU;
+ return IOAAuthParameters.LOCALBKU;
if (bkuURL.equals(bkuurls.getOnlineBKU()))
- return OAAuthParameter.ONLINEBKU;
+ return IOAAuthParameters.ONLINEBKU;
}
}
}
@@ -348,14 +358,14 @@ public class StatisticLogger {
try {
AuthConfigurationProvider authconfig = AuthConfigurationProvider.getInstance();
- if (bkuURL.equals(authconfig.getDefaultBKUURL(OAAuthParameter.ONLINEBKU)))
- return OAAuthParameter.ONLINEBKU;
+ if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.ONLINEBKU)))
+ return IOAAuthParameters.ONLINEBKU;
- if (bkuURL.equals(authconfig.getDefaultBKUURL(OAAuthParameter.LOCALBKU)))
- return OAAuthParameter.LOCALBKU;
+ if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU)))
+ return IOAAuthParameters.LOCALBKU;
- if (bkuURL.equals(authconfig.getDefaultBKUURL(OAAuthParameter.HANDYBKU)))
- return OAAuthParameter.HANDYBKU;
+ if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU)))
+ return IOAAuthParameters.HANDYBKU;
} catch (ConfigurationException e) {
Logger.info("Advanced Logging: Default BKUs read failed");
@@ -364,17 +374,17 @@ public class StatisticLogger {
Logger.debug("Staticic Log search BKUType from generneric Parameters");
if (bkuURL.endsWith(GENERIC_LOCALBKU)) {
- Logger.debug("BKUURL " + bkuURL + " is mapped to " + OAAuthParameter.LOCALBKU);
- return OAAuthParameter.LOCALBKU;
+ Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.LOCALBKU);
+ return IOAAuthParameters.LOCALBKU;
}
if (bkuURL.startsWith(GENERIC_HANDYBKU)) {
- Logger.debug("BKUURL " + bkuURL + " is mapped to " + OAAuthParameter.HANDYBKU);
- return OAAuthParameter.HANDYBKU;
+ Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.HANDYBKU);
+ return IOAAuthParameters.HANDYBKU;
}
- Logger.debug("BKUURL " + bkuURL + " is mapped to " + OAAuthParameter.ONLINEBKU);
- return OAAuthParameter.ONLINEBKU;
+ Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.ONLINEBKU);
+ return IOAAuthParameters.ONLINEBKU;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index c99c88f5f..e83718949 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1415,127 +1415,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
/**
- * Builds the AuthenticationData object together with the corresponding
- * <code>&lt;saml:Assertion&gt;</code>
- *
- * @param session authentication session
- * @param verifyXMLSigResp VerifyXMLSignatureResponse from MOA-SP
- * @param useUTC uses correct UTC time format
- * @param useUTC indicates that authenticated citizen is a foreigner
- * @param isForeigner indicates whether Austrian (false) or foreigner (true) authenticates
- * @return AuthenticationData object
- * @throws ConfigurationException while accessing configuration data
- * @throws BuildException while building the <code>&lt;saml:Assertion&gt;</code>
- */
- public static AuthenticationData buildAuthenticationData(
- AuthenticationSession session, OAAuthParameter oaParam, String target)
- throws ConfigurationException, BuildException {
-
- IdentityLink identityLink = session.getIdentityLink();
- AuthenticationData authData = new AuthenticationData();
-
- VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
-
- boolean businessService = oaParam.getBusinessService();
-
- authData.setMajorVersion(1);
- authData.setMinorVersion(0);
- authData.setAssertionID(Random.nextRandom());
- authData.setIssuer(session.getAuthURL());
-
- authData.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar
- .getInstance()));
-
- //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
- authData.setIdentificationValue(identityLink.getIdentificationValue());
- authData.setIdentificationType(identityLink.getIdentificationType());
-
- authData.setGivenName(identityLink.getGivenName());
- authData.setFamilyName(identityLink.getFamilyName());
- authData.setDateOfBirth(identityLink.getDateOfBirth());
- authData.setQualifiedCertificate(verifyXMLSigResp
- .isQualifiedCertificate());
- authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
- authData.setPublicAuthorityCode(verifyXMLSigResp
- .getPublicAuthorityCode());
- authData.setBkuURL(session.getBkuURL());
-
- try {
-
- MISMandate mandate = session.getMISMandate();
-
- if (session.getUseMandate() && session.isOW()
- && mandate != null && MiscUtil.isNotEmpty(mandate.getOWbPK())) {
- authData.setBPK(mandate.getOWbPK());
- authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
- authData.setIdentityLink(identityLink);
- Logger.trace("Authenticated User is OW: " + mandate.getOWbPK());
-
- } else {
-
- if (businessService) {
- //since we have foreigner, wbPK is not calculated in BKU
- if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
-
- String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
-
- if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
- // If domainIdentifier starts with prefix
- // "urn:publicid:gv.at:wbpk+"; remove this prefix
- registerAndOrdNr = registerAndOrdNr
- .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
- Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
- + registerAndOrdNr);
- }
-
- String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr);
- authData.setBPK(wbpkBase64);
- authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
-
- } else {
- authData.setBPK(identityLink.getIdentificationValue());
- authData.setBPKType(identityLink.getIdentificationType());
-
- }
-
- Logger.trace("Authenticate user with wbPK " + authData.getBPK());
-
- Element idlassertion = session.getIdentityLink().getSamlAssertion();
- //set bpk/wpbk;
- Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
- prIdentification.getFirstChild().setNodeValue(authData.getBPK());
- //set bkp/wpbk type
- Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
- prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType());
-
- IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
- IdentityLink idl = idlparser.parseIdentityLink();
- authData.setIdentityLink(idl);
-
- } else {
-
- if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
- // only compute bPK if online application is a public service and we have the Stammzahl
- String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target);
- authData.setBPK(bpkBase64);
- authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
- }
-
- Logger.trace("Authenticate user with bPK " + authData.getBPK());
-
- authData.setIdentityLink(identityLink);
- }
- }
-
- return authData;
-
- } catch (Throwable ex) {
- throw new BuildException("builder.00", new Object[]{
- "AuthenticationData", ex.toString()}, ex);
- }
- }
-
- /**
* Retrieves a session from the session store.
*
* @param id session ID
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 0173c67a1..6f83da367 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -31,6 +31,8 @@ public interface MOAIDAuthConstants {
public static final String PARAM_MODUL = "MODUL";
public static final String PARAM_ACTION = "ACTION";
public static final String PARAM_SSO = "SSO";
+ public static final String INTERFEDERATION_IDP = "interIDP";
+
/** servlet parameter &quot;sourceID&quot; */
public static final String PARAM_SOURCEID = "sourceID";
/** servlet parameter &quot;BKUSelectionTemplate&quot; */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index 30ad0bdc9..a6c2cde05 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -51,6 +51,7 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
@@ -496,7 +497,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String gebDat,
List<ExtendedSAMLAttribute> extendedSAMLAttributes,
AuthenticationSession session,
- OAAuthParameter oaParam)
+ IOAAuthParameters oaParam)
throws BuildException
{
session.setSAMLAttributeGebeORwbpk(true);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index 531303300..ba4440bf8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DateTimeUtils;
@@ -224,7 +225,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
* @throws BuildException if an error occurs during the build process
*/
public String build(
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String xmlPersonData,
String xmlAuthBlock,
String xmlIdentityLink,
@@ -238,6 +239,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
{
String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false";
+
String publicAuthorityAttribute = "";
if (authData.isPublicAuthority()) {
String publicAuthorityIdentification = authData.getPublicAuthorityCode();
@@ -344,7 +346,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
* @throws BuildException if an error occurs during the build process
*/
public String buildMandate(
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String xmlPersonData,
String xmlMandateData,
String xmlAuthBlock,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
new file mode 100644
index 000000000..792b6cdd7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -0,0 +1,628 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.builder;
+
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
+
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeQuery;
+import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.SecurityException;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthenticationDataBuilder implements MOAIDAuthConstants {
+
+ public static IAuthData buildAuthenticationData(IRequest protocolRequest,
+ AuthenticationSession session, List<Attribute> reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
+
+
+ String oaID = protocolRequest.getOAURL();
+ if (oaID == null) {
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_OA, "auth.12");
+ }
+
+ // check parameter
+ if (!ParamValidatorUtils.isValidOA(oaID))
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_OA, "auth.12");
+
+ AuthenticationData authdata = null;
+
+ if (protocolRequest instanceof SAML1RequestImpl) {
+ //request is SAML1
+ SAML1AuthenticationData saml1authdata = new SAML1AuthenticationData();
+ saml1authdata.setExtendedSAMLAttributesOA(session.getExtendedSAMLAttributesOA());
+
+ authdata = saml1authdata;
+
+ } else {
+ authdata = new AuthenticationData();
+
+ }
+
+ //reuse some parameters if it is a reauthentication
+ OASessionStore activeOA = AuthenticationSessionStoreage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule());
+ if (activeOA != null) {
+ authdata.setSessionIndex(activeOA.getAssertionSessionID());
+ authdata.setNameID(activeOA.getUserNameID());
+ authdata.setNameIDFormat(activeOA.getUserNameIDFormat());
+
+ //mark AttributeQuery as used
+ if ( protocolRequest instanceof PVPTargetConfiguration &&
+ ((PVPTargetConfiguration) protocolRequest).getRequest() instanceof MOARequest &&
+ ((PVPTargetConfiguration) protocolRequest).getRequest().getInboundMessage() instanceof AttributeQuery) {
+ try {
+ activeOA.setAttributeQueryUsed(true);
+ MOASessionDBUtils.saveOrUpdate(activeOA);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("MOASession interfederation information can not stored to database.", e);
+
+ }
+ }
+
+ }
+
+ InterfederationSessionStore interfIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session);
+
+ IOAAuthParameters oaParam = null;
+ if (reqAttributes == null) {
+ //get OnlineApplication from MOA-ID-Auth configuration
+ oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(oaID);
+
+ } else {
+ //build OnlineApplication dynamic from requested attributes
+ oaParam = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes, interfIDP);
+
+ }
+
+ if (interfIDP != null ) {
+ //IDP is a chained interfederated IDP and Authentication is requested
+ if (oaParam.isInderfederationIDP() && protocolRequest instanceof PVPTargetConfiguration &&
+ !(((PVPTargetConfiguration)protocolRequest).getRequest() instanceof AttributeQuery)) {
+ //only set minimal response attributes
+ authdata.setQAALevel(interfIDP.getQAALevel());
+ authdata.setBPK(interfIDP.getUserNameID());
+
+ } else {
+ //get attributes from interfederated IDP
+ OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix());
+ getAuthDataFromInterfederation(authdata, session, oaParam, protocolRequest, interfIDP, idp, reqAttributes);
+
+ //mark attribute request as used
+ try {
+ if (idp.isInterfederationSSOStorageAllowed()) {
+ interfIDP.setAttributesRequested(true);
+ MOASessionDBUtils.saveOrUpdate(interfIDP);
+
+ } else {
+ MOASessionDBUtils.delete(interfIDP);
+ }
+
+ } catch (MOADatabaseException e) {
+ Logger.error("MOASession interfederation information can not stored to database.", e);
+
+ }
+ }
+
+ } else {
+ //build AuthenticationData from MOASession
+ buildAuthDataFormMOASession(authdata, session, oaParam);
+
+ }
+
+ return authdata;
+ }
+
+ /**
+ * @param req
+ * @param session
+ * @param reqAttributes
+ * @return
+ * @throws WrongParametersException
+ * @throws ConfigurationException
+ * @throws BuildException
+ * @throws DynamicOABuildException
+ */
+ public static IAuthData buildAuthenticationData(IRequest req,
+ AuthenticationSession session) throws WrongParametersException, ConfigurationException, BuildException, DynamicOABuildException {
+ return buildAuthenticationData(req, session, null);
+ }
+
+ /**
+ * @param authdata
+ * @param session
+ * @param oaParam
+ * @param protocolRequest
+ * @param interfIDP
+ * @param idp
+ * @param reqQueryAttr
+ * @throws ConfigurationException
+ */
+ private static void getAuthDataFromInterfederation(
+ AuthenticationData authdata, AuthenticationSession session,
+ IOAAuthParameters oaParam, IRequest req,
+ InterfederationSessionStore interfIDP, OAAuthParameter idp, List<Attribute> reqQueryAttr) throws BuildException, ConfigurationException{
+
+ try {
+ List<Attribute> attributs = null;
+
+ //IDP is a chained interfederated IDP and request is of type AttributQuery
+ if (oaParam.isInderfederationIDP() && req instanceof PVPTargetConfiguration &&
+ (((PVPTargetConfiguration)req).getRequest() instanceof AttributeQuery) &&
+ reqQueryAttr != null) {
+ attributs = reqQueryAttr;
+
+ //IDP is a service provider IDP and request interfederated IDP to collect attributes
+ } else {
+
+ //TODO: check if response include attributes and map this attributes to requested attributes
+
+ //get PVP 2.1 attributes from protocol specific requested attributes
+ attributs = req.getRequestedAttributes();
+
+ }
+
+ //collect attributes by using BackChannel communication
+ String endpoint = idp.getIDPAttributQueryServiceURL();
+ if (MiscUtil.isEmpty(endpoint)) {
+ Logger.error("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix());
+ throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix(), null);
+ }
+
+ //build attributQuery request
+ AttributeQuery query =
+ AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs);
+
+ //build SOAP request
+ List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
+
+ if (xmlObjects.size() == 0) {
+ Logger.error("Receive emptry AttributeQuery response-body.");
+ throw new AttributQueryException("Receive emptry AttributeQuery response-body.", null);
+
+ }
+
+ if (xmlObjects.get(0) instanceof Response) {
+ Response intfResp = (Response) xmlObjects.get(0);
+
+ //validate PVP 2.1 response
+ try {
+ SAMLVerificationEngine engine = new SAMLVerificationEngine();
+ engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+
+ SAMLVerificationEngine.validateAssertion(intfResp, false);
+
+ } catch (Exception e) {
+ Logger.warn("PVP 2.1 assertion validation FAILED.", e);
+ throw new AssertionValidationExeption("PVP 2.1 assertion validation FAILED.", null, e);
+ }
+
+ //parse response information to authData
+ buildAuthDataFormInterfederationResponse(authdata, session, intfResp);
+
+ } else {
+ Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
+ throw new AttributQueryException("Receive AttributeQuery response-body include no PVP 2.1 response.", null);
+
+ }
+
+ } catch (SOAPException e) {
+ throw new BuildException("builder.06", null, e);
+
+ } catch (SecurityException e) {
+ throw new BuildException("builder.06", null, e);
+
+ } catch (AttributQueryException e) {
+ throw new BuildException("builder.06", null, e);
+
+ } catch (BuildException e) {
+ throw new BuildException("builder.06", null, e);
+
+ } catch (AssertionValidationExeption e) {
+ throw new BuildException("builder.06", null, e);
+
+ } catch (AssertionAttributeExtractorExeption e) {
+ throw new BuildException("builder.06", null, e);
+
+ }
+ }
+
+ private static void buildAuthDataFormInterfederationResponse(AuthenticationData authData, AuthenticationSession session,
+ Response intfResp) throws BuildException, AssertionAttributeExtractorExeption {
+
+ Logger.debug("Build AuthData from assertion starts ....");
+
+ Assertion assertion = intfResp.getAssertions().get(0);
+
+ if (assertion.getAttributeStatements().size() == 0) {
+ Logger.warn("Can not build AuthData from Assertion. NO Attributes included.");
+ throw new AssertionAttributeExtractorExeption("Can not build AuthData from Assertion. NO Attributes included.", null);
+
+ }
+
+ AttributeStatement attrStat = assertion.getAttributeStatements().get(0);
+ for (Attribute attr : attrStat.getAttributes()) {
+
+ if (attr.getName().equals(PVPConstants.PRINCIPAL_NAME_NAME))
+ authData.setFamilyName(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.GIVEN_NAME_NAME))
+ authData.setGivenName(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.BIRTHDATE_NAME))
+ authData.setDateOfBirth(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.BPK_NAME)) {
+ String pvpbPK = attr.getAttributeValues().get(0).getDOM().getTextContent();
+ authData.setBPK(pvpbPK.split(":")[1]);
+ }
+
+ if (attr.getName().equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME))
+ authData.setBPKType(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME))
+ authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX +
+ attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.EID_ISSUING_NATION_NAME))
+ authData.setCcc(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.EID_CCS_URL_NAME))
+ authData.setBkuURL(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.EID_AUTH_BLOCK_NAME)) {
+ try {
+ byte[] authBlock = Base64Utils.decode(attr.getAttributeValues().get(0).getDOM().getTextContent(), false);
+ authData.setAuthBlock(new String(authBlock, "UTF-8"));
+
+ } catch (IOException e) {
+ Logger.error("Received AuthBlock is not valid", e);
+
+ }
+ }
+
+ if (attr.getName().equals(PVPConstants.EID_SIGNER_CERTIFICATE_NAME)) {
+ try {
+ authData.setSignerCertificate(Base64Utils.decode(
+ attr.getAttributeValues().get(0).getDOM().getTextContent(), false));
+
+ } catch (IOException e) {
+ Logger.error("Received SignerCertificate is not valid", e);
+
+ }
+ }
+
+ if (attr.getName().equals(PVPConstants.EID_SOURCE_PIN_NAME))
+ authData.setIdentificationValue(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.EID_SOURCE_PIN_TYPE_NAME))
+ authData.setIdentificationType(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.EID_IDENTITY_LINK_NAME)) {
+ try {
+ InputStream idlStream = Base64Utils.decodeToStream(attr.getAttributeValues().get(0).getDOM().getTextContent(), false);
+ IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink();
+ authData.setIdentityLink(idl);
+
+ } catch (ParseException e) {
+ Logger.error("Received IdentityLink is not valid", e);
+
+ } catch (Exception e) {
+ Logger.error("Received IdentityLink is not valid", e);
+
+ }
+ }
+
+ if (attr.getName().equals(PVPConstants.MANDATE_REFERENCE_VALUE_NAME))
+ authData.setMandateReferenceValue(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+
+ if (attr.getName().equals(PVPConstants.MANDATE_FULL_MANDATE_NAME)) {
+ try {
+ byte[] mandate = Base64Utils.decode(
+ attr.getAttributeValues().get(0).getDOM().getTextContent(), false);
+
+ if (authData.getMISMandate() == null)
+ authData.setMISMandate(new MISMandate());
+ authData.getMISMandate().setMandate(mandate);
+
+ authData.setUseMandate(true);
+
+ } catch (Exception e) {
+ Logger.error("Received Mandate is not valid", e);
+ throw new AssertionAttributeExtractorExeption(PVPConstants.MANDATE_FULL_MANDATE_NAME);
+
+ }
+ }
+
+ if (attr.getName().equals(PVPConstants.MANDATE_PROF_REP_OID_NAME)) {
+ if (authData.getMISMandate() == null)
+ authData.setMISMandate(new MISMandate());
+ authData.getMISMandate().setProfRep(
+ attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ }
+
+ if (attr.getName().equals(PVPConstants.EID_STORK_TOKEN_NAME)) {
+ authData.setStorkAuthnResponse(attr.getAttributeValues().get(0).getDOM().getTextContent());
+ authData.setForeigner(true);
+ }
+
+ if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) {
+
+ if (authData.getStorkAttributes() == null)
+ authData.setStorkAttributes(new PersonalAttributeList());
+
+ List<String> storkAttrValues = new ArrayList<String>();
+ storkAttrValues.add(attr.getAttributeValues().get(0).getDOM().getTextContent());
+ PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(),
+ false, storkAttrValues , "Available");
+ authData.getStorkAttributes().put(attr.getName(), storkAttr );
+ authData.setForeigner(true);
+ }
+
+ }
+
+ authData.setSsoSession(true);
+
+ //only for SAML1
+ if (PVPConstants.STORK_QAA_1_4.equals(authData.getQAALevel()))
+ authData.setQualifiedCertificate(true);
+ else
+ authData.setQualifiedCertificate(false);
+ authData.setPublicAuthority(false);
+ }
+
+ private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session,
+ IOAAuthParameters oaParam) throws BuildException {
+
+ String target = oaParam.getTarget();
+
+ IdentityLink identityLink = session.getIdentityLink();
+
+ VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
+
+ boolean businessService = oaParam.getBusinessService();
+
+ authData.setIssuer(session.getAuthURL());
+
+ //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
+ authData.setIdentificationValue(identityLink.getIdentificationValue());
+ authData.setIdentificationType(identityLink.getIdentificationType());
+
+ authData.setGivenName(identityLink.getGivenName());
+ authData.setFamilyName(identityLink.getFamilyName());
+ authData.setDateOfBirth(identityLink.getDateOfBirth());
+ authData.setQualifiedCertificate(verifyXMLSigResp
+ .isQualifiedCertificate());
+ authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
+ authData.setPublicAuthorityCode(verifyXMLSigResp
+ .getPublicAuthorityCode());
+ authData.setBkuURL(session.getBkuURL());
+
+ authData.setStorkAttributes(session.getStorkAttributes());
+ authData.setStorkAuthnResponse(session.getStorkAuthnResponse());
+ authData.setStorkRequest(session.getStorkAuthnRequest());
+
+ authData.setSignerCertificate(session.getEncodedSignerCertificate());
+ authData.setAuthBlock(session.getAuthBlock());
+
+ authData.setForeigner(session.isForeigner());
+ authData.setQAALevel(session.getQAALevel());
+
+ if (session.isForeigner()) {
+ if (authData.getStorkAuthnRequest() != null) {
+ authData.setCcc(authData.getStorkAuthnRequest()
+ .getCitizenCountryCode());
+
+ } else {
+
+ try {
+ //TODO: replace with TSL lookup when TSL is ready!
+ X509Certificate certificate = new X509Certificate(authData.getSignerCertificate());
+
+ if (certificate != null) {
+
+ LdapName ln = new LdapName(certificate.getIssuerDN()
+ .getName());
+ for (Rdn rdn : ln.getRdns()) {
+ if (rdn.getType().equalsIgnoreCase("C")) {
+ Logger.info("C is: " + rdn.getValue());
+ authData.setCcc(rdn.getValue().toString());
+ break;
+ }
+ }
+ }
+
+ } catch (Exception e) {
+ Logger.error("Failed to extract country code from certificate", e);
+
+ }
+ }
+
+ } else {
+ authData.setCcc("AT");
+
+ }
+
+ try {
+
+ authData.setSsoSession(AuthenticationSessionStoreage.isSSOSession(session.getSessionID()));
+
+
+ /* TODO: Support SSO Mandate MODE!
+ * Insert functionality to translate mandates in case of SSO
+ */
+
+
+ MISMandate mandate = session.getMISMandate();
+ authData.setMISMandate(mandate);
+ authData.setUseMandate(session.getUseMandate());
+ authData.setMandateReferenceValue(session.getMandateReferenceValue());
+
+ if (session.getUseMandate() && session.isOW()
+ && mandate != null && MiscUtil.isNotEmpty(mandate.getOWbPK())) {
+ authData.setBPK(mandate.getOWbPK());
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
+
+ //TODO: check in case of mandates for business services
+ authData.setIdentityLink(identityLink);
+ Logger.trace("Authenticated User is OW: " + mandate.getOWbPK());
+
+ } else {
+
+ if (businessService) {
+ //since we have foreigner, wbPK is not calculated in BKU
+ if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+
+ String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
+
+ if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
+ // If domainIdentifier starts with prefix
+ // "urn:publicid:gv.at:wbpk+"; remove this prefix
+ registerAndOrdNr = registerAndOrdNr
+ .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
+ Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
+ + registerAndOrdNr);
+ }
+
+ String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr);
+ authData.setBPK(wbpkBase64);
+ authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
+
+ } else {
+ authData.setBPK(identityLink.getIdentificationValue());
+ authData.setBPKType(identityLink.getIdentificationType());
+
+ }
+
+ Logger.trace("Authenticate user with wbPK " + authData.getBPK());
+
+ Element idlassertion = session.getIdentityLink().getSamlAssertion();
+ //set bpk/wpbk;
+ Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+ prIdentification.getFirstChild().setNodeValue(authData.getBPK());
+ //set bkp/wpbk type
+ Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
+ prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType());
+
+ IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
+ IdentityLink idl = idlparser.parseIdentityLink();
+
+ //resign IDL
+ IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+ Element resignedilAssertion;
+ resignedilAssertion = identitylinkresigner.resignIdentityLink(idl.getSamlAssertion());
+ IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion);
+ IdentityLink resignedIDL = resignedIDLParser.parseIdentityLink();
+
+ authData.setIdentityLink(resignedIDL);
+
+ } else {
+
+ if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+ // only compute bPK if online application is a public service and we have the Stammzahl
+ String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target);
+ authData.setBPK(bpkBase64);
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
+ }
+
+ Logger.trace("Authenticate user with bPK " + authData.getBPK());
+
+ authData.setIdentityLink(identityLink);
+ }
+ }
+
+
+ } catch (Throwable ex) {
+ throw new BuildException("builder.00", new Object[]{
+ "AuthenticationData", ex.toString()}, ex);
+ }
+
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
new file mode 100644
index 000000000..132b6af01
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class DynamicOAAuthParameterBuilder {
+
+ public static IOAAuthParameters buildFromAttributeQuery(List<Attribute> reqAttributes, InterfederationSessionStore interfIDP) throws DynamicOABuildException {
+
+ Logger.debug("Build dynamic OAConfiguration from AttributeQuery and interfederation information");
+
+ try {
+ DynamicOAAuthParameters dynamicOA = new DynamicOAAuthParameters();
+
+ for (Attribute attr : reqAttributes) {
+ //get Target or BusinessService from request
+ if (attr.getName().equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+ String attrValue = attr.getAttributeValues().get(0).getDOM().getTextContent();
+ if (attrValue.startsWith(Constants.URN_PREFIX_CDID)) {
+ dynamicOA.setBusinessService(false);
+ dynamicOA.setTarget(attrValue.substring((Constants.URN_PREFIX_CDID + "+").length()));
+
+ } else if( attrValue.startsWith(Constants.URN_PREFIX_WBPK) ||
+ attrValue.startsWith(Constants.URN_PREFIX_STORK) ) {
+ dynamicOA.setBusinessService(true);
+ dynamicOA.setTarget(attrValue);
+
+ } else {
+ Logger.error("Sector identification " + attrValue + " is not a valid Target or BusinessServiceArea");
+ throw new DynamicOABuildException("Sector identification " + attrValue + " is not a valid Target or BusinessServiceArea", null);
+
+ }
+
+ }
+
+ }
+
+ if (interfIDP != null) {
+ //load interfederated IDP informations
+ OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix());
+ if (idp == null) {
+ Logger.warn("Interfederated IDP configuration is not loadable.");
+ throw new DynamicOABuildException("Interfederated IDP configuration is not loadable.", null);
+
+ }
+
+ dynamicOA.setApplicationID(idp.getPublicURLPrefix());
+ dynamicOA.setInderfederatedIDP(idp.isInderfederationIDP());
+ dynamicOA.setIDPQueryURL(idp.getIDPAttributQueryServiceURL());
+
+ //check if IDP service area policy. BusinessService IDPs can only request wbPKs
+ if (!dynamicOA.getBusinessService() && !idp.isIDPPublicService()) {
+ Logger.error("Interfederated IDP " + idp.getPublicURLPrefix()
+ + " has a BusinessService-IDP but requests PublicService attributes.");
+ throw new DynamicOABuildException("Interfederated IDP " + idp.getPublicURLPrefix()
+ + " has a BusinessService-IDP but requests PublicService attributes.", null);
+
+ }
+ }
+
+ return dynamicOA;
+
+ } catch (ConfigurationException e) {
+ Logger.warn("Internel server errror. Basic configuration load failed.", e);
+ throw new DynamicOABuildException("Basic configuration load failed.", null);
+ }
+
+
+
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index ab93f509c..dc981ba33 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -52,7 +52,7 @@ import java.io.StringWriter;
import java.util.Map;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.util.FormBuildUtils;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -153,7 +153,7 @@ public class GetIdentityLinkFormBuilder extends Builder {
String dataURL,
String certInfoXMLRequest,
String certInfoDataURL,
- String pushInfobox, OAAuthParameter oaParam,
+ String pushInfobox, IOAAuthParameters oaParam,
String appletheigth,
String appletwidth)
throws BuildException
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
index 4d80be1e8..54196427e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -40,6 +40,7 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
import at.gv.egovernment.moa.id.util.FormBuildUtils;
@@ -105,9 +106,9 @@ public class LoginFormBuilder {
IOUtils.copy(input, writer);
template = writer.toString();
template = template.replace(AUTH_URL, SERVLET);
- template = template.replace(BKU_ONLINE, OAAuthParameter.ONLINEBKU);
- template = template.replace(BKU_HANDY, OAAuthParameter.HANDYBKU);
- template = template.replace(BKU_LOCAL, OAAuthParameter.LOCALBKU);
+ template = template.replace(BKU_ONLINE, IOAAuthParameters.ONLINEBKU);
+ template = template.replace(BKU_HANDY, IOAAuthParameters.HANDYBKU);
+ template = template.replace(BKU_LOCAL, IOAAuthParameters.LOCALBKU);
} catch (Exception e) {
Logger.error("Failed to read template", e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 4bae0300b..58412b218 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -956,20 +956,7 @@ public class AuthenticationSession implements Serializable {
public void setMISMandate(MISMandate mandate) {
this.mandate = mandate;
}
-
- public Element getMandate() {
- try {
- byte[] byteMandate = mandate.getMandate();
- String stringMandate = new String(byteMandate);
- return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
-
- }
- catch (Throwable e) {
- Logger.warn("Mandate content could not be generated from MISMandate.");
- return null;
- }
- }
-
+
/**
* @return the ssoRequested
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java
new file mode 100644
index 000000000..554cf7370
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.exception;
+
+/**
+ * @author tlenz
+ *
+ */
+public class DynamicOABuildException extends MOAIDException {
+
+
+ private static final long serialVersionUID = 3756862942519706809L;
+
+
+ public DynamicOABuildException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ // TODO Auto-generated constructor stub
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index fc4ec305d..9b300578a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -53,7 +53,6 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
@@ -62,7 +61,6 @@ import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -101,13 +99,13 @@ public class LogOutServlet extends AuthServlet {
}
- if (ssomanager.isValidSSOSession(ssoid, req)) {
+ if (ssomanager.isValidSSOSession(ssoid, null)) {
//TODO: Single LogOut Implementation
//delete SSO session and MOA session
AuthenticationManager authmanager = AuthenticationManager.getInstance();
- String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid);
+ String moasessionid = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
RequestStorage.removePendingRequest(AuthenticationSessionStoreage.getPendingRequestID(moasessionid));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index 00acdc540..57755ca9f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.URLEncoder;
@@ -53,8 +54,10 @@ public class RedirectServlet extends AuthServlet{
String url = req.getParameter(REDIRCT_PARAM_URL);
String target = req.getParameter(PARAM_TARGET);
String artifact = req.getParameter(PARAM_SAMLARTIFACT);
+ String interIDP = req.getParameter(INTERFEDERATION_IDP);
- if (MiscUtil.isEmpty(artifact)) {
+
+ if (MiscUtil.isEmpty(artifact) && MiscUtil.isEmpty(interIDP)) {
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
return;
}
@@ -68,14 +71,57 @@ public class RedirectServlet extends AuthServlet{
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
return;
- } else {
- try {
- String test = oa.getAuthComponentOA().getTemplates().getBKUSelectionCustomization().getAppletRedirectTarget();
- if (MiscUtil.isNotEmpty(test))
- redirectTarget = test;
+ } else {
+ //Redirect is a SAML1 send Artifact redirct
+ if (MiscUtil.isNotEmpty(artifact)) {
+ try {
+ String test = oa.getAuthComponentOA().getTemplates().getBKUSelectionCustomization().getAppletRedirectTarget();
+ if (MiscUtil.isNotEmpty(test))
+ redirectTarget = test;
+
+ } catch (Exception e) {
+ Logger.debug("Use default redirectTarget.");
+ }
+
+ Logger.info("Redirect to " + url);
+
+ if (MiscUtil.isNotEmpty(target)) {
+// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
+// URLEncoder.encode(session.getTarget(), "UTF-8"));
+ url = addURLParameter(url, PARAM_TARGET,
+ URLEncoder.encode(target, "UTF-8"));
+
+
+ }
+ url = addURLParameter(url, PARAM_SAMLARTIFACT,
+ URLEncoder.encode(artifact, "UTF-8"));
+ url = resp.encodeRedirectURL(url);
+
+ String redirect_form = RedirectFormBuilder.buildLoginForm(url, redirectTarget);
+
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.setStatus(HttpServletResponse.SC_OK);
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.write(redirect_form);
+ out.flush();
+
+ } else if (MiscUtil.isNotEmpty(interIDP)) {
+ //store IDP identifier and redirect to generate AuthRequst service
+ Logger.info("Receive an interfederation redirect request for IDP " + interIDP);
+ SSOManager sso = SSOManager.getInstance();
+ sso.setInterfederationIDPCookie(req, resp, interIDP);
+
+ Logger.debug("Redirect to " + url);
+ url = resp.encodeRedirectURL(url);
+ resp.setContentType("text/html");
+ resp.setStatus(HttpServletResponse.SC_FOUND);
+ resp.addHeader("Location", url);
+
+
+ } else {
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
+ return;
- } catch (Exception e) {
- Logger.debug("Use default redirectTarget.");
}
}
@@ -88,29 +134,6 @@ public class RedirectServlet extends AuthServlet{
ConfigurationDBUtils.closeSession();
}
-
- Logger.info("Redirect to " + url);
-
- if (MiscUtil.isNotEmpty(target)) {
-// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
-// URLEncoder.encode(session.getTarget(), "UTF-8"));
- url = addURLParameter(url, PARAM_TARGET,
- URLEncoder.encode(target, "UTF-8"));
-
-
- }
- url = addURLParameter(url, PARAM_SAMLARTIFACT,
- URLEncoder.encode(artifact, "UTF-8"));
- url = resp.encodeRedirectURL(url);
-
- String redirect_form = RedirectFormBuilder.buildLoginForm(url, redirectTarget);
-
- resp.setContentType("text/html;charset=UTF-8");
- PrintWriter out = new PrintWriter(resp.getOutputStream());
- out.write(redirect_form);
- out.flush();
-
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
index 997241822..495c4ca5b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
@@ -108,7 +108,7 @@ public class SSOSendAssertionServlet extends AuthServlet{
}
}
- boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req);
+ boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, null);
String moaSessionID = null;
@@ -124,7 +124,7 @@ public class SSOSendAssertionServlet extends AuthServlet{
}
if (valueString.compareToIgnoreCase("true") == 0) {
- moaSessionID = AuthenticationSessionStoreage.getMOASessionID(ssoId);
+ moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoId);
AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
index dc5ec430e..88ed7885f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
@@ -135,23 +135,11 @@ public class ConfigurationProvider {
return rootConfigFileDir;
}
- /**
- * Return the chaining mode for a given trust anchor.
- *
- * @param trustAnchor The trust anchor for which the chaining mode should be
- * returned.
- * @return The chaining mode for the given trust anchor. If the trust anchor
- * has not been configured separately, the system default will be returned.
- */
- public String getChainingMode(X509Certificate trustAnchor) {
- Principal issuer = trustAnchor.getIssuerDN();
- BigInteger serial = trustAnchor.getSerialNumber();
- IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial);
-
- String mode = (String) chainingModes.get(issuerAndSerial);
- return mode != null ? mode : defaultChainingMode;
+ public String getDefaultChainingMode() {
+ return defaultChainingMode;
}
-
+
+
/**
* Returns the trustedCACertificates.
* @return String
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
index 31b88263b..b2bcd443f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
@@ -68,6 +68,7 @@ public class OAParameter {
this.oAuth20Config = oa.getAuthComponentOA().getOAOAUTH20();
+ this.isInderfederationIDP = oa.isIsInterfederationIDP();
}
@@ -104,6 +105,8 @@ public class OAParameter {
private boolean removePBKFromAuthblock;
+ private Boolean isInderfederationIDP;
+
/**
* Contains the oAuth 2.0 configuration (client id, secret and redirect uri)
*/
@@ -141,4 +144,16 @@ public class OAParameter {
return oAuth20Config;
}
+ /**
+ * @return the isInderfederationIDP
+ */
+ public boolean isInderfederationIDP() {
+ if (isInderfederationIDP == null)
+ return false;
+
+ return isInderfederationIDP;
+ }
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 8b5c8d796..143a04dad 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -96,6 +96,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
@@ -339,6 +340,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
config.addAnnotatedClass(OASessionStore.class);
config.addAnnotatedClass(OldSSOSessionIDStore.class);
config.addAnnotatedClass(ExceptionStore.class);
+ config.addAnnotatedClass(InterfederationSessionStore.class);
config.addProperties(moaSessionProp);
MOASessionDBUtils.initHibernate(config, moaSessionProp);
@@ -695,17 +697,17 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found");
throw new ConfigurationException("config.02", null);
} else {
- SLRequestTemplates.put(OAAuthParameter.ONLINEBKU, templ.getOnlineBKU());
- SLRequestTemplates.put(OAAuthParameter.LOCALBKU, templ.getLocalBKU());
- SLRequestTemplates.put(OAAuthParameter.HANDYBKU, templ.getHandyBKU());
+ SLRequestTemplates.put(IOAAuthParameters.ONLINEBKU, templ.getOnlineBKU());
+ SLRequestTemplates.put(IOAAuthParameters.LOCALBKU, templ.getLocalBKU());
+ SLRequestTemplates.put(IOAAuthParameters.HANDYBKU, templ.getHandyBKU());
}
//set Default BKU URLS
DefaultBKUs bkuuls = moaidconfig.getDefaultBKUs();
if (bkuuls != null) {
- DefaultBKUURLs.put(OAAuthParameter.ONLINEBKU, bkuuls.getOnlineBKU());
- DefaultBKUURLs.put(OAAuthParameter.LOCALBKU, bkuuls.getLocalBKU());
- DefaultBKUURLs.put(OAAuthParameter.HANDYBKU, bkuuls.getHandyBKU());
+ DefaultBKUURLs.put(IOAAuthParameters.ONLINEBKU, bkuuls.getOnlineBKU());
+ DefaultBKUURLs.put(IOAAuthParameters.LOCALBKU, bkuuls.getLocalBKU());
+ DefaultBKUURLs.put(IOAAuthParameters.HANDYBKU, bkuuls.getHandyBKU());
}
//set SSO Config
@@ -884,7 +886,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return el;
else {
Logger.warn("getSLRequestTemplates: BKU Type does not match: "
- + OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU);
+ + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU);
return null;
}
}
@@ -899,7 +901,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return el;
else {
Logger.warn("getSLRequestTemplates: BKU Type does not match: "
- + OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU);
+ + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU);
return null;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
new file mode 100644
index 000000000..a59cc10e0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
@@ -0,0 +1,148 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.auth;
+
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IOAAuthParameters {
+
+ public static final String ONLINEBKU = "online";
+ public static final String HANDYBKU = "handy";
+ public static final String LOCALBKU = "local";
+ public static final String INDERFEDERATEDIDP = "interfederated";
+
+
+ public String getPublicURLPrefix();
+
+ public boolean getBusinessService();
+
+ public String getTarget();
+
+ public boolean isInderfederationIDP();
+
+ /**
+ * @return the identityLinkDomainIdentifier
+ */
+ public String getIdentityLinkDomainIdentifier();
+
+ /**
+ * @return the keyBoxIdentifier
+ */
+ public String getKeyBoxIdentifier();
+
+ /**
+ * @return the transformsInfos
+ */
+ public List<String> getTransformsInfos();
+
+ public OASAML1 getSAML1Parameter();
+
+ public OAPVP2 getPVP2Parameter();
+
+ /**
+ * @return the templateURL
+ */
+ public List<TemplateType> getTemplateURL();
+
+ public String getAditionalAuthBlockText();
+
+ public String getBKUURL(String bkutype);
+
+ public List<String> getBKUURL();
+
+ public boolean useSSO();
+
+ public boolean useSSOQuestion();
+
+ public String getSingleLogOutURL();
+
+ /**
+ * @return the mandateProfiles
+ */
+ public List<String> getMandateProfiles();
+
+ /**
+ * @return the identityLinkDomainIdentifierType
+ */
+ public String getIdentityLinkDomainIdentifierType();
+
+ public boolean isShowMandateCheckBox();
+
+ public boolean isOnlyMandateAllowed();
+
+ /**
+ * Shall we show the stork login in the bku selection frontend?
+ *
+ * @return true, if is we should show stork login
+ */
+ public boolean isShowStorkLogin();
+
+ public Map<String, String> getFormCustomizaten();
+
+ public Integer getQaaLevel();
+
+ /**
+ * @return the requestedAttributes
+ */
+ public List<OAStorkAttribute> getRequestedAttributes();
+
+ public boolean isRequireConsentForStorkAttributes();
+
+ public List<AttributeProviderPlugin> getStorkAPs();
+
+ public byte[] getBKUSelectionTemplate();
+
+ public byte[] getSendAssertionTemplate();
+
+ public List<CPEPS> getPepsList();
+
+ public String getIDPAttributQueryServiceURL();
+
+ /**
+ * @return
+ */
+ boolean isInboundSSOInterfederationAllowed();
+
+ /**
+ * @return
+ */
+ boolean isInterfederationSSOStorageAllowed();
+
+ /**
+ * @return
+ */
+ boolean isOutboundSSOInterfederationAllowed();
+
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 492770aad..7fc5746ee 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -57,6 +57,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationT
import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
+import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationIDPType;
import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
@@ -85,13 +86,11 @@ import at.gv.egovernment.moa.util.MiscUtil;
*
* @author Harald Bratko
*/
-public class OAAuthParameter extends OAParameter {
+public class OAAuthParameter extends OAParameter implements IOAAuthParameters {
- public static final String ONLINEBKU = "online";
- public static final String HANDYBKU = "handy";
- public static final String LOCALBKU = "local";
-
private AuthComponentOA oa_auth;
+ private String keyBoxIdentifier;
+ private InterfederationIDPType inderfederatedIDP = null;
public OAAuthParameter(OnlineApplication oa) {
super(oa);
@@ -99,13 +98,15 @@ public class OAAuthParameter extends OAParameter {
this.oa_auth = oa.getAuthComponentOA();
this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value();
-}
+
+ this.inderfederatedIDP = oa.getInterfederationIDP();
+ }
- private String keyBoxIdentifier;
-/**
- * @return the identityLinkDomainIdentifier
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier()
*/
+@Override
public String getIdentityLinkDomainIdentifier() {
IdentificationNumber idnumber = oa_auth.getIdentificationNumber();
@@ -115,34 +116,45 @@ public String getIdentityLinkDomainIdentifier() {
return null;
}
-/**
- * @return the keyBoxIdentifier
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier()
*/
+@Override
public String getKeyBoxIdentifier() {
return keyBoxIdentifier;
}
-/**
- * @return the transformsInfos
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTransformsInfos()
*/
+@Override
public List<String> getTransformsInfos() {
List<TransformsInfoType> transformations = oa_auth.getTransformsInfo();
return ConfigurationUtils.getTransformInfos(transformations);
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter()
+ */
+ @Override
public OASAML1 getSAML1Parameter() {
return oa_auth.getOASAML1();
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPVP2Parameter()
+ */
+ @Override
public OAPVP2 getPVP2Parameter() {
return oa_auth.getOAPVP2();
}
- /**
- * @return the templateURL
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL()
*/
+ @Override
public List<TemplateType> getTemplateURL() {
TemplatesType templates = oa_auth.getTemplates();
@@ -154,6 +166,10 @@ public List<String> getTransformsInfos() {
return null;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getAditionalAuthBlockText()
+ */
+ @Override
public String getAditionalAuthBlockText() {
TemplatesType templates = oa_auth.getTemplates();
@@ -163,6 +179,10 @@ public List<String> getTransformsInfos() {
return null;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL(java.lang.String)
+ */
+ @Override
public String getBKUURL(String bkutype) {
BKUURLS bkuurls = oa_auth.getBKUURLS();
if (bkuurls != null) {
@@ -179,6 +199,10 @@ public List<String> getTransformsInfos() {
return null;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL()
+ */
+ @Override
public List<String> getBKUURL() {
BKUURLS bkuurls = oa_auth.getBKUURLS();
@@ -196,6 +220,10 @@ public List<String> getTransformsInfos() {
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSO()
+ */
+ @Override
public boolean useSSO() {
OASSO sso = oa_auth.getOASSO();
if (sso != null)
@@ -204,6 +232,10 @@ public List<String> getTransformsInfos() {
return false;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSOQuestion()
+ */
+ @Override
public boolean useSSOQuestion() {
OASSO sso = oa_auth.getOASSO();
if (sso != null)
@@ -213,6 +245,10 @@ public List<String> getTransformsInfos() {
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSingleLogOutURL()
+ */
+ @Override
public String getSingleLogOutURL() {
OASSO sso = oa_auth.getOASSO();
if (sso != null)
@@ -221,9 +257,10 @@ public List<String> getTransformsInfos() {
return null;
}
-/**
- * @return the mandateProfiles
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles()
*/
+@Override
public List<String> getMandateProfiles() {
Mandates mandates = oa_auth.getMandates();
@@ -253,9 +290,10 @@ public List<String> getMandateProfiles() {
return null;
}
-/**
- * @return the identityLinkDomainIdentifierType
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType()
*/
+@Override
public String getIdentityLinkDomainIdentifierType() {
IdentificationNumber idnumber = oa_auth.getIdentificationNumber();
if (idnumber != null)
@@ -265,6 +303,10 @@ public String getIdentityLinkDomainIdentifierType() {
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowMandateCheckBox()
+ */
+@Override
public boolean isShowMandateCheckBox() {
TemplatesType templates = oa_auth.getTemplates();
if (templates != null) {
@@ -277,6 +319,10 @@ public boolean isShowMandateCheckBox() {
return true;
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOnlyMandateAllowed()
+ */
+@Override
public boolean isOnlyMandateAllowed() {
TemplatesType templates = oa_auth.getTemplates();
if (templates != null) {
@@ -289,11 +335,10 @@ public boolean isOnlyMandateAllowed() {
return false;
}
- /**
- * Shall we show the stork login in the bku selection frontend?
- *
- * @return true, if is we should show stork login
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowStorkLogin()
*/
+ @Override
public boolean isShowStorkLogin() {
try {
return oa_auth.getOASTORK().isStorkLogonEnabled();
@@ -303,6 +348,10 @@ public boolean isOnlyMandateAllowed() {
}
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten()
+ */
+@Override
public Map<String, String> getFormCustomizaten() {
TemplatesType templates = oa_auth.getTemplates();
@@ -354,6 +403,10 @@ public Map<String, String> getFormCustomizaten() {
return map;
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
+ */
+@Override
public Integer getQaaLevel() {
if (oa_auth.getOASTORK() != null && oa_auth.getOASTORK().getQaa() != null)
@@ -363,21 +416,34 @@ public Integer getQaaLevel() {
return 4;
}
-/**
- * @return the requestedAttributes
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedAttributes()
*/
+@Override
public List<OAStorkAttribute> getRequestedAttributes() {
return oa_auth.getOASTORK().getOAAttributes();
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRequireConsentForStorkAttributes()
+ */
+@Override
public boolean isRequireConsentForStorkAttributes() {
return oa_auth.getOASTORK().isRequireConsent();
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs()
+ */
+@Override
public List<AttributeProviderPlugin> getStorkAPs() {
return oa_auth.getOASTORK().getAttributeProviders();
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUSelectionTemplate()
+ */
+@Override
public byte[] getBKUSelectionTemplate() {
TemplatesType templates = oa_auth.getTemplates();
@@ -389,6 +455,10 @@ public byte[] getBKUSelectionTemplate() {
return null;
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSendAssertionTemplate()
+ */
+@Override
public byte[] getSendAssertionTemplate() {
TemplatesType templates = oa_auth.getTemplates();
@@ -400,8 +470,54 @@ public byte[] getSendAssertionTemplate() {
return null;
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList()
+ */
+@Override
public List<CPEPS> getPepsList() {
return new ArrayList<CPEPS>(oa_auth.getOASTORK().getCPEPS());
}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL()
+ */
+@Override
+public String getIDPAttributQueryServiceURL() {
+ if (inderfederatedIDP != null)
+ return inderfederatedIDP.getAttributeQueryURL();
+
+ else
+ return null;
+
+}
+
+@Override
+public boolean isInboundSSOInterfederationAllowed() {
+ if (inderfederatedIDP != null)
+ return inderfederatedIDP.isInboundSSO();
+ else
+ return false;
+}
+
+@Override
+public boolean isOutboundSSOInterfederationAllowed() {
+ if (inderfederatedIDP != null)
+ return inderfederatedIDP.isOutboundSSO();
+ else
+ return false;
+}
+
+@Override
+public boolean isInterfederationSSOStorageAllowed() {
+ if (inderfederatedIDP != null)
+ return inderfederatedIDP.isStoreSSOSession();
+ else
+ return false;
+}
+
+public boolean isIDPPublicService() {
+ return !getBusinessService();
}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
new file mode 100644
index 000000000..02ac09d70
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -0,0 +1,386 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.auth.data;
+
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+
+/**
+ * @author tlenz
+ *
+ */
+public class DynamicOAAuthParameters implements IOAAuthParameters {
+
+ private String applicationID = null;
+
+ private boolean isBusinessService;
+ private String target;
+ private String businessTarget;
+
+ private boolean inderfederatedIDP;
+ private String IDPQueryURL;
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBusinessService()
+ */
+ @Override
+ public boolean getBusinessService() {
+ return this.isBusinessService;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget()
+ */
+ @Override
+ public String getTarget() {
+ return this.target;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier()
+ */
+ @Override
+ public String getIdentityLinkDomainIdentifier() {
+ return this.businessTarget;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInderfederationIDP()
+ */
+ @Override
+ public boolean isInderfederationIDP() {
+ return this.inderfederatedIDP;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL()
+ */
+ @Override
+ public String getIDPAttributQueryServiceURL() {
+ return this.IDPQueryURL;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier()
+ */
+ @Override
+ public String getKeyBoxIdentifier() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTransformsInfos()
+ */
+ @Override
+ public List<String> getTransformsInfos() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter()
+ */
+ @Override
+ public OASAML1 getSAML1Parameter() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPVP2Parameter()
+ */
+ @Override
+ public OAPVP2 getPVP2Parameter() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL()
+ */
+ @Override
+ public List<TemplateType> getTemplateURL() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getAditionalAuthBlockText()
+ */
+ @Override
+ public String getAditionalAuthBlockText() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL(java.lang.String)
+ */
+ @Override
+ public String getBKUURL(String bkutype) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL()
+ */
+ @Override
+ public List<String> getBKUURL() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSO()
+ */
+ @Override
+ public boolean useSSO() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSOQuestion()
+ */
+ @Override
+ public boolean useSSOQuestion() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSingleLogOutURL()
+ */
+ @Override
+ public String getSingleLogOutURL() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles()
+ */
+ @Override
+ public List<String> getMandateProfiles() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType()
+ */
+ @Override
+ public String getIdentityLinkDomainIdentifierType() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowMandateCheckBox()
+ */
+ @Override
+ public boolean isShowMandateCheckBox() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOnlyMandateAllowed()
+ */
+ @Override
+ public boolean isOnlyMandateAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowStorkLogin()
+ */
+ @Override
+ public boolean isShowStorkLogin() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten()
+ */
+ @Override
+ public Map<String, String> getFormCustomizaten() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
+ */
+ @Override
+ public Integer getQaaLevel() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedAttributes()
+ */
+ @Override
+ public List<OAStorkAttribute> getRequestedAttributes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRequireConsentForStorkAttributes()
+ */
+ @Override
+ public boolean isRequireConsentForStorkAttributes() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs()
+ */
+ @Override
+ public List<AttributeProviderPlugin> getStorkAPs() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUSelectionTemplate()
+ */
+ @Override
+ public byte[] getBKUSelectionTemplate() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSendAssertionTemplate()
+ */
+ @Override
+ public byte[] getSendAssertionTemplate() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList()
+ */
+ @Override
+ public List<CPEPS> getPepsList() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /**
+ * @param isBusinessService the isBusinessService to set
+ */
+ public void setBusinessService(boolean isBusinessService) {
+ this.isBusinessService = isBusinessService;
+ }
+
+ /**
+ * @param target the target to set
+ */
+ public void setTarget(String target) {
+ this.target = target;
+ }
+
+ /**
+ * @param businessTarget the businessTarget to set
+ */
+ public void setBusinessTarget(String businessTarget) {
+ this.businessTarget = businessTarget;
+ }
+
+ /**
+ * @param inderfederatedIDP the inderfederatedIDP to set
+ */
+ public void setInderfederatedIDP(boolean inderfederatedIDP) {
+ this.inderfederatedIDP = inderfederatedIDP;
+ }
+
+ /**
+ * @param iDPQueryURL the iDPQueryURL to set
+ */
+ public void setIDPQueryURL(String iDPQueryURL) {
+ IDPQueryURL = iDPQueryURL;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPublicURLPrefix()
+ */
+ @Override
+ public String getPublicURLPrefix() {
+ return this.applicationID;
+ }
+
+ /**
+ * @param applicationID the applicationID to set
+ */
+ public void setApplicationID(String applicationID) {
+ this.applicationID = applicationID;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInboundSSOInterfederationAllowed()
+ */
+ @Override
+ public boolean isInboundSSOInterfederationAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInterfederationSSOStorageAllowed()
+ */
+ @Override
+ public boolean isInterfederationSSOStorageAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOutboundSSOInterfederationAllowed()
+ */
+ @Override
+ public boolean isOutboundSSOInterfederationAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index f9d3986d7..7a9d2cfc1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -1,27 +1,5 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
/*
- * Copyright 2003 Federal Chancellery Austria
+ * Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
@@ -42,455 +20,640 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-
-
package at.gv.egovernment.moa.id.data;
import java.io.Serializable;
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
import java.util.Date;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
/**
- * Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.
+ * @author tlenz
*
- * @author Paul Ivancsics
- * @version $Id$
*/
+public class AuthenticationData implements IAuthData, Serializable {
-public class AuthenticationData implements Serializable {
- /**
- *
- */
private static final long serialVersionUID = -1042697056735596866L;
-/**
- * major version number of the SAML assertion
- */
- private int majorVersion;
- /**
- * minor version number of the SAML assertion
- */
- private int minorVersion;
- /**
- * identifier for this assertion
- */
- private String assertionID;
- /**
- * URL of the MOA-ID Auth component issueing this assertion
- */
- private String issuer;
- /**
- * time instant of issue of this assertion
- */
- private String issueInstant;
- /**
- * user identification value (Stammzahl); <code>null</code>,
- * if the authentication module is configured not to return this data
- */
- private String identificationValue;
- /**
- * user identification type
- */
- private String identificationType;
+ public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
+ /**
+ * URL of the MOA-ID Auth component issueing this assertion
+ */
+ private String issuer;
+ /**
+ * time instant of issue of this assertion
+ */
+ private Date issueInstant;
+ /**
+ * user identification value (Stammzahl); <code>null</code>,
+ * if the authentication module is configured not to return this data
+ */
+ private String identificationValue;
+ /**
+ * user identification type
+ */
+ private String identificationType;
+
+ /**
+ * user identityLink specialized to OAParamter
+ */
+ private IdentityLink identityLink;
+
+ /**
+ * application specific user identifier (bPK/wbPK)
+ */
+ private String bPK;
+
+ /**
+ * application specific user identifier type
+ */
+ private String bPKType;
+
+ /**
+ * given name of the user
+ */
+ private String givenName;
+ /**
+ * family name of the user
+ */
+ private String familyName;
+ /**
+ * date of birth of the user
+ */
+ private Date dateOfBirth;
+ /**
+ * says whether the certificate is a qualified certificate or not
+ */
+ private boolean qualifiedCertificate;
+ /**
+ * says whether the certificate is a public authority or not
+ */
+ private boolean publicAuthority;
+ /**
+ * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
+ */
+ private String publicAuthorityCode;
+
+ /**
+ * URL of the BKU
+ */
+ private String bkuURL;
+ /**
+ * the corresponding <code>lt;saml:Assertion&gt;</code>
+ */
+
+ /**
+ * STORK attributes from response
+ */
+ private String ccc = null;
+ private IPersonalAttributeList storkAttributes = null;
+ private String storkAuthnResponse;
+ private STORKAuthnRequest storkRequest = null;
+
+ private byte[] signerCertificate = null;
+
+ private String authBlock = null;
+
+ private boolean useMandate = false;
+ private MISMandate mandate = null;
+ private String mandateReferenceValue = null;
+
+ private boolean foreigner =false;
+ private String QAALevel = null;
+
+ private boolean ssoSession = false;
+
+ private boolean interfederatedSSOSession = false;
+ private String interfederatedIDP = null;
+
+ private String sessionIndex = null;
+ private String nameID = null;
+ private String nameIDFormat = null;
+
+ public AuthenticationData() {
+ issueInstant = new Date();
+ }
+
+ /**
+ * Returns the publicAuthority.
+ * @return boolean
+ */
+ public boolean isPublicAuthority() {
+ return publicAuthority;
+ }
+
+ /**
+ * Returns the publicAuthorityCode.
+ * @return String
+ */
+ public String getPublicAuthorityCode() {
+ return publicAuthorityCode;
+ }
+
+ /**
+ * Returns the qualifiedCertificate.
+ * @return boolean
+ */
+ public boolean isQualifiedCertificate() {
+ return qualifiedCertificate;
+ }
+
+ /**
+ * Returns the bPK.
+ * @return String
+ */
+ public String getBPK() {
+ return bPK;
+ }
+
+ /**
+ * Sets the publicAuthority.
+ * @param publicAuthority The publicAuthority to set
+ */
+ public void setPublicAuthority(boolean publicAuthority) {
+ this.publicAuthority = publicAuthority;
+ }
+
+ /**
+ * Sets the publicAuthorityCode.
+ * @param publicAuthorityIdentification The publicAuthorityCode to set
+ */
+ public void setPublicAuthorityCode(String publicAuthorityIdentification) {
+ this.publicAuthorityCode = publicAuthorityIdentification;
+ }
+
+ /**
+ * Sets the qualifiedCertificate.
+ * @param qualifiedCertificate The qualifiedCertificate to set
+ */
+ public void setQualifiedCertificate(boolean qualifiedCertificate) {
+ this.qualifiedCertificate = qualifiedCertificate;
+ }
+
+ /**
+ * Sets the bPK.
+ * @param bPK The bPK to set
+ */
+ public void setBPK(String bPK) {
+ this.bPK = bPK;
+ }
+
+ /**
+ * Returns the dateOfBirth.
+ * @return String
+ */
+ public Date getDateOfBirth() {
+ return dateOfBirth;
+ }
+
+ public String getFormatedDateOfBirth() {
+ DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+ return pvpDateFormat.format(getDateOfBirth());
+ }
+
+ /**
+ * Returns the familyName.
+ * @return String
+ */
+ public String getFamilyName() {
+ return familyName;
+ }
+
+ /**
+ * Returns the givenName.
+ * @return String
+ */
+ public String getGivenName() {
+ return givenName;
+ }
+
+ /**
+ * Returns the identificationValue.
+ * @return String
+ */
+ public String getIdentificationValue() {
+ return identificationValue;
+ }
+
+ /**
+ * Returns the identificationType
+ * @return String
+ */
+ public String getIdentificationType() {
+ return identificationType;
+ }
+
+ /**
+ * Returns the issueInstant.
+ * @return String
+ */
+ public String getIssueInstantString() {
+ return DateTimeUtils.buildDateTimeUTC(issueInstant);
+
+ }
+
+ /**
+ * Returns the issueInstant.
+ * @return String
+ */
+ public Date getIssueInstant() {
+ return issueInstant;
+
+ }
+
+ public void setIssueInstant(Date date) {
+ this.issueInstant = date;
+ }
+
+ /**
+ * Returns the issuer.
+ * @return String
+ */
+ public String getIssuer() {
+ return issuer;
+ }
+
+ /**
+ * Returns the BKU URL.
+ * @return String
+ */
+ public String getBkuURL() {
+ return bkuURL;
+ }
+
+ /**
+ * Sets the dateOfBirth.
+ * @param dateOfBirth The dateOfBirth to set
+ */
+ public void setDateOfBirth(Date dateOfBirth) {
+ this.dateOfBirth = dateOfBirth;
+ }
+
+ public void setDateOfBirth(String dateOfBirth) {
+ try {
+ if (MiscUtil.isNotEmpty(dateOfBirth)) {
+ DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+ this.dateOfBirth = identityLinkFormat.parse(dateOfBirth);
+ }
+
+ } catch (ParseException e) {
+ Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e);
+
+ }
+ }
+
+ /**
+ * Sets the familyName.
+ * @param familyName The familyName to set
+ */
+ public void setFamilyName(String familyName) {
+ this.familyName = familyName;
+ }
+
+ /**
+ * Sets the givenName.
+ * @param givenName The givenName to set
+ */
+ public void setGivenName(String givenName) {
+ this.givenName = givenName;
+ }
+
+ /**
+ * Sets the identificationValue.
+ * @param identificationValue The identificationValue to set
+ */
+ public void setIdentificationValue(String identificationValue) {
+ this.identificationValue = identificationValue;
+ }
+
+ /**
+ * Sets the identificationType.
+ * @param identificationType The identificationType to set
+ */
+ public void setIdentificationType(String identificationType) {
+ this.identificationType = identificationType;
+ }
+
+ /**
+ * Sets the issuer.
+ * @param issuer The issuer to set
+ */
+ public void setIssuer(String issuer) {
+ this.issuer = issuer;
+ }
+
+ /**
+ * Sets the bkuURL
+ * @param url The BKU URL to set
+ */
+ public void setBkuURL(String url) {
+ this.bkuURL = url;
+ }
+
+ public String getBPKType() {
+ return bPKType;
+ }
+
+ public void setBPKType(String bPKType) {
+ this.bPKType = bPKType;
+ }
+
+ /**
+ * @return the identityLink
+ */
+ public IdentityLink getIdentityLink() {
+ return identityLink;
+ }
+
+ /**
+ * @param identityLink the identityLink to set
+ */
+ public void setIdentityLink(IdentityLink identityLink) {
+ this.identityLink = identityLink;
+ }
+
+
+ /**
+ * @return the storkAttributes
+ */
+ public IPersonalAttributeList getStorkAttributes() {
+ return storkAttributes;
+ }
+
+
/**
- * user identityLink specialized to OAParamter
+ * @param storkAttributes the storkAttributes to set
*/
- private IdentityLink identityLink;
+ public void setStorkAttributes(IPersonalAttributeList storkAttributes) {
+ this.storkAttributes = storkAttributes;
+ }
+
+
+ /**
+ * @return the signerCertificate
+ */
+ public byte[] getSignerCertificate() {
+ return signerCertificate;
+ }
+
+
+ /**
+ * @param signerCertificate the signerCertificate to set
+ */
+ public void setSignerCertificate(byte[] signerCertificate) {
+ this.signerCertificate = signerCertificate;
+ }
+
+
+ /**
+ * @return the authBlock
+ */
+ public String getAuthBlock() {
+ return authBlock;
+ }
+
+
+ /**
+ * @param authBlock the authBlock to set
+ */
+ public void setAuthBlock(String authBlock) {
+ this.authBlock = authBlock;
+ }
+
+
+ /**
+ * @return the mandate
+ */
+ public MISMandate getMISMandate() {
+ return mandate;
+ }
+
+ public Element getMandate() {
+ try {
+ byte[] byteMandate = mandate.getMandate();
+ String stringMandate = new String(byteMandate);
+ return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
+
+ }
+ catch (Throwable e) {
+ Logger.warn("Mandate content could not be generated from MISMandate.");
+ return null;
+ }
+ }
- /**
- * application specific user identifier (bPK/wbPK)
- */
- private String bPK;
-
- /**
- * application specific user identifier type
- */
- private String bPKType;
-
- /**
- * given name of the user
- */
- private String givenName;
- /**
- * family name of the user
- */
- private String familyName;
- /**
- * date of birth of the user
- */
- private String dateOfBirth;
- /**
- * says whether the certificate is a qualified certificate or not
- */
- private boolean qualifiedCertificate;
- /**
- * says whether the certificate is a public authority or not
- */
- private boolean publicAuthority;
- /**
- * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
- */
- private String publicAuthorityCode;
- /**
- * The base64 encoded signer certificate.
- */
- private String signerCertificate;
- /**
- * URL of the BKU
- */
- private String bkuURL;
- /**
- * the corresponding <code>lt;saml:Assertion&gt;</code>
- */
- private String samlAssertion;
-
- /** useUTC */
-// private boolean useUTC;
- /**
- * creation timestamp
- */
- Date timestamp;
-
-
-
- //this method is only required for MOA-ID Proxy 2.0 Release.
- //TODO: remove it, if MOA-ID Proxy is not supported anymore.
- public String getWBPK() {
- return bPK;
- }
-
-
- /**
- * Constructor for AuthenticationData.
- */
- public AuthenticationData() {
- timestamp = new Date();
- }
-
- /**
- * Returns the minorVersion.
- * @return int
- */
- public int getMinorVersion() {
- return minorVersion;
- }
-
- /**
- * Returns the publicAuthority.
- * @return boolean
- */
- public boolean isPublicAuthority() {
- return publicAuthority;
- }
-
- /**
- * Returns the publicAuthorityCode.
- * @return String
- */
- public String getPublicAuthorityCode() {
- return publicAuthorityCode;
- }
-
- /**
- * Returns the qualifiedCertificate.
- * @return boolean
- */
- public boolean isQualifiedCertificate() {
- return qualifiedCertificate;
- }
-
- /**
- * Returns the bPK.
- * @return String
- */
- public String getBPK() {
- return bPK;
- }
-
-// /**
-// * Returns useUTC
-// * @return useUTC
-// */
-// public boolean getUseUTC() {
-// return useUTC;
-// }
-
- /**
- * Sets the minorVersion.
- * @param minorVersion The minorVersion to set
- */
- public void setMinorVersion(int minorVersion) {
- this.minorVersion = minorVersion;
- }
-
- /**
- * Sets the publicAuthority.
- * @param publicAuthority The publicAuthority to set
- */
- public void setPublicAuthority(boolean publicAuthority) {
- this.publicAuthority = publicAuthority;
- }
-
- /**
- * Sets the publicAuthorityCode.
- * @param publicAuthorityIdentification The publicAuthorityCode to set
- */
- public void setPublicAuthorityCode(String publicAuthorityIdentification) {
- this.publicAuthorityCode = publicAuthorityIdentification;
- }
-
- /**
- * Sets the qualifiedCertificate.
- * @param qualifiedCertificate The qualifiedCertificate to set
- */
- public void setQualifiedCertificate(boolean qualifiedCertificate) {
- this.qualifiedCertificate = qualifiedCertificate;
- }
-
- /**
- * Sets the bPK.
- * @param bPK The bPK to set
- */
- public void setBPK(String bPK) {
- this.bPK = bPK;
- }
-
-// /**
-// * Sets the wbPK.
-// * @param wbPK The wbPK to set
-// */
-// public void setWBPK(String wbPK) {
-// this.wbPK = wbPK;
-// }
-
-// public void setUseUTC(boolean useUTC) {
-// this.useUTC = useUTC;
-// }
-
- /**
- * Returns the assertionID.
- * @return String
- */
- public String getAssertionID() {
- return assertionID;
- }
-
- /**
- * Returns the dateOfBirth.
- * @return String
- */
- public String getDateOfBirth() {
- return dateOfBirth;
- }
-
- /**
- * Returns the familyName.
- * @return String
- */
- public String getFamilyName() {
- return familyName;
- }
-
- /**
- * Returns the givenName.
- * @return String
- */
- public String getGivenName() {
- return givenName;
- }
-
- /**
- * Returns the identificationValue.
- * @return String
- */
- public String getIdentificationValue() {
- return identificationValue;
- }
-
- /**
- * Returns the identificationType
- * @return String
- */
- public String getIdentificationType() {
- return identificationType;
- }
-
- /**
- * Returns the issueInstant.
- * @return String
- */
- public String getIssueInstant() {
- return issueInstant;
- }
-
- /**
- * Returns the issuer.
- * @return String
- */
- public String getIssuer() {
- return issuer;
- }
-
- /**
- * Returns the majorVersion.
- * @return int
- */
- public int getMajorVersion() {
- return majorVersion;
- }
-
- /**
- * Returns the BKU URL.
- * @return String
- */
- public String getBkuURL() {
- return bkuURL;
- }
-
- /**
- * Returns the signer certificate.
- * @return String
- */
- public String getSignerCertificate() {
- return signerCertificate;
- }
-
- /**
- * Sets the assertionID.
- * @param assertionID The assertionID to set
- */
- public void setAssertionID(String assertionID) {
- this.assertionID = assertionID;
- }
-
- /**
- * Sets the dateOfBirth.
- * @param dateOfBirth The dateOfBirth to set
- */
- public void setDateOfBirth(String dateOfBirth) {
- this.dateOfBirth = dateOfBirth;
- }
-
- /**
- * Sets the familyName.
- * @param familyName The familyName to set
- */
- public void setFamilyName(String familyName) {
- this.familyName = familyName;
- }
-
- /**
- * Sets the givenName.
- * @param givenName The givenName to set
- */
- public void setGivenName(String givenName) {
- this.givenName = givenName;
- }
-
- /**
- * Sets the identificationValue.
- * @param identificationValue The identificationValue to set
- */
- public void setIdentificationValue(String identificationValue) {
- this.identificationValue = identificationValue;
- }
-
- /**
- * Sets the identificationType.
- * @param identificationType The identificationType to set
- */
- public void setIdentificationType(String identificationType) {
- this.identificationType = identificationType;
- }
-
- /**
- * Sets the issueInstant.
- * @param issueInstant The issueInstant to set
- */
- public void setIssueInstant(String issueInstant) {
- this.issueInstant = issueInstant;
- }
-
- /**
- * Sets the issuer.
- * @param issuer The issuer to set
- */
- public void setIssuer(String issuer) {
- this.issuer = issuer;
- }
-
- /**
- * Sets the majorVersion.
- * @param majorVersion The majorVersion to set
- */
- public void setMajorVersion(int majorVersion) {
- this.majorVersion = majorVersion;
- }
-
- /**
- * Sets the bkuURL
- * @param url The BKU URL to set
- */
- public void setBkuURL(String url) {
- this.bkuURL = url;
- }
-
- /**
- * Sets the signer certificate
- * @param signerCertificate The signer certificate
- */
- public void setSignerCertificate(String signerCertificate) {
- this.signerCertificate = signerCertificate;
- }
-
- /**
- * Returns the samlAssertion.
- * @return String
- */
- public String getSamlAssertion() {
- return samlAssertion;
- }
-
- /**
- * Sets the samlAssertion.
- * @param samlAssertion The samlAssertion to set
- */
- public void setSamlAssertion(String samlAssertion) {
- this.samlAssertion = samlAssertion;
- }
-
- /**
- * Returns the timestamp.
- * @return Date
- */
- public Date getTimestamp() {
- return timestamp;
- }
-
-public String getBPKType() {
- return bPKType;
-}
-public void setBPKType(String bPKType) {
- this.bPKType = bPKType;
-}
+ /**
+ * @param mandate the mandate to set
+ */
+ public void setMISMandate(MISMandate mandate) {
+ this.mandate = mandate;
+ }
-/**
- * @return the identityLink
- */
-public IdentityLink getIdentityLink() {
- return identityLink;
-}
-/**
- * @param identityLink the identityLink to set
- */
-public void setIdentityLink(IdentityLink identityLink) {
- this.identityLink = identityLink;
-}
+ /**
+ * @return the useMandate
+ */
+ public boolean isUseMandate() {
+ return useMandate;
+ }
+ /**
+ * @param useMandate the useMandate to set
+ */
+ public void setUseMandate(boolean useMandate) {
+ this.useMandate = useMandate;
+ }
-
+
+ /**
+ * @return
+ */
+ public String getQAALevel() {
+ return this.QAALevel;
+ }
+
+
+ /**
+ * @return
+ */
+ public boolean isForeigner() {
+ return this.foreigner;
+ }
+
+
+ /**
+ * @param foreigner the foreigner to set
+ */
+ public void setForeigner(boolean foreigner) {
+ this.foreigner = foreigner;
+ }
+
+
+ /**
+ * @param qAALevel the qAALevel to set
+ */
+ public void setQAALevel(String qAALevel) {
+ QAALevel = qAALevel;
+ }
+
+
+ /**
+ * @return the ssoSession
+ */
+ public boolean isSsoSession() {
+ return ssoSession;
+ }
+
+
+ /**
+ * @param ssoSession the ssoSession to set
+ */
+ public void setSsoSession(boolean ssoSession) {
+ this.ssoSession = ssoSession;
+ }
+
+ /**
+ * @param storkRequest the storkRequest to set
+ */
+ public void setStorkRequest(STORKAuthnRequest storkRequest) {
+ this.storkRequest = storkRequest;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IAuthData#getStorkAuthnRequest()
+ */
+ @Override
+ public STORKAuthnRequest getStorkAuthnRequest() {
+ return this.storkRequest;
+ }
+
+ /**
+ * @return the storkAuthnResponse
+ */
+ public String getStorkAuthnResponse() {
+ return storkAuthnResponse;
+ }
+
+ /**
+ * @param storkAuthnResponse the storkAuthnResponse to set
+ */
+ public void setStorkAuthnResponse(String storkAuthnResponse) {
+ this.storkAuthnResponse = storkAuthnResponse;
+ }
+
+ /**
+ * @return the mandateReferenceValue
+ */
+ public String getMandateReferenceValue() {
+ return mandateReferenceValue;
+ }
+
+ /**
+ * @param mandateReferenceValue the mandateReferenceValue to set
+ */
+ public void setMandateReferenceValue(String mandateReferenceValue) {
+ this.mandateReferenceValue = mandateReferenceValue;
+ }
+
+ /**
+ * @return the ccc
+ */
+ public String getCcc() {
+ return ccc;
+ }
+
+ /**
+ * @param ccc the ccc to set
+ */
+ public void setCcc(String ccc) {
+ this.ccc = ccc;
+ }
+
+ /**
+ * @return the sessionIndex
+ */
+ public String getSessionIndex() {
+ return sessionIndex;
+ }
+
+ /**
+ * @param sessionIndex the sessionIndex to set
+ */
+ public void setSessionIndex(String sessionIndex) {
+ this.sessionIndex = sessionIndex;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID()
+ */
+ @Override
+ public String getNameID() {
+ return this.nameID;
+ }
+
+ /**
+ * @param nameID the nameID to set
+ */
+ public void setNameID(String nameID) {
+ this.nameID = nameID;
+ }
+
+ /**
+ * @return the nameIDFormat
+ */
+ public String getNameIDFormat() {
+ return nameIDFormat;
+ }
+
+ /**
+ * @param nameIDFormat the nameIDFormat to set
+ */
+ public void setNameIDFormat(String nameIDFormat) {
+ this.nameIDFormat = nameIDFormat;
+ }
+
+ /**
+ * @return the interfederatedSSOSession
+ */
+ public boolean isInterfederatedSSOSession() {
+ return interfederatedSSOSession;
+ }
+
+ /**
+ * @param interfederatedSSOSession the interfederatedSSOSession to set
+ */
+ public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
+ this.interfederatedSSOSession = interfederatedSSOSession;
+ }
+
+ /**
+ * @return the interfederatedIDP
+ */
+ public String getInterfederatedIDP() {
+ return interfederatedIDP;
+ }
+
+ /**
+ * @param interfederatedIDP the interfederatedIDP to set
+ */
+ public void setInterfederatedIDP(String interfederatedIDP) {
+ this.interfederatedIDP = interfederatedIDP;
+ }
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
new file mode 100644
index 000000000..4ea81f134
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+import java.util.Date;
+
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IAuthData {
+
+ Date getIssueInstant();
+ String getIssuer();
+
+ boolean isSsoSession();
+ boolean isInterfederatedSSOSession();
+ boolean isUseMandate();
+
+ String getFamilyName();
+ String getGivenName();
+ Date getDateOfBirth();
+ String getFormatedDateOfBirth();
+
+ String getBPK();
+ String getBPKType();
+
+ String getInterfederatedIDP();
+
+ String getIdentificationValue();
+ String getIdentificationType();
+
+ String getBkuURL();
+
+ IdentityLink getIdentityLink();
+ byte[] getSignerCertificate();
+ String getAuthBlock();
+
+ boolean isPublicAuthority();
+ String getPublicAuthorityCode();
+ boolean isQualifiedCertificate();
+
+ MISMandate getMISMandate();
+ Element getMandate();
+ String getMandateReferenceValue();
+
+ String getQAALevel();
+
+ String getSessionIndex();
+ String getNameID();
+ String getNameIDFormat();
+
+ boolean isForeigner();
+ String getCcc();
+ STORKAuthnRequest getStorkAuthnRequest();
+ String getStorkAuthnResponse();
+ IPersonalAttributeList getStorkAttributes();
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
new file mode 100644
index 000000000..a0f3dd309
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
@@ -0,0 +1,155 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.LinkedHashMap;
+import java.util.List;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.metadata.SingleLogoutService;
+
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SLOInformationContainer implements Serializable {
+
+ private static final long serialVersionUID = 7148730740582881862L;
+
+ private PVPTargetConfiguration sloRequest = null;
+ private LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs = null;
+ private LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs = null;
+ private List<String> sloFailedOAs = null;
+
+
+ public void parseActiveOAs(List<OASessionStore> dbOAs, String removeOAID) {
+ activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationImpl>();
+ activeBackChannelOAs = new LinkedHashMap<String, SLOInformationImpl>();
+
+ if (dbOAs != null) {
+ for (OASessionStore oa : dbOAs) {
+ //Actually only PVP 2.1 support Single LogOut
+ if (PVP2XProtocol.NAME.equals(oa.getProtocolType()) &&
+ !oa.getOaurlprefix().equals(removeOAID)) {
+ SingleLogoutService sloDesc;
+ try {
+ sloDesc = SingleLogOutBuilder.getRequestSLODescriptor(oa.getOaurlprefix());
+
+ if (sloDesc.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))
+ activeBackChannelOAs.put(oa.getOaurlprefix(),
+ new SLOInformationImpl(
+ oa.getAssertionSessionID(),
+ oa.getUserNameID(),
+ oa.getUserNameIDFormat(),
+ oa.getProtocolType(),
+ sloDesc));
+
+ else
+ activeFrontChannalOAs.put(oa.getOaurlprefix(),
+ new SLOInformationImpl(
+ oa.getAssertionSessionID(),
+ oa.getUserNameID(),
+ oa.getUserNameIDFormat(),
+ oa.getProtocolType(),
+ sloDesc));
+
+ } catch (NOSLOServiceDescriptorException e) {
+ putFailedOA(oa.getOaurlprefix());
+
+ }
+
+ } else
+ putFailedOA(oa.getOaurlprefix());
+ }
+ }
+ }
+
+ public String getNextFrontChannelOA() {
+ Iterator<String> interator = activeFrontChannalOAs.keySet().iterator();
+ if (interator.hasNext())
+ return interator.next();
+
+ else
+ return null;
+ }
+
+ public SLOInformationImpl getFrontChannelOASessionDescripten(String oaID) {
+ return activeFrontChannalOAs.get(oaID);
+ }
+
+ public void removeFrontChannelOA(String oaID) {
+ activeFrontChannalOAs.remove(oaID);
+ }
+
+ public Iterator<String> getNextBackChannelOA() {
+ return activeBackChannelOAs.keySet().iterator();
+ }
+
+ public SLOInformationImpl getBackChannelOASessionDescripten(String oaID) {
+ return activeBackChannelOAs.get(oaID);
+ }
+
+ public void removeBackChannelOA(String oaID) {
+ activeBackChannelOAs.remove(oaID);
+ }
+
+ /**
+ * @return the sloRequest
+ */
+ public PVPTargetConfiguration getSloRequest() {
+ return sloRequest;
+ }
+
+ /**
+ * @param sloRequest the sloRequest to set
+ */
+ public void setSloRequest(PVPTargetConfiguration sloRequest) {
+ this.sloRequest = sloRequest;
+ }
+
+ /**
+ * @return the sloFailedOAs
+ */
+ public List<String> getSloFailedOAs() {
+ return sloFailedOAs;
+ }
+
+ public void putFailedOA(String oaID) {
+ if (sloFailedOAs == null)
+ sloFailedOAs = new ArrayList<String>();
+ sloFailedOAs.add(oaID);
+ }
+
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
index 971222b67..55b213702 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
@@ -22,22 +22,39 @@
*/
package at.gv.egovernment.moa.id.data;
+import java.io.Serializable;
+
+import org.opensaml.saml2.metadata.SingleLogoutService;
+
/**
* @author tlenz
*
*/
-public class SLOInformationImpl implements SLOInformationInterface {
-
+public class SLOInformationImpl implements SLOInformationInterface, Serializable {
+ private static final long serialVersionUID = 295577931870512387L;
private String sessionIndex = null;
private String nameID = null;
private String protocolType = null;
+ private String nameIDFormat = null;
+ private String binding = null;
+ private String serviceURL = null;
- public SLOInformationImpl(String sessionID, String nameID, String protocolType) {
+ public SLOInformationImpl(String sessionID, String nameID, String nameIDFormat, String protocolType) {
+ new SLOInformationImpl(sessionID, nameID, nameIDFormat, protocolType, null);
+ }
+
+ public SLOInformationImpl(String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) {
this.sessionIndex = sessionID;
this.nameID = nameID;
+ this.nameIDFormat = nameIDFormat;
this.protocolType = protocolType;
-
+
+ if (sloService != null) {
+ this.binding = sloService.getBinding();
+ this.serviceURL = sloService.getLocation();
+
+ }
}
@@ -100,6 +117,39 @@ public class SLOInformationImpl implements SLOInformationInterface {
public String getProtocolType() {
return protocolType;
}
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIDFormat()
+ */
+ @Override
+ public String getUserNameIDFormat() {
+ return this.nameIDFormat;
+ }
+
+
+ /**
+ * @param nameIDFormat the nameIDFormat to set
+ */
+ public void setNameIDFormat(String nameIDFormat) {
+ this.nameIDFormat = nameIDFormat;
+ }
+
+ /**
+ * @return the binding
+ */
+ public String getBinding() {
+ return binding;
+ }
+
+ /**
+ * @return the serviceURL
+ */
+ public String getServiceURL() {
+ return serviceURL;
+ }
+
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
index 7290665e9..b2241f8ed 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
@@ -26,7 +26,7 @@ package at.gv.egovernment.moa.id.data;
* @author tlenz
*
*/
-public interface SLOInformationInterface {
+public interface SLOInformationInterface{
/**
@@ -53,6 +53,11 @@ public interface SLOInformationInterface {
* return authentication protocol type
*/
public String getProtocolType();
+
+ /**
+ * @return
+ */
+ public String getUserNameIDFormat();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 9fb2c7a69..30585c413 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -25,18 +25,15 @@ package at.gv.egovernment.moa.id.entrypoints;
import java.io.IOException;
import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -46,6 +43,7 @@ import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -250,18 +248,45 @@ public class DispatcherServlet extends AuthServlet{
try {
protocolRequest = info.preProcess(req, resp, action);
- if (protocolRequest != null) {
-
+ //request is a valid interfederation response
+ if (protocolRequest != null &&
+ protocolRequest.getInterfederationResponse() != null ) {
+ Logger.debug("Create new interfederated MOA-Session and add to HTTPRequest");
+
+ //reload SP protocol implementation
+ info = ModulStorage.getModuleByPath(protocolRequest.requestedModule());
+ moduleAction = info.getAction(protocolRequest.requestedAction());
+
+ //create interfederated mOASession
+ String sessionID = AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true);
+ req.getParameterMap().put(PARAM_SESSIONID, sessionID);
+
+ Logger.info("PreProcessing of SSO interfederation response complete. ");
+
+ //request is a not valid interfederation response -> Restart local authentication
+ } else if (protocolRequest != null &&
+ MiscUtil.isNotEmpty(protocolRequest.getRequestID())) {
+ Logger.info("PreProcessing of SSO interfederation response FAILED. Starting local authentication ...");
+
+ //request is a new authentication request
+ } else if (protocolRequest != null &&
+ MiscUtil.isEmpty(protocolRequest.getRequestID())) {
//Start new Authentication
- protocolRequest.setAction(action);
protocolRequest.setModule(module);
- protocolRequestID = Random.nextRandom();
- protocolRequest.setRequestID(protocolRequestID);
- RequestStorage.setPendingRequest(protocolRequest);
+ //if preProcessing has not set a specific action from decoded request
+ // then set the default action
+ if (MiscUtil.isEmpty(protocolRequest.requestedAction()))
+ protocolRequest.setAction(action);
+ else
+ moduleAction = info.getAction(protocolRequest.requestedAction());
+ protocolRequestID = Random.nextRandom();
+ protocolRequest.setRequestID(protocolRequestID);
+ RequestStorage.setPendingRequest(protocolRequest);
Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + ".");
-
+
+
} else {
Logger.error("Failed to generate a valid protocol request!");
resp.setContentType("text/html;charset=UTF-8");
@@ -297,14 +322,18 @@ public class DispatcherServlet extends AuthServlet{
String moasessionID = null;
String newSSOSessionId = null;
AuthenticationSession moasession = null;
+ IAuthData authData = null;
//get SSO Cookie for Request
String ssoId = ssomanager.getSSOSessionID(req);
- boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp);
+ boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp);
if (needAuthentication) {
-
+
+ //check if interfederation IDP is requested
+ ssomanager.checkInterfederationIsRequested(req, resp, protocolRequest);
+
//check SSO session
if (ssoId != null) {
String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
@@ -327,7 +356,7 @@ public class DispatcherServlet extends AuthServlet{
}
- isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req);
+ isValidSSOSession = ssomanager.isValidSSOSession(ssoId, protocolRequest);
useSSOOA = oaParam.useSSO();
@@ -378,38 +407,36 @@ public class DispatcherServlet extends AuthServlet{
if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) {
authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam);
return;
- }
- }
- else {
+ }
- moasessionID = (String) req.getParameter(PARAM_SESSIONID);
-
+ } else {
+ moasessionID = (String) req.getParameter(PARAM_SESSIONID);
moasession = AuthenticationSessionStoreage.getSession(moasessionID);
- }
-
+
+ }
//save SSO session usage in Database
newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
- if (newSSOSessionId != null) {
+ if (MiscUtil.isNotEmpty(newSSOSessionId)) {
ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
} else {
ssomanager.deleteSSOSessionID(req, resp);
+
}
- } else {
-
- moasessionID = (String) req.getParameter(PARAM_SESSIONID);
-
+ } else {
+ moasessionID = (String) req.getParameter(PARAM_SESSIONID);
moasession = AuthenticationSessionStoreage.getSession(moasessionID);
moasessionID = AuthenticationSessionStoreage.changeSessionID(moasession);
+
}
-
-
+ //build authenticationdata from session information and OA configuration
+ authData = AuthenticationDataBuilder.buildAuthenticationData(protocolRequest, moasession);
}
-
- SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession);
+
+ SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, authData);
RequestStorage.removePendingRequest(protocolRequestID);
@@ -437,7 +464,7 @@ public class DispatcherServlet extends AuthServlet{
//Advanced statistic logging
StatisticLogger logger = StatisticLogger.getInstance();
- logger.logSuccessOperation(protocolRequest, moasession, isSSOSession);
+ logger.logSuccessOperation(protocolRequest, authData, isSSOSession);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 03a61d08f..7456b8387 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -24,12 +24,37 @@ package at.gv.egovernment.moa.id.moduls;
import java.io.IOException;
import java.io.PrintWriter;
+import java.security.NoSuchAlgorithmException;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.joda.time.DateTime;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.NameIDPolicy;
+import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.security.MetadataCredentialResolver;
+import org.opensaml.security.MetadataCredentialResolverFactory;
+import org.opensaml.security.MetadataCriteria;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.CriteriaSet;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.criteria.EntityIDCriteria;
+
import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
@@ -42,9 +67,17 @@ import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
public class AuthenticationManager extends AuthServlet {
@@ -65,7 +98,6 @@ public class AuthenticationManager extends AuthServlet {
return instance;
}
-
/**
* Checks if this request can authenticate a MOA Session
*
@@ -82,9 +114,7 @@ public class AuthenticationManager extends AuthServlet {
AuthenticationSession authSession;
try {
authSession = AuthenticationSessionStoreage.getSession(sessionID);
-
-
-
+
if (authSession != null) {
Logger.info("MOASession found! A: "
+ authSession.isAuthenticated() + ", AU "
@@ -148,16 +178,167 @@ public class AuthenticationManager extends AuthServlet {
public void doAuthentication(HttpServletRequest request,
HttpServletResponse response, IRequest target)
throws ServletException, IOException, MOAIDException {
+
Logger.info("Starting authentication ...");
+
+ if (MiscUtil.isEmpty(target.getRequestedIDP())) {
+ perfomLocalAuthentication(request, response, target);
+
+ } else {
+ Logger.info("Use IDP " + target.getRequestedIDP() + " for authentication ...");
+ buildPVP21AuthenticationRequest(request, response, target);
+
+ }
+ }
+
+ public void sendTransmitAssertionQuestion(HttpServletRequest request,
+ HttpServletResponse response, IRequest target, OAAuthParameter oaParam)
+ throws ServletException, IOException, MOAIDException {
+
+ String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),
+ target.requestedAction(), target.getRequestID(), oaParam, request.getContextPath());
+
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(response.getOutputStream());
+ out.print(form);
+ out.flush();
+ }
+
+ private void buildPVP21AuthenticationRequest(HttpServletRequest request,
+ HttpServletResponse response, IRequest target)
+ throws ServletException, IOException, MOAIDException {
+
+ boolean requiredLocalAuthentication = true;
+
+ Logger.debug("Build PVP 2.1 authentication request");
+
+ //get IDP metadata
+ try {
+ OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(target.getRequestedIDP());
+ if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
+ Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation.");
+ Logger.info("Switch to local authentication on this IDP ... ");
+ perfomLocalAuthentication(request, response, target);
+
+ }
+
+ EntityDescriptor idpEntity = MOAMetadataProvider.getInstance().
+ getEntityDescriptor(target.getRequestedIDP());
+
+ if (idpEntity != null ) {
+
+ //fetch endpoint from IDP metadata
+ SingleSignOnService redirectEndpoint = null;
+ for (SingleSignOnService sss :
+ idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
+
+ // use POST binding as default if it exists
+ //TODO: maybe use RedirectBinding as default
+ if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
+ redirectEndpoint = sss;
+
+ } else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) &&
+ redirectEndpoint == null )
+ redirectEndpoint = sss;
+ }
+
+ if (redirectEndpoint != null) {
+
+ AuthnRequest authReq = SAML2Utils
+ .createSAMLObject(AuthnRequest.class);
+ SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
+ authReq.setID(gen.generateIdentifier());
+
+ //send passive AuthnRequest
+ authReq.setIsPassive(true);
+
+ authReq.setAssertionConsumerServiceIndex(0);
+ authReq.setIssueInstant(new DateTime());
+ Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+ NameID name = SAML2Utils.createSAMLObject(NameID.class);
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+
+ String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath();
+ name.setValue(serviceURL);
+ issuer.setValue(serviceURL);
-// if (!ParamValidatorUtils.isValidOA(target.getOAURL()))
-// throw new WrongParametersException("StartAuthentication", PARAM_OA,
-// "auth.12");
-//
-// if (target.getOAURL() == null) {
-// throw new WrongParametersException("StartAuthentication", PARAM_OA,
-// "auth.12");
-// }
+ subject.setNameID(name);
+ authReq.setSubject(subject);
+ issuer.setFormat(NameIDType.ENTITY);
+ authReq.setIssuer(issuer);
+ NameIDPolicy policy = SAML2Utils
+ .createSAMLObject(NameIDPolicy.class);
+ policy.setAllowCreate(true);
+ policy.setFormat(NameID.TRANSIENT);
+ authReq.setNameIDPolicy(policy);
+
+ authReq.setDestination(redirectEndpoint.getLocation());
+
+ RequestedAuthnContext reqAuthContext =
+ SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
+
+ AuthnContextClassRef authnClassRef =
+ SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
+ authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
+ reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
+ reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
+ authReq.setRequestedAuthnContext(reqAuthContext);
+
+
+ IEncoder binding = null;
+ if (redirectEndpoint.getBinding().equals(
+ SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ binding = new RedirectBinding();
+
+ } else if (redirectEndpoint.getBinding().equals(
+ SAMLConstants.SAML2_POST_BINDING_URI)) {
+ binding = new PostBinding();
+
+ }
+
+ binding.encodeRequest(request, response, authReq,
+ redirectEndpoint.getLocation(), target.getRequestID());
+
+ //build and send request without an error
+ requiredLocalAuthentication = false;
+
+ } else {
+ Logger.warn("Requested IDP " + target.getRequestedIDP()
+ + " does not support POST or Redirect Binding.");
+
+ }
+
+ } else {
+ Logger.warn("Requested IDP " + target.getRequestedIDP()
+ + " is not found in InterFederation configuration");
+
+ }
+
+ } catch (MetadataProviderException e) {
+ Logger.error("IDP metadata error." , e);
+
+ } catch (NoSuchAlgorithmException e) {
+ Logger.error("Build IDP authentication request FAILED.", e);
+
+ } catch (MessageEncodingException e) {
+ Logger.error("Build IDP authentication request FAILED.", e);
+
+ } catch (SecurityException e) {
+ Logger.error("Build IDP authentication request FAILED.", e);
+
+ }
+
+ if (requiredLocalAuthentication) {
+ Logger.info("Switch to local authentication on this IDP ... ");
+ perfomLocalAuthentication(request, response, target);
+ }
+ }
+
+
+ private void perfomLocalAuthentication(HttpServletRequest request,
+ HttpServletResponse response, IRequest target)
+ throws ServletException, IOException, MOAIDException {
+ Logger.debug("Starting authentication on this IDP ...");
setNoCachingHeadersInHttpRespone(request, response);
@@ -183,17 +364,12 @@ public class AuthenticationManager extends AuthServlet {
if (legacyallowed && legacyparamavail) {
- //parse request parameter into MOASession
-
+ //parse request parameter into MOASession
StartAuthentificationParameterParser.parse(request, response, moasession, target);
Logger.info("Start Authentication Module: " + moasession.getModul()
+ " Action: " + moasession.getAction());
-
- //start authentication process
-// session.getServletContext().getNamedDispatcher("StartAuthentication")
-// .forward(request, response);
-
+
StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
String getIdentityLinkForm = startauth.build(moasession, request, response);
@@ -260,17 +436,4 @@ public class AuthenticationManager extends AuthServlet {
out.flush();
}
}
-
- public void sendTransmitAssertionQuestion(HttpServletRequest request,
- HttpServletResponse response, IRequest target, OAAuthParameter oaParam)
- throws ServletException, IOException, MOAIDException {
-
- String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),
- target.requestedAction(), target.getRequestID(), oaParam, request.getContextPath());
-
- response.setContentType("text/html;charset=UTF-8");
- PrintWriter out = new PrintWriter(response.getOutputStream());
- out.print(form);
- out.flush();
- }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
index a2843d026..529e2ab81 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
@@ -26,12 +26,13 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
public interface IAction extends MOAIDAuthConstants {
- public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession)
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData)
throws MOAIDException;
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
index 2ef24c084..aaeb84f92 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -22,6 +22,12 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
+
public interface IRequest {
public String getOAURL();
public boolean isPassiv();
@@ -33,7 +39,10 @@ public interface IRequest {
public void setAction(String action);
public String getTarget();
public void setRequestID(String id);
- public String getRequestID();
+ public String getRequestID();
+ public String getRequestedIDP();
+ public MOAResponse getInterfederationResponse();
+ public List<Attribute> getRequestedAttributes();
//public void setTarget();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index b9b1742e4..4a54a516b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -23,8 +23,13 @@
package at.gv.egovernment.moa.id.moduls;
import java.io.Serializable;
+import java.util.List;
-public class RequestImpl implements IRequest, Serializable{
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
+
+public abstract class RequestImpl implements IRequest, Serializable{
private static final long serialVersionUID = 1L;
@@ -37,6 +42,16 @@ public class RequestImpl implements IRequest, Serializable{
private String target = null;
private String requestID;
+ //MOA-ID interfederation
+ private String requestedIDP = null;
+ private MOAResponse response = null;
+
+ /**
+ * This method map the protocol specific requested attributes to PVP 2.1 attributes.
+ *
+ * @return List of PVP 2.1 attributes with maps all protocol specific attributes
+ */
+ public abstract List<Attribute> getRequestedAttributes();
public void setOAURL(String value) {
oaURL = value;
@@ -102,4 +117,36 @@ public class RequestImpl implements IRequest, Serializable{
public String getRequestID() {
return requestID;
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedIDP()
+ */
+ @Override
+ public String getRequestedIDP() {
+ return requestedIDP;
+ }
+
+ /**
+ * @param requestedIDP the requestedIDP to set
+ */
+ public void setRequestedIDP(String requestedIDP) {
+ this.requestedIDP = requestedIDP;
+ }
+
+ /**
+ * @return the response
+ */
+ public MOAResponse getInterfederationResponse() {
+ return response;
+ }
+
+ /**
+ * @param response the response to set
+ */
+ public void setInterfederationResponse(MOAResponse response) {
+ this.response = response;
+ }
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 684c6630a..c2b9bab52 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -31,11 +31,15 @@ import javax.servlet.http.HttpServletResponse;
import org.hibernate.Query;
import org.hibernate.Session;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
@@ -44,9 +48,12 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class SSOManager {
private static final String SSOCOOKIE = "MOA_ID_SSO";
+ private static final String SSOINTERFEDERATION = "MOA_INTERFEDERATION_SSO";
private static final int DEFAULTSSOTIMEOUT = 15 * 60; // sec
+ private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec
+
private static SSOManager instance = null;
private static int sso_timeout;
@@ -68,7 +75,46 @@ public class SSOManager {
return instance;
}
- public boolean isValidSSOSession(String ssoSessionID, HttpServletRequest httpReq) {
+ public void checkInterfederationIsRequested(HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IRequest protocolRequest) {
+ String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP);
+
+ if (MiscUtil.isNotEmpty(protocolRequest.getRequestedIDP())) {
+ Logger.info("Protocolspecific preprocessing already set interfederation IDP " + protocolRequest.getRequestedIDP());
+
+ }
+
+ if (protocolRequest instanceof RequestImpl) {
+ //check if IDP is requested
+ RequestImpl moaReq = (RequestImpl) protocolRequest;
+ if (MiscUtil.isNotEmpty(interIDP)) {
+ Logger.info("Receive SSO request for interfederation IDP " + interIDP);
+ moaReq.setRequestedIDP(interIDP);
+
+ } else {
+ //check if IDP cookie is set
+ String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION);
+ if (MiscUtil.isNotEmpty(cookie)) {
+ Logger.info("Receive SSO request for interfederation IDP from Cookie " + cookie);
+ moaReq.setRequestedIDP(cookie);
+
+ deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);
+ }
+ }
+
+ } else {
+ Logger.warn("Request is not of type RequestImpl");
+
+ }
+ }
+
+ public void setInterfederationIDPCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String value) {
+ setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE);
+
+ }
+
+
+ public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) {
// search SSO Session
if (ssoSessionID == null) {
@@ -76,15 +122,42 @@ public class SSOManager {
return false;
}
- // String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(),
- // AuthenticationManager.MOA_SESSION, null);
+ AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
- return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
+ if (storedSession == null)
+ return false;
+
+ else {
+ if (protocolRequest != null &&
+ protocolRequest instanceof RequestImpl &&
+ storedSession.isInterfederatedSSOSession()) {
+
+ if (MiscUtil.isEmpty(((RequestImpl) protocolRequest).getRequestedIDP())) {
+ InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());
+
+ if (selectedIDP != null) {
+ //no local SSO session exist -> request interfederated IDP
+ ((RequestImpl) protocolRequest).setRequestedIDP(selectedIDP.getIdpurlprefix());
+
+ } else {
+ Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
+ MOASessionDBUtils.delete(storedSession);
+
+ }
+ }
+
+ return false;
+
+ }
+
+ return true;
+ }
}
public String getMOASession(String ssoSessionID) {
- return AuthenticationSessionStoreage.getMOASessionID(ssoSessionID);
+ return AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID);
+
}
public String existsOldSSOSession(String ssoId) {
@@ -95,24 +168,10 @@ public class SSOManager {
List<OldSSOSessionIDStore> result;
synchronized (session) {
-
-// try {
-// session.getTransaction().rollback();
-// }
-// catch (Exception e) {
-// e.printStackTrace();
-// }
-// try {
-// session.getSessionFactory().openSession();
-// }
-// catch (Exception e) {
-// e.printStackTrace();
-// }
- // session.getTransaction().begin();
-
+
session.beginTransaction();
Query query = session.getNamedQuery("getSSOSessionWithOldSessionID");
- query.setString("sessionid", ssoId);
+ query.setParameter("sessionid", ssoId);
result = query.list();
// send transaction
@@ -156,22 +215,58 @@ public class SSOManager {
return newSSOId;
}
-
+
public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) {
- Cookie[] cookies = httpReq.getCookies();
+ setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, sso_timeout);
- if (cookies != null) {
- deleteSSOSessionID(httpReq, httpResp);
- }
+ }
- Cookie cookie = new Cookie(SSOCOOKIE, ssoId);
- cookie.setMaxAge(sso_timeout);
- cookie.setSecure(true);
- cookie.setPath(httpReq.getContextPath());
- httpResp.addCookie(cookie);
+ public String getSSOSessionID(HttpServletRequest httpReq) {
+ return getValueFromCookie(httpReq, SSOCOOKIE);
+
+ }
+
+ public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ deleteCookie(httpReq, httpResp, SSOCOOKIE);
}
- public String getSSOSessionID(HttpServletRequest httpReq) {
+ /**
+ * @param entityID
+ * @param request
+ */
+ public boolean removeInterfederatedSSOIDP(String entityID,
+ HttpServletRequest request) {
+
+ String ssoSessionID = getSSOSessionID(request);
+
+ if (MiscUtil.isNotEmpty(ssoSessionID)) {
+
+ AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
+
+ if (storedSession == null)
+ return false;
+
+ InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASessionIDPID(storedSession.getSessionid(), entityID);
+
+ if (selectedIDP != null) {
+ //no local SSO session exist -> request interfederated IDP
+ Logger.info("Delete interfederated IDP " + selectedIDP.getIdpurlprefix()
+ + " from MOASession " + storedSession.getSessionid());
+ MOASessionDBUtils.delete(selectedIDP);
+
+ } else {
+ Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
+
+ }
+
+ return true;
+
+ } else
+ return false;
+
+ }
+
+ private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) {
Cookie[] cookies = httpReq.getCookies();
if (cookies != null) {
@@ -181,7 +276,7 @@ public class SSOManager {
// (firefox)
// if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) {
- if (cookie.getName().equals(SSOCOOKIE)) {
+ if (cookie.getName().equals(cookieName)) {
return cookie.getValue();
}
}
@@ -189,13 +284,21 @@ public class SSOManager {
return null;
}
- public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) {
- Cookie[] cookies = httpReq.getCookies();
+ private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp,
+ String cookieName, String cookieValue, int maxAge) {
- if (cookies != null) {
- for (Cookie cookie : cookies) {
- if (!cookie.getName().equals(SSOCOOKIE)) httpResp.addCookie(cookie);
- }
- }
+ Cookie cookie = new Cookie(cookieName, cookieValue);
+ cookie.setMaxAge(maxAge);
+ cookie.setSecure(true);
+
+ //TODO: could be a problem if the IDP is accessible from different contextPaths or Domains
+ cookie.setPath(httpReq.getContextPath());
+
+ httpResp.addCookie(cookie);
+ }
+
+ private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) {
+ setCookie(httpReq, httpResp, cookieName, "", 1);
}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 394fd1430..3b0d07ce1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -27,9 +27,8 @@ import java.util.List;
import org.apache.commons.lang.StringUtils;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.oauth20.Pair;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDAuthBlock;
@@ -173,10 +172,10 @@ public final class OAuth20AttributeBuilder {
}
private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject,
- final AuthenticationSession authSession, final OAAuthParameter oaParam, final AuthenticationData authData) {
+ final OAAuthParameter oaParam, final IAuthData authData) {
for (IAttributeBuilder b : builders) {
try {
- Pair<String, JsonPrimitive> attribute = b.build(authSession, oaParam, authData, generator);
+ Pair<String, JsonPrimitive> attribute = b.build(oaParam, authData, generator);
if (attribute != null && !StringUtils.isEmpty(attribute.getSecond().getAsString())) {
jsonObject.add(attribute.getFirst(), attribute.getSecond());
}
@@ -187,33 +186,70 @@ public final class OAuth20AttributeBuilder {
}
}
- public static void addScopeOpenId(final JsonObject jsonObject, final AuthenticationSession authSession,
- final OAAuthParameter oaParam, final AuthenticationData authData) {
- addAttibutes(buildersOpenId, jsonObject, authSession, oaParam, authData);
+ public static void addScopeOpenId(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersOpenId, jsonObject, oaParam, authData);
}
- public static void addScopeProfile(final JsonObject jsonObject, final AuthenticationSession authSession,
- final OAAuthParameter oaParam, final AuthenticationData authData) {
- addAttibutes(buildersProfile, jsonObject, authSession, oaParam, authData);
+ public static void addScopeProfile(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersProfile, jsonObject, oaParam, authData);
}
- public static void addScopeEID(final JsonObject jsonObject, final AuthenticationSession authSession,
- final OAAuthParameter oaParam, final AuthenticationData authData) {
- addAttibutes(buildersEID, jsonObject, authSession, oaParam, authData);
+ public static void addScopeEID(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersEID, jsonObject, oaParam, authData);
}
- public static void addScopeEIDGov(final JsonObject jsonObject, final AuthenticationSession authSession,
- final OAAuthParameter oaParam, final AuthenticationData authData) {
- addAttibutes(buildersEIDGov, jsonObject, authSession, oaParam, authData);
+ public static void addScopeEIDGov(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersEIDGov, jsonObject, oaParam, authData);
}
- public static void addScopeMandate(final JsonObject jsonObject, final AuthenticationSession authSession,
- final OAAuthParameter oaParam, final AuthenticationData authData) {
- addAttibutes(buildersMandate, jsonObject, authSession, oaParam, authData);
+ public static void addScopeMandate(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersMandate, jsonObject, oaParam, authData);
}
- public static void addScopeSTORK(final JsonObject jsonObject, final AuthenticationSession authSession,
- final OAAuthParameter oaParam, final AuthenticationData authData) {
- addAttibutes(buildersSTORK, jsonObject, authSession, oaParam, authData);
+ public static void addScopeSTORK(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersSTORK, jsonObject, oaParam, authData);
}
+
+ /**
+ * @return the buildersprofile
+ */
+ public static List<IAttributeBuilder> getBuildersprofile() {
+ return buildersProfile;
+ }
+
+ /**
+ * @return the builderseid
+ */
+ public static List<IAttributeBuilder> getBuilderseid() {
+ return buildersEID;
+ }
+
+ /**
+ * @return the builderseidgov
+ */
+ public static List<IAttributeBuilder> getBuilderseidgov() {
+ return buildersEIDGov;
+ }
+
+ /**
+ * @return the buildersmandate
+ */
+ public static List<IAttributeBuilder> getBuildersmandate() {
+ return buildersMandate;
+ }
+
+ /**
+ * @return the buildersstork
+ */
+ public static List<IAttributeBuilder> getBuildersstork() {
+ return buildersSTORK;
+ }
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
index da1980896..121648499 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -35,9 +34,9 @@ public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder {
return "auth_time";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- return g.buildLongAttribute(this.getName(), "", ((long) (authData.getTimestamp().getTime() / 1000)));
+ return g.buildLongAttribute(this.getName(), "", ((long) (authData.getIssueInstant().getTime() / 1000)));
}
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
index e7a85705a..9230c0105 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
@@ -24,9 +24,8 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
import java.util.Date;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -39,7 +38,7 @@ public class OpenIdExpirationTimeAttribute implements IAttributeBuilder {
return "exp";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000 + expirationTime));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
index a75dfd029..3bdda5c2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
@@ -24,9 +24,8 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
import java.util.Date;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -37,7 +36,7 @@ public class OpenIdIssueInstantAttribute implements IAttributeBuilder {
return "iat";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
index d21f1a5bb..85c46d5b2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -35,7 +34,7 @@ public class OpenIdIssuerAttribute implements IAttributeBuilder {
return "iss";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(this.getName(), "", authData.getIssuer());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
index bc48ce915..d5bda0dba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -35,7 +34,7 @@ public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder {
return "sub";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(this.getName(), "", authData.getBPK());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
index a92b0c12d..dd84536ed 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -35,9 +34,9 @@ public class ProfileDateOfBirthAttribute implements IAttributeBuilder {
return "birthdate";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- return g.buildStringAttribute(this.getName(), "", authData.getDateOfBirth());
+ return g.buildStringAttribute(this.getName(), "", authData.getFormatedDateOfBirth());
}
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
index 5ce22a6c6..02cc66e4b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -35,7 +34,7 @@ public class ProfileFamilyNameAttribute implements IAttributeBuilder {
return "family_name";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(this.getName(), "", authData.getFamilyName());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
index 047bfa9a9..302ce8105 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -35,7 +34,7 @@ public class ProfileGivenNameAttribute implements IAttributeBuilder {
return "given_name";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(this.getName(), "", authData.getGivenName());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index 3cc12ff98..4c70ce995 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -30,13 +30,10 @@ import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -53,14 +50,13 @@ import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil;
import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken;
import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
class OAuth20AuthAction implements IAction {
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
- AuthenticationSession moasession) throws MOAIDException {
+ IAuthData authData) throws MOAIDException {
OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req;
String responseType = oAuthRequest.getResponseType();
@@ -78,7 +74,7 @@ class OAuth20AuthAction implements IAction {
o.setCode(code);
//generate idToken from MOASession
- Map<String, Object> idToken = generateIDToken(o, oAuthRequest, moasession, accessToken);
+ Map<String, Object> idToken = generateIDToken(o, oAuthRequest, authData, accessToken);
o.setAuthDataSession(idToken);
} else if (responseType.equals(OAuth20Constants.RESPONSE_TOKEN)) {
@@ -104,7 +100,7 @@ class OAuth20AuthAction implements IAction {
//TODO: maybe add bPK / wbPK to SLO information
- SLOInformationInterface sloInformation = new SLOInformationImpl(accessToken, null, req.requestedModule());
+ SLOInformationInterface sloInformation = new SLOInformationImpl(accessToken, null, null, req.requestedModule());
return sloInformation;
}
@@ -124,7 +120,7 @@ class OAuth20AuthAction implements IAction {
}
private Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject,
- OAuth20AuthRequest oAuthRequest, AuthenticationSession moasession, String accessToken) throws SignatureException, MOAIDException {
+ OAuth20AuthRequest oAuthRequest, IAuthData authData, String accessToken) throws SignatureException, MOAIDException {
// create response
Map<String, Object> params = new HashMap<String, Object>();
@@ -134,7 +130,7 @@ class OAuth20AuthAction implements IAction {
// build id token and scope
Pair<String, String> pair = buildIdToken(auth20SessionObject.getScope(), oAuthRequest,
- moasession);
+ authData);
Logger.debug("RESPONSE ID_TOKEN: " + pair.getFirst());
params.put(OAuth20Constants.RESPONSE_ID_TOKEN, pair.getFirst());
Logger.debug("RESPONSE SCOPE: " + pair.getSecond());
@@ -144,34 +140,33 @@ class OAuth20AuthAction implements IAction {
}
- private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, AuthenticationSession session)
+ private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData)
throws MOAIDException, SignatureException {
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL());
- AuthenticationData authData = AuthenticationServer.buildAuthenticationData(session, oaParam, oAuthRequest.getTarget());
OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer());
OAuthJsonToken token = new OAuthJsonToken(signer);
StringBuilder resultScopes = new StringBuilder();
// always fill with open id
- OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), oaParam, authData);
resultScopes.append("openId");
for (String s : scope.split(" ")) {
if (s.equalsIgnoreCase("profile")) {
- OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), oaParam, authData);
resultScopes.append(" profile");
} else if (s.equalsIgnoreCase("eID")) {
- OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), oaParam, authData);
resultScopes.append(" eID");
} else if (s.equalsIgnoreCase("eID_gov")) {
- OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), oaParam, authData);
resultScopes.append(" eID_gov");
} else if (s.equalsIgnoreCase("mandate")) {
- OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), oaParam, authData);
resultScopes.append(" mandate");
} else if (s.equalsIgnoreCase("stork")) {
- OAuth20AttributeBuilder.addScopeSTORK(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ OAuth20AttributeBuilder.addScopeSTORK(token.getPayloadAsJsonObject(), oaParam, authData);
resultScopes.append(" stork");
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index dc3335631..c47e366a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -22,17 +22,29 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
import javax.servlet.http.HttpServletRequest;
+import org.opensaml.saml2.core.Attribute;
+
import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
+import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.logging.Logger;
class OAuth20AuthRequest extends OAuth20BaseRequest {
@@ -153,4 +165,48 @@ class OAuth20AuthRequest extends OAuth20BaseRequest {
}
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+ Map<String, String> reqAttr = new HashMap<String, String>();
+ for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
+ reqAttr.put(el, "");
+
+ try {
+ OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL());
+
+ for (String s : scope.split(" ")) {
+ if (s.equalsIgnoreCase("profile")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("eID")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("eID_gov")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("mandate")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("stork")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork())
+ reqAttr.put(el.getName(), "");
+
+ }
+ }
+
+ return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator());
+
+ } catch (ConfigurationException e) {
+ Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
+ return null;
+ }
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 00b7a83f0..951960bc6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -2,6 +2,7 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
import java.net.URLEncoder;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
@@ -16,11 +17,14 @@ import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import com.google.gson.JsonObject;
+import edu.emory.mathcs.backport.java.util.Arrays;
+
public class OAuth20Protocol implements IModulInfo {
public static final String NAME = OAuth20Protocol.class.getName();
@@ -29,6 +33,13 @@ public class OAuth20Protocol implements IModulInfo {
public static final String AUTH_ACTION = "AUTH";
public static final String TOKEN_ACTION = "TOKEN";
+ @SuppressWarnings("unchecked")
+ public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
+ new String[] {
+ PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME,
+ PVPConstants.BPK_NAME
+ });
+
private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
static {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
index be320271a..944da38d0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -26,9 +26,9 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -44,7 +44,7 @@ import com.google.gson.JsonObject;
class OAuth20TokenAction implements IAction {
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
- AuthenticationSession moasession) throws MOAIDException {
+ IAuthData authData) throws MOAIDException {
OAuth20SessionObject auth20SessionObject = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index 0f1ba23b3..3c90a5773 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -22,8 +22,12 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+import java.util.List;
+
import javax.servlet.http.HttpServletRequest;
+import org.opensaml.saml2.core.Attribute;
+
import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -137,4 +141,12 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
this.allowedParameters.add(OAuth20Constants.PARAM_SCOPE);
this.allowedParameters.add(OAuth20Constants.PARAM_REDIRECT_URI);
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+ return null;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
new file mode 100644
index 000000000..71d1c26d4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -0,0 +1,178 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.joda.time.DateTime;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeQuery;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.SecurityException;
+
+import edu.emory.mathcs.backport.java.util.Arrays;
+
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AttributQueryAction implements IAction {
+
+ @SuppressWarnings("unchecked")
+ private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
+ new String[]{PVPConstants.EID_STORK_TOKEN_NAME});
+
+ @SuppressWarnings("unchecked")
+ private final static List<String> DEFAULTMANDATEATTRIBUTES = Arrays.asList(
+ new String[]{ PVPConstants.MANDATE_FULL_MANDATE_NAME,
+ PVPConstants.MANDATE_PROF_REP_OID_NAME});
+
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
+ */
+ @Override
+ public SLOInformationInterface processRequest(IRequest req,
+ HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IAuthData authData) throws MOAIDException {
+
+ if (req instanceof PVPTargetConfiguration &&
+ ((PVPTargetConfiguration) req).getRequest() instanceof MOARequest &&
+ ((MOARequest)((PVPTargetConfiguration) req).getRequest()).getSamlRequest() instanceof AttributeQuery) {
+
+ AttributeQuery attrQuery = (AttributeQuery)((MOARequest)((PVPTargetConfiguration) req).getRequest()).getSamlRequest();
+
+ //load moaSession
+ String nameID = attrQuery.getSubject().getNameID().getValue();
+
+ AuthenticationSession session = AuthenticationSessionStoreage.getSessionWithUserNameID(nameID);
+ if (session == null) {
+ Logger.warn("AttributeQuery nameID does not match to an active single sign-on session.");
+ throw new AttributQueryException("AttributeQuery nameID does not match to an active single sign-on session.", null);
+
+ }
+
+ DateTime date = new DateTime();
+
+ //generate authData
+ authData = AuthenticationDataBuilder.buildAuthenticationData(req, session, attrQuery.getAttributes());
+
+ //add default attributes in case of mandates or STORK is in use
+ List<String> attrList = addDefaultAttributes(attrQuery, authData);
+
+ //build PVP 2.1 assertion
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(attrQuery, attrList, authData, date, authData.getSessionIndex());
+
+ //build PVP 2.1 response
+ Response authResponse = AuthResponseBuilder.buildResponse(attrQuery, date, assertion);
+
+ try {
+ SoapBinding decoder = new SoapBinding();
+ decoder.encodeRespone(httpReq, httpResp, authResponse, null, null);
+ return null;
+
+ } catch (MessageEncodingException e) {
+ Logger.error("Message Encoding exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ } catch (SecurityException e) {
+ Logger.error("Security exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ }
+
+ } else {
+ Logger.error("Process AttributeQueryAction but request is NOT of type AttributQuery.");
+ throw new MOAIDException("pvp2.13", null);
+
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp) {
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+ */
+ @Override
+ public String getDefaultActionName() {
+ return PVP2XProtocol.ATTRIBUTEQUERY;
+ }
+
+ private List<String> addDefaultAttributes(AttributeQuery query, IAuthData authData) {
+
+ List<String> reqAttributs = new ArrayList<String>();
+
+ for (Attribute attr : query.getAttributes()) {
+ reqAttributs.add(attr.getName());
+
+ }
+
+ //add default STORK attributes if it is a STORK authentication
+ if (authData.isForeigner() && !reqAttributs.containsAll(DEFAULTSTORKATTRIBUTES)) {
+ for (String el : DEFAULTSTORKATTRIBUTES) {
+ if (!reqAttributs.contains(el))
+ reqAttributs.add(el);
+ }
+ }
+
+ //add default mandate attributes if it is a authentication with mandates
+ if (authData.isUseMandate() && !reqAttributs.containsAll(DEFAULTMANDATEATTRIBUTES)) {
+ for (String el : DEFAULTMANDATEATTRIBUTES) {
+ if (!reqAttributs.contains(el))
+ reqAttributs.add(el);
+ }
+ }
+
+ return reqAttributs;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index 1221e7234..70db9cc23 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -25,8 +25,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -36,10 +36,11 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager;
public class AuthenticationAction implements IAction {
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req;
- SLOInformationImpl sloInformation = (SLOInformationImpl) RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession);
+
+ SLOInformationImpl sloInformation = (SLOInformationImpl) RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, authData);
//set protocol type
sloInformation.setProtocolType(req.requestedModule());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index a29728245..01f7e18ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -38,31 +38,42 @@ import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.ContactPerson;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.KeyDescriptor;
+import org.opensaml.saml2.metadata.LocalizedString;
import org.opensaml.saml2.metadata.NameIDFormat;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.ServiceName;
+import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.Signer;
import org.w3c.dom.Document;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
@@ -71,7 +82,7 @@ public class MetadataAction implements IAction {
private static final int VALIDUNTIL_IN_HOURS = 24;
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
try {
EntitiesDescriptor idpEntitiesDescriptor =
@@ -111,6 +122,7 @@ public class MetadataAction implements IAction {
//keyInfoFactory.setEmitPublicKeyValue(true);
keyInfoFactory.setEmitEntityIDAsKeyName(true);
keyInfoFactory.setEmitEntityCertificate(true);
+
KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
Credential metadataSigningCredential = CredentialProvider.getIDPMetaDataSigningCredential();
@@ -121,106 +133,12 @@ public class MetadataAction implements IAction {
SecurityHelper.prepareSignatureParams(signature, metadataSigningCredential, null, null);
idpEntitiesDescriptor.setSignature(signature);
-
-// //set SignatureMethode
-// signature.setSignatureAlgorithm(PVPConstants.DEFAULT_SIGNING_METHODE);
-//
-// //set DigestMethode
-// List<ContentReference> contentList = signature.getContentReferences();
-// for (ContentReference content : contentList) {
-//
-// if (content instanceof SAMLObjectContentReference) {
-//
-// SAMLObjectContentReference el = (SAMLObjectContentReference) content;
-// el.setDigestAlgorithm(PVPConstants.DEFAULT_DIGESTMETHODE);
-//
-// }
-// }
-
-
-// KeyInfoBuilder metadataKeyInfoBuilder = new KeyInfoBuilder();
-// KeyInfo metadataKeyInfo = metadataKeyInfoBuilder.buildObject();
-// //KeyInfoHelper.addCertificate(metadataKeyInfo, metadataSigningCredential.);
-// signature.setKeyInfo(metadataKeyInfo );
-
-
-
- IDPSSODescriptor idpSSODescriptor = SAML2Utils
- .createSAMLObject(IDPSSODescriptor.class);
- idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
-
- idpSSODescriptor.setWantAuthnRequestsSigned(true);
-
- if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) {
- SingleSignOnService postSingleSignOnService = SAML2Utils
- .createSAMLObject(SingleSignOnService.class);
-
- postSingleSignOnService.setLocation(PVPConfiguration
- .getInstance().getIDPSSOPostService());
- postSingleSignOnService
- .setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-
- idpSSODescriptor.getSingleSignOnServices().add(
- postSingleSignOnService);
- }
-
- if (PVPConfiguration.getInstance().getIDPSSORedirectService() != null) {
- SingleSignOnService redirectSingleSignOnService = SAML2Utils
- .createSAMLObject(SingleSignOnService.class);
-
- redirectSingleSignOnService.setLocation(PVPConfiguration
- .getInstance().getIDPSSORedirectService());
- redirectSingleSignOnService
- .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-
- idpSSODescriptor.getSingleSignOnServices().add(
- redirectSingleSignOnService);
- }
-
- /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) {
- ArtifactResolutionService artifactResolutionService = SAML2Utils
- .createSAMLObject(ArtifactResolutionService.class);
-
- artifactResolutionService
- .setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
- artifactResolutionService.setLocation(PVPConfiguration
- .getInstance().getIDPResolveSOAPService());
-
- artifactResolutionService.setIndex(0);
-
- idpSSODescriptor.getArtifactResolutionServices().add(
- artifactResolutionService);
- }*/
-
- //set assertion signing key
- Credential assertionSigingCredential = CredentialProvider
- .getIDPAssertionSigningCredential();
-
- KeyDescriptor signKeyDescriptor = SAML2Utils
- .createSAMLObject(KeyDescriptor.class);
- signKeyDescriptor.setUse(UsageType.SIGNING);
- signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(assertionSigingCredential));
- idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
-
- idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes());
-
- NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
- persistenNameIDFormat.setFormat(NameIDType.PERSISTENT);
-
- idpSSODescriptor.getNameIDFormats().add(persistenNameIDFormat);
-
- NameIDFormat transientNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
- transientNameIDFormat.setFormat(NameIDType.TRANSIENT);
+ //set IDP metadata
+ idpEntityDescriptor.getRoleDescriptors().add(generateIDPMetadata(keyInfoGenerator));
- idpSSODescriptor.getNameIDFormats().add(transientNameIDFormat);
-
- NameIDFormat unspecifiedNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
- unspecifiedNameIDFormat.setFormat(NameIDType.UNSPECIFIED);
-
- idpSSODescriptor.getNameIDFormats().add(unspecifiedNameIDFormat);
-
- idpEntityDescriptor.getRoleDescriptors().add(idpSSODescriptor);
+ //set SP metadata for interfederation
+ idpEntityDescriptor.getRoleDescriptors().add(generateSPMetadata(keyInfoGenerator));
DocumentBuilder builder;
DocumentBuilderFactory factory = DocumentBuilderFactory
@@ -244,9 +162,8 @@ public class MetadataAction implements IAction {
sw.close();
String metadataXML = sw.toString();
-
- System.out.println("METADATA: " + metadataXML);
-
+ Logger.debug("METADATA: " + metadataXML);
+
httpResp.setContentType("text/xml");
httpResp.getOutputStream().write(metadataXML.getBytes());
@@ -269,4 +186,228 @@ public class MetadataAction implements IAction {
return (PVP2XProtocol.METADATA);
}
+ private RoleDescriptor generateSPMetadata(KeyInfoGenerator keyInfoGenerator) throws CredentialsNotAvailableException, SecurityException, ConfigurationException {
+
+ Logger.debug("Set SP Metadata key information");
+
+ SPSSODescriptor spSSODescriptor = SAML2Utils
+ .createSAMLObject(SPSSODescriptor.class);
+
+ spSSODescriptor.setAuthnRequestsSigned(true);
+ spSSODescriptor.setWantAssertionsSigned(true);
+
+
+ //Set AuthRequest Signing certificate
+ X509Credential authcredential = CredentialProvider.getIDPAssertionSigningCredential();
+
+ KeyDescriptor signKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ signKeyDescriptor.setUse(UsageType.SIGNING);
+ signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential));
+ spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
+
+
+ //set AuthRequest encryption certificate
+
+ X509Credential authEncCredential = CredentialProvider.getIDPAssertionEncryptionCredential();
+
+ if (authEncCredential != null) {
+ KeyDescriptor encryKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ encryKeyDescriptor.setUse(UsageType.ENCRYPTION);
+ encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential));
+ spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor);
+
+ } else {
+ Logger.warn("No Assertion Encryption-Key defined. This setting is not recommended!");
+
+ }
+
+ NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ persistentnameIDFormat.setFormat(NameIDType.PERSISTENT);
+
+ spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat);
+
+ NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ transientnameIDFormat.setFormat(NameIDType.TRANSIENT);
+
+ spSSODescriptor.getNameIDFormats().add(transientnameIDFormat);
+
+ NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED);
+
+ spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat);
+
+ //add assertion consumer services
+ AssertionConsumerService postassertionConsumerService =
+ SAML2Utils.createSAMLObject(AssertionConsumerService.class);
+ postassertionConsumerService.setIndex(0);
+ postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+ postassertionConsumerService.setLocation(PVPConfiguration
+ .getInstance().getIDPSSOPostService());
+ postassertionConsumerService.setIsDefault(true);
+ spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService);
+
+ AssertionConsumerService redirectassertionConsumerService =
+ SAML2Utils.createSAMLObject(AssertionConsumerService.class);
+ redirectassertionConsumerService.setIndex(1);
+ redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ redirectassertionConsumerService.setLocation(PVPConfiguration
+ .getInstance().getIDPSSORedirectService());
+ spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService);
+
+
+ //add SLO descriptor
+// SingleLogoutService postSLOService =
+// SAML2Utils.createSAMLObject(SingleLogoutService.class);
+// postSLOService.setLocation(PVPConfiguration
+// .getInstance().getIDPSSOPostService());
+// postSLOService
+// .setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+// spSSODescriptor.getSingleLogoutServices().add(postSLOService);
+//
+// SingleLogoutService redirectSLOService =
+// SAML2Utils.createSAMLObject(SingleLogoutService.class);
+// redirectSLOService.setLocation(PVPConfiguration
+// .getInstance().getIDPSSOPostService());
+// redirectSLOService
+// .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+// spSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
+
+
+ spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
+
+ AttributeConsumingService attributeService =
+ SAML2Utils.createSAMLObject(AttributeConsumingService.class);
+
+ attributeService.setIndex(0);
+ attributeService.setIsDefault(true);
+ ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
+ serviceName.setName(new LocalizedString("Default Service", "de"));
+ attributeService.getNames().add(serviceName);
+
+ return spSSODescriptor;
+ }
+
+ private IDPSSODescriptor generateIDPMetadata(KeyInfoGenerator keyInfoGenerator) throws ConfigurationException, CredentialsNotAvailableException, SecurityException {
+
+
+// //set SignatureMethode
+// signature.setSignatureAlgorithm(PVPConstants.DEFAULT_SIGNING_METHODE);
+//
+// //set DigestMethode
+// List<ContentReference> contentList = signature.getContentReferences();
+// for (ContentReference content : contentList) {
+//
+// if (content instanceof SAMLObjectContentReference) {
+//
+// SAMLObjectContentReference el = (SAMLObjectContentReference) content;
+// el.setDigestAlgorithm(PVPConstants.DEFAULT_DIGESTMETHODE);
+//
+// }
+// }
+
+
+// KeyInfoBuilder metadataKeyInfoBuilder = new KeyInfoBuilder();
+// KeyInfo metadataKeyInfo = metadataKeyInfoBuilder.buildObject();
+// //KeyInfoHelper.addCertificate(metadataKeyInfo, metadataSigningCredential.);
+// signature.setKeyInfo(metadataKeyInfo );
+
+
+ IDPSSODescriptor idpSSODescriptor = SAML2Utils
+ .createSAMLObject(IDPSSODescriptor.class);
+
+ idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
+
+ idpSSODescriptor.setWantAuthnRequestsSigned(true);
+
+ if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) {
+ //add SSO descriptor
+ SingleSignOnService postSingleSignOnService = SAML2Utils
+ .createSAMLObject(SingleSignOnService.class);
+ postSingleSignOnService.setLocation(PVPConfiguration
+ .getInstance().getIDPSSOPostService());
+ postSingleSignOnService
+ .setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+ idpSSODescriptor.getSingleSignOnServices().add(
+ postSingleSignOnService);
+
+ //add SLO descriptor
+// SingleLogoutService postSLOService =
+// SAML2Utils.createSAMLObject(SingleLogoutService.class);
+// postSLOService.setLocation(PVPConfiguration
+// .getInstance().getIDPSSOPostService());
+// postSLOService
+// .setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+// idpSSODescriptor.getSingleLogoutServices().add(postSLOService);
+
+ }
+
+ if (PVPConfiguration.getInstance().getIDPSSORedirectService() != null) {
+ //add SSO descriptor
+ SingleSignOnService redirectSingleSignOnService = SAML2Utils
+ .createSAMLObject(SingleSignOnService.class);
+ redirectSingleSignOnService.setLocation(PVPConfiguration
+ .getInstance().getIDPSSORedirectService());
+ redirectSingleSignOnService
+ .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ idpSSODescriptor.getSingleSignOnServices().add(
+ redirectSingleSignOnService);
+
+ //add SLO descriptor
+// SingleLogoutService redirectSLOService =
+// SAML2Utils.createSAMLObject(SingleLogoutService.class);
+// redirectSLOService.setLocation(PVPConfiguration
+// .getInstance().getIDPSSOPostService());
+// redirectSLOService
+// .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+// idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
+ }
+
+ /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) {
+ ArtifactResolutionService artifactResolutionService = SAML2Utils
+ .createSAMLObject(ArtifactResolutionService.class);
+
+ artifactResolutionService
+ .setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+ artifactResolutionService.setLocation(PVPConfiguration
+ .getInstance().getIDPResolveSOAPService());
+
+ artifactResolutionService.setIndex(0);
+
+ idpSSODescriptor.getArtifactResolutionServices().add(
+ artifactResolutionService);
+ }*/
+
+ //set assertion signing key
+ Credential assertionSigingCredential = CredentialProvider
+ .getIDPAssertionSigningCredential();
+
+ KeyDescriptor signKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ signKeyDescriptor.setUse(UsageType.SIGNING);
+ signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(assertionSigingCredential));
+ idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
+
+ idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes());
+
+ NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ persistenNameIDFormat.setFormat(NameIDType.PERSISTENT);
+
+ idpSSODescriptor.getNameIDFormats().add(persistenNameIDFormat);
+
+ NameIDFormat transientNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ transientNameIDFormat.setFormat(NameIDType.TRANSIENT);
+
+ idpSSODescriptor.getNameIDFormats().add(transientNameIDFormat);
+
+ NameIDFormat unspecifiedNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ unspecifiedNameIDFormat.setFormat(NameIDType.UNSPECIFIED);
+
+ idpSSODescriptor.getNameIDFormats().add(unspecifiedNameIDFormat);
+
+ return idpSSODescriptor;
+
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index e81b23d41..6527f03b5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;
import iaik.pkcs.pkcs11.objects.Object;
+import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
@@ -31,11 +32,17 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
import org.apache.commons.lang.StringEscapeUtils;
+import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
@@ -45,30 +52,49 @@ import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleLogoutService;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.signature.SignableXMLObject;
+
+import edu.emory.mathcs.backport.java.util.Arrays;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.VelocityLogAdapter;
import at.gv.egovernment.moa.logging.Logger;
@@ -81,18 +107,29 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
public static final String POST = "Post";
public static final String SOAP = "Soap";
public static final String METADATA = "Metadata";
+ public static final String ATTRIBUTEQUERY = "AttributeQuery";
+ public static final String SINGLELOGOUT = "SingleLogOut";
private static List<IDecoder> decoder = new ArrayList<IDecoder>();
private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+ @SuppressWarnings("unchecked")
+ public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
+ new String[] {
+ PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME
+ });
+
static {
decoder.add(new PostBinding());
decoder.add(new RedirectBinding());
+ decoder.add(new SoapBinding());
actions.put(REDIRECT, new AuthenticationAction());
actions.put(POST, new AuthenticationAction());
actions.put(METADATA, new MetadataAction());
+ actions.put(ATTRIBUTEQUERY, new AttributQueryAction());
+ actions.put(SINGLELOGOUT, new SingleLogOutAction());
//TODO: insert getArtifact action
@@ -133,7 +170,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
public PVP2XProtocol() {
super();
}
-
+
public IRequest preProcess(HttpServletRequest request,
HttpServletResponse response, String action) throws MOAIDException {
@@ -147,6 +184,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
if(METADATA.equals(action)) {
return new PVPTargetConfiguration();
+
}
IDecoder decoder = findDecoder(action, request);
@@ -154,100 +192,67 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
return null;
}
try {
- PVPTargetConfiguration config = new PVPTargetConfiguration();
-
- MOARequest moaRequest = decoder.decodeRequest(request, response);
-
- RequestAbstractType samlReq = moaRequest.getSamlRequest();
-
- //String xml = PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(samlReq));
- //Logger.info("SAML : " + xml);
+ InboundMessage msg = (InboundMessage) decoder.decode(request, response);
- if(!moaRequest.isVerified()) {
+ if(!msg.isVerified()) {
SAMLVerificationEngine engine = new SAMLVerificationEngine();
- engine.verifyRequest(samlReq, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
- moaRequest.setVerified(true);
- }
-
- if(!(samlReq instanceof AuthnRequest)) {
- throw new MOAIDException("Unsupported request", new Object[] {});
- }
-
- EntityDescriptor metadata = moaRequest.getEntityMetadata();
- if(metadata == null) {
- throw new NoMetadataInformationException();
- }
- SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-
- AuthnRequest authnRequest = (AuthnRequest)samlReq;
-
- Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
- int assertionidx = 0;
-
- if(aIdx != null) {
- assertionidx = aIdx.intValue();
+ engine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+ msg.setVerified(true);
- } else {
- assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
}
- aIdx = authnRequest.getAttributeConsumingServiceIndex();
- int attributeIdx = 0;
-
- if(aIdx != null) {
- attributeIdx = aIdx.intValue();
- }
+ if (msg instanceof MOARequest &&
+ ((MOARequest)msg).getSamlRequest() instanceof AuthnRequest)
+ return preProcessAuthRequest(request, response, (MOARequest) msg);
- AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
+ else if (msg instanceof MOARequest &&
+ ((MOARequest)msg).getSamlRequest() instanceof AttributeQuery)
+ return preProcessAttributQueryRequest(request, response, (MOARequest) msg);
+
+ else if (msg instanceof MOARequest &&
+ ((MOARequest)msg).getSamlRequest() instanceof LogoutRequest)
+ return preProcessLogOut(request, response, (MOARequest) msg);
- AttributeConsumingService attributeConsumer = null;
+ else if (msg instanceof MOARequest &&
+ ((MOARequest)msg).getSamlRequest() instanceof LogoutResponse)
+ return preProcessLogOut(request, response, (MOARequest) msg);
- if (spSSODescriptor.getAttributeConsumingServices() != null &&
- spSSODescriptor.getAttributeConsumingServices().size() > 0) {
- attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
- }
+ else if (msg instanceof MOAResponse) {
+ //load service provider AuthRequest from session
+
+ IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState());
+ if (obj instanceof RequestImpl) {
+ RequestImpl iReqSP = (RequestImpl) obj;
+
+ MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
+
+ if ( processedMsg != null ) {
+ iReqSP.setInterfederationResponse(processedMsg);
+
+ } else {
+ Logger.info("Receive NO valid SSO session from " + msg.getEntityID()
+ +". Switch to local authentication process ...");
- String oaURL = moaRequest.getEntityMetadata().getEntityID();
- String binding = consumerService.getBinding();
-// String entityID = moaRequest.getEntityMetadata().getEntityID();
-
- Logger.info("Dispatch PVP2 Request: OAURL=" + oaURL + " Binding=" + binding);
-
- oaURL = StringEscapeUtils.escapeHtml(oaURL);
-
- config.setOAURL(oaURL);
- config.setBinding(binding);
- config.setRequest(moaRequest);
- config.setConsumerURL(consumerService.getLocation());
+ SSOManager ssomanager = SSOManager.getInstance();
+ ssomanager.removeInterfederatedSSOIDP(msg.getEntityID(), request);
+
+ iReqSP.setRequestedIDP(null);
- String useMandate = request.getParameter(PARAM_USEMANDATE);
- if(useMandate != null) {
- if(useMandate.equals("true") && attributeConsumer != null) {
- if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
- throw new MandateAttributesNotHandleAbleException();
}
+
+ return iReqSP;
+
}
- }
- //validate AuthnRequest
- try {
- AuthnRequestValidator.validate((AuthnRequestImpl) samlReq);
-
- } catch (AuthnRequestValidatorException e) {
- if (generateErrorMessage(e, request, response, config)) {
- throw new AuthnRequestValidatorException(e.getMessage(),
- new Object[] {}, config);
-
- } else {
- throw new MOAIDException(e.getMessage(), new Object[] {});
-
- }
+ Logger.error("Stored PVP21 authrequest from service provider has an unsuppored type.");
+ return null;
+
+ } else {
+ Logger.error("Receive unsupported PVP21 message");
+ throw new MOAIDException("Unsupported PVP21 message", new Object[] {});
}
-
- //request.getSession().setAttribute(PARAM_OA, oaURL);
- return config;
} catch (PVP2Exception e) {
throw e;
@@ -285,6 +290,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
} else if (e instanceof NameIDFormatNotSupportedException) {
statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY_URI);
statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
+
+ } else if (e instanceof SLOException) {
+ //SLOExecpetions only occurs if session information is lost
+ return false;
} else if(e instanceof PVP2Exception) {
PVP2Exception ex = (PVP2Exception) e;
@@ -293,6 +302,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
if(statusMessageValue != null) {
statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue));
}
+
} else {
statusCode.setValue(StatusCode.RESPONDER_URI);
@@ -306,16 +316,27 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
samlResponse.setStatus(status);
String remoteSessionID = SAML2Utils.getSecureIdentifier();
samlResponse.setID(remoteSessionID);
-
+
+ samlResponse.setIssueInstant(new DateTime());
+ Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
+ nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ nissuer.setFormat(NameID.ENTITY);
+ samlResponse.setIssuer(nissuer);
+
IEncoder encoder = null;
- if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
encoder = new RedirectBinding();
- } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) {
+
+ } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) {
// TODO: not supported YET!!
//binding = new ArtifactBinding();
+
} else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
encoder = new PostBinding();
+
+ } else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) {
+ encoder = new SoapBinding();
}
if(encoder == null) {
@@ -340,8 +361,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
HttpServletResponse response) {
if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("GET")) {
return getAction(REDIRECT);
+
} else if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("POST")) {
return getAction(POST);
+
}
if(METADATA.equals(request.getParameter("action"))) {
@@ -356,4 +379,235 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
return true;
}
+
+ /**
+ * PreProcess Single LogOut request
+ * @param request
+ * @param response
+ * @param msg
+ * @return
+ * @throws MOAIDException
+ */
+ private IRequest preProcessLogOut(HttpServletRequest request,
+ HttpServletResponse response, MOARequest msg) throws MOAIDException {
+
+ PVPTargetConfiguration config = new PVPTargetConfiguration();
+
+ if (((MOARequest)msg).getSamlRequest() instanceof LogoutRequest) {
+ //preProcess single logout request from service provider
+
+ EntityDescriptor metadata = msg.getEntityMetadata();
+ if(metadata == null) {
+ throw new NoMetadataInformationException();
+ }
+
+
+
+ String oaURL = metadata.getEntityID();
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+
+ Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
+
+ config.setOAURL(oaURL);
+ config.setBinding(msg.getRequestBinding());
+
+
+ } else if (((MOARequest)msg).getSamlRequest() instanceof LogoutResponse) {
+ //preProcess single logour response from service provider
+
+ LogoutResponse resp = (LogoutResponse) (((MOARequest)msg).getSamlRequest());
+
+ Logger.debug("PreProcess SLO Response from " + resp.getIssuer());
+
+ if (!resp.getDestination().startsWith(
+ PVPConfiguration.getInstance().getIDPPublicPath())) {
+ Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL");
+ throw new AssertionValidationExeption("PVP 2.1 single logout response destination does not match to IDP URL", null);
+
+ }
+
+ //TODO: check if relayState exists
+ msg.getRelayState();
+
+
+ } else
+ throw new MOAIDException("Unsupported request", new Object[] {});
+
+
+ config.setRequest(msg);
+ config.setAction(SINGLELOGOUT);
+ return config;
+ }
+
+ /**
+ * PreProcess AttributeQuery request
+ * @param request
+ * @param response
+ * @param moaRequest
+ * @return
+ * @throws Throwable
+ */
+ private IRequest preProcessAttributQueryRequest(HttpServletRequest request,
+ HttpServletResponse response, MOARequest moaRequest) throws Throwable {
+
+ AttributeQuery attrQuery = (AttributeQuery) moaRequest.getSamlRequest();
+ moaRequest.setEntityID(attrQuery.getIssuer().getValue());
+
+ //validate destination
+ String destinaten = attrQuery.getDestination();
+ if (!PVPConfiguration.getInstance().getIDPAttributeQueryService().equals(destinaten)) {
+ Logger.warn("AttributeQuery destination does not match IDP AttributeQueryService URL");
+ throw new AttributQueryException("AttributeQuery destination does not match IDP AttributeQueryService URL", null);
+
+ }
+
+ //check if Issuer is an interfederation IDP
+ // check parameter
+ if (!ParamValidatorUtils.isValidOA(moaRequest.getEntityID()))
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_OA, "auth.12");
+
+ OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaRequest.getEntityID());
+ if (!oa.isInderfederationIDP()) {
+ Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs.");
+ throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null);
+
+ }
+
+ if (!oa.isOutboundSSOInterfederationAllowed()) {
+ Logger.warn("Interfederation IDP " + oa.getPublicURLPrefix() + " does not allow outgoing SSO interfederation.");
+ throw new AttributQueryException("Interfederation IDP does not allow outgoing SSO interfederation.", null);
+
+ }
+
+ PVPTargetConfiguration config = new PVPTargetConfiguration();
+ config.setRequest(moaRequest);
+ config.setOAURL(moaRequest.getEntityID());
+ config.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+
+ return config;
+ }
+
+ /**
+ * PreProcess Authn request
+ * @param request
+ * @param response
+ * @param moaRequest
+ * @return
+ * @throws Throwable
+ */
+ private IRequest preProcessAuthRequest(HttpServletRequest request,
+ HttpServletResponse response, MOARequest moaRequest) throws Throwable {
+
+ SignableXMLObject samlReq = moaRequest.getSamlRequest();
+
+ if(!(samlReq instanceof AuthnRequest)) {
+ throw new MOAIDException("Unsupported request", new Object[] {});
+ }
+
+ EntityDescriptor metadata = moaRequest.getEntityMetadata();
+ if(metadata == null) {
+ throw new NoMetadataInformationException();
+ }
+ SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ AuthnRequest authnRequest = (AuthnRequest)samlReq;
+
+ Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
+ int assertionidx = 0;
+
+ if(aIdx != null) {
+ assertionidx = aIdx.intValue();
+
+ } else {
+ assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
+ }
+
+ aIdx = authnRequest.getAttributeConsumingServiceIndex();
+ int attributeIdx = 0;
+
+ if(aIdx != null) {
+ attributeIdx = aIdx.intValue();
+ }
+
+ AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
+
+ AttributeConsumingService attributeConsumer = null;
+
+ if (spSSODescriptor.getAttributeConsumingServices() != null &&
+ spSSODescriptor.getAttributeConsumingServices().size() > 0) {
+ attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
+ }
+
+ PVPTargetConfiguration config = new PVPTargetConfiguration();
+
+ String oaURL = moaRequest.getEntityMetadata().getEntityID();
+ String binding = consumerService.getBinding();
+
+ Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + binding);
+
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+
+ config.setOAURL(oaURL);
+ config.setBinding(binding);
+ config.setRequest(moaRequest);
+ config.setConsumerURL(consumerService.getLocation());
+
+ //parse AuthRequest
+ AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq;
+ config.setPassiv(authReq.isPassive());
+ config.setForce(authReq.isForceAuthn());
+
+ //validate AuthnRequest
+ AuthnRequestValidator.validate(authReq);
+
+ String useMandate = request.getParameter(PARAM_USEMANDATE);
+ if(useMandate != null) {
+ if(useMandate.equals("true") && attributeConsumer != null) {
+ if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
+ throw new MandateAttributesNotHandleAbleException();
+ }
+ }
+ }
+
+ return config;
+ }
+
+ /**
+ * PreProcess AuthResponse and Assertion
+ * @param msg
+ */
+ private MOAResponse preProcessAuthResponse(MOAResponse msg) {
+ Logger.debug("Start PVP21 assertion processing... ");
+ Response samlResp = msg.getResponse();
+
+ try {
+ if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
+
+ //validate PVP 2.1 assertion
+ SAMLVerificationEngine.validateAssertion(samlResp, true);
+
+ msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement());
+ return msg;
+
+ } else if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.NO_PASSIVE_URI)) {
+ Logger.info("Interfederation IDP has no valid Single Sign-On session. Starting local authentication ...");
+
+ }
+
+ } catch (IOException e) {
+ Logger.warn("Interfederation response marshaling FAILED.", e);
+
+ } catch (MarshallingException e) {
+ Logger.warn("Interfederation response marshaling FAILED.", e);
+
+ } catch (TransformerException e) {
+ Logger.warn("Interfederation response marshaling FAILED.", e);
+
+ } catch (AssertionValidationExeption e) {
+ //error is already logged, to nothing
+ }
+
+ return null;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 7946c7596..47c297914 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -27,6 +27,8 @@ import org.opensaml.xml.signature.SignatureConstants;
public interface PVPConstants {
+ public static final String SSLSOCKETFACTORYNAME = "MOAMetaDataProvider";
+
public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128;
@@ -39,6 +41,8 @@ public interface PVPConstants {
public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3";
public static final String STORK_QAA_1_4 = "http://www.stork.gov.eu/1.0/citizenQAALevel/4";
+ public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/1.0/";
+
public static final String URN_OID_PREFIX = "urn:oid:";
public static final String PVP_VERSION_OID = "1.2.40.0.10.2.1.1.261.10";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index b3887a444..65da23565 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -22,22 +22,41 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.impl.AuthnRequestImpl;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
+import at.gv.egovernment.moa.logging.Logger;
public class PVPTargetConfiguration extends RequestImpl {
private static final long serialVersionUID = 4889919265919638188L;
- MOARequest request;
+ InboundMessage request;
String binding;
String consumerURL;
-
- public MOARequest getRequest() {
+
+ public InboundMessage getRequest() {
return request;
}
- public void setRequest(MOARequest request) {
+ public void setRequest(InboundMessage request) {
this.request = request;
}
@@ -55,6 +74,67 @@ public class PVPTargetConfiguration extends RequestImpl {
public void setConsumerURL(String consumerURL) {
this.consumerURL = consumerURL;
+
}
-
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+
+ Map<String, String> reqAttr = new HashMap<String, String>();
+ for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
+ reqAttr.put(el, "");
+
+ try {
+ OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL());
+
+ SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata().getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+ if (spSSODescriptor.getAttributeConsumingServices() != null &&
+ spSSODescriptor.getAttributeConsumingServices().size() > 0) {
+
+ Integer aIdx = null;
+ if (getRequest() instanceof MOARequest &&
+ ((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) {
+ AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest();
+ aIdx = authnRequest.getAttributeConsumingServiceIndex();
+
+ } else {
+ Logger.error("MOARequest is NOT of type AuthnRequest");
+ }
+
+ int idx = 0;
+
+ AttributeConsumingService attributeConsumingService = null;
+
+ if (aIdx != null) {
+ idx = aIdx.intValue();
+ attributeConsumingService = spSSODescriptor
+ .getAttributeConsumingServices().get(idx);
+
+ } else {
+ List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
+ for (AttributeConsumingService el : attrConsumingServiceList) {
+ if (el.isDefault())
+ attributeConsumingService = el;
+ }
+ }
+
+ for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes())
+ reqAttr.put(attr.getName(), "");
+ }
+
+ return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator());
+
+ } catch (NoMetadataInformationException e) {
+ Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
+ return null;
+
+ } catch (ConfigurationException e) {
+ Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
+ return null;
+ }
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
new file mode 100644
index 000000000..c67d10ab7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -0,0 +1,361 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.metadata.SingleLogoutService;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.SecurityException;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationContainer;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SingleLogOutAction implements IAction {
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
+ */
+ @Override
+ public SLOInformationInterface processRequest(IRequest req,
+ HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IAuthData authData) throws MOAIDException {
+
+ PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req;
+
+ if (pvpReq.getRequest() instanceof MOARequest) {
+ MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+ if (samlReq.getSamlRequest() instanceof LogoutRequest) {
+ Logger.debug("Process Single LogOut request");
+ LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
+
+ AuthenticationSession session =
+ AuthenticationSessionStoreage.searchMOASessionWithNameIDandOAID(
+ logOutReq.getIssuer().getValue(),
+ logOutReq.getNameID().getValue());
+
+ if (session == null) {
+ Logger.warn("Can not find active SSO session with nameID "
+ + logOutReq.getNameID().getValue() + " and OA "
+ + logOutReq.getIssuer().getValue());
+ Logger.info("Search active SSO session with SSO session cookie");
+ SSOManager ssomanager = SSOManager.getInstance();
+ String ssoID = ssomanager.getSSOSessionID(httpReq);
+ if (MiscUtil.isEmpty(ssoID)) {
+ Logger.warn("Can not find active Session. Single LogOut not possible!");
+ SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ return null;
+
+ } else {
+ String moasession = ssomanager.getMOASession(ssoID);
+ try {
+ session = AuthenticationSessionStoreage.getSession(moasession);
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Can not find active Session. Single LogOut not possible!");
+ SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ return null;
+
+ }
+ }
+ }
+
+ //store active OAs to SLOContaine
+ List<OASessionStore> dbOAs = AuthenticationSessionStoreage.getAllActiveOAFromMOASession(session);
+ SLOInformationContainer sloContainer = new SLOInformationContainer();
+ sloContainer.setSloRequest(pvpReq);
+ sloContainer.parseActiveOAs(dbOAs, logOutReq.getIssuer().getValue());
+
+ //terminate MOASession
+ try {
+ AuthenticationSessionStoreage.destroySession(session.getSessionID());
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Delete MOASession FAILED.");
+ sloContainer.putFailedOA(AuthConfigurationProvider.getInstance().getPublicURLPrefix());
+
+ }
+
+ //start service provider back channel logout process
+ Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA();
+ while (nextOAInterator.hasNext()) {
+ SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next());
+ LogoutRequest sloReq = SingleLogOutBuilder.buildSLORequestMessage(sloDescr);
+
+ try {
+ List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq);
+
+ LogoutResponse sloResp = null;
+ for (XMLObject el : soapResp) {
+ if (el instanceof LogoutResponse)
+ sloResp = (LogoutResponse) el;
+ }
+
+ if (sloResp == null) {
+ Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ + " FAILED. NO LogOut response received.");
+ sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+
+ }
+
+ checkStatusCode(sloContainer, sloResp);
+
+ } catch (SOAPException e) {
+ Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ + " FAILED.", e);
+ sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+
+ } catch (SecurityException e) {
+ Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ + " FAILED.", e);
+ sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+
+ }
+ }
+
+ //start service provider front channel logout process
+ try {
+ doFrontChannelLogOut(sloContainer, httpReq, httpResp);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("MOA AssertionDatabase ERROR", e);
+ SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ return null;
+
+ }
+
+ } else if (samlReq.getSamlRequest() instanceof LogoutResponse) {
+ Logger.debug("Process Single LogOut response");
+ LogoutResponse logOutResp = (LogoutResponse) samlReq.getSamlRequest();
+
+ try {
+ if (MiscUtil.isEmpty(samlReq.getRelayState())) {
+ Logger.warn("SLO Response from " + logOutResp.getIssuer().getValue()
+ + " has no SAML2 RelayState.");
+ throw new SLOException("pvp2.19", null);
+
+ }
+
+ SLOInformationContainer sloContainer =
+ AssertionStorage.getInstance().get(samlReq.getRelayState(), SLOInformationContainer.class);
+ checkStatusCode(sloContainer, logOutResp);
+ sloContainer.removeFrontChannelOA(logOutResp.getIssuer().getValue());
+ doFrontChannelLogOut(sloContainer, httpReq, httpResp);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("MOA AssertionDatabase ERROR", e);
+ throw new SLOException("pvp2.19", null);
+
+ }
+
+ } else {
+ Logger.error("Process SingleLogOutAction but request is NOT of type LogoutRequest or LogoutResponse.");
+ throw new MOAIDException("pvp2.13", null);
+
+ }
+
+ } else {
+ Logger.error("Process SingleLogOutAction but request is NOT of type MOARequest.");
+ throw new MOAIDException("pvp2.13", null);
+
+ }
+
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp) {
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+ */
+ @Override
+ public String getDefaultActionName() {
+ return PVP2XProtocol.SINGLELOGOUT;
+ }
+
+ private void checkStatusCode(SLOInformationContainer sloContainer, LogoutResponse logOutResp) {
+ Status status = logOutResp.getStatus();
+ if (!status.getStatusCode().equals(StatusCode.SUCCESS_URI)) {
+ Logger.warn("Single LogOut for OA " + logOutResp.getIssuer().getValue()
+ + " FAILED. (ResponseCode: " + status.getStatusCode().getValue()
+ + " Message: " + status.getStatusMessage().getMessage() + ")");
+ sloContainer.putFailedOA(logOutResp.getIssuer().getValue());
+
+ } else
+ Logger.debug("Single LogOut for OA " + logOutResp.getIssuer().getValue() + " SUCCESS");
+
+ }
+
+ private void doFrontChannelLogOut(SLOInformationContainer sloContainer,
+ HttpServletRequest httpReq, HttpServletResponse httpResp
+ ) throws MOAIDException, MOADatabaseException {
+ String nextOA = sloContainer.getNextFrontChannelOA();
+ if (MiscUtil.isNotEmpty(nextOA)) {
+ SLOInformationImpl sloDescr = sloContainer.getFrontChannelOASessionDescripten(nextOA);
+ LogoutRequest sloReq = SingleLogOutBuilder.buildSLORequestMessage(sloDescr);
+ String relayState = Random.nextRandom();
+
+ AssertionStorage.getInstance().put(relayState, sloContainer);
+
+ sendFrontChannelSLOMessage(sloDescr.getServiceURL(), sloDescr.getBinding(),
+ sloReq, httpReq, httpResp, relayState);
+
+ } else {
+ //send SLO response to SLO request issuer
+ PVPTargetConfiguration pvpReq = sloContainer.getSloRequest();
+ MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+ SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+
+ }
+ }
+
+ /**
+ * @param serviceURL
+ * @param binding
+ * @param sloReq
+ * @param httpReq
+ * @param httpResp
+ * @param relayState
+ */
+ private void sendFrontChannelSLOMessage(String serviceURL, String bindingType,
+ RequestAbstractType sloReq, HttpServletRequest httpReq,
+ HttpServletResponse httpResp, String relayState) throws MOAIDException {
+ IEncoder binding = null;
+ if (bindingType.equals(
+ SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ binding = new RedirectBinding();
+
+ } else if (bindingType.equals(
+ SAMLConstants.SAML2_POST_BINDING_URI)) {
+ binding = new PostBinding();
+
+ }
+
+ if (binding == null) {
+ throw new BindingNotSupportedException(bindingType);
+ }
+
+ try {
+ binding.encodeRequest(httpReq, httpResp, sloReq,
+ serviceURL, relayState);
+
+ } catch (MessageEncodingException e) {
+ Logger.error("Message Encoding exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ } catch (SecurityException e) {
+ Logger.error("Security exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ }
+
+ }
+
+ private void sendFrontChannelSLOMessage(SingleLogoutService consumerService,
+ LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp,
+ String relayState) throws MOAIDException {
+ IEncoder binding = null;
+ if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ binding = new RedirectBinding();
+
+ } else if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_POST_BINDING_URI)) {
+ binding = new PostBinding();
+
+ }
+
+ if (binding == null) {
+ throw new BindingNotSupportedException(consumerService.getBinding());
+ }
+
+ try {
+ binding.encodeRespone(req, resp, sloResp,
+ consumerService.getLocation(), relayState);
+
+ } catch (MessageEncodingException e) {
+ Logger.error("Message Encoding exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ } catch (SecurityException e) {
+ Logger.error("Security exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ }
+
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
index 43a17af23..8691667f0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
@@ -43,13 +43,14 @@ import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.Signature;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
public class ArtifactBinding implements IDecoder, IEncoder {
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation)
+ RequestAbstractType request, String targetLocation, String relayState)
throws MessageEncodingException, SecurityException {
}
@@ -100,23 +101,21 @@ public class ArtifactBinding implements IDecoder, IEncoder {
}
}
- public MOARequest decodeRequest(HttpServletRequest req,
+ public InboundMessageInterface decode(HttpServletRequest req,
HttpServletResponse resp) throws MessageDecodingException,
SecurityException {
return null;
}
- public MOAResponse decodeRespone(HttpServletRequest req,
- HttpServletResponse resp) throws MessageDecodingException,
- SecurityException {
-
- return null;
- }
public boolean handleDecode(String action, HttpServletRequest req) {
return false;
}
+
+ public String getSAML2BindingName() {
+ return SAMLConstants.SAML2_ARTIFACT_BINDING_URI;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
index b64b28de8..fb17c02b8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
@@ -29,15 +29,14 @@ import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.xml.security.SecurityException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
public interface IDecoder {
- public MOARequest decodeRequest(HttpServletRequest req,
+ public InboundMessageInterface decode(HttpServletRequest req,
HttpServletResponse resp)
throws MessageDecodingException, SecurityException, PVP2Exception;
-
- public MOAResponse decodeRespone(HttpServletRequest req,
- HttpServletResponse resp)
- throws MessageDecodingException, SecurityException, PVP2Exception;
-
+
public boolean handleDecode(String action, HttpServletRequest req);
+
+ public String getSAML2BindingName();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
index f7dfd055c..de5548a44 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
@@ -34,7 +34,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
public interface IEncoder {
public void encodeRequest(HttpServletRequest req,
- HttpServletResponse resp, RequestAbstractType request, String targetLocation)
+ HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState)
throws MessageEncodingException, SecurityException, PVP2Exception;
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
index 1d6b227d6..3094abba8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
@@ -26,9 +26,23 @@ import org.opensaml.common.binding.decoding.URIComparator;
public class MOAURICompare implements URIComparator {
+ /**
+ * @param idpssoPostService
+ */
+
+ private String serviceURL = "";
+
+ public MOAURICompare(String serviceURL) {
+ this.serviceURL = serviceURL;
+ }
+
public boolean compare(String uri1, String uri2) {
- // TODO: implement proper equalizer for rewritten URLS
- return true;
+
+ if (this.serviceURL.equals(uri1))
+ return true;
+
+ else
+ return false;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 11e280d8f..a2fe5c01b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -34,7 +34,9 @@ import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
import org.opensaml.ws.message.decoder.MessageDecodingException;
@@ -47,6 +49,14 @@ import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
import org.opensaml.xml.security.x509.X509Credential;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
@@ -56,10 +66,38 @@ import at.gv.egovernment.moa.logging.Logger;
public class PostBinding implements IDecoder, IEncoder {
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation)
+ RequestAbstractType request, String targetLocation, String relayState)
throws MessageEncodingException, SecurityException {
- // TODO Auto-generated method stub
+
+ try {
+ X509Credential credentials = CredentialProvider
+ .getIDPAssertionSigningCredential();
+
+ VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
+ HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
+ "resources/templates/pvp_postbinding_template.html");
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject();
+ service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+ service.setLocation(targetLocation);;
+
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(request);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(relayState);
+ encoder.encode(context);
+
+ } catch (CredentialsNotAvailableException e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ }
}
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
@@ -100,63 +138,63 @@ public class PostBinding implements IDecoder, IEncoder {
}
}
- public MOARequest decodeRequest(HttpServletRequest req,
+ public InboundMessageInterface decode(HttpServletRequest req,
HttpServletResponse resp) throws MessageDecodingException,
SecurityException {
HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
- BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
+ BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
messageContext
.setInboundMessageTransport(new HttpServletRequestAdapter(req));
- decode.setURIComparator(new MOAURICompare());
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
+ try {
+ decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService()));
+
+ } catch (ConfigurationException e) {
+ throw new SecurityException(e);
+ }
+
+ decode.decode(messageContext);
+
messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
-
- decode.decode(messageContext);
-
- RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
- .getInboundMessage();
-
+ InboundMessage msg = null;
+
+ if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+ .getInboundMessage();
+ msg = new MOARequest(inboundMessage, getSAML2BindingName());
+
+ } else if (messageContext.getInboundMessage() instanceof Response){
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ Response inboundMessage = (Response) messageContext.getInboundMessage();
+ msg = new MOAResponse(inboundMessage);
+
+ } else
+ //create empty container if request type is unknown
+ msg = new InboundMessage();
- MOARequest request = new MOARequest(inboundMessage);
- request.setVerified(false);
+ msg.setVerified(false);
+ decode.decode(messageContext);
if (messageContext.getPeerEntityMetadata() != null)
- request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+ msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
else
- Logger.info("No Metadata found for OA with EntityID " + inboundMessage.getIssuer().getValue());
+ Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
- request.setRelayState(messageContext.getRelayState());
- return request;
-
- }
-
- public MOAResponse decodeRespone(HttpServletRequest req,
- HttpServletResponse resp) throws MessageDecodingException,
- SecurityException {
-
- HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
- BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(req));
-
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
- decode.decode(messageContext);
-
- Response inboundMessage = (Response) messageContext.getInboundMessage();
-
- MOAResponse moaResponse = new MOAResponse(inboundMessage);
- moaResponse.setVerified(false);
- moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata());
- return moaResponse;
-
+ msg.setRelayState(messageContext.getRelayState());
+
+ return msg;
}
public boolean handleDecode(String action, HttpServletRequest req) {
- return (req.getMethod().equals("POST"));
+ return (req.getMethod().equals("POST") && action.equals(PVP2XProtocol.POST));
+ }
+
+ public String getSAML2BindingName() {
+ return SAMLConstants.SAML2_POST_BINDING_URI;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index dc6a1f637..f5dba014b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -35,6 +35,7 @@ import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
@@ -50,7 +51,13 @@ import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.x509.X509Credential;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
@@ -61,9 +68,34 @@ import at.gv.egovernment.moa.util.DOMUtils;
public class RedirectBinding implements IDecoder, IEncoder {
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation)
+ RequestAbstractType request, String targetLocation, String relayState)
throws MessageEncodingException, SecurityException {
- // TODO: implement
+
+ try {
+ X509Credential credentials = CredentialProvider
+ .getIDPAssertionSigningCredential();
+
+ Logger.debug("create SAML RedirectBinding response");
+
+ HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(request);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(relayState);
+
+ encoder.encode(context);
+ } catch (CredentialsNotAvailableException e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ }
}
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
@@ -85,10 +117,10 @@ public class RedirectBinding implements IDecoder, IEncoder {
service.setLocation(targetLocation);
context.setOutboundSAMLMessageSigningCredential(credentials);
context.setPeerEntityEndpoint(service);
- // context.setOutboundMessage(authReq);
context.setOutboundSAMLMessage(response);
context.setOutboundMessageTransport(responseAdapter);
-
+ context.setRelayState(relayState);
+
encoder.encode(context);
} catch (CredentialsNotAvailableException e) {
e.printStackTrace();
@@ -96,84 +128,80 @@ public class RedirectBinding implements IDecoder, IEncoder {
}
}
- public MOARequest decodeRequest(HttpServletRequest req,
+ public InboundMessageInterface decode(HttpServletRequest req,
HttpServletResponse resp) throws MessageDecodingException,
SecurityException {
HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
new BasicParserPool());
- decode.setURIComparator(new MOAURICompare());
- BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(req));
-
- messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
-
- SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
- TrustEngineFactory.getSignatureKnownKeysTrustEngine());
-
- SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule();
+ try {
+ decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService()));
- BasicSecurityPolicy policy = new BasicSecurityPolicy();
- policy.getPolicyRules().add(signatureRule);
- policy.getPolicyRules().add(signedRole);
-
- SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
- policy);
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
- messageContext.setSecurityPolicyResolver(resolver);
+ } catch (ConfigurationException e) {
+ throw new SecurityException(e);
+
+ }
- decode.decode(messageContext);
-
- signatureRule.evaluate(messageContext);
-
- RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
- .getInboundMessage();
- MOARequest request = new MOARequest(inboundMessage);
- request.setVerified(true);
- request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
- return request;
- }
-
- public MOAResponse decodeRespone(HttpServletRequest req,
- HttpServletResponse resp) throws MessageDecodingException,
- SecurityException {
-
- HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
- new BasicParserPool());
- BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
+ BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
messageContext
.setInboundMessageTransport(new HttpServletRequestAdapter(req));
+ decode.decode(messageContext);
+
+ messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
+
SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
TrustEngineFactory.getSignatureKnownKeysTrustEngine());
-
- // signatureRule.evaluate(messageContext);
+ SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule();
BasicSecurityPolicy policy = new BasicSecurityPolicy();
policy.getPolicyRules().add(signatureRule);
+ policy.getPolicyRules().add(signedRole);
SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
- policy);
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ policy);
messageContext.setSecurityPolicyResolver(resolver);
- MOAMetadataProvider provider = null;
-
- provider = MOAMetadataProvider.getInstance();
+
+ InboundMessage msg = null;
+
+ if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+ .getInboundMessage();
+ msg = new MOARequest(inboundMessage, getSAML2BindingName());
+
+
+ } else if (messageContext.getInboundMessage() instanceof Response){
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ Response inboundMessage = (Response) messageContext.getInboundMessage();
+ msg = new MOAResponse(inboundMessage);
+
+ } else
+ //create empty container if request type is unknown
+ msg = new InboundMessage();
- messageContext.setMetadataProvider(provider);
+ signatureRule.evaluate(messageContext);
+ msg.setVerified(true);
decode.decode(messageContext);
-
- Response inboundMessage = (Response) messageContext.getInboundMessage();
-
- MOAResponse moaResponse = new MOAResponse(inboundMessage);
- moaResponse.setVerified(true);
- moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata());
- return moaResponse;
+ if (messageContext.getPeerEntityMetadata() != null)
+ msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+
+ else
+ Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
+
+ msg.setRelayState(messageContext.getRelayState());
+
+ return msg;
}
public boolean handleDecode(String action, HttpServletRequest req) {
return (action.equals(PVP2XProtocol.REDIRECT) && req.getMethod()
.equals("GET"));
}
+
+ public String getSAML2BindingName() {
+ return SAMLConstants.SAML2_REDIRECT_BINDING_URI;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index 1d41654eb..048c7f14c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -22,6 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+import java.util.List;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -33,51 +35,68 @@ import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.client.BasicSOAPMessageContext;
+import org.opensaml.ws.soap.soap11.Envelope;
import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.signature.SignableXMLObject;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.logging.Logger;
public class SoapBinding implements IDecoder, IEncoder {
- public MOARequest decodeRequest(HttpServletRequest req,
+ public InboundMessageInterface decode(HttpServletRequest req,
HttpServletResponse resp) throws MessageDecodingException,
SecurityException, PVP2Exception {
- HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder();
- BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext =
- new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
+ HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool());
+ BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
+ new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
messageContext
.setInboundMessageTransport(new HttpServletRequestAdapter(
req));
+
soapDecoder.decode(messageContext);
-
- RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+
+ Envelope inboundMessage = (Envelope) messageContext
.getInboundMessage();
- MOARequest request = new MOARequest(inboundMessage);
+ if (inboundMessage.getBody() != null) {
+ List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects();
- return request;
- }
-
- public MOAResponse decodeRespone(HttpServletRequest req,
- HttpServletResponse resp) throws MessageDecodingException,
- SecurityException, PVP2Exception {
- throw new BindingNotSupportedException(SAMLConstants.SAML2_SOAP11_BINDING_URI + " response");
+ if (!xmlElemList.isEmpty()) {
+ SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0);
+ MOARequest request = new MOARequest(attrReq, getSAML2BindingName());
+
+ request.setVerified(false);
+ return request;
+
+ }
+ }
+
+ Logger.error("Receive empty PVP 2.1 attributequery request.");
+ throw new AttributQueryException("Receive empty PVP 2.1 attributequery request.", null);
}
public boolean handleDecode(String action, HttpServletRequest req) {
- return (action.equals(PVP2XProtocol.SOAP));
+ return (req.getMethod().equals("POST") &&
+ (action.equals(PVP2XProtocol.SOAP) || action.equals(PVP2XProtocol.ATTRIBUTEQUERY)));
}
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation)
+ RequestAbstractType request, String targetLocation, String relayState)
throws MessageEncodingException, SecurityException, PVP2Exception {
}
@@ -103,5 +122,9 @@ public class SoapBinding implements IDecoder, IEncoder {
throw new SecurityException(e);
}
}
+
+ public String getSAML2BindingName() {
+ return SAMLConstants.SAML2_SOAP11_BINDING_URI;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
new file mode 100644
index 000000000..6296d102f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeQuery;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.impl.AttributeQueryBuilder;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.Signer;
+import org.w3c.dom.Document;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AttributQueryBuilder {
+
+ public static List<Attribute> buildSAML2AttributeList(OAAuthParameter oa, Iterator<String> iterator) {
+
+ Logger.debug("Build OA specific Attributes for AttributQuery request");
+
+ List<Attribute> attrList = new ArrayList<Attribute>();
+
+ SamlAttributeGenerator generator = new SamlAttributeGenerator();
+
+ while(iterator.hasNext()) {
+ String rA = iterator.next();
+ Attribute attr = PVPAttributeBuilder.buildEmptyAttribute(rA);
+ if (attr == null) {
+ Logger.warn("Attribut " + rA + " has no valid Name");
+
+ } else {
+ //add OA specific information
+ if (rA.equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+ if (oa.getBusinessService())
+ attr = generator.buildStringAttribute(attr.getFriendlyName(),
+ attr.getName(), oa.getIdentityLinkDomainIdentifier());
+ else
+ attr = generator.buildStringAttribute(attr.getFriendlyName(),
+ attr.getName(), Constants.URN_PREFIX_CDID + "+" + oa.getTarget());
+ }
+
+ //TODO: add attribute values for SSO with mandates (ProfileList)
+
+
+ attrList.add(attr);
+ }
+ }
+
+ return attrList;
+ }
+
+
+ public static AttributeQuery buildAttributQueryRequest(String nameID,
+ String endpoint, List<Attribute> requestedAttributes) throws AttributQueryException {
+
+
+ try {
+
+ AttributeQuery query = new AttributeQueryBuilder().buildObject();
+
+ //set user nameID
+ Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+ NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
+ subjectNameID.setValue(nameID);
+ subjectNameID.setFormat(NameID.TRANSIENT);
+ subject.setNameID(subjectNameID);
+ query.setSubject(subject);
+
+ //set attributes
+ query.getAttributes().addAll(requestedAttributes);
+
+ //set general request parameters
+ DateTime now = new DateTime();
+ query.setIssueInstant(now);
+
+ Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
+ nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ nissuer.setFormat(NameID.ENTITY);
+ query.setIssuer(nissuer);
+
+ String sessionID = SAML2Utils.getSecureIdentifier();
+ query.setID(sessionID);
+
+ query.setDestination(endpoint);
+
+ X509Credential idpSigningCredential = CredentialProvider.getIDPAssertionSigningCredential();
+
+ Signature signer = SAML2Utils.createSAMLObject(Signature.class);
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(idpSigningCredential);
+ query.setSignature(signer);
+
+ DocumentBuilder builder;
+ DocumentBuilderFactory factory = DocumentBuilderFactory
+ .newInstance();
+
+ builder = factory.newDocumentBuilder();
+ Document document = builder.newDocument();
+ Marshaller out = Configuration.getMarshallerFactory()
+ .getMarshaller(query);
+ out.marshall(query, document);
+
+ Signer.signObject(signer);
+
+ return query;
+
+ } catch (ConfigurationException e) {
+ Logger.error("Build AttributQuery Request FAILED.", e);
+ throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);
+
+ } catch (CredentialsNotAvailableException e) {
+ Logger.error("Build AttributQuery Request FAILED.", e);
+ throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);
+
+ } catch (ParserConfigurationException e) {
+ Logger.error("Build AttributQuery Request FAILED.", e);
+ throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);
+
+ } catch (MarshallingException e) {
+ Logger.error("Build AttributQuery Request FAILED.", e);
+ throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);
+
+ } catch (SignatureException e) {
+ Logger.error("Build AttributQuery Request FAILED.", e);
+ throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);
+
+ }
+
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
new file mode 100644
index 000000000..4ef09184d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
@@ -0,0 +1,152 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.EncryptedAssertion;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.encryption.Encrypter;
+import org.opensaml.saml2.encryption.Encrypter.KeyPlacement;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.security.MetadataCredentialResolver;
+import org.opensaml.security.MetadataCriteria;
+import org.opensaml.xml.encryption.EncryptionException;
+import org.opensaml.xml.encryption.EncryptionParameters;
+import org.opensaml.xml.encryption.KeyEncryptionParameters;
+import org.opensaml.xml.security.CriteriaSet;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.criteria.EntityIDCriteria;
+import org.opensaml.xml.security.criteria.UsageCriteria;
+import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
+import org.opensaml.xml.security.x509.X509Credential;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthResponseBuilder {
+
+ public static Response buildResponse(RequestAbstractType req, DateTime date, Assertion assertion) throws InvalidAssertionEncryptionException, ConfigurationException {
+ Response authResponse = SAML2Utils.createSAMLObject(Response.class);
+
+ Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
+
+ //change to entity value from entity name to IDP EntityID (URL)
+ nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ nissuer.setFormat(NameID.ENTITY);
+ authResponse.setIssuer(nissuer);
+ authResponse.setInResponseTo(req.getID());
+
+ //set responseID
+ String remoteSessionID = SAML2Utils.getSecureIdentifier();
+ authResponse.setID(remoteSessionID);
+
+
+ //SAML2 response required IssueInstant
+ authResponse.setIssueInstant(date);
+
+ authResponse.setStatus(SAML2Utils.getSuccessStatus());
+
+ //check, if metadata includes an encryption key
+ MetadataCredentialResolver mdCredResolver =
+ new MetadataCredentialResolver(MOAMetadataProvider.getInstance());
+
+ CriteriaSet criteriaSet = new CriteriaSet();
+ criteriaSet.add( new EntityIDCriteria(req.getIssuer().getValue()) );
+ criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
+ criteriaSet.add( new UsageCriteria(UsageType.ENCRYPTION) );
+
+ X509Credential encryptionCredentials = null;
+ try {
+ encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet);
+
+ } catch (SecurityException e2) {
+ Logger.warn("Can not extract the Assertion Encryption-Key from metadata", e2);
+ throw new InvalidAssertionEncryptionException();
+
+ }
+
+ boolean isEncryptionActive = AuthConfigurationProvider.getInstance().isPVP2AssertionEncryptionActive();
+ if (encryptionCredentials != null && isEncryptionActive) {
+ //encrypt SAML2 assertion
+
+ try {
+
+ EncryptionParameters dataEncParams = new EncryptionParameters();
+ dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE);
+
+ List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>();
+ KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters();
+
+ keyEncParam.setEncryptionCredential(encryptionCredentials);
+ keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE);
+ KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration()
+ .getKeyInfoGeneratorManager().getDefaultManager()
+ .getFactory(encryptionCredentials);
+ keyEncParam.setKeyInfoGenerator(kigf.newInstance());
+ keyEncParamList.add(keyEncParam);
+
+ Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList);
+ //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE);
+ samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
+
+ EncryptedAssertion encryptAssertion = null;
+
+ encryptAssertion = samlEncrypter.encrypt(assertion);
+
+ authResponse.getEncryptedAssertions().add(encryptAssertion);
+
+ } catch (EncryptionException e1) {
+ Logger.warn("Can not encrypt the PVP2 assertion", e1);
+ throw new InvalidAssertionEncryptionException();
+
+ }
+
+ } else {
+ authResponse.getAssertions().add(assertion);
+
+ }
+
+ return authResponse;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
index 39e35120c..8b6e71e6b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -29,9 +29,8 @@ import java.util.List;
import org.opensaml.saml2.core.Attribute;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BirthdateAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDAuthBlock;
@@ -150,11 +149,11 @@ public class PVPAttributeBuilder {
addBuilder(new STORKTitleAttributBuilder());
}
- public static Attribute buildAttribute(String name, AuthenticationSession authSession, OAAuthParameter oaParam,
- AuthenticationData authData) throws PVP2Exception {
+ public static Attribute buildAttribute(String name, OAAuthParameter oaParam,
+ IAuthData authData) throws PVP2Exception {
if (builders.containsKey(name)) {
try {
- return builders.get(name).build(authSession, oaParam, authData, generator);
+ return builders.get(name).build(oaParam, authData, generator);
}
catch (AttributeException e) {
if (e instanceof UnavailableAttributeException) {
@@ -171,6 +170,22 @@ public class PVPAttributeBuilder {
return null;
}
+ public static Attribute buildEmptyAttribute(String name) {
+ if (builders.containsKey(name)) {
+ return builders.get(name).buildEmpty(generator);
+ }
+ return null;
+ }
+
+ public static Attribute buildAttribute(String name, String value) {
+ if (builders.containsKey(name)) {
+ return builders.get(name).buildEmpty(generator);
+ }
+ return null;
+ }
+
+
+
public static List<Attribute> buildSupportedEmptyAttributes() {
List<Attribute> attributes = new ArrayList<Attribute>();
Iterator<IAttributeBuilder> builderIt = builders.values().iterator();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
new file mode 100644
index 000000000..04d374e93
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -0,0 +1,186 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
+
+import java.util.List;
+
+import org.joda.time.DateTime;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.StatusMessage;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleLogoutService;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SingleLogOutBuilder {
+
+ public static LogoutRequest buildSLORequestMessage(SLOInformationImpl sloInfo) throws ConfigurationException {
+ LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
+
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ issuer.setFormat(NameID.ENTITY);
+ sloReq.setIssuer(issuer);
+ sloReq.setIssueInstant(new DateTime());
+
+ sloReq.setDestination(sloInfo.getServiceURL());
+
+ NameID nameID = SAML2Utils.createSAMLObject(NameID.class);
+ nameID.setFormat(sloInfo.getUserNameIDFormat());
+ nameID.setValue(sloInfo.getUserNameIdentifier());
+ sloReq.setNameID(nameID );
+
+ return sloReq;
+ }
+
+ public static LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException {
+ LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ issuer.setFormat(NameID.ENTITY);
+ sloResp.setIssuer(issuer);
+ sloResp.setIssueInstant(new DateTime());
+ sloResp.setDestination(sloService.getLocation());
+ Status status = SAML2Utils.createSAMLObject(Status.class);
+ StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
+ statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+ statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null));
+ status.setStatusCode(statusCode);
+ status.setStatusMessage(statusMessage);
+ sloResp.setStatus(status);
+ return sloResp;
+ }
+
+ public static LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPTargetConfiguration spRequest, List<String> failedOAs) throws ConfigurationException {
+ LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ issuer.setFormat(NameID.ENTITY);
+ sloResp.setIssuer(issuer);
+ sloResp.setIssueInstant(new DateTime());
+ sloResp.setDestination(sloService.getLocation());
+
+ Status status;
+ if (failedOAs == null || failedOAs.size() == 0) {
+ status = SAML2Utils.getSuccessStatus();
+
+ } else {
+ status = SAML2Utils.createSAMLObject(Status.class);
+ StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
+ statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+ statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null));
+ status.setStatusCode(statusCode);
+ status.setStatusMessage(statusMessage);
+
+ }
+ sloResp.setStatus(status);
+ return sloResp;
+
+ }
+
+ public static SingleLogoutService getRequestSLODescriptor(String entityID) throws NOSLOServiceDescriptorException {
+ try {
+ EntityDescriptor entity = MOAMetadataProvider.getInstance().getEntityDescriptor(entityID);
+ SPSSODescriptor spsso = entity.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ SingleLogoutService sloService = null;
+ for (SingleLogoutService el : spsso.getSingleLogoutServices()) {
+ if (el.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))
+ sloService = el;
+
+ else if (el.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)
+ && (
+ (sloService != null && !sloService.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))
+ || sloService == null)
+ )
+ sloService = el;
+
+ else if (el.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)
+ && (
+ (sloService != null
+ && !sloService.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)
+ && !sloService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI))
+ || sloService == null)
+ )
+ sloService = el;
+ }
+
+ if (sloService == null) {
+ Logger.error("Found no SLO ServiceDescriptor in Metadata");
+ throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
+
+ }
+ return sloService;
+
+ } catch (MetadataProviderException e) {
+ Logger.error("Found no SLO ServiceDescriptor in Metadata");
+ throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
+ }
+
+ }
+
+ public static SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
+ MOARequest moaReq = (MOARequest) spRequest.getRequest();
+ EntityDescriptor metadata = moaReq.getEntityMetadata();
+ SPSSODescriptor spsso = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ SingleLogoutService sloService = null;
+ for (SingleLogoutService el : spsso.getSingleLogoutServices()) {
+ if (el.getBinding().equals(spRequest.getBinding()))
+ sloService = el;
+ }
+ if (sloService == null && spsso.getSingleLogoutServices().size() != 0)
+ sloService = spsso.getSingleLogoutServices().get(0);
+
+ else {
+ Logger.error("Found no SLO ServiceDescriptor in Metadata");
+ throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
+ }
+ return sloService;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index def0d9b80..79a1c3e0f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -23,6 +23,7 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion;
import java.security.MessageDigest;
+import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
@@ -30,6 +31,7 @@ import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.Audience;
import org.opensaml.saml2.core.AudienceRestriction;
@@ -58,13 +60,13 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
@@ -80,13 +82,65 @@ import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.MiscUtil;
public class PVP2AssertionBuilder implements PVPConstants {
+
+ public static Assertion buildAssertion(AttributeQuery attrQuery,
+ List<String> reqAttributes, IAuthData authData, DateTime date, String sessionIndex) throws ConfigurationException {
+
+
+ AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
+ authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+
+ List<Attribute> attrList = new ArrayList<Attribute>();
+ if (reqAttributes != null) {
+ Iterator<String> it = reqAttributes.iterator();
+ while (it.hasNext()) {
+ String reqAttributName = it.next();
+ try {
+ Attribute attr = PVPAttributeBuilder.buildAttribute(
+ reqAttributName, null, authData);
+ if (attr == null) {
+ Logger.error(
+ "Attribute generation failed! for "
+ + reqAttributName);
+
+ } else {
+ attrList.add(attr);
+
+ }
+
+ } catch (PVP2Exception e) {
+ Logger.error(
+ "Attribute generation failed! for "
+ + reqAttributName);
+
+ } catch (Exception e) {
+ Logger.error(
+ "General Attribute generation failed! for "
+ + reqAttributName);
+
+ }
+ }
+ }
+
+
+ NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
+ subjectNameID.setFormat(attrQuery.getSubject().getNameID().getFormat());
+ subjectNameID.setValue(attrQuery.getSubject().getNameID().getValue());
+
+ SubjectConfirmationData subjectConfirmationData = null;
+
+ return buildGenericAssertion(attrQuery.getIssuer().getValue(), date,
+ authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex);
+ }
+
public static Assertion buildAssertion(AuthnRequest authnRequest,
- AuthenticationSession authSession, EntityDescriptor peerEntity, DateTime date,
+ IAuthData authData, EntityDescriptor peerEntity, DateTime date,
AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation)
throws MOAIDException {
- Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
+
RequestedAuthnContext reqAuthnContext = authnRequest
.getRequestedAuthnContext();
@@ -99,7 +153,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
peerEntity.getEntityID());
if (reqAuthnContext == null) {
- authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());
+ authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
} else {
@@ -110,7 +164,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
if (reqAuthnContextClassRefIt.size() == 0) {
- QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),
+ QAALevelVerifier.verifyQAALevel(authData.getQAALevel(),
STORK_QAA_1_4);
stork_qaa_1_4_found = true;
@@ -124,20 +178,20 @@ public class PVP2AssertionBuilder implements PVPConstants {
|| qaa_uri.trim().equals(STORK_QAA_1_2)
|| qaa_uri.trim().equals(STORK_QAA_1_1)) {
- if (authSession.isForeigner()) {
- QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),
+ if (authData.isForeigner()) {
+ QAALevelVerifier.verifyQAALevel(authData.getQAALevel(),
STORK_QAA_PREFIX + oaParam.getQaaLevel());
stork_qaa_1_4_found = true;
- authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());
+ authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
} else {
- QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),
+ QAALevelVerifier.verifyQAALevel(authData.getQAALevel(),
qaa_uri.trim());
stork_qaa_1_4_found = true;
- authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());
+ authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
}
break;
@@ -150,33 +204,13 @@ public class PVP2AssertionBuilder implements PVPConstants {
}
}
- AuthnContext authnContext = SAML2Utils
- .createSAMLObject(AuthnContext.class);
- authnContext.setAuthnContextClassRef(authnContextClassRef);
- AuthnStatement authnStatement = SAML2Utils
- .createSAMLObject(AuthnStatement.class);
-
- String sessionIndex = SAML2Utils.getSecureIdentifier();
- authnStatement.setAuthnInstant(date);
- authnStatement.setSessionIndex(sessionIndex);
- authnStatement.setAuthnContext(authnContext);
-
- assertion.getAuthnStatements().add(authnStatement);
SPSSODescriptor spSSODescriptor = peerEntity
.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-
- AttributeStatement attributeStatement = SAML2Utils
- .createSAMLObject(AttributeStatement.class);
-
- Subject subject = SAML2Utils.createSAMLObject(Subject.class);
-
- AuthenticationData authData = AuthenticationServer
- .buildAuthenticationData(authSession, oaParam,
- oaParam.getTarget());
-
+
//add Attributes to Assertion
+ List<Attribute> attrList = new ArrayList<Attribute>();
if (spSSODescriptor.getAttributeConsumingServices() != null &&
spSSODescriptor.getAttributeConsumingServices().size() > 0) {
@@ -197,7 +231,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
attributeConsumingService = el;
}
}
-
+
if (attributeConsumingService != null) {
Iterator<RequestedAttribute> it = attributeConsumingService
.getRequestAttributes().iterator();
@@ -205,14 +239,14 @@ public class PVP2AssertionBuilder implements PVPConstants {
RequestedAttribute reqAttribut = it.next();
try {
Attribute attr = PVPAttributeBuilder.buildAttribute(
- reqAttribut.getName(), authSession, oaParam, authData);
+ reqAttribut.getName(), oaParam, authData);
if (attr == null) {
if (reqAttribut.isRequired()) {
throw new UnprovideableAttributeException(
reqAttribut.getName());
}
} else {
- attributeStatement.getAttributes().add(attr);
+ attrList.add(attr);
}
} catch (PVP2Exception e) {
Logger.error(
@@ -222,19 +256,26 @@ public class PVP2AssertionBuilder implements PVPConstants {
throw new UnprovideableAttributeException(
reqAttribut.getName());
}
+
+ } catch (Exception e) {
+ Logger.error(
+ "General Attribute generation failed! for "
+ + reqAttribut.getFriendlyName(), e);
+ if (reqAttribut.isRequired()) {
+ throw new UnprovideableAttributeException(
+ reqAttribut.getName());
+ }
+
}
}
}
}
- if (attributeStatement.getAttributes().size() > 0) {
- assertion.getAttributeStatements().add(attributeStatement);
- }
NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
- //TLenz: set correct bPK Type and Value from AuthData
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ //build nameID and nameID Format from moasession
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if(mandate == null) {
throw new NoMandateDataAvailableException();
}
@@ -263,7 +304,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
if (bpktype.equals(Constants.URN_PREFIX_BASEID)) {
- if (authSession.getBusinessService()) {
+ if (oaParam.getBusinessService()) {
subjectNameID.setValue(new BPKBuilder().buildWBPK(bpk, oaParam.getIdentityLinkDomainIdentifier()));
if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
subjectNameID.setNameQualifier(oaParam.getIdentityLinkDomainIdentifier());
@@ -332,21 +373,68 @@ public class PVP2AssertionBuilder implements PVPConstants {
}
} else
- subjectNameID.setFormat(nameIDFormat);
-
-
- subject.setNameID(subjectNameID);
-
- SubjectConfirmation subjectConfirmation = SAML2Utils
- .createSAMLObject(SubjectConfirmation.class);
- subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
+ subjectNameID.setFormat(nameIDFormat);
+
+
+ String sessionIndex = null;
+
+ //if request is a reauthentication and NameIDFormat match reuse old session information
+ if (MiscUtil.isNotEmpty(authData.getNameID()) &&
+ MiscUtil.isNotEmpty(authData.getNameIDFormat()) &&
+ nameIDFormat.equals(authData.getNameIDFormat())) {
+ subjectNameID.setValue(authData.getNameID());
+ sessionIndex = authData.getSessionIndex();
+
+ } else
+ sessionIndex = SAML2Utils.getSecureIdentifier();
+
SubjectConfirmationData subjectConfirmationData = SAML2Utils
.createSAMLObject(SubjectConfirmationData.class);
subjectConfirmationData.setInResponseTo(authnRequest.getID());
subjectConfirmationData.setNotOnOrAfter(date.plusMinutes(5));
subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());
+
+ //set SLO information
+ sloInformation.setUserNameIdentifier(subjectNameID.getValue());
+ sloInformation.setNameIDFormat(subjectNameID.getFormat());
+ sloInformation.setSessionIndex(sessionIndex);
+
+ return buildGenericAssertion(peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex);
+ }
+
+ private static Assertion buildGenericAssertion(String entityID, DateTime date,
+ AuthnContextClassRef authnContextClassRef, List<Attribute> attrList,
+ NameID subjectNameID, SubjectConfirmationData subjectConfirmationData,
+ String sessionIndex) throws ConfigurationException {
+ Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
+
+ AuthnContext authnContext = SAML2Utils
+ .createSAMLObject(AuthnContext.class);
+ authnContext.setAuthnContextClassRef(authnContextClassRef);
+ AuthnStatement authnStatement = SAML2Utils
+ .createSAMLObject(AuthnStatement.class);
+
+ authnStatement.setAuthnInstant(date);
+ authnStatement.setSessionIndex(sessionIndex);
+ authnStatement.setAuthnContext(authnContext);
+
+ assertion.getAuthnStatements().add(authnStatement);
+
+ AttributeStatement attributeStatement = SAML2Utils
+ .createSAMLObject(AttributeStatement.class);
+ attributeStatement.getAttributes().addAll(attrList);
+ if (attributeStatement.getAttributes().size() > 0) {
+ assertion.getAttributeStatements().add(attributeStatement);
+ }
+
+ Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+ subject.setNameID(subjectNameID);
+
+ SubjectConfirmation subjectConfirmation = SAML2Utils
+ .createSAMLObject(SubjectConfirmation.class);
+ subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
subject.getSubjectConfirmations().add(subjectConfirmation);
@@ -356,7 +444,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
.createSAMLObject(AudienceRestriction.class);
Audience audience = SAML2Utils.createSAMLObject(Audience.class);
- audience.setAudienceURI(peerEntity.getEntityID());
+ audience.setAudienceURI(entityID);
audienceRestriction.getAudiences().add(audience);
conditions.setNotBefore(date);
@@ -375,11 +463,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
assertion.setSubject(subject);
assertion.setID(SAML2Utils.getSecureIdentifier());
assertion.setIssueInstant(date);
-
- //set SLO information
- sloInformation.setUserNameIdentifier(subjectNameID.getValue());
- sloInformation.setSessionIndex(sessionIndex);
- return assertion;
+ return assertion;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
index 648651350..3dd1dd064 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -35,7 +34,7 @@ public class BPKAttributeBuilder implements IPVPAttributeBuilder {
return BPK_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
String bpk = authData.getBPK();
String type = authData.getBPKType();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
index f3d815e7d..89ec383ce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
@@ -23,47 +23,31 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import java.text.DateFormat;
-import java.text.ParseException;
import java.text.SimpleDateFormat;
-import java.util.Date;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.util.MiscUtil;
public class BirthdateAttributeBuilder implements IPVPAttributeBuilder {
-
- public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
-
+
public String getName() {
return BIRTHDATE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- try {
- DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+
+ if (authData.getDateOfBirth() != null) {
+ DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN);
+ String dateString = pvpDateFormat.format(authData.getDateOfBirth());
+
+ return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString);
- if (MiscUtil.isNotEmpty(authSession.getIdentityLink().getDateOfBirth())) {
- Date date = identityLinkFormat.parse(authSession.getIdentityLink().getDateOfBirth());
- DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN);
- String dateString = pvpDateFormat.format(date);
+ } else {
+ //build empty attribute if no Birthday date is found (STORK2)
+ return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME);
- return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString);
-
- } else {
- //build empty attribute if no Birthday date is found (STORK2)
- return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME);
-
- }
-
- //return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString);
- }
- catch (ParseException e) {
- e.printStackTrace();
- return null;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java
index 56972248b..ded9e7166 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java
@@ -26,9 +26,8 @@ import iaik.util.logging.Log;
import java.io.IOException;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -40,11 +39,11 @@ public class EIDAuthBlock implements IPVPAttributeBuilder {
return EID_AUTH_BLOCK_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
try {
- String authblock = authSession.getAuthBlock();
+ String authblock = authData.getAuthBlock();
if (MiscUtil.isNotEmpty(authblock)) {
return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME,
Base64Utils.encode(authblock.getBytes()));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java
index 7179dd090..2df5ec22e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -35,10 +34,10 @@ public class EIDCcsURL implements IPVPAttributeBuilder {
return EID_CCS_URL_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- String bkuurl = authSession.getBkuURL();
+ String bkuurl = authData.getBkuURL();
if (MiscUtil.isNotEmpty(bkuurl))
return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl);
else
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
index 02088eea1..365f36594 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,10 +32,17 @@ public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder
return EID_CITIZEN_QAA_LEVEL_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
+
+ String qaaLevel = null;
+ if (authData.getQAALevel().startsWith(STORK_QAA_PREFIX))
+ qaaLevel = authData.getQAALevel().substring(STORK_QAA_PREFIX.length());
+ else
+ qaaLevel = authData.getQAALevel();
+
return g.buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME,
- EID_CITIZEN_QAA_LEVEL_NAME, 4);
+ EID_CITIZEN_QAA_LEVEL_NAME, Integer.valueOf(qaaLevel));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java
index 2d86586d2..531369e9a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java
@@ -24,19 +24,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import java.io.IOException;
-import javax.xml.transform.TransformerException;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.DOMUtils;
public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder {
@@ -44,36 +36,15 @@ public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder {
return EID_IDENTITY_LINK_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
try {
String ilAssertion = null;
- if (oaParam.getBusinessService()) {
+ ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
- IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
-
- Element resignedilAssertion;
-
- resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink()
- .getSamlAssertion());
-
- ilAssertion = DOMUtils.serializeNode(resignedilAssertion);
-
- } else
- ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
-
-
return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
EID_IDENTITY_LINK_NAME, Base64Utils.encode(ilAssertion.getBytes()));
- } catch (MOAIDException e) {
- Logger.warn("IdentityLink serialization error.", e);
- return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
- EID_IDENTITY_LINK_NAME);
- } catch (TransformerException e) {
- Logger.warn("IdentityLink serialization error.", e);
- return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
- EID_IDENTITY_LINK_NAME);
} catch (IOException e) {
Logger.warn("IdentityLink serialization error.", e);
return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
index 39d4d29e7..9b85af9f8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
@@ -22,16 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import iaik.x509.X509Certificate;
-
-import javax.naming.ldap.LdapName;
-import javax.naming.ldap.Rdn;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.logging.Logger;
public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder {
@@ -39,35 +32,9 @@ public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder {
return EID_ISSUING_NATION_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- String countryCode = "AT";
-
-
- if (authSession.getStorkAuthnRequest() != null) {
- countryCode = authSession.getStorkAuthnRequest()
- .getCitizenCountryCode();
- } else {
-
- //TODO: replace with TSL lookup when TSL is ready!
- X509Certificate certificate = authSession.getSignerCertificate();
-
- if (certificate != null) {
- try {
- LdapName ln = new LdapName(certificate.getIssuerDN()
- .getName());
- for (Rdn rdn : ln.getRdns()) {
- if (rdn.getType().equalsIgnoreCase("C")) {
- Logger.info("C is: " + rdn.getValue());
- countryCode = rdn.getValue().toString();
- break;
- }
- }
- } catch (Exception e) {
- Logger.error("Failed to extract country code from certificate", e);
- }
- }
- }
+ String countryCode = authData.getCcc();
return g.buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
EID_ISSUING_NATION_NAME, countryCode);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java
index e8fba6af2..04cc59b10 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java
@@ -22,11 +22,14 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import java.io.IOException;
+
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
public class EIDSTORKTOKEN implements IPVPAttributeBuilder {
@@ -35,21 +38,28 @@ public class EIDSTORKTOKEN implements IPVPAttributeBuilder {
return EID_STORK_TOKEN_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (!authSession.isForeigner()) {
+ if (!authData.isForeigner()) {
throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME);
} else {
- String storkResponse = authSession.getStorkAuthnResponse();
+ String storkResponse = authData.getStorkAuthnResponse();
if ( MiscUtil.isEmpty(storkResponse) ) {
throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME);
} else {
- return g.buildStringAttribute(EID_STORK_TOKEN_FRIENDLY_NAME, EID_STORK_TOKEN_NAME, storkResponse);
+ try {
+ return g.buildStringAttribute(EID_STORK_TOKEN_FRIENDLY_NAME, EID_STORK_TOKEN_NAME,
+ Base64Utils.encode(storkResponse.getBytes()));
+
+ } catch (IOException e) {
+ Logger.warn("Encode AuthBlock BASE64 failed.", e);
+ throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME);
+ }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
index 807d59050..7f52e1d47 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,7 +32,7 @@ public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder {
return EID_SECTOR_FOR_IDENTIFIER_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
String bpktype = authData.getBPKType();
return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java
index 7cd415ada..df1bc1860 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java
@@ -26,9 +26,8 @@ import iaik.util.logging.Log;
import java.io.IOException;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -39,11 +38,11 @@ public class EIDSignerCertificate implements IPVPAttributeBuilder {
return EID_SIGNER_CERTIFICATE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
try {
- byte[] signerCertificate = authSession.getEncodedSignerCertificate();
+ byte[] signerCertificate = authData.getSignerCertificate();
if (signerCertificate != null) {
return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, Base64Utils
.encode(signerCertificate));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
index 5bf65da04..a8b703fc2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
@@ -22,10 +22,10 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributePolicyException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
public class EIDSourcePIN implements IPVPAttributeBuilder {
@@ -34,11 +34,11 @@ public class EIDSourcePIN implements IPVPAttributeBuilder {
return EID_SOURCE_PIN_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
if (oaParam.getBusinessService())
- throw new UnavailableAttributeException(EID_SOURCE_PIN_NAME);
+ throw new AttributePolicyException(EID_SOURCE_PIN_NAME);
else {
return g.buildStringAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME, authData.getIdentificationValue());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java
index ec509f74b..0681419fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
@@ -34,7 +33,7 @@ public class EIDSourcePINType implements IPVPAttributeBuilder {
return EID_SOURCE_PIN_TYPE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
if (oaParam.getBusinessService())
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java
index 7bd5e2db5..fcde1e9bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class GivenNameAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,9 +32,9 @@ public class GivenNameAttributeBuilder implements IPVPAttributeBuilder {
return GIVEN_NAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- return g.buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authSession.getIdentityLink().getGivenName());
+ return g.buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authData.getGivenName());
}
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java
index 55b16edfb..d66b0ab02 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java
@@ -22,15 +22,14 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public interface IAttributeBuilder {
public String getName();
- public <ATT> ATT build(final AuthenticationSession authSession, final OAAuthParameter oaParam, final AuthenticationData authData,
+ public <ATT> ATT build(final OAAuthParameter oaParam, final IAuthData authData,
final IAttributeGenerator<ATT> g) throws AttributeException;
public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
index 4528aa1fe..670398ff6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -29,6 +29,7 @@ import javax.xml.transform.TransformerException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -40,13 +41,13 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder
return MANDATE_FULL_MANDATE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- if (authSession.getMandate() != null) {
+ if (authData.isUseMandate()) {
+ if (authData.getMandate() != null) {
String fullMandate;
try {
- fullMandate = DOMUtils.serializeNode(authSession
+ fullMandate = DOMUtils.serializeNode(authData
.getMandate());
return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
MANDATE_FULL_MANDATE_NAME, Base64Utils.encode(fullMandate.getBytes()));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
index 9ab1de50d..9230e47fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
@@ -26,9 +26,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -40,10 +39,10 @@ public class MandateLegalPersonFullNameAttributeBuilder implements IPVPAttribute
return MANDATE_LEG_PER_FULL_NAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
index ca68704c9..04103f28a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
@@ -27,9 +27,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -41,10 +40,10 @@ public class MandateLegalPersonSourcePinAttributeBuilder implements IPVPAttribu
return MANDATE_LEG_PER_SOURCE_PIN_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if(authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if(authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if(mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
index 5656d1769..02e1d7ce0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
@@ -27,9 +27,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -41,10 +40,10 @@ public class MandateLegalPersonSourcePinTypeAttributeBuilder implements IPVPAttr
return MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index 039fc8af8..38456302c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -28,10 +28,9 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -44,10 +43,10 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
return MANDATE_NAT_PER_BPK_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
@@ -62,11 +61,6 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
}
IdentificationType id = null;
id = physicalPerson.getIdentification().get(0);
- // if(authSession.getBusinessService()) {
- // id = MandateBuilder.getWBPKIdentification(physicalPerson);
- // } else {
- // id = MandateBuilder.getBPKIdentification(physicalPerson);
- // }
if (id == null) {
Logger.error("Failed to generate IdentificationType");
throw new NoMandateDataAttributeException();
@@ -76,7 +70,7 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
try {
if (id.getType().equals(Constants.URN_PREFIX_BASEID)) {
- if (authSession.getBusinessService()) {
+ if (oaParam.getBusinessService()) {
bpk = new BPKBuilder().buildWBPK(id.getValue().getValue(), oaParam.getIdentityLinkDomainIdentifier());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
index f5dc277bd..4fcfd4650 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
@@ -31,9 +31,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.InvalidDateFormatAttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
@@ -46,10 +45,10 @@ public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttrib
return MANDATE_NAT_PER_BIRTHDATE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
index 2a7bafdbc..3452d7ed0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
@@ -29,9 +29,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -43,10 +42,10 @@ public class MandateNaturalPersonFamilyNameAttributeBuilder implements IPVPAttr
return MANDATE_NAT_PER_FAMILY_NAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if(authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if(authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if(mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
index 4707c385a..59d5c65fe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
@@ -28,9 +28,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -42,10 +41,10 @@ public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttrib
return MANDATE_NAT_PER_GIVEN_NAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
index 7fbbce9bc..444312759 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -30,7 +30,9 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributePolicyException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
@@ -41,10 +43,10 @@ public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttri
return MANDATE_NAT_PER_SOURCE_PIN_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if(authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if(authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if(mandate == null) {
throw new NoMandateDataAttributeException();
}
@@ -61,12 +63,10 @@ public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttri
IdentificationType id = null;
id = physicalPerson.getIdentification().get(0);
- if(authSession.getBusinessService()) {
- id = MandateBuilder.getWBPKIdentification(physicalPerson);
-
-// } else {
-// id = MandateBuilder.getBPKIdentification(physicalPerson);
+ if(oaParam.getBusinessService()) {
+ throw new AttributePolicyException(this.getName());
}
+
if(id == null) {
Logger.error("Failed to generate IdentificationType");
throw new NoMandateDataAttributeException();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
index 538cee048..6adc9b532 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -27,9 +27,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -41,10 +40,10 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAt
return MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if(authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if(authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if(mandate == null) {
throw new NoMandateDataAttributeException();
}
@@ -60,11 +59,6 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAt
}
IdentificationType id = null;
id = physicalPerson.getIdentification().get(0);
- /*if(authSession.getBusinessService()) {
- id = MandateBuilder.getWBPKIdentification(physicalPerson);
- } else {
- id = MandateBuilder.getBPKIdentification(physicalPerson);
- }*/
if(id == null) {
Logger.error("Failed to generate IdentificationType");
throw new NoMandateDataAttributeException();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
index 814211b24..4c981cb24 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -22,14 +22,12 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.util.MiscUtil;
public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder {
@@ -37,24 +35,24 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder
return MANDATE_PROF_REP_DESC_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if(authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if(authData.isUseMandate()) {
+ MISMandate mandate = authData.getMISMandate();
+
+
if(mandate == null) {
throw new NoMandateDataAttributeException();
}
- String text = AttributeExtractor.extractSAMLAttributeOA(
- EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION,
- authSession);
+ String text = mandate.getTextualDescriptionOfOID();
- if(text == null) {
+ if(MiscUtil.isEmpty(text)) {
return null;
- }
-
- return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
- MANDATE_PROF_REP_DESC_NAME, text);
+
+ } else
+ return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
+ MANDATE_PROF_REP_DESC_NAME, text);
}
return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
index b040072a6..1a3311c8a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
@@ -22,14 +22,12 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.util.MiscUtil;
public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
@@ -37,21 +35,21 @@ public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
return MANDATE_PROF_REP_OID_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+
+ MISMandate mandate = authData.getMISMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
- String oid = AttributeExtractor.extractSAMLAttributeOA(EXT_SAML_MANDATE_OID, authSession);
-
- if (oid == null) {
- return null;
- }
-
- return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, oid);
+ String oid = mandate.getProfRep();
+
+ if(MiscUtil.isEmpty(oid))
+ return null;
+ else
+ return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, oid);
}
return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
index 7e7b57e4f..7b41e9bb6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,12 +32,12 @@ public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuild
return MANDATE_REFERENCE_VALUE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
+ if (authData.isUseMandate()) {
return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME,
- authSession.getMandateReferenceValue());
+ authData.getMandateReferenceValue());
}
return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java
index 4842141fc..63165f52a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java
@@ -25,9 +25,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -38,10 +37,10 @@ public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder {
return MANDATE_TYPE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java
index e8c410555..674efa0d1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class PVPVersionAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,7 +32,7 @@ public class PVPVersionAttributeBuilder implements IPVPAttributeBuilder {
return PVP_VERSION_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME, PVP_VERSION_2_1);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java
index c687b2bff..11fdeb232 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class PrincipalNameAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,9 +32,9 @@ public class PrincipalNameAttributeBuilder implements IPVPAttributeBuilder {
return PRINCIPAL_NAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- return g.buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authSession.getIdentityLink().getFamilyName());
+ return g.buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authData.getFamilyName());
}
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java
index b81b30e5b..aff0fc0ef 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKAdoptedFamilyNameAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKAdoptedFamilyNameAttributBuilder implements IPVPAttributeBuild
return STORKConstants.ADOPTEDFAMILYNAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.ADOPTEDFAMILYNAME_FRIENDLYNAME, STORKConstants.ADOPTEDFAMILYNAME_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.ADOPTEDFAMILYNAME_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.ADOPTEDFAMILYNAME_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java
index 98fe853ff..fb7c60a95 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKAgeAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKAgeAttributBuilder implements IPVPAttributeBuilder {
return STORKConstants.AGE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.AGE_FRIENDLYNAME, STORKConstants.AGE_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.AGE_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.AGE_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java
index 6d2b031a5..387e49d25 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java
@@ -26,6 +26,7 @@ import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PersonalAttribute;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.logging.Logger;
@@ -36,7 +37,7 @@ import at.gv.egovernment.moa.logging.Logger;
public class STORKAttributHelper {
public static String getAttribut(String attributName,
- AuthenticationSession authSession) throws UnavailableAttributeException {
+ IAuthData authSession) throws UnavailableAttributeException {
if (!authSession.isForeigner()) {
throw new UnavailableAttributeException(attributName);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java
index c3d6f070d..ddfa63b51 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKCanonicalResidenceAddressAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKCanonicalResidenceAddressAttributBuilder implements IPVPAttrib
return STORKConstants.CANONICALRESIDENCEADDRESS_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.CANONICALRESIDENCEADDRESS_FRIENDLYNAME, STORKConstants.CANONICALRESIDENCEADDRESS_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.CANONICALRESIDENCEADDRESS_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.CANONICALRESIDENCEADDRESS_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java
index c873a86ea..08cd65a6d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKCountryCodeOfBirthAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKCountryCodeOfBirthAttributBuilder implements IPVPAttributeBuil
return STORKConstants.CONTRYCODEOFBIRTH_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.CONTRYCODEOFBIRTH_FRIENDLYNAME, STORKConstants.CONTRYCODEOFBIRTH_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.CONTRYCODEOFBIRTH_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.CONTRYCODEOFBIRTH_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java
index 394bffa31..f3a77708b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKFiscalNumberAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKFiscalNumberAttributBuilder implements IPVPAttributeBuilder {
return STORKConstants.FISCALNUMBER_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.FISCALNUMBER_FRIENDLYNAME, STORKConstants.FISCALNUMBER_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.FISCALNUMBER_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.FISCALNUMBER_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java
index 9209e73c4..6f62dbf89 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKGenderAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKGenderAttributBuilder implements IPVPAttributeBuilder {
return STORKConstants.GENDER_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.GENDER_FRIENDLYNAME, STORKConstants.GENDER_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.GENDER_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.GENDER_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java
index 59f345bd3..65bf9ff6e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKInhertedFamilyNameAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKInhertedFamilyNameAttributBuilder implements IPVPAttributeBuil
return STORKConstants.INHERITEDFAMILYNAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.INHERITEDFAMILYNAME_FRIENDLYNAME, STORKConstants.INHERITEDFAMILYNAME_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.INHERITEDFAMILYNAME_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.INHERITEDFAMILYNAME_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java
index d99833f13..a7a77d7b4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKIsAgeOverAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKIsAgeOverAttributBuilder implements IPVPAttributeBuilder {
return STORKConstants.ISAGEOVER_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.ISAGEOVER_FRIENDLYNAME, STORKConstants.ISAGEOVER_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.ISAGEOVER_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.ISAGEOVER_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java
index 1e627e723..c6ce4e32a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKMaritalStatusAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKMaritalStatusAttributBuilder implements IPVPAttributeBuilder
return STORKConstants.MARITALSTATUS_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.MARITALSTATUS_FRIENDLYNAME, STORKConstants.MARITALSTATUS_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.MARITALSTATUS_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.MARITALSTATUS_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java
index d46219996..8db5ceeb8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKNationalityCodeAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKNationalityCodeAttributBuilder implements IPVPAttributeBuilder
return STORKConstants.NATIONALITYCODE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.NATIONALITYCODE_FRIENDLYNAME, STORKConstants.NATIONALITYCODE_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.NATIONALITYCODE_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.NATIONALITYCODE_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java
index 7bf6716ec..421f8c28d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKPseudonymAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKPseudonymAttributBuilder implements IPVPAttributeBuilder {
return STORKConstants.PSEUDONYM_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.PSEUDONYM_FRIENDLYNAME, STORKConstants.PSEUDONYM_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.PSEUDONYM_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.PSEUDONYM_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java
index d47de1ff9..ceff4cf4f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKResidencePermitAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKResidencePermitAttributBuilder implements IPVPAttributeBuilder
return STORKConstants.RESIDENCEPERMIT_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.RESIDENCEPERMIT_FRIENDLYNAME, STORKConstants.RESIDENCEPERMIT_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.RESIDENCEPERMIT_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.RESIDENCEPERMIT_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java
index c75d6b0fb..1344883bf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKTextResidenceAddressAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKTextResidenceAddressAttributBuilder implements IPVPAttributeBu
return STORKConstants.TEXTRESIDENCEADDRESS_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.TEXTRESIDENCEADDRESS_FRIENDLYNAME, STORKConstants.TEXTRESIDENCEADDRESS_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.TEXTRESIDENCEADDRESS_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.TEXTRESIDENCEADDRESS_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java
index 357b2fe0d..5209697d6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKTitleAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKTitleAttributBuilder implements IPVPAttributeBuilder {
return STORKConstants.TITLE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.TITLE_FRIENDLYNAME, STORKConstants.TITLE_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.TITLE_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.TITLE_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java
index 3d21d95c4..1e0e2ee51 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java
@@ -20,41 +20,21 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-
-public class MOAResponse {
- private Response samlResponse;
- private EntityDescriptor entityMetadata;
- private boolean verified = false;
-
- public MOAResponse(Response response) {
- samlResponse = response;
- }
-
- public Response getSamlResponse() {
- return samlResponse;
- }
-
- public void setSamlResponse(Response samlResponse) {
- this.samlResponse = samlResponse;
- }
-
- public boolean isVerified() {
- return verified;
- }
-
- public void setVerified(boolean verified) {
- this.verified = verified;
- }
+public class AttributePolicyException extends AttributeException {
+
+ private static final long serialVersionUID = 1L;
- public EntityDescriptor getEntityMetadata() {
- return entityMetadata;
+ private String attributeName;
+
+ public AttributePolicyException(String attributeName) {
+ super("Attribute " + attributeName + " is restricted by IDP policy.");
+ this.attributeName = attributeName;
}
-
- public void setEntityMetadata(EntityDescriptor entityMetadata) {
- this.entityMetadata = entityMetadata;
+
+ public String getAttributeName() {
+ return attributeName;
}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 9f2ad2e1b..255fba093 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -52,6 +52,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
@@ -69,9 +70,11 @@ public class PVPConfiguration {
return instance;
}
- public static final String PVP2_METADATA = "/pvp2/metadata";
- public static final String PVP2_REDIRECT = "/pvp2/redirect";
- public static final String PVP2_POST = "/pvp2/post";
+ public static final String PVP2_METADATA = "/pvp2/metadata";
+ public static final String PVP2_REDIRECT = "/pvp2/redirect";
+ public static final String PVP2_POST = "/pvp2/post";
+ public static final String PVP2_SOAP = "/pvp2/soap";
+ public static final String PVP2_ATTRIBUTEQUERY = "/pvp2/attributequery";
public static final String PVP_CONFIG_FILE = "pvp2config.properties";
@@ -84,6 +87,9 @@ public class PVPConfiguration {
public static final String IDP_KEYALIASASSERTION = "idp.ks.assertion.sign.alias";
public static final String IDP_KEY_PASSASSERTION = "idp.ks.assertion.sign.keypassword";
+ public static final String IDP_KEYALIASENCRYTPION = "sp.ks.assertion.encryption.alias";
+ public static final String IDP_KEY_PASSENCRYTPION = "sp.ks.assertion.encryption.keypassword";
+
public static final String IDP_ISSUER_NAME = "idp.issuer.name";
public static final String METADATA_FILE = "md.dir";
@@ -141,6 +147,14 @@ public class PVPConfiguration {
return getIDPPublicPath() + PVP2_POST;
}
+ public String getIDPSSOSOAPService() throws ConfigurationException {
+ return getIDPPublicPath() + PVP2_SOAP;
+ }
+
+ public String getIDPAttributeQueryService() throws ConfigurationException {
+ return getIDPPublicPath() + PVP2_ATTRIBUTEQUERY;
+ }
+
public String getIDPSSORedirectService() throws ConfigurationException {
return getIDPPublicPath() + PVP2_REDIRECT;
}
@@ -173,6 +187,14 @@ public class PVPConfiguration {
return props.getProperty(IDP_KEY_PASSASSERTION);
}
+ public String getIDPKeyAliasAssertionEncryption() {
+ return props.getProperty(IDP_KEYALIASASSERTION);
+ }
+
+ public String getIDPKeyPasswordAssertionEncryption() {
+ return props.getProperty(IDP_KEY_PASSASSERTION);
+ }
+
public String getIDPIssuerName() throws ConfigurationException {
if (moaIDVersion == null) {
@@ -226,7 +248,7 @@ public class PVPConfiguration {
public iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) {
try {
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(entityID);
+ IOAAuthParameters oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(entityID);
if (oaParam == null) {
Logger.warn("Online Application with ID " + entityID + " not found!");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java
new file mode 100644
index 000000000..69ca4e8f5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AssertionAttributeExtractorExeption extends PVP2Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -6459000942830951492L;
+
+ public AssertionAttributeExtractorExeption(String attributeName) {
+ super("Parse PVP2.1 assertion FAILED: Attribute " + attributeName
+ + " can not extract.", null);
+ }
+
+ public AssertionAttributeExtractorExeption(String messageId,
+ Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ public AssertionAttributeExtractorExeption() {
+ super("Parse PVP2.1 assertion FAILED. Interfederation not possible", null);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
new file mode 100644
index 000000000..fcd8472b1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AssertionValidationExeption extends PVP2Exception {
+
+ private static final long serialVersionUID = -3987805399122286259L;
+
+ public AssertionValidationExeption(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * @param string
+ * @param object
+ * @param e
+ */
+ public AssertionValidationExeption(String string, Object[] parameters,
+ Throwable e) {
+ super(string, parameters, e);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java
new file mode 100644
index 000000000..9008a7183
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AttributQueryException extends PVP2Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -4302422507173728748L;
+
+ public AttributQueryException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ public AttributQueryException(String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
new file mode 100644
index 000000000..204e1c2a5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+/**
+ * @author tlenz
+ *
+ */
+public class NOSLOServiceDescriptorException extends PVP2Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -3073730570511152661L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public NOSLOServiceDescriptorException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
index b5facde34..87e443930 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
@@ -22,10 +22,14 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+import org.opensaml.saml2.core.StatusCode;
+
public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException {
public NameIDFormatNotSupportedException(String nameIDFormat) {
super("pvp2.12", new Object[] {nameIDFormat});
+ statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI;
+
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
new file mode 100644
index 000000000..9f1b6168e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SLOException extends PVP2Exception {
+ private static final long serialVersionUID = -5284624715788385022L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public SLOException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ // TODO Auto-generated constructor stub
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
index 11054fd57..332caf967 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
@@ -1,4 +1,4 @@
-/*******************************************************************************
+/*
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
@@ -19,106 +19,96 @@
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
import java.io.Serializable;
-import org.opensaml.Configuration;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.impl.RequestAbstractTypeMarshaller;
-import org.opensaml.saml2.core.impl.RequestAbstractTypeUnmarshaller;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
-import org.opensaml.xml.io.UnmarshallingException;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.logging.Logger;
-public class MOARequest implements Serializable{
+/**
+ * @author tlenz
+ *
+ */
+public class InboundMessage implements InboundMessageInterface, Serializable{
private static final long serialVersionUID = 2395131650841669663L;
- private Element samlRequest;
+ private Element samlMessage = null;
private boolean verified = false;
private String entityID = null;
private String relayState = null;
- public MOARequest(RequestAbstractType request) {
- samlRequest = request.getDOM();
- }
-
- public RequestAbstractType getSamlRequest() {
- UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
- Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(samlRequest);
+
+ public EntityDescriptor getEntityMetadata() throws NoMetadataInformationException {
try {
- return (RequestAbstractType) unmashaller.unmarshall(samlRequest);
+ return MOAMetadataProvider.getInstance().getEntityDescriptor(this.entityID);
- } catch (UnmarshallingException e) {
- Logger.warn("AuthnRequest Unmarshaller error", e);
- return null;
- }
-
+ } catch (MetadataProviderException e) {
+ Logger.warn("No Metadata for EntitiyID " + entityID);
+ throw new NoMetadataInformationException();
+ }
}
-
-
/**
- * @return the relayState
+ * @param entitiyID the entitiyID to set
*/
- public String getRelayState() {
- return relayState;
+ public void setEntityID(String entitiyID) {
+ this.entityID = entitiyID;
}
-
+
+ public void setVerified(boolean verified) {
+ this.verified = verified;
+ }
+
/**
* @param relayState the relayState to set
*/
public void setRelayState(String relayState) {
this.relayState = relayState;
}
-
- public void setSamlRequest(RequestAbstractType request) {
- this.samlRequest = request.getDOM();
- }
-
- public boolean isVerified() {
- return verified;
- }
-
- public void setVerified(boolean verified) {
- this.verified = verified;
+
+ public void setSAMLMessage(Element msg) {
+ this.samlMessage = msg;
}
-
- public EntityDescriptor getEntityMetadata() throws NoMetadataInformationException {
-
- try {
- return MOAMetadataProvider.getInstance().getEntityDescriptor(this.entityID);
-
- } catch (MetadataProviderException e) {
- Logger.warn("No Metadata for EntitiyID " + entityID);
- throw new NoMetadataInformationException();
- }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getRelayState()
+ */
+ @Override
+ public String getRelayState() {
+ return relayState;
}
- /**
- * @return the entitiyID
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getEntityID()
*/
+ @Override
public String getEntityID() {
return entityID;
}
- /**
- * @param entitiyID the entitiyID to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#isVerified()
*/
- public void setEntityID(String entitiyID) {
- this.entityID = entitiyID;
+ @Override
+ public boolean isVerified() {
+ return verified;
}
-
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getInboundMessage()
+ */
+ @Override
+ public Element getInboundMessage() {
+ return samlMessage;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
new file mode 100644
index 000000000..60a6f069a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
+
+import org.w3c.dom.Element;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface InboundMessageInterface {
+
+ public String getRelayState();
+ public String getEntityID();
+ public boolean isVerified();
+ public Element getInboundMessage();
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
new file mode 100644
index 000000000..7679e74a6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
@@ -0,0 +1,66 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
+
+
+import org.opensaml.Configuration;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.signature.SignableXMLObject;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MOARequest extends InboundMessage{
+
+ private static final long serialVersionUID = 8613921176727607896L;
+
+ private String binding = null;
+
+ public MOARequest(SignableXMLObject inboundMessage, String binding) {
+ setSAMLMessage(inboundMessage.getDOM());
+ this.binding = binding;
+
+ }
+
+ public String getRequestBinding() {
+ return binding;
+ }
+
+ public SignableXMLObject getSamlRequest() {
+ UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
+ Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
+
+ try {
+ return (SignableXMLObject) unmashaller.unmarshall(getInboundMessage());
+
+ } catch (UnmarshallingException e) {
+ Logger.warn("AuthnRequest Unmarshaller error", e);
+ return null;
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
new file mode 100644
index 000000000..870273cf3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
@@ -0,0 +1,56 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
+
+import org.opensaml.Configuration;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MOAResponse extends InboundMessage {
+
+ private static final long serialVersionUID = -1133012928130138501L;
+
+ public MOAResponse(Response response) {
+ setSAMLMessage(response.getDOM());
+ }
+
+ public Response getResponse() {
+ UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
+ Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
+
+ try {
+ return (Response) unmashaller.unmarshall(getInboundMessage());
+
+ } catch (UnmarshallingException e) {
+ Logger.warn("AuthnResponse Unmarshaller error", e);
+ return null;
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index f2e3e7cb1..f29c0eaef 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -22,6 +22,7 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
+import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
@@ -33,7 +34,7 @@ import java.util.Timer;
import javax.xml.namespace.QName;
-import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
@@ -46,9 +47,15 @@ import org.opensaml.xml.XMLObject;
import org.opensaml.xml.parse.BasicParserPool;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.MetadataSignatureFilter;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -118,15 +125,15 @@ public class MOAMetadataProvider implements MetadataProvider {
}
}
- //load all PVP2 OAs form ConfigurationDatabase and
- //compare actually loaded Providers with configured PVP2 OAs
- List<OnlineApplication> oaList = ConfigurationDBRead
- .getAllActiveOnlineApplications();
-
//set Timestamp
Date oldTimeStamp = timestamp;
timestamp = new Date();
+ //load all PVP2 OAs form ConfigurationDatabase and
+ //compare actually loaded Providers with configured PVP2 OAs
+ List<OnlineApplication> oaList = ConfigurationDBRead
+ .getAllActiveOnlineApplications();
+
Iterator<OnlineApplication> oaIt = oaList.iterator();
while (oaIt.hasNext()) {
HTTPMetadataProvider httpProvider = null;
@@ -156,11 +163,14 @@ public class MOAMetadataProvider implements MetadataProvider {
} else if ( MiscUtil.isNotEmpty(metadataurl) &&
!providersinuse.containsKey(metadataurl) ) {
//PVP2 OA is new, add it to MOAMetadataProvider
+
Logger.info("Loading metadata for: " + oa.getFriendlyName());
httpProvider = createNewHTTPMetaDataProvider(
pvp2Config.getMetadataURL(),
pvp2Config.getCertificate(),
- oa.getFriendlyName());
+ oa.getFriendlyName(),
+ buildMetadataFilterChain(oa, pvp2Config.getMetadataURL(),
+ pvp2Config.getCertificate()));
if (httpProvider != null)
providersinuse.put(metadataurl, httpProvider);
@@ -266,7 +276,9 @@ public class MOAMetadataProvider implements MetadataProvider {
httpProvider = createNewHTTPMetaDataProvider(
metadataURL,
pvp2Config.getCertificate(),
- oa.getFriendlyName());
+ oa.getFriendlyName(),
+ buildMetadataFilterChain(oa, metadataURL,
+ pvp2Config.getCertificate()));
if (httpProvider != null)
providersinuse.put(metadataURL, httpProvider);
@@ -305,13 +317,45 @@ public class MOAMetadataProvider implements MetadataProvider {
timestamp = new Date();
}
- private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName) {
+ private MetadataFilterChain buildMetadataFilterChain(OnlineApplication oa, String metadataURL, byte[] certificate) throws CertificateException {
+ MetadataFilterChain filterChain = new MetadataFilterChain(metadataURL, certificate);
+
+ if (oa.isIsInterfederationIDP() != null && oa.isIsInterfederationIDP()) {
+ Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies");
+ filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oa.getType()));
+
+ }
+
+ return filterChain;
+ }
+
+ private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName, MetadataFilterChain filter) {
HTTPMetadataProvider httpProvider = null;
Timer timer= null;
-
- try {
+ MOAHttpClient httpClient = null;
+ try {
+ httpClient = new MOAHttpClient();
+
+ if (metadataURL.startsWith("https:")) {
+ try {
+ MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ AuthConfigurationProvider.getInstance().getCertstoreDirectory(),
+ AuthConfigurationProvider.getInstance().getTrustedCACertificates(),
+ null,
+ ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()),
+ AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking());
+
+ httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+ } catch (MOAHttpProtocolSocketFactoryException e) {
+ Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
+
+ }
+ }
+
timer = new Timer();
- httpProvider = new HTTPMetadataProvider(timer, new HttpClient(),
+ httpProvider = new HTTPMetadataProvider(timer, httpClient,
metadataURL);
httpProvider.setParserPool(new BasicParserPool());
httpProvider.setRequireValidMetadata(true);
@@ -319,10 +363,9 @@ public class MOAMetadataProvider implements MetadataProvider {
httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
//httpProvider.setRefreshDelayFactor(0.1F);
- // TODO: use proper SSL checking
-
- MetadataFilter filter = new MetadataSignatureFilter(
- metadataURL, certificate);
+ if (filter == null) {
+ filter = new MetadataFilterChain(metadataURL, certificate);
+ }
httpProvider.setMetadataFilter(filter);
httpProvider.initialize();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
index f5fc01b2c..303fc2924 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
@@ -30,11 +30,12 @@ import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry
import org.opensaml.saml2.core.ArtifactResolve;
import org.opensaml.saml2.core.ArtifactResponse;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.RequestDeniedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
@@ -42,18 +43,18 @@ import at.gv.egovernment.moa.logging.Logger;
public class ArtifactResolution implements IRequestHandler {
- public boolean handleObject(MOARequest obj) {
- return (obj.getSamlRequest() instanceof ArtifactResolve);
+ public boolean handleObject(InboundMessage obj) {
+ return (obj instanceof MOARequest &&
+ ((MOARequest)obj).getSamlRequest() instanceof ArtifactResolve);
}
- public SLOInformationInterface process(MOARequest obj, HttpServletRequest req,
- HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface process(InboundMessage obj, HttpServletRequest req,
+ HttpServletResponse resp, IAuthData authData) throws MOAIDException {
if (!handleObject(obj)) {
throw new MOAIDException("pvp2.13", null);
}
-
- ArtifactResolve artifactResolve = (ArtifactResolve) obj
- .getSamlRequest();
+
+ ArtifactResolve artifactResolve = (ArtifactResolve) ((MOARequest)obj).getSamlRequest();
String artifactID = artifactResolve.getArtifact().getArtifact();
PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 0e4cd679b..ca5210d21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -22,74 +22,55 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
-import java.util.ArrayList;
-import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.joda.time.DateTime;
-import org.opensaml.Configuration;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.EncryptedAssertion;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.encryption.Encrypter;
-import org.opensaml.saml2.encryption.Encrypter.KeyPlacement;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.security.MetadataCredentialResolver;
-import org.opensaml.security.MetadataCriteria;
import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.encryption.EncryptionException;
-import org.opensaml.xml.encryption.EncryptionParameters;
-import org.opensaml.xml.encryption.KeyEncryptionParameters;
-import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
-import org.opensaml.xml.security.x509.X509Credential;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
- public boolean handleObject(MOARequest obj) {
- return (obj.getSamlRequest() instanceof AuthnRequest);
+ public boolean handleObject(InboundMessage obj) {
+
+ return (obj instanceof MOARequest &&
+ ((MOARequest)obj).getSamlRequest() instanceof AuthnRequest);
}
- public SLOInformationInterface process(MOARequest obj, HttpServletRequest req,
- HttpServletResponse resp, AuthenticationSession authSession) throws MOAIDException {
+ public SLOInformationInterface process(InboundMessage obj, HttpServletRequest req,
+ HttpServletResponse resp, IAuthData authData) throws MOAIDException {
if (!handleObject(obj)) {
throw new MOAIDException("pvp2.13", null);
}
-
+
//get basic information
- AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest();
+ MOARequest moaRequest = (MOARequest) obj;
+ AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
EntityDescriptor peerEntity = obj.getEntityMetadata();
SPSSODescriptor spSSODescriptor = peerEntity
.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
@@ -118,91 +99,11 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
SLOInformationImpl sloInformation = new SLOInformationImpl();
//build Assertion
- Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession,
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authData,
peerEntity, date, consumerService, sloInformation);
- Response authResponse = SAML2Utils.createSAMLObject(Response.class);
-
- Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
-
- //change to entity value from entity name to IDP EntityID (URL)
- nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
- nissuer.setFormat(NameID.ENTITY);
- authResponse.setIssuer(nissuer);
- authResponse.setInResponseTo(authnRequest.getID());
-
- //set responseID
- String remoteSessionID = SAML2Utils.getSecureIdentifier();
- authResponse.setID(remoteSessionID);
-
-
- //SAML2 response required IssueInstant
- authResponse.setIssueInstant(date);
-
- authResponse.setStatus(SAML2Utils.getSuccessStatus());
-
- String oaURL = consumerService.getLocation();
-
- //check, if metadata includes an encryption key
- MetadataCredentialResolver mdCredResolver =
- new MetadataCredentialResolver(MOAMetadataProvider.getInstance());
-
- CriteriaSet criteriaSet = new CriteriaSet();
- criteriaSet.add( new EntityIDCriteria(obj.getSamlRequest().getIssuer().getValue()) );
- criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
- criteriaSet.add( new UsageCriteria(UsageType.ENCRYPTION) );
-
- X509Credential encryptionCredentials = null;
- try {
- encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet);
-
- } catch (SecurityException e2) {
- Logger.warn("Can not extract the Assertion Encryption-Key from metadata", e2);
- throw new InvalidAssertionEncryptionException();
-
- }
-
- boolean isEncryptionActive = AuthConfigurationProvider.getInstance().isPVP2AssertionEncryptionActive();
- if (encryptionCredentials != null && isEncryptionActive) {
- //encrypt SAML2 assertion
-
- try {
-
- EncryptionParameters dataEncParams = new EncryptionParameters();
- dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE);
-
- List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>();
- KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters();
-
- keyEncParam.setEncryptionCredential(encryptionCredentials);
- keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE);
- KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration()
- .getKeyInfoGeneratorManager().getDefaultManager()
- .getFactory(encryptionCredentials);
- keyEncParam.setKeyInfoGenerator(kigf.newInstance());
- keyEncParamList.add(keyEncParam);
-
- Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList);
- //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE);
- samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
-
- EncryptedAssertion encryptAssertion = null;
-
- encryptAssertion = samlEncrypter.encrypt(assertion);
-
- authResponse.getEncryptedAssertions().add(encryptAssertion);
-
- } catch (EncryptionException e1) {
- Logger.warn("Can not encrypt the PVP2 assertion", e1);
- throw new InvalidAssertionEncryptionException();
-
- }
-
- } else {
- authResponse.getAssertions().add(assertion);
-
- }
-
+ Response authResponse = AuthResponseBuilder.buildResponse(authnRequest, date, assertion);
+
IEncoder binding = null;
if (consumerService.getBinding().equals(
@@ -223,32 +124,21 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
if (binding == null) {
throw new BindingNotSupportedException(consumerService.getBinding());
}
-
+
try {
- binding.encodeRespone(req, resp, authResponse, oaURL, obj.getRelayState());
- // TODO add remoteSessionID to AuthSession ExternalPVPSessionStore
-
-// Logger logger = new Logger();
-// logger.debug("Redirect Binding Request = " + PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(authResponse)));
-
-
+ binding.encodeRespone(req, resp, authResponse,
+ consumerService.getLocation(), obj.getRelayState());
+
return sloInformation;
} catch (MessageEncodingException e) {
Logger.error("Message Encoding exception", e);
throw new MOAIDException("pvp2.01", null, e);
+
} catch (SecurityException e) {
Logger.error("Security exception", e);
throw new MOAIDException("pvp2.01", null, e);
-// } catch (TransformerException e) {
-// Logger.error("Security exception", e);
-// throw new MOAIDException("pvp2.01", null, e);
-// } catch (IOException e) {
-// Logger.error("Security exception", e);
-// throw new MOAIDException("pvp2.01", null, e);
-// } catch (MarshallingException e) {
-// Logger.error("Security exception", e);
-// throw new MOAIDException("pvp2.01", null, e);
+
}
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
index 6c4f460f1..d1ae0b202 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
@@ -25,14 +25,15 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
public interface IRequestHandler {
- public boolean handleObject(MOARequest obj);
+ public boolean handleObject(InboundMessage obj);
- public SLOInformationInterface process(MOARequest obj, HttpServletRequest req,
- HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException;
+ public SLOInformationInterface process(InboundMessage obj, HttpServletRequest req,
+ HttpServletResponse resp, IAuthData authData) throws MOAIDException;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
index 264802f09..5b9bf940d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -29,10 +29,12 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported;
public class RequestManager {
@@ -54,13 +56,13 @@ public class RequestManager {
handler.add(new ArtifactResolution());
}
- public SLOInformationInterface handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession)
+ public SLOInformationInterface handle(InboundMessage obj, HttpServletRequest req, HttpServletResponse resp, IAuthData authData)
throws SAMLRequestNotSupported, MOAIDException {
Iterator<IRequestHandler> it = handler.iterator();
while(it.hasNext()) {
IRequestHandler handler = it.next();
if(handler.handleObject(obj)) {
- return handler.process(obj, req, resp, moasession);
+ return handler.process(obj, req, resp, authData);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
index d95e21a0e..48e435777 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
@@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.KeyStoreUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
public class CredentialProvider {
@@ -86,7 +87,32 @@ public class CredentialProvider {
throw new CredentialsNotAvailableException(e.getMessage(), null);
}
}
-
+
+ public static X509Credential getIDPAssertionEncryptionCredential()
+ throws CredentialsNotAvailableException {
+ PVPConfiguration config = PVPConfiguration.getInstance();
+ try {
+ if (keyStore == null)
+ keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(),
+ config.getIDPKeyStorePassword());
+
+ //if no encryption key is configured return null
+ if (MiscUtil.isEmpty(config.getIDPKeyAliasAssertionEncryption()))
+ return null;
+
+ MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
+ keyStore, config.getIDPKeyAliasAssertionEncryption(), config
+ .getIDPKeyPasswordAssertionEncryption().toCharArray());
+
+ credentials.setUsageType(UsageType.ENCRYPTION);
+ return (X509Credential) credentials;
+ } catch (Exception e) {
+ Logger.error("Failed to generate IDP Assertion Encryption credentials");
+ e.printStackTrace();
+ throw new CredentialsNotAvailableException(e.getMessage(), null);
+ }
+ }
+
public static Signature getIDPSignature(Credential credentials) {
PrivateKey privatekey = credentials.getPrivateKey();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
new file mode 100644
index 000000000..61b481447
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -0,0 +1,111 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.util.List;
+
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.Subject;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class AssertionAttributeExtractor {
+
+ private Assertion assertion = null;
+
+ public AssertionAttributeExtractor(Response samlResponse) throws AssertionAttributeExtractorExeption {
+ if (samlResponse != null) {
+ if (samlResponse.getAssertions().size() == 0)
+ throw new AssertionAttributeExtractorExeption("Assertion");
+
+ else if (samlResponse.getAssertions().size() > 1)
+ Logger.warn("Found more then ONE PVP2.1 assertions. Only the First is used.");
+
+ assertion = samlResponse.getAssertions().get(0);
+
+ } else
+ throw new AssertionAttributeExtractorExeption();
+ }
+
+ public String getNameID() throws AssertionAttributeExtractorExeption {
+ if (assertion.getSubject() != null) {
+ Subject subject = assertion.getSubject();
+
+ if (subject.getNameID() != null) {
+ if (MiscUtil.isNotEmpty(subject.getNameID().getValue()))
+ return subject.getNameID().getValue();
+
+ else
+ Logger.error("SAML2 NameID Element is empty.");
+ }
+ }
+
+ throw new AssertionAttributeExtractorExeption("nameID");
+ }
+
+ public String getSessionIndex() throws AssertionAttributeExtractorExeption {
+ AuthnStatement authn = getAuthnStatement();
+
+ if (MiscUtil.isNotEmpty(authn.getSessionIndex()))
+ return authn.getSessionIndex();
+
+ else
+ throw new AssertionAttributeExtractorExeption("SessionIndex");
+ }
+
+ /**
+ * @return
+ * @throws AssertionAttributeExtractorExeption
+ */
+ public String getQAALevel() throws AssertionAttributeExtractorExeption {
+ AuthnStatement authn = getAuthnStatement();
+ if (authn.getAuthnContext() != null && authn.getAuthnContext().getAuthnContextClassRef() != null) {
+ AuthnContextClassRef qaaClass = authn.getAuthnContext().getAuthnContextClassRef();
+
+ if (MiscUtil.isNotEmpty(qaaClass.getAuthnContextClassRef()))
+ return qaaClass.getAuthnContextClassRef();
+
+ else
+ throw new AssertionAttributeExtractorExeption("AuthnContextClassRef (QAALevel)");
+ }
+
+ throw new AssertionAttributeExtractorExeption("AuthnContextClassRef");
+ }
+
+ private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption {
+ List<AuthnStatement> authnList = assertion.getAuthnStatements();
+ if (authnList.size() == 0)
+ throw new AssertionAttributeExtractorExeption("AuthnStatement");
+
+ else if (authnList.size() > 1)
+ Logger.warn("Found more then ONE AuthnStatements in PVP2.1 assertions. Only the First is used.");
+
+ return authnList.get(0);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java
deleted file mode 100644
index 666bfab3c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
-
-import java.util.Iterator;
-import java.util.List;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
-
-public class AttributeExtractor {
-
- public static String extractSAMLAttributeOA(String name,
- AuthenticationSession authSession) {
- List<ExtendedSAMLAttribute> extAttributes = authSession.getExtendedSAMLAttributesOA();
- if(extAttributes == null) {
- return null;
- }
- Iterator<ExtendedSAMLAttribute> extAttributesIt = extAttributes.iterator();
- while(extAttributesIt.hasNext()) {
- Object attr = extAttributesIt.next();
- if(attr instanceof ExtendedSAMLAttribute) {
- ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr;
- if(extAttribute.getName().equals(name)) {
- if(extAttribute.getValue() instanceof String) {
- return extAttribute.getValue().toString();
- }
- break;
- }
- }
- }
- return null;
- }
-
- public static String extractSAMLAttributeAUTH(String name,
- AuthenticationSession authSession) {
- List<ExtendedSAMLAttribute> extAttributes = authSession.getExtendedSAMLAttributesAUTH();
- if(extAttributes == null) {
- return null;
- }
- Iterator<ExtendedSAMLAttribute> extAttributesIt = extAttributes.iterator();
- while(extAttributesIt.hasNext()) {
- Object attr = extAttributesIt.next();
- if(attr instanceof ExtendedSAMLAttribute) {
- ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr;
- if(extAttribute.getName().equals(name)) {
- if(extAttribute.getValue() instanceof String) {
- return extAttribute.getValue().toString();
- }
- break;
- }
- }
- }
- return null;
- }
-
- public static String extractSAMLAttributeBOTH(String name,
- AuthenticationSession authSession) {
- String value = extractSAMLAttributeOA(name, authSession);
- if(value == null) {
- value = extractSAMLAttributeAUTH(name, authSession);
- }
- return value;
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
new file mode 100644
index 000000000..12de97a3f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.util.List;
+
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+import org.opensaml.ws.soap.client.BasicSOAPMessageContext;
+import org.opensaml.ws.soap.client.http.HttpClientBuilder;
+import org.opensaml.ws.soap.client.http.HttpSOAPClient;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.ws.soap.soap11.Body;
+import org.opensaml.ws.soap.soap11.Envelope;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.security.SecurityException;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOASAMLSOAPClient {
+
+ public static List<XMLObject> send(String destination, XMLObject payLoad) throws ConfigurationException, SOAPException, SecurityException {
+ //build SOAP request
+ BasicParserPool parserPool = new BasicParserPool();
+ parserPool.setNamespaceAware(true);
+
+ Envelope soapRequest = SAML2Utils.buildSOAP11Envelope(payLoad);
+
+ BasicSOAPMessageContext soapContext = new BasicSOAPMessageContext();
+ soapContext.setOutboundMessage(soapRequest);
+
+ HttpClientBuilder clientBuilder = new HttpClientBuilder();
+ if (destination.startsWith("https")) {
+ try {
+ SecureProtocolSocketFactory sslprotocolsocketfactory =
+ new MOAHttpProtocolSocketFactory(
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ AuthConfigurationProvider.getInstance().getCertstoreDirectory(),
+ AuthConfigurationProvider.getInstance().getTrustedCACertificates(),
+ null,
+ ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()),
+ AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking());
+ clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory );
+
+ } catch (MOAHttpProtocolSocketFactoryException e) {
+ Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
+
+ }
+ }
+
+ HttpSOAPClient soapClient = new HttpSOAPClient(clientBuilder.buildClient(), parserPool);
+
+ //send request to IDP
+ soapClient.send(destination, soapContext);
+
+ //parse response
+ Envelope soapResponse = (Envelope) soapContext.getInboundMessage();
+ Body soapBody = soapResponse.getBody();
+
+ return soapBody.getUnknownXMLObjects();
+
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
index b52e37e06..9d57c2bae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
@@ -38,6 +38,8 @@ import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.ws.soap.soap11.Body;
+import org.opensaml.ws.soap.soap11.Envelope;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.io.Marshaller;
@@ -115,4 +117,15 @@ public class SAML2Utils {
return 0;
}
+
+ public static Envelope buildSOAP11Envelope(XMLObject payload) {
+ XMLObjectBuilderFactory bf = Configuration.getBuilderFactory();
+ Envelope envelope = (Envelope) bf.getBuilder(Envelope.DEFAULT_ELEMENT_NAME).buildObject(Envelope.DEFAULT_ELEMENT_NAME);
+ Body body = (Body) bf.getBuilder(Body.DEFAULT_ELEMENT_NAME).buildObject(Body.DEFAULT_ELEMENT_NAME);
+
+ body.getUnknownXMLObjects().add(payload);
+ envelope.setBody(body);
+
+ return envelope;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index ac222ee54..fde453920 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -22,21 +22,59 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.EncryptedAssertion;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.encryption.Decrypter;
+import org.opensaml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.security.MetadataCriteria;
import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.encryption.ChainingEncryptedKeyResolver;
+import org.opensaml.xml.encryption.DecryptionException;
+import org.opensaml.xml.encryption.InlineEncryptedKeyResolver;
+import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.criteria.EntityIDCriteria;
import org.opensaml.xml.security.criteria.UsageCriteria;
+import org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver;
+import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.SignatureTrustEngine;
import org.opensaml.xml.validation.ValidationException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.logging.Logger;
+
public class SAMLVerificationEngine {
+
+ public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
+ if (msg instanceof MOARequest &&
+ ((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType)
+ verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
+
+ else
+ verifyResponse(((MOAResponse)msg).getResponse(), sigTrustEngine);
+
+ }
+
+
public void verifyResponse(Response samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
try {
@@ -48,7 +86,7 @@ public class SAMLVerificationEngine {
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
- criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
+ criteriaSet.add( new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
try {
@@ -86,4 +124,88 @@ public class SAMLVerificationEngine {
}
}
+ public static void validateAssertion(Response samlResp, boolean validateDestination) throws AssertionValidationExeption {
+ try {
+ if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
+ List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>();
+
+ if (validateDestination && !samlResp.getDestination().startsWith(
+ PVPConfiguration.getInstance().getIDPPublicPath())) {
+ Logger.warn("PVP 2.1 assertion destination does not match to IDP URL");
+ throw new AssertionValidationExeption("PVP 2.1 assertion destination does not match to IDP URL", null);
+
+ }
+
+ //check encrypted Assertion
+ List<EncryptedAssertion> encryAssertionList = samlResp.getEncryptedAssertions();
+ if (encryAssertionList != null && encryAssertionList.size() > 0) {
+ //decrypt assertions
+
+ Logger.debug("Found encryped assertion. Start decryption ...");
+
+ X509Credential authDecCredential = CredentialProvider.getIDPAssertionEncryptionCredential();
+
+ StaticKeyInfoCredentialResolver skicr =
+ new StaticKeyInfoCredentialResolver(authDecCredential);
+
+ ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver();
+ encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() );
+ encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() );
+ encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() );
+
+ Decrypter samlDecrypter =
+ new Decrypter(null, skicr, encryptedKeyResolver);
+
+ for (EncryptedAssertion encAssertion : encryAssertionList) {
+ saml2assertions.add(samlDecrypter.decrypt(encAssertion));
+
+ }
+
+ Logger.debug("Assertion decryption finished. ");
+
+ } else {
+ saml2assertions.addAll(samlResp.getAssertions());
+
+ }
+
+ for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) {
+
+ Conditions conditions = saml2assertion.getConditions();
+ DateTime notbefore = conditions.getNotBefore();
+ DateTime notafter = conditions.getNotOnOrAfter();
+ if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) {
+ Logger.warn("PVP2 Assertion is out of Date");
+ saml2assertions.remove(saml2assertion);
+
+ }
+ }
+
+ if (saml2assertions.isEmpty()) {
+ Logger.info("No valid PVP 2.1 assertion received.");
+ throw new AssertionValidationExeption("No valid PVP 2.1 assertion received.", null);
+ }
+
+ samlResp.getAssertions().clear();
+ samlResp.getEncryptedAssertions().clear();
+ samlResp.getAssertions().addAll(saml2assertions);
+
+ } else {
+ Logger.info("PVP 2.1 assertion includes an error. Receive errorcode "
+ + samlResp.getStatus().getStatusCode().getValue());
+ throw new AssertionValidationExeption("PVP 2.1 assertion includes an error. Receive errorcode "
+ + samlResp.getStatus().getStatusCode().getValue(), null);
+ }
+
+ } catch (CredentialsNotAvailableException e) {
+ Logger.warn("Assertion decrypt FAILED - No Credentials", e);
+ throw new AssertionValidationExeption("Assertion decrypt FAILED - No Credentials", null, e);
+
+ } catch (DecryptionException e) {
+ Logger.warn("Assertion decrypt FAILED.", e);
+ throw new AssertionValidationExeption("Assertion decrypt FAILED.", null, e);
+
+ } catch (ConfigurationException e) {
+ throw new AssertionValidationExeption("pvp.12", null, e);
+ }
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java
new file mode 100644
index 000000000..3d608fd6d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
+
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.xml.XMLObject;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationIDPType;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class InterfederatedIDPPublicServiceFilter implements MetadataFilter {
+
+ private String metadataURL;
+ private boolean isPublicService = false;
+
+ /**
+ *
+ */
+ public InterfederatedIDPPublicServiceFilter(String metadataURL, String oaType) {
+ Logger.debug("Add " + this.getClass().getName() + " to metadata policy");
+ this.metadataURL = metadataURL;
+
+ if (oaType.equals("businessService"))
+ this.isPublicService = false;
+ else
+ this.isPublicService = true;
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+ */
+ @Override
+ public void doFilter(XMLObject arg0) throws FilterException {
+
+ boolean metadatacheck = ValidationHelper.isPublicServiceAllowed(this.metadataURL);
+
+ if (isPublicService && isPublicService != metadatacheck) {
+ Logger.warn("Interfederated IDP " + metadataURL + " is configured " +
+ "as Public-Servic IDP but PublicService policy check FAILED.");
+ throw new FilterException("Interfederated IDP " + metadataURL + " is configured " +
+ "as Public-Servic IDP but PublicService policy check FAILED.");
+
+ }
+
+ Logger.info("Metadata PublicService policy check done OK");
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java
new file mode 100644
index 000000000..4e1d939ff
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
+
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.xml.XMLObject;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MetadataFilterChain implements MetadataFilter {
+
+ private List<MetadataFilter> filters = new ArrayList<MetadataFilter>();
+
+ /**
+ * @throws CertificateException
+ *
+ */
+ public MetadataFilterChain(String url, byte[] certificate) throws CertificateException {
+ addDefaultFilters(url, certificate);
+ }
+
+ public void addDefaultFilters(String url, byte[] certificate) throws CertificateException {
+ filters.add(new MetadataSignatureFilter(url, certificate));
+
+ }
+
+ /**
+ * @return the filter
+ */
+ public List<MetadataFilter> getFilters() {
+ return filters;
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+ */
+ @Override
+ public void doFilter(XMLObject arg0) throws FilterException {
+ for (MetadataFilter filter : filters) {
+ Logger.trace("Use MOAMetadatafilter " + filter.getClass().getName());
+ filter.doFilter(arg0);
+ }
+
+ }
+
+
+
+
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
index ed0cf9c62..0405fa114 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
@@ -20,7 +20,7 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
import iaik.x509.X509Certificate;
@@ -39,6 +39,7 @@ import org.opensaml.xml.security.x509.BasicX509Credential;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
import at.gv.egovernment.moa.logging.Logger;
public class MetadataSignatureFilter implements MetadataFilter {
@@ -151,9 +152,9 @@ public class MetadataSignatureFilter implements MetadataFilter {
ConfigurationDBUtils.closeSession();
- Logger.info("Metadata Filter done OK");
+ Logger.info("Metadata signature policy check done OK");
} catch (MOAIDException e) {
- e.printStackTrace();
+ Logger.warn("Metadata signature policy check FAILED.", e);
throw new FilterException(e);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 587ca04e7..67f780b3a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -27,32 +27,26 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.URLEncoder;
public class GetArtifactAction implements IAction {
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException {
+ HttpServletResponse httpResp, IAuthData obj) throws AuthenticationException {
String oaURL = (String) req.getOAURL();
- String target = (String) req.getTarget();
String sourceID = null;
if (req instanceof SAML1RequestImpl) {
@@ -61,42 +55,32 @@ public class GetArtifactAction implements IAction {
}
- try {
-
+ SAML1AuthenticationData authData;
+ if (obj instanceof SAML1AuthenticationData) {
+ authData = (SAML1AuthenticationData) obj;
- if (oaURL == null) {
- throw new WrongParametersException("StartAuthentication",
- PARAM_OA, "auth.12");
- }
-
- // check parameter
- if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("StartAuthentication",
- PARAM_OA, "auth.12");
-
- // TODO: Support Mandate MODE!
+ } else {
+ Logger.error("AuthDate is NOT of type SAML1AuthenticationData.");
+ throw new AuthenticationException("AuthDate is NOT of type SAML1AuthenticationData.", new Object[]{});
+ }
+
+ try {
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(oaURL);
-
- SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
-
- AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session,
- oaParam,
- target);
+ .getOnlineApplicationParameter(oaURL);
+ SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
+
// add other stork attributes to MOA assertion if available
- if(null != session.getStorkAttributes()) {
- List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(session.getStorkAttributes());
- session.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes);
- //produce MOA-Assertion and artifact
- AuthenticationServer.getInstance().getForeignAuthenticationData(session);
+ if(null != authData.getStorkAttributes()) {
+ List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(authData.getStorkAttributes());
+ authData.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes);
Logger.info("MOA assertion assembled and SAML Artifact generated.");
}
- String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData, sourceID);
+ String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID);
- if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) {
- String url = "RedirectServlet";
+ if (authData.isSsoSession()) {
+ String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet";
url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8"));
if (!oaParam.getBusinessService())
url = addURLParameter(url, PARAM_TARGET, URLEncoder.encode(oaParam.getTarget(), "UTF-8"));
@@ -125,7 +109,7 @@ public class GetArtifactAction implements IAction {
}
SLOInformationInterface sloInformation =
- new SLOInformationImpl(authData.getAssertionID(), null, req.requestedModule());
+ new SLOInformationImpl(authData.getAssertionID(), null, null, req.requestedModule());
return sloInformation;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index f622f4b94..66861afa3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -56,7 +56,6 @@ import org.w3c.dom.NodeList;
import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.util.Constants;
@@ -138,12 +137,9 @@ public class GetAuthenticationDataService implements Constants {
try {
- AuthenticationData authData = saml1server.getSaml1AuthenticationData(samlArtifact);
+ samlAssertion = saml1server.getSaml1AuthenticationData(samlArtifact);
-// useUTC = authData.getUseUTC();
-
// success
- samlAssertion = authData.getSamlAssertion();
statusCode = "samlp:Success";
statusMessageCode = "1200";
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
new file mode 100644
index 000000000..d48c0a9bb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
@@ -0,0 +1,177 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.protocols.saml1;
+
+import java.text.ParseException;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+
+/**
+ * Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+
+public class SAML1AuthenticationData extends AuthenticationData {
+ /**
+ *
+ */
+ private static final long serialVersionUID = -1042697056735596866L;
+/**
+ * major version number of the SAML assertion
+ */
+ private int majorVersion;
+ /**
+ * minor version number of the SAML assertion
+ */
+ private int minorVersion;
+ /**
+ * identifier for this assertion
+ */
+ private String assertionID;
+/**
+ * @return the majorVersion
+ */
+
+ private String samlAssertion = null;
+
+ private List<ExtendedSAMLAttribute> extendedSAMLAttributesOA;
+
+
+ public SAML1AuthenticationData() {
+ this.setMajorVersion(1);
+ this.setMinorVersion(0);
+ this.setAssertionID(Random.nextRandom());
+ }
+
+
+ //this method is only required for MOA-ID Proxy 2.0 Release.
+ //TODO: remove it, if MOA-ID Proxy is not supported anymore.
+ public String getWBPK() {
+ return getBPK();
+ }
+
+public int getMajorVersion() {
+ return majorVersion;
+}
+/**
+ * @param majorVersion the majorVersion to set
+ */
+public void setMajorVersion(int majorVersion) {
+ this.majorVersion = majorVersion;
+}
+/**
+ * @return the minorVersion
+ */
+public int getMinorVersion() {
+ return minorVersion;
+}
+/**
+ * @param minorVersion the minorVersion to set
+ */
+public void setMinorVersion(int minorVersion) {
+ this.minorVersion = minorVersion;
+}
+/**
+ * @return the assertionID
+ */
+public String getAssertionID() {
+ return assertionID;
+}
+/**
+ * @param assertionID the assertionID to set
+ */
+public void setAssertionID(String assertionID) {
+ this.assertionID = assertionID;
+}
+
+public void setIssueInstant(String date) {
+ try {
+ setIssueInstant(DateTimeUtils.parseDateTime(date));
+
+ } catch (ParseException e) {
+ Logger.error("Parse IssueInstant element FAILED.", e);
+
+ }
+}
+
+/**
+ * @return the samlAssertion
+ */
+public String getSamlAssertion() {
+ return samlAssertion;
+}
+
+/**
+ * @param samlAssertion the samlAssertion to set
+ */
+public void setSamlAssertion(String samlAssertion) {
+ this.samlAssertion = samlAssertion;
+}
+
+/**
+ * @return the extendedSAMLAttributesOA
+ */
+public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesOA() {
+ return extendedSAMLAttributesOA;
+}
+
+/**
+ * @param extendedSAMLAttributesOA the extendedSAMLAttributesOA to set
+ */
+public void setExtendedSAMLAttributesOA(
+ List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) {
+ this.extendedSAMLAttributesOA = extendedSAMLAttributesOA;
+}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 6391860ff..52b9b40ab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -23,7 +23,6 @@
package at.gv.egovernment.moa.id.protocols.saml1;
import java.io.IOException;
-import java.util.Date;
import java.util.List;
import javax.xml.parsers.ParserConfigurationException;
@@ -116,7 +115,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
*
* @return <code>AuthenticationData</code>
*/
- public AuthenticationData getSaml1AuthenticationData(String samlArtifact)
+ public String getSaml1AuthenticationData(String samlArtifact)
throws AuthenticationException {
try {
new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
@@ -125,13 +124,13 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
throw new AuthenticationException("1205", new Object[] {
samlArtifact, ex.toString() });
}
- AuthenticationData authData = null;
+ String authData = null;
synchronized (authenticationDataStore) {
// System.out.println("assertionHandle: " + assertionHandle);
try {
authData = authenticationDataStore
- .get(samlArtifact, AuthenticationData.class);
+ .get(samlArtifact, String.class, authDataTimeOut);
} catch (MOADatabaseException e) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
@@ -140,12 +139,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
authenticationDataStore.remove(samlArtifact);
-
- long now = new Date().getTime();
-
- if (now - authData.getTimestamp().getTime() > authDataTimeOut)
- throw new AuthenticationException("1207", new Object[] { samlArtifact });
-
+
Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
return authData;
@@ -163,9 +157,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
return samlArtifact;
}
- public String BuildSAMLArtifact(AuthenticationSession session,
- OAAuthParameter oaParam,
- AuthenticationData authData, String sourceID)
+ public String BuildSAMLArtifact(OAAuthParameter oaParam,
+ SAML1AuthenticationData authData, String sourceID)
throws ConfigurationException, BuildException, AuthenticationException {
//Load SAML1 Parameter from OA config
@@ -179,7 +172,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
//set BASE64 encoded signer certificate
String signerCertificateBase64 = "";
if (saml1parameter.isProvideCertificate()) {
- byte[] signerCertificate = session.getEncodedSignerCertificate();
+ byte[] signerCertificate = authData.getSignerCertificate();
if (signerCertificate != null) {
signerCertificateBase64 = Base64Utils
@@ -195,41 +188,31 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
provideStammzahl);
//set Authblock
- String authBlock = saml1parameter.isProvideAUTHBlock() ? session
+ String authBlock = saml1parameter.isProvideAUTHBlock() ? authData
.getAuthBlock() : "";
//set IdentityLink for assortion
String ilAssertion = "";
if (saml1parameter.isProvideIdentityLink()) {
- if (oaParam.getBusinessService()) {
- //IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
-
-// Element resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink()
-// .getSamlAssertion());
-//
-// ilAssertion = DOMUtils.serializeNode(resignedilAssertion);
+ ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
- } else {
- ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
-
- if (!saml1parameter.isProvideStammzahl())
- ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink()
- .getIdentificationValue(), "");
-
- }
+ if (!saml1parameter.isProvideStammzahl())
+ ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink()
+ .getIdentificationValue(), "");
}
+
String samlAssertion;
- if (session.getUseMandate()) {
- List<ExtendedSAMLAttribute> oaAttributes = session.getExtendedSAMLAttributesOA();
+ if (authData.isUseMandate()) {
+ List<ExtendedSAMLAttribute> oaAttributes = authData.getExtendedSAMLAttributesOA();
if (saml1parameter.isProvideFullMandatorData()) {
try {
ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes(
- session.getMISMandate(), oaParam.getBusinessService(),
+ authData.getMISMandate(), oaParam.getBusinessService(),
saml1parameter.isProvideStammzahl());
if (extendedSAMLAttributes != null) {
@@ -293,7 +276,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
}
- String mandateDate = generateMandateDate(session, oaParam, authData);
+ String mandateDate = generateMandateDate(oaParam, authData);
samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate(
authData,
@@ -301,7 +284,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
mandateDate,
authBlock,
ilAssertion,
- session.getBkuURL(),
+ authData.getBkuURL(),
signerCertificateBase64,
oaParam.getBusinessService(),
oaAttributes,
@@ -314,24 +297,23 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
prPerson,
authBlock,
ilAssertion,
- session.getBkuURL(),
+ authData.getBkuURL(),
signerCertificateBase64,
oaParam.getBusinessService(),
- session.getExtendedSAMLAttributesOA(),
+ authData.getExtendedSAMLAttributesOA(),
useCondition,
conditionLength);
}
- authData.setSamlAssertion(samlAssertion);
+ //authData.setSamlAssertion(samlAssertion);
String samlArtifact = new SAMLArtifactBuilder().build(
- session.getAuthURL(), Random.nextRandom(),
+ authData.getIssuer(), Random.nextRandom(),
sourceID);
- storeAuthenticationData(samlArtifact, authData);
+ storeAuthenticationData(samlArtifact, samlAssertion);
- Logger.info("Anmeldedaten zu MOASession " + session.getSessionID()
- + " angelegt, SAML Artifakt " + samlArtifact);
+ Logger.info("Anmeldedaten angelegt, SAML Artifakt " + samlArtifact);
return samlArtifact;
} catch (Throwable ex) {
@@ -341,21 +323,20 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
- private String generateMandateDate(AuthenticationSession session,
- OAAuthParameter oaParam, AuthenticationData authData
+ private String generateMandateDate(OAAuthParameter oaParam, AuthenticationData authData
) throws AuthenticationException, BuildException,
ParseException, ConfigurationException, ServiceException,
ValidateException {
- if (session == null)
+ if (authData == null)
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
IdentityLink tempIdentityLink = null;
- Element mandate = session.getMandate();
+ Element mandate = authData.getMandate();
- if (session.getUseMandate()) {
+ if (authData.isUseMandate()) {
tempIdentityLink = new IdentityLink();
Element mandator = ParepUtils.extractMandator(mandate);
String dateOfBirth = "";
@@ -432,7 +413,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
String oatargetType;
if(oaParam.getBusinessService()) {
- oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier();
+ if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+ oatargetType = oaParam.getIdentityLinkDomainIdentifier();
+ else
+ oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+oaParam.getIdentityLinkDomainIdentifier();
} else {
oatargetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
@@ -509,7 +493,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
* when SAML artifact is invalid
*/
private void storeAuthenticationData(String samlArtifact,
- AuthenticationData authData) throws AuthenticationException {
+ String samlAssertion) throws AuthenticationException {
try {
SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact);
@@ -523,7 +507,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
synchronized (authenticationDataStore) {
Logger.debug("Assertion stored for SAML Artifact: "
+ samlArtifact);
- authenticationDataStore.put(samlArtifact, authData);
+ authenticationDataStore.put(samlArtifact, samlAssertion);
}
} catch (AuthenticationException ex) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index b6a2ac0b6..dafcb9987 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -23,12 +23,15 @@
package at.gv.egovernment.moa.id.protocols.saml1;
import java.util.HashMap;
+import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import edu.emory.mathcs.backport.java.util.Arrays;
+
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -41,7 +44,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -54,8 +57,23 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
public static final String GETARTIFACT = "GetArtifact";
- private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+ @SuppressWarnings("unchecked")
+ public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
+ new String[] {
+ PVPConstants.BPK_NAME,
+ PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME,
+ PVPConstants.GIVEN_NAME_NAME,
+ PVPConstants.PRINCIPAL_NAME_NAME,
+ PVPConstants.BIRTHDATE_NAME,
+ PVPConstants.EID_CCS_URL_NAME,
+ PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME,
+ PVPConstants.EID_IDENTITY_LINK_NAME,
+ PVPConstants.EID_SOURCE_PIN_NAME,
+ PVPConstants.EID_SOURCE_PIN_TYPE_NAME
+ });
+ private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+
static {
actions.put(GETARTIFACT, new GetArtifactAction());
@@ -139,12 +157,9 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
new Object[] { oaURL });
}
- config.setSourceID(sourceID);
-
+ config.setSourceID(sourceID);
config.setTarget(oaParam.getTarget());
-
-// request.getSession().setAttribute(PARAM_OA, oaURL);
-// request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget());
+
return config;
}
@@ -157,7 +172,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest);
- String url = "RedirectServlet";
+ String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet";
url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8"));
url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
url = response.encodeRedirectURL(url);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
index 72adfe0e7..9bf88534f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
@@ -22,7 +22,19 @@
*/
package at.gv.egovernment.moa.id.protocols.saml1;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
+import at.gv.egovernment.moa.logging.Logger;
/**
* @author tlenz
@@ -48,4 +60,37 @@ public class SAML1RequestImpl extends RequestImpl {
this.sourceID = sourceID;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+
+ List<String> reqAttr = new ArrayList<String>();
+ reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION);
+
+ try {
+ OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL());
+ OASAML1 saml1 = oa.getSAML1Parameter();
+ if (saml1 != null) {
+ if (saml1.isProvideAUTHBlock())
+ reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME);
+
+ if (saml1.isProvideCertificate())
+ reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME);
+
+ if (saml1.isProvideFullMandatorData())
+ reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME);
+ }
+
+ return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.iterator());
+
+ } catch (ConfigurationException e) {
+ Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
+ return null;
+ }
+
+
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 68a891fcd..b9f01ca9f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -9,6 +9,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -42,7 +43,7 @@ public class AttributeCollector implements IAction {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession)
*/
- public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
// - fetch the container
String artifactId = (String) httpReq.getParameter(ARTIFACT_ID);
@@ -103,7 +104,7 @@ public class AttributeCollector implements IAction {
// read configuration parameters of OA
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(container.getRequest().getAssertionConsumerServiceURL());
if (oaParam == null)
- throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
+ throw new AuthenticationException("stork.12", new Object[]{container.getRequest().getAssertionConsumerServiceURL()});
// find the attribute provider plugin that can handle the response
IPersonalAttributeList newAttributes = null;
@@ -129,10 +130,10 @@ public class AttributeCollector implements IAction {
addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes);
// see if we need some more attributes
- SLOInformationImpl sloInfo = (SLOInformationImpl) processRequest(container, httpReq, httpResp, moasession, oaParam);
+ SLOInformationImpl sloInfo = (SLOInformationImpl) processRequest(container, httpReq, httpResp, authData, oaParam);
if (sloInfo == null) {
- sloInfo = new SLOInformationImpl(null, null, req.requestedModule());
+ sloInfo = new SLOInformationImpl(null, null, null, req.requestedModule());
}
return sloInfo;
@@ -147,7 +148,7 @@ public class AttributeCollector implements IAction {
* @return the string
* @throws MOAIDException
*/
- public SLOInformationInterface processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException {
+ public SLOInformationInterface processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, IAuthData authData, OAAuthParameter oaParam) throws MOAIDException {
// check if there are attributes we need to fetch
IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList();
@@ -179,7 +180,7 @@ public class AttributeCollector implements IAction {
try {
// - hand over control to the suitable plugin
Logger.info(currentProvider.getClass().getSimpleName() + " called to handle attribute '" + currentAttribute.getName() + "'");
- aquiredAttributes = currentProvider.acquire(currentAttribute, container.getRequest().getSpCountry(), moasession);
+ aquiredAttributes = currentProvider.acquire(currentAttribute, container.getRequest().getSpCountry(), authData);
Logger.info(currentProvider.getClass().getSimpleName() + " can handle attribute '" + currentAttribute.getName() + "'");
break;
} catch (UnsupportedAttributeException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java
index 2914d8f7d..b1eb3a021 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java
@@ -6,6 +6,7 @@ import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PersonalAttribute;
@@ -23,13 +24,13 @@ public interface AttributeProvider {
*
* @param attributes the list of attributes to be acquired
* @param spCountyCode the sp county code
- * @param moasession the moasession
+ * @param authData the moasession
* @return the personal attribute
* @throws UnsupportedAttributeException the unsupported attribute exception
* @throws ExternalAttributeRequestRequiredException an attribute request to an external service has to be done
* @throws MOAIDException the mOAID exception
*/
- public IPersonalAttributeList acquire(PersonalAttribute attributes, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException;
+ public IPersonalAttributeList acquire(PersonalAttribute attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException;
/**
* Perform redirect.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 110ef327f..0312f776b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -5,7 +5,9 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -43,13 +45,13 @@ public class AuthenticationRequest implements IAction {
private VelocityEngine velocityEngine;
- private AuthenticationSession moaSession = null;
+ private IAuthData authData = null;
private MOASTORKRequest moaStorkRequest = null;
- public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
- this.moaSession = moasession;
+ this.authData = authData;
if ((req instanceof MOASTORKRequest) && ((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("AT")) {
@@ -58,9 +60,10 @@ public class AuthenticationRequest implements IAction {
Logger.debug("Entering MOASTORKRequest");
httpResp.reset();
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+ //TODO: CHECK: req.getOAURL() should return the unique OA identifier
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL());
if (oaParam == null)
- throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
+ throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
MOASTORKResponse moaStorkResponse = new MOASTORKResponse();
@@ -86,7 +89,7 @@ public class AuthenticationRequest implements IAction {
// }
// Get personal attributtes from MOA/IdentityLink
- moaStorkResponse.setPersonalAttributeList(populateAttributes());
+ moaStorkResponse.setPersonalAttributeList(populateAttributes(oaParam));
}
//moaStorkResponse.setCountry(moaStorkRequest.getSpCountry());
@@ -107,7 +110,7 @@ public class AuthenticationRequest implements IAction {
Logger.debug("Data container prepared");
- return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam);
+ return (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam);
}
// check if we are getting request for citizen of some other country
else if (req instanceof MOASTORKRequest) {
@@ -398,16 +401,16 @@ public class AuthenticationRequest implements IAction {
// does nothing
- public void mandate(AuthenticationSession moasession) {
+ public void mandate(IAuthData authData) {
- if (moasession.getUseMandate()) {
+ if (authData.isUseMandate()) {
try {
- MISMandate mandate = moasession.getMISMandate();
+ MISMandate mandate = authData.getMISMandate();
String owbpk = mandate.getOWbPK();
byte[] mand = mandate.getMandate();
String profprep = mandate.getProfRep();
//String textdesc = mandate.getTextualDescriptionOfOID();
- Element mndt = moasession.getMandate();
+ Element mndt = authData.getMandate();
iterate(mndt.getAttributes());
Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand)));
@@ -419,14 +422,14 @@ public class AuthenticationRequest implements IAction {
}
- public PersonalAttributeList populateAttributes() {
+ public PersonalAttributeList populateAttributes(IOAAuthParameters oaParam) {
IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList();
Logger.info("Found " + attrLst.size() + " personal attributes in the request.");
// Define attribute list to be populated
PersonalAttributeList attributeList = new PersonalAttributeList();
- MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkRequest);
+ MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData.getIdentityLink(), moaStorkRequest);
try {
for (PersonalAttribute personalAttribute : attrLst) {
@@ -437,10 +440,8 @@ public class AuthenticationRequest implements IAction {
Logger.error("Exception, attributes: " + e.getMessage());
}
- Logger.debug("AUTHBLOCK " + moaSession.getAuthBlock());
- Logger.debug("TARGET " + moaSession.getTarget() + " " + moaSession.getTargetFriendlyName());
- Logger.debug("SESSION IDENTIFIER " + moaSession.getCcc() + " " + moaSession.getDomainIdentifier());
- Logger.debug("AUTHBLOCKTOKKEN" + moaSession.getAuthBlockTokken());
+ Logger.debug("AUTHBLOCK " + authData.getAuthBlock());
+ Logger.debug("SESSION IDENTIFIER " + authData.getCcc() + " " + oaParam.getIdentityLinkDomainIdentifier());
return attributeList;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index a08872029..d827e73cf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -7,7 +7,8 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -41,7 +42,7 @@ public class ConsentEvaluator implements IAction {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession)
*/
- public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
// - fetch the container
String artifactId = (String) httpReq.getParameter(ARTIFACT_ID);
@@ -77,7 +78,7 @@ public class ConsentEvaluator implements IAction {
* @return the string
* @throws MOAIDException the mOAID exception
*/
- public String requestConsent(DataContainer container, HttpServletResponse response, OAAuthParameter oaParam) throws MOAIDException {
+ public String requestConsent(DataContainer container, HttpServletResponse response, IOAAuthParameters oaParam) throws MOAIDException {
// prepare redirect
String newArtifactId;
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
index 370182e71..e7b5ebae4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
@@ -22,6 +22,7 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PersonalAttribute;
@@ -54,7 +55,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute)
*/
- public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, AuthenticationSession moasession)
+ public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData)
throws UnsupportedAttributeException,
ExternalAttributeRequestRequiredException, MOAIDException {
@@ -97,7 +98,9 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
requestBodyElem.addAttribute(envelope.createName("xmlns"), "http://gesundheit.gv.at/BAGDAD/DataAccessService");
SOAPElement requestBodyElem1 = requestBodyElem.addChildElement("bPK");
- requestBodyElem1.addTextNode(new BPKBuilder().buildBPK(moasession.getIdentityLink().getIdentificationValue(), "GH"));
+
+ //TODO: CHECK: IdentificationValue containts wbPK if MOA-ID is used as VIDP
+ requestBodyElem1.addTextNode(new BPKBuilder().buildBPK(authData.getIdentificationValue(), "GH"));
requestMessage.saveChanges();
@@ -193,7 +196,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
// add stork id for verification
ArrayList<String> value = new ArrayList<String>();
- value.add(new BPKBuilder().buildStorkeIdentifier(moasession.getIdentityLink(), spCountryCode));
+ value.add(new BPKBuilder().buildStorkeIdentifier(authData.getIdentityLink(), spCountryCode));
result.add(new PersonalAttribute("eIdentifier", false, value, "Available"));
return result;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
index a5a91fa55..d7927a917 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
@@ -1,8 +1,11 @@
package at.gv.egovernment.moa.id.protocols.stork2;
-import java.io.Serializable;
+import java.util.List;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
@@ -14,7 +17,7 @@ import eu.stork.peps.auth.commons.STORKAuthnResponse;
*
* @author bsuzic
*/
-public class MOASTORKRequest implements IRequest, Serializable {
+public class MOASTORKRequest extends RequestImpl {
/** The Constant serialVersionUID. */
private static final long serialVersionUID = 4581953368724501376L;
@@ -22,15 +25,6 @@ public class MOASTORKRequest implements IRequest, Serializable {
/** The request id. */
private String requestID;
- /** The target. */
- private String target = null;
-
- /** The module. */
- String module = null;
-
- /** The action. */
- String action = null;
-
/** The stork authn request. */
private STORKAuthnRequest storkAuthnRequest;
@@ -128,41 +122,6 @@ public class MOASTORKRequest implements IRequest, Serializable {
}
/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule()
- */
- public String requestedModule() {
- return this.module;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedAction()
- */
- public String requestedAction() {
- return action;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IRequest#setModule(java.lang.String)
- */
- public void setModule(String module) {
- this.module = module;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IRequest#setAction(java.lang.String)
- */
- public void setAction(String action) {
- this.action = action;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IRequest#getTarget()
- */
- public String getTarget() {
- return this.target;
- }
-
- /* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IRequest#setRequestID(java.lang.String)
*/
public void setRequestID(String id) {
@@ -211,4 +170,31 @@ public class MOASTORKRequest implements IRequest, Serializable {
else
return this.storkAuthnRequest.getAssertionConsumerServiceURL();
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedIDP()
+ */
+ @Override
+ public String getRequestedIDP() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#getInterfederationResponse()
+ */
+ @Override
+ public MOAResponse getInterfederationResponse() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
index 7d9e20cd0..2cd0e1d57 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
@@ -1,6 +1,7 @@
package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PersonalAttributeList;
@@ -8,13 +9,16 @@ import eu.stork.peps.auth.commons.STORKAttrQueryResponse;
import eu.stork.peps.auth.commons.STORKAuthnResponse;
import java.io.Serializable;
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
/**
* Implements MOA request and stores StorkAuthn/Attr-Request related data.
*
* @author bsuzic
*/
-public class MOASTORKResponse implements IRequest, Serializable {
+public class MOASTORKResponse extends RequestImpl {
/**
* The Constant serialVersionUID.
@@ -257,5 +261,14 @@ public class MOASTORKResponse implements IRequest, Serializable {
this.action = action;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
index cae5e698b..8616b0430 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
@@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -45,7 +46,7 @@ public class MandateAttributeRequestProvider implements AttributeProvider {
return "MandateAttributeRequestProvider";
}
- public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
+ public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
Logger.info("Acquiring attribute: " + attribute.getName() + ", by: " + getAttrProviderName());
this.spCountryCode = spCountryCode;
requestedAttributes = new PersonalAttributeList(1);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
index 0d0391e3c..a4257c387 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
@@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -29,28 +30,26 @@ import javax.xml.namespace.QName;
import java.io.StringWriter;
import java.math.BigInteger;
import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
/**
*
*/
public class MandateRetrievalRequest implements IAction {
- private AuthenticationSession moaSession;
+ private IAuthData authData;
private MOASTORKRequest moaStorkRequest;
- public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
Logger.debug("Entering AttributeRequest for MandateProvider");
httpResp.reset();
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL());
if (oaParam == null)
- throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
+ throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
MOASTORKResponse moaStorkResponse = new MOASTORKResponse();
STORKAttrQueryResponse attrResponse = new STORKAttrQueryResponse();
- this.moaSession = moasession;
+ this.authData = authData;
if ((req instanceof MOASTORKRequest)) {
this.moaStorkRequest = (MOASTORKRequest) req;
@@ -64,10 +63,10 @@ public class MandateRetrievalRequest implements IAction {
MandateContainer mandateContainer = null;
try {
- mandateContainer = new CorporateBodyMandateContainer(new String(moaSession.getMISMandate().getMandate(), "UTF-8"));
+ mandateContainer = new CorporateBodyMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8"));
} catch (Exception ex) {
try {
- mandateContainer = new PhyPersonMandateContainer(new String(moaSession.getMISMandate().getMandate(), "UTF-8"));
+ mandateContainer = new PhyPersonMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8"));
} catch (Exception ex2) {
Logger.error("Could not extract data and create mandate container.");
throw new MOAIDException("stork.16", new Object[] {}); // TODO
@@ -213,11 +212,11 @@ public class MandateRetrievalRequest implements IAction {
MandateContainer mc = null;
try {
- mc = new CorporateBodyMandateContainer(new String(moaSession.getMISMandate().getMandate(), "UTF-8"));
+ mc = new CorporateBodyMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8"));
} catch (Exception ex) {
Logger.error("CORPORATE ERROR");
try {
- mc = new PhyPersonMandateContainer(new String(moaSession.getMISMandate().getMandate(), "UTF-8"));
+ mc = new PhyPersonMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8"));
} catch (Exception ex2) {
Logger.error("PERSON ERROR");
}
@@ -351,6 +350,4 @@ public class MandateRetrievalRequest implements IAction {
public String getDefaultActionName() {
return STORKProtocol.MANDATERETRIEVALREQUEST;
}
-
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index e93a7ec87..ed9c45126 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -147,6 +147,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
STORK2Request.setSTORKAuthnRequest(authnRequest);
STORK2Request.setSTORKAttrRequest(attrRequest);
+
return STORK2Request;
} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java
index 89eb07815..e522627be 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java
@@ -16,6 +16,7 @@ import org.apache.velocity.app.VelocityEngine;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
@@ -56,7 +57,7 @@ public class SignedDocAttributeRequestProvider implements AttributeProvider {
* at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java
* .lang.String)
*/
- public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException,
+ public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException,
ExternalAttributeRequestRequiredException {
if(!attributes.contains(attribute.getName())) {
throw new UnsupportedAttributeException();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java
index c0e613b82..3999451cc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java
@@ -11,6 +11,7 @@ import org.apache.velocity.app.VelocityEngine;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -55,7 +56,7 @@ public class StorkAttributeRequestProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String)
*/
- public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession)
+ public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, IAuthData authData)
throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException {
if (!attributes.contains(attribute.getName()))
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
index 34add9895..f094dfabf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
@@ -54,6 +54,7 @@ import java.util.Map;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.URLEncoder;
@@ -78,7 +79,7 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
*/
public Map getAuthenticationHeaders(
OAConfiguration oaConf,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress,
boolean businessService,
String publicURLPrefix) {
@@ -116,7 +117,7 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
*/
public Map getAuthenticationParameters(
OAConfiguration oaConf,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress,
boolean businessService,
String publicURLPrefix) {
@@ -149,13 +150,13 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
* @param clientIPAddress client IP address
* @return header or parameter value resolved; <code>null</code> if unknown name is given
*/
- private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) {
+ private static String resolveValue(String predicate, SAML1AuthenticationData authData, String clientIPAddress) {
if (predicate.equals(MOAGivenName))
return authData.getGivenName();
if (predicate.equals(MOAFamilyName))
return authData.getFamilyName();
if (predicate.equals(MOADateOfBirth))
- return authData.getDateOfBirth();
+ return authData.getFormatedDateOfBirth();
if (predicate.equals(MOABPK))
return authData.getBPK();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
index cd751b7ee..d432f8c41 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
@@ -50,6 +50,7 @@ import java.util.Map;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
/**
* Determines authentication parameters and headers to be added to a {@link java.net.URLConnection}
@@ -102,7 +103,7 @@ public interface LoginParameterResolver {
*/
public Map getAuthenticationHeaders(
OAConfiguration oaConf,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress,
boolean businessService,
String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException;
@@ -122,7 +123,7 @@ public interface LoginParameterResolver {
*/
public Map getAuthenticationParameters(
OAConfiguration oaConf,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress,
boolean businessService,
String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
index 9f3de08aa..a5c632077 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
@@ -77,6 +77,7 @@ import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
@@ -373,7 +374,7 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
*/
public Map getAuthenticationHeaders(
OAConfiguration oaConf,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress,
boolean businessService,
String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException {
@@ -447,7 +448,7 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
*/
public Map getAuthenticationParameters(
OAConfiguration oaConf,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress,
boolean businessService,
String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException {
@@ -511,14 +512,14 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
*/
private static String resolveValue(
String predicate,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress) {
if (predicate.equals("MOAGivenName"))
return authData.getGivenName();
if (predicate.equals("MOAFamilyName"))
return authData.getFamilyName();
if (predicate.equals("MOADateOfBirth"))
- return authData.getDateOfBirth();
+ return authData.getFormatedDateOfBirth();
if (predicate.equals("MOABPK"))
return authData.getBPK();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
index 2760a736b..740421024 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
@@ -48,10 +48,12 @@ package at.gv.egovernment.moa.id.proxy;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import java.io.IOException;
import java.util.*;
+
import org.apache.xerces.parsers.DOMParser;
import org.w3c.dom.*;
@@ -196,7 +198,7 @@ public class XMLLoginParameterResolverPlainData
}
//TODO document
- public Map getAuthenticationHeaders(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws NotAllowedException
+ public Map getAuthenticationHeaders(OAConfiguration oaConf, SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws NotAllowedException
{
Map result = new HashMap();
if(oaConf.getAuthType().equals("basic"))
@@ -318,7 +320,7 @@ public class XMLLoginParameterResolverPlainData
return result;
}
- public Map getAuthenticationParameters(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix)
+ public Map getAuthenticationParameters(OAConfiguration oaConf, SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix)
{
Map result = new HashMap();
if(oaConf.getAuthType().equals("param"))
@@ -336,14 +338,14 @@ public class XMLLoginParameterResolverPlainData
return result;
}
- private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress)
+ private static String resolveValue(String predicate, SAML1AuthenticationData authData, String clientIPAddress)
{
if(predicate.equals(MOAGivenName))
return authData.getGivenName();
if(predicate.equals(MOAFamilyName))
return authData.getFamilyName();
if(predicate.equals(MOADateOfBirth))
- return authData.getDateOfBirth();
+ return authData.getFormatedDateOfBirth();
if(predicate.equals(MOABPK))
return authData.getBPK();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
index 0ef2077a3..26da33e34 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
@@ -68,6 +68,7 @@ import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.data.SAMLStatus;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
import at.gv.egovernment.moa.id.proxy.servlet.ProxyException;
@@ -107,7 +108,7 @@ public class GetAuthenticationDataInvoker {
* @return AuthenticationData
* @throws MOAIDException
*/
- public AuthenticationData getAuthenticationData(String samlArtifact)
+ public SAML1AuthenticationData getAuthenticationData(String samlArtifact)
throws MOAIDException {
ConnectionParameter authConnParam =
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
index 35f72d36d..ebda8dae0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
@@ -50,6 +50,7 @@ import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -147,11 +148,11 @@ public class AuthenticationDataAssertionParser implements Constants {
* @return <code>AuthenticationData</code> object
* @throws ParseException on any error
*/
- public AuthenticationData parseAuthenticationData()
+ public SAML1AuthenticationData parseAuthenticationData()
throws ParseException {
try {
- AuthenticationData authData = new AuthenticationData();
+ SAML1AuthenticationData authData = new SAML1AuthenticationData();
//ÄNDERN: NUR der Identification-Teil
authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion));
authData.setMajorVersion(new Integer(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
index 9835c554d..cec8dbe6c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
@@ -51,6 +51,7 @@ import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.data.SAMLStatus;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.XPathUtils;
@@ -130,7 +131,7 @@ public class SAMLResponseParser implements Constants {
* @return <code>AuthenticationData</code> object
* @throws ParseException on any parsing error
*/
- public AuthenticationData parseAuthenticationData()
+ public SAML1AuthenticationData parseAuthenticationData()
throws ParseException {
Element samlAssertion;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index 52f72f577..9447f2e35 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -84,6 +84,7 @@ import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.id.proxy.ConnectionBuilder;
import at.gv.egovernment.moa.id.proxy.ConnectionBuilderFactory;
import at.gv.egovernment.moa.id.proxy.LoginParameterResolver;
@@ -232,7 +233,7 @@ public class ProxyServlet extends HttpServlet {
// boolean targetprovided = req.getParameter(PARAM_TARGET) != null;
// get authentication data from the MOA-ID Auth component
- AuthenticationData authData;
+ SAML1AuthenticationData authData;
try {
authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
index 6d8979da3..890ec9f0d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
@@ -31,9 +31,11 @@ import org.hibernate.HibernateException;
import org.hibernate.Query;
import org.hibernate.Session;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -82,10 +84,41 @@ public class AssertionStorage {
}
- public <T> T get(String artifact, final Class<T> clazz) throws MOADatabaseException {
+
+ /**
+ * @param samlArtifact
+ * @param class1
+ * @param authdatatimeout
+ * @return
+ * @throws MOADatabaseException
+ * @throws AuthenticationException
+ */
+ public <T> T get(String samlArtifact,
+ final Class<T> clazz) throws MOADatabaseException {
+
+ try {
+ return get(samlArtifact, clazz, -1);
+
+ } catch (AuthenticationException e) {
+ //this execption only occurs if an additional timeOut is used
+ Logger.error("This exeption should not occur!!!!", e);
+ return null;
+ }
+ }
+
+ public <T> T get(String artifact, final Class<T> clazz, long authdatatimeout) throws MOADatabaseException, AuthenticationException {
AssertionStore element = searchInDatabase(artifact);
+ if (authdatatimeout > -1) {
+ //check timeout
+ long now = new Date().getTime();
+
+ if (now - element.getDatatime().getTime() > authdatatimeout)
+ throw new AuthenticationException("1207", new Object[] { artifact });
+ }
+
+
//Deserialize Assertion
Object data = SerializationUtils.deserialize(element.getAssertion());
@@ -118,7 +151,7 @@ public class AssertionStorage {
if (results.size() != 0) {
for(AssertionStore result : results) {
try {
- MOASessionDBUtils.delete(result);
+ cleanDelete(result);
Logger.info("Remove sessioninformation with ID=" + result.getArtifact()
+ " after timeout.");
@@ -135,7 +168,7 @@ public class AssertionStorage {
try {
AssertionStore element = searchInDatabase(artifact);
- MOASessionDBUtils.delete(element);
+ cleanDelete(element);
Logger.info("Remove sessioninformation with ID" + artifact);
@@ -148,6 +181,23 @@ public class AssertionStorage {
}
}
+ private void cleanDelete(AssertionStore element) {
+ try {
+ element.setAssertion(new byte[]{});
+ MOASessionDBUtils.saveOrUpdate(element);
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Blank shortTime session with artifact=" + element.getArtifact() + " FAILED.", e);
+
+ } finally {
+ if (!MOASessionDBUtils.delete(element))
+ Logger.error("ShortTime session with artifact=" + element.getArtifact()
+ + " not removed! (Error during Database communication)");
+
+ }
+
+ }
+
@SuppressWarnings("rawtypes")
private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException {
MiscUtil.assertNotNull(artifact, "artifact");
@@ -158,7 +208,7 @@ public class AssertionStorage {
synchronized (session) {
session.beginTransaction();
Query query = session.getNamedQuery("getAssertionWithArtifact");
- query.setString("artifact", artifact);
+ query.setParameter("artifact", artifact);
result = query.list();
//send transaction
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 27f219452..74a5e01ad 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -22,10 +22,12 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.storage;
+import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import org.apache.commons.lang.SerializationUtils;
+import org.apache.commons.lang.StringEscapeUtils;
import org.hibernate.HibernateException;
import org.hibernate.Query;
import org.hibernate.Session;
@@ -36,11 +38,15 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.data.EncryptedData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
import at.gv.egovernment.moa.logging.Logger;
@@ -63,21 +69,6 @@ public class AuthenticationSessionStoreage {
}
}
- public static void setAuthenticated(String moaSessionID, boolean value) {
-
- AuthenticatedSessionStore session;
-
- try {
- session = searchInDatabase(moaSessionID);
- session.setAuthenticated(value);
- MOASessionDBUtils.saveOrUpdate(session);
-
-
- } catch (MOADatabaseException e) {
- Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e);
- }
- }
-
public static AuthenticationSession createSession() throws MOADatabaseException {
String id = Random.nextRandom();
AuthenticationSession session = new AuthenticationSession(id);
@@ -104,44 +95,39 @@ public class AuthenticationSessionStoreage {
return session;
}
-
- public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
+
+ public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
try {
- AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
- dbsession.setAuthenticated(session.isAuthenticated());
- byte[] serialized = SerializationUtils.serialize(session);
-
- EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
- dbsession.setSession(encdata.getEncData());
- dbsession.setIv(encdata.getIv());
-
- //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
- dbsession.setUpdated(new Date());
-
- MOASessionDBUtils.saveOrUpdate(dbsession);
- Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
-
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ return decryptSession(dbsession);
+
} catch (MOADatabaseException e) {
- Logger.warn("MOASession could not be stored.");
- throw new MOADatabaseException(e);
- }
+ Logger.info("No MOA Session with id: " + sessionID);
+ throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+
+ } catch (Throwable e) {
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID, e);
+ throw new MOADatabaseException("MOASession deserialization-exception");
+ }
+ }
+
+ public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
+ storeSession(session, null);
}
public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException {
try {
AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
- dbsession.setPendingRequestID(pendingRequestID);
-
- dbsession.setAuthenticated(session.isAuthenticated());
- byte[] serialized = SerializationUtils.serialize(session);
- EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
- dbsession.setSession(encdata.getEncData());
- dbsession.setIv(encdata.getIv());
+ if (MiscUtil.isNotEmpty(pendingRequestID))
+ dbsession.setPendingRequestID(pendingRequestID);
+
+ encryptSession(session, dbsession);
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ dbsession.setAuthenticated(session.isAuthenticated());
dbsession.setUpdated(new Date());
MOASessionDBUtils.saveOrUpdate(dbsession);
@@ -153,10 +139,9 @@ public class AuthenticationSessionStoreage {
}
}
-
public static void destroySession(String moaSessionID) throws MOADatabaseException {
- Session session = MOASessionDBUtils.getCurrentSession();
+ Session session = MOASessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
@@ -164,7 +149,7 @@ public class AuthenticationSessionStoreage {
session.beginTransaction();
Query query = session.getNamedQuery("getSessionWithID");
- query.setString("sessionid", moaSessionID);
+ query.setParameter("sessionid", moaSessionID);
result = query.list();
@@ -176,11 +161,9 @@ public class AuthenticationSessionStoreage {
throw new MOADatabaseException("No session found with this sessionID");
}
- AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);
-
- //delete MOA Session
- session.delete(dbsession);
- session.getTransaction().commit();
+ AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);
+ session.getTransaction().commit();
+ cleanDelete(dbsession);
}
}
@@ -197,16 +180,11 @@ public class AuthenticationSessionStoreage {
+ "to " + id);
session.setSessionID(id);
+ encryptSession(session, dbsession);
dbsession.setSessionid(id);
dbsession.setAuthenticated(session.isAuthenticated());
-
- byte[] serialized = SerializationUtils.serialize(session);
-
- EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
- dbsession.setSession(encdata.getEncData());
- dbsession.setIv(encdata.getIv());
-
+
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
dbsession.setUpdated(new Date());
@@ -220,7 +198,92 @@ public class AuthenticationSessionStoreage {
throw new AuthenticationException("TODO!", null);
}
}
+
+ public static void setAuthenticated(String moaSessionID, boolean value) {
+
+ AuthenticatedSessionStore session;
+
+ try {
+ session = searchInDatabase(moaSessionID);
+ session.setAuthenticated(value);
+ MOASessionDBUtils.saveOrUpdate(session);
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e);
+ }
+ }
+
+ public static String getMOASessionSSOID(String SSOSessionID) {
+ MiscUtil.assertNotNull(SSOSessionID, "moasessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithSSOID");
+ query.setParameter("sessionid", SSOSessionID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
+
+ } else {
+ return result.get(0).getSessionid();
+
+ }
+ }
+
+ public static boolean isSSOSession(String sessionID) throws MOADatabaseException {
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ return dbsession.isSSOSession();
+
+ } catch (MOADatabaseException e) {
+ Logger.info("No MOA Session with id: " + sessionID);
+ throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+ }
+ }
+
+ public static AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId, String moaSessionId) {
+ MiscUtil.assertNotNull(SSOId, "SSOSessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithSSOID");
+ query.setParameter("sessionid", SSOId);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
+
+ } else {
+ return result.get(0);
+ }
+ }
+
public static void addSSOInformation(String moaSessionID, String SSOSessionID,
SLOInformationInterface SLOInfo, String OAUrl) throws AuthenticationException {
@@ -238,7 +301,7 @@ public class AuthenticationSessionStoreage {
tx = session.beginTransaction();
Query query = session.getNamedQuery("getSessionWithID");
- query.setString("sessionid", moaSessionID);
+ query.setParameter("sessionid", moaSessionID);
result = query.list();
@@ -274,7 +337,10 @@ public class AuthenticationSessionStoreage {
if (SLOInfo != null) {
activeOA.setAssertionSessionID(SLOInfo.getSessionIndex());
activeOA.setUserNameID(SLOInfo.getUserNameIdentifier());
+ activeOA.setUserNameIDFormat(SLOInfo.getUserNameIDFormat());
activeOA.setProtocolType(SLOInfo.getProtocolType());
+ activeOA.setAttributeQueryUsed(false);
+
}
@@ -317,56 +383,75 @@ public class AuthenticationSessionStoreage {
throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null);
}
}
-
-
- public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
+
+ public static List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession) {
+ MiscUtil.assertNotNull(moaSession, "MOASession");
try {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID());
+ return dbsession.getActiveOAsessions();
- //decrypt Session
- EncryptedData encdata = new EncryptedData(dbsession.getSession(),
- dbsession.getIv());
- byte[] decrypted = SessionEncrytionUtil.decrypt(encdata);
-
- AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(decrypted);
-
- return session;
-
} catch (MOADatabaseException e) {
- Logger.info("No MOA Session with id: " + sessionID);
- throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+ Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e);
- } catch (Throwable e) {
- Logger.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID, e);
- throw new MOADatabaseException("MOASession deserialization-exception");
}
+
+ return null;
}
- public static boolean isSSOSession(String sessionID) throws MOADatabaseException {
- try {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
- return dbsession.isSSOSession();
+ public static AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {
+ MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
+ MiscUtil.assertNotNull(userNameID, "userNameID");
+ Logger.trace("Get moaSession for userNameID " + userNameID + " and OA "
+ + oaID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getMOASessionWithNameIDandOAID");
+ query.setParameter("oaID", oaID);
+ query.setParameter("nameID", userNameID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No unique entry found.");
+ return null;
+
+ }
+ try {
+ return decryptSession(result.get(0));
- } catch (MOADatabaseException e) {
- Logger.info("No MOA Session with id: " + sessionID);
- throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+ } catch (BuildException e) {
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + result.get(0).getSessionid(), e);
+ return null;
}
-
-
}
- public static String getMOASessionID(String SSOSessionID) {
- MiscUtil.assertNotNull(SSOSessionID, "moasessionID");
- Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
+ public static OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) {
+ MiscUtil.assertNotNull(moaSession, "MOASession");
+ MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
+ MiscUtil.assertNotNull(protocolType, "usedProtocol");
+ Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID "
+ + oaID + " from database.");
Session session = MOASessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
synchronized (session) {
session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithSSOID");
- query.setString("sessionid", SSOSessionID);
+ Query query = session.getNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol");
+ query.setParameter("sessionID", moaSession.getSessionID());
+ query.setParameter("oaID", oaID);
+ query.setParameter("protocol", protocolType);
result = query.list();
//send transaction
@@ -376,29 +461,71 @@ public class AuthenticationSessionStoreage {
Logger.trace("Found entries: " + result.size());
//Assertion requires an unique artifact
- if (result.size() != 1) {
+ if (result.size() == 0) {
Logger.trace("No entries found.");
- return null;
-
- } else {
- return result.get(0).getSessionid();
-
+ return null;
+
}
+ return result.get(0).getActiveOAsessions().get(0);
}
- public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) {
-
- MiscUtil.assertNotNull(SSOId, "SSOSessionID");
- Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
+ public static String getPendingRequestID(String sessionID) {
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ return dbsession.getPendingRequestID();
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession with ID " + sessionID + " not found");
+ return "";
+ }
+ }
+
+ public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) {
+ try {
+ MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID");
+ Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithPendingRequestID");
+ query.setParameter("sessionid", pedingRequestID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
+ }
+
+ return decryptSession(result.get(0));
+
+ } catch (Throwable e) {
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID);
+ return null;
+ }
+ }
+
+ public static boolean deleteSessionWithPendingRequestID(String id) {
+ MiscUtil.assertNotNull(id, "PendingRequestID");
+ Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database.");
Session session = MOASessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
synchronized (session) {
session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithSSOID");
- query.setString("sessionid", SSOId);
+ Query query = session.getNamedQuery("getSessionWithPendingRequestID");
+ query.setParameter("sessionid", id);
result = query.list();
//send transaction
@@ -413,22 +540,91 @@ public class AuthenticationSessionStoreage {
return false;
} else {
+ cleanDelete(result.get(0));
return true;
}
+
+ }
+
+ public static AuthenticationSession getSessionWithUserNameID(String nameID) {
+
+ try {
+ MiscUtil.assertNotNull(nameID, "nameID");
+ Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getMOAISessionWithUserNameID");
+ query.setParameter("usernameid", StringEscapeUtils.escapeHtml(nameID));
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
+ }
+
+ return decryptSession(result.get(0));
+
+ } catch (Throwable e) {
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID);
+ return null;
+ }
+
+ }
+
+ public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) {
+ MiscUtil.assertNotNull(sessionID, "MOASession");
+ Logger.trace("Get interfederated IDP for SSO with sessionID " + sessionID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionID");
+ query.setParameter("sessionID", sessionID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
+
+ }
+
+ return result.get(0).getInderfederation().get(0);
}
- public static boolean deleteSessionWithPendingRequestID(String id) {
- MiscUtil.assertNotNull(id, "PendingRequestID");
- Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database.");
+ public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID) {
+ MiscUtil.assertNotNull(sessionID, "MOASession");
+ MiscUtil.assertNotNull(idpID, "Interfederated IDP ID");
+ Logger.trace("Get interfederated IDP "+ idpID + " for SSO with sessionID " + sessionID + " from database.");
Session session = MOASessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
synchronized (session) {
session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithPendingRequestID");
- query.setString("sessionid", id);
+ Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionIDIDPID");
+ query.setParameter("sessionID", sessionID);
+ query.setParameter("idpID", idpID);
result = query.list();
//send transaction
@@ -438,33 +634,118 @@ public class AuthenticationSessionStoreage {
Logger.trace("Found entries: " + result.size());
//Assertion requires an unique artifact
- if (result.size() != 1) {
+ if (result.size() == 0) {
Logger.trace("No entries found.");
- return false;
-
- } else {
- MOASessionDBUtils.delete(result.get(0));
- return true;
+ return null;
+
}
-
-
+
+ return result.get(0).getInderfederation().get(0);
}
- public static String getPendingRequestID(String sessionID) {
+ public static String createInterfederatedSession(IRequest req, boolean isAuthenticated) throws MOADatabaseException, AssertionAttributeExtractorExeption {
+ String id = Random.nextRandom();
+ AuthenticationSession session = new AuthenticationSession(id);
+ session.setAuthenticated(true);
+ session.setAuthenticatedUsed(false);
+
+ AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
+ dbsession.setSessionid(id);
+ dbsession.setAuthenticated(isAuthenticated);
+ dbsession.setInterfederatedSSOSession(true);
+
+ //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ Date now = new Date();
+ dbsession.setCreated(now);
+ dbsession.setUpdated(now);
+
+ dbsession.setSession(SerializationUtils.serialize(session));
+
+ //add interfederation information
+ List<InterfederationSessionStore> idpList = dbsession.getInderfederation();
+ InterfederationSessionStore idp = null;
+ if (idpList == null) {
+ idpList = new ArrayList<InterfederationSessionStore>();
+ dbsession.setInderfederation(idpList);
+
+ } else {
+ for (InterfederationSessionStore el : idpList) {
+ //resue old entry if interfederation IDP is reused for authentication
+ if (el.getIdpurlprefix().equals(req.getInterfederationResponse().getEntityID()))
+ idp = el;
+
+ }
+ }
+
+ //create new interfederation IDP entry
+ if (idp == null) {
+ idp = new InterfederationSessionStore();
+ idp.setCreated(now);
+ idp.setIdpurlprefix(req.getInterfederationResponse().getEntityID());
+
+ }
+
+ AssertionAttributeExtractor extract = new AssertionAttributeExtractor(req.getInterfederationResponse().getResponse());
+ idp.setSessionIndex(extract.getSessionIndex());
+ idp.setUserNameID(extract.getNameID());
+ idp.setAttributesRequested(false);
+ idp.setQAALevel(extract.getQAALevel());
+ idp.setMoasession(dbsession);
+ idpList.add(idp);
+
+
+ //store AssertionStore element to Database
try {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
- return dbsession.getPendingRequestID();
+ MOASessionDBUtils.saveOrUpdate(dbsession);
+ Logger.info("MOASession with sessionID=" + id + " is stored in Database");
} catch (MOADatabaseException e) {
- Logger.warn("MOASession with ID " + sessionID + " not found");
- return "";
+ Logger.warn("MOASession could not be created.");
+ throw new MOADatabaseException(e);
}
+ return id;
}
- public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) {
+ public static InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(AuthenticationSession moaSession) {
+ MiscUtil.assertNotNull(moaSession, "MOASession");
+ Logger.trace("Get interfederated IDP for AttributeQuery with sessionID " + moaSession.getSessionID() + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getInterfederatedIDPForAttributeQueryWithSessionID");
+ query.setParameter("sessionID", moaSession.getSessionID());
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
+
+ }
+
+ return result.get(0).getInderfederation().get(0);
+ }
+
+ /**
+ * @param entityID
+ * @param requestID
+ */
+ public static boolean removeInterfederetedSession(String entityID,
+ String pedingRequestID) {
try {
+ Logger.debug("Remove interfederated IDP from local SSO session ...");
+
MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID");
Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database.");
Session session = MOASessionDBUtils.getCurrentSession();
@@ -474,7 +755,7 @@ public class AuthenticationSessionStoreage {
synchronized (session) {
session.beginTransaction();
Query query = session.getNamedQuery("getSessionWithPendingRequestID");
- query.setString("sessionid", pedingRequestID);
+ query.setParameter("sessionid", pedingRequestID);
result = query.list();
//send transaction
@@ -486,20 +767,27 @@ public class AuthenticationSessionStoreage {
//Assertion requires an unique artifact
if (result.size() != 1) {
Logger.trace("No entries found.");
- return null;
+ return false;
}
- //decrypt Session
- EncryptedData encdata = new EncryptedData(result.get(0).getSession(),
- result.get(0).getIv());
- byte[] decrypted = SessionEncrytionUtil.decrypt(encdata);
- return (AuthenticationSession) SerializationUtils.deserialize(decrypted);
-
+ AuthenticatedSessionStore authsession = result.get(0);
+
+ List<InterfederationSessionStore> idpSessions = authsession.getInderfederation();
+ if (idpSessions != null) {
+ for (InterfederationSessionStore idp : idpSessions) {
+ if (idp.getIdpurlprefix().equals(entityID))
+ idpSessions.remove(idp);
+
+ }
+ }
+
+ MOASessionDBUtils.saveOrUpdate(authsession);
+ return true;
} catch (Throwable e) {
Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID);
- return null;
- }
+ return false;
+ }
}
public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) {
@@ -521,7 +809,7 @@ public class AuthenticationSessionStoreage {
if (results.size() != 0) {
for(AuthenticatedSessionStore result : results) {
try {
- MOASessionDBUtils.delete(result);
+ cleanDelete(result);
Logger.info("Authenticated session with sessionID=" + result.getSessionid()
+ " after session timeout.");
@@ -529,11 +817,43 @@ public class AuthenticationSessionStoreage {
Logger.warn("Authenticated session with sessionID=" + result.getSessionid()
+ " not removed after timeout! (Error during Database communication)", e);
}
-
}
}
}
+ private static void encryptSession(AuthenticationSession session, AuthenticatedSessionStore dbsession) throws BuildException {
+ byte[] serialized = SerializationUtils.serialize(session);
+
+ EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
+ dbsession.setSession(encdata.getEncData());
+ dbsession.setIv(encdata.getIv());
+ }
+
+ private static AuthenticationSession decryptSession(AuthenticatedSessionStore dbsession) throws BuildException {
+ EncryptedData encdata = new EncryptedData(dbsession.getSession(),
+ dbsession.getIv());
+ byte[] decrypted = SessionEncrytionUtil.decrypt(encdata);
+
+ return (AuthenticationSession) SerializationUtils.deserialize(decrypted);
+
+ }
+
+ private static void cleanDelete(AuthenticatedSessionStore result) {
+ try {
+ result.setSession(new byte[] {});
+ MOASessionDBUtils.saveOrUpdate(result);
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Blank authenticated session with sessionID=" + result.getSessionid() + " FAILED.", e);
+
+ } finally {
+ if (!MOASessionDBUtils.delete(result))
+ Logger.error("Authenticated session with sessionID=" + result.getSessionid()
+ + " not removed! (Error during Database communication)");
+
+ }
+ }
+
@SuppressWarnings("rawtypes")
private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException {
MiscUtil.assertNotNull(sessionID, "moasessionID");
@@ -545,7 +865,7 @@ public class AuthenticationSessionStoreage {
synchronized (session) {
session.beginTransaction();
Query query = session.getNamedQuery("getSessionWithID");
- query.setString("sessionid", sessionID);
+ query.setParameter("sessionid", sessionID);
result = query.list();
//send transaction
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java
index ae8e5ee27..054ad1014 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java
@@ -154,7 +154,7 @@ public class DBExceptionStoreImpl implements IExceptionStore {
synchronized (session) {
session.beginTransaction();
Query query = session.getNamedQuery("getExceptionWithID");
- query.setString("id", id);
+ query.setParameter("id", id);
result = query.list();
//send transaction
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index ed3f297c7..81abe3f5a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -46,11 +46,7 @@
package at.gv.egovernment.moa.id.util;
-import iaik.pki.PKIConfiguration;
import iaik.pki.PKIException;
-import iaik.pki.PKIFactory;
-import iaik.pki.PKIProfile;
-import iaik.pki.jsse.IAIKX509TrustManager;
import iaik.security.provider.IAIK;
import java.io.BufferedInputStream;
@@ -62,26 +58,19 @@ import java.io.Reader;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.Security;
-import java.util.HashMap;
-import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
import org.apache.regexp.RE;
import org.apache.regexp.RESyntaxException;
+import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.ConnectionParameterInterface;
-import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl;
-import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl;
-import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager;
-import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
/**
@@ -94,14 +83,7 @@ import at.gv.egovernment.moa.logging.Logger;
*/
public class SSLUtils {
- /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/
- private static Map<String, SSLSocketFactory> sslSocketFactories = new HashMap<String, SSLSocketFactory>();
-
- /**
- * Initializes the SSLSocketFactory store.
- */
public static void initialize() {
- sslSocketFactories = new HashMap<String, SSLSocketFactory>();
// JSSE Abhängigkeit
//Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
Security.addProvider(new IAIK());
@@ -132,61 +114,38 @@ public class SSLUtils {
ConnectionParameterInterface connParam)
throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
- Logger.debug("Get SSLSocketFactory for " + connParam.getUrl());
- // retrieve SSLSocketFactory if already created
- SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl());
- if (ssf != null)
- return ssf;
-
- // else create new SSLSocketFactory
- String trustStoreURL = conf.getTrustedCACertificates();
-
- if (trustStoreURL == null)
- throw new ConfigurationException(
- "config.08", new Object[] {"TrustedCACertificates"});
- String acceptedServerCertURL = connParam.getAcceptedServerCertificates();
-
- TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL);
-
- KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
- "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword());
- SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(kms, tms, null); ssf = ctx.getSocketFactory();
- // store SSLSocketFactory
- sslSocketFactories.put(connParam.getUrl(), ssf);
- return ssf;
+ // else create new SSLSocketFactory
+ String trustStoreURL = conf.getTrustedCACertificates();
+
+ if (trustStoreURL == null)
+ throw new ConfigurationException(
+ "config.08", new Object[] {"TrustedCACertificates"});
+
+ String acceptedServerCertURL = connParam.getAcceptedServerCertificates();
+
+ //INFO: MOA-ID 2.x always use defaultChainingMode
+
+ try {
+ SSLSocketFactory ssf =
+ at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
+ connParam.getUrl(),
+ conf.getCertstoreDirectory(),
+ trustStoreURL,
+ acceptedServerCertURL,
+ AuthConfigurationProvider.getInstance().getDefaultChainingMode(),
+ AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking(),
+ connParam.getClientKeyStore(),
+ connParam.getClientKeyStorePassword(),
+ "pkcs12");
+
+ return ssf;
+
+ } catch (SSLConfigurationException e) {
+ throw new ConfigurationException(e.getErrorID(), e.getParameters(), e.getE());
+
+ }
}
-
- /**
- * Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
- * using configuration data.
- *
- * @param conf MOA-ID configuration provider
- * @param trustStoreURL trust store URL
- * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates
- * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code>
- * @throws ConfigurationException on invalid configuration data
- * @throws IOException on data-reading problems
- * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
- */
- public static TrustManager[] getTrustManagers(
- ConfigurationProvider conf, String trustStoreURL, String acceptedServerCertURL)
- throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
-
- PKIConfiguration cfg = null;
- if (! PKIFactory.getInstance().isAlreadyConfigured())
- cfg = new PKIConfigurationImpl(conf);
- boolean checkRevocation = conf.isTrustmanagerrevoationchecking();
- PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
- // This call fixes a bug occuring when PKIConfiguration is
- // initialized by the MOA-SP initialization code, in case
- // MOA-SP is called by API
- MOAIDTrustManager.initializeLoggingContext();
- IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
- tm.init(cfg, profile);
- return new TrustManager[] {tm};
- }
/**
* Reads a file, given by URL, into a byte array,
* securing the connection by IAIKX509TrustManager.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
index 385dd753c..f7785d2c2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
@@ -48,6 +48,8 @@ package at.gv.egovernment.moa.id.util.client.mis.simple;
import java.io.Serializable;
+import at.gv.egovernment.moa.util.MiscUtil;
+
public class MISMandate implements Serializable{
private static final long serialVersionUID = 1L;
@@ -90,16 +92,21 @@ public class MISMandate implements Serializable{
}
public String getTextualDescriptionOfOID() {
- if (this.oid.equalsIgnoreCase(OID_NOTAR))
- return TEXT_NOTAR;
- if (this.oid.equalsIgnoreCase(OID_RECHTSANWALT))
- return TEXT_RECHTSANWALT;
- if (this.oid.equalsIgnoreCase(OID_ZIVILTECHNIKER))
- return TEXT_ZIVILTECHNIKER;
- if (this.oid.equalsIgnoreCase(OID_ORGANWALTER))
- return TEXT_ORGANWALTER;
+ if (MiscUtil.isNotEmpty(this.oid)) {
+ if (this.oid.equalsIgnoreCase(OID_NOTAR))
+ return TEXT_NOTAR;
+ if (this.oid.equalsIgnoreCase(OID_RECHTSANWALT))
+ return TEXT_RECHTSANWALT;
+ if (this.oid.equalsIgnoreCase(OID_ZIVILTECHNIKER))
+ return TEXT_ZIVILTECHNIKER;
+ if (this.oid.equalsIgnoreCase(OID_ORGANWALTER))
+ return TEXT_ORGANWALTER;
- return "Keine textuelle Beschreibung für OID " + oid;
+ return "Keine textuelle Beschreibung für OID " + oid;
+
+ } else {
+ return null;
+ }
}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 55b6e8b32..5b2e7ce3d 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -87,6 +87,7 @@ builder.02=Fehler beim Ausblenden von Stammzahlen
builder.03=Fehler beim Aufbau des HTML Codes f\u00FCr Vollmachten
builder.04=Die Personenbindung konnte nicht neu signiert werden und wird aus diesem Grund nicht ausgeliefert. MOA-SS lieferte folgenden Fehlercode {0} und Fehler {1} zur\u00FCck.
builder.05=Beim resignieren der Personenbindung ist ein allgemeiner Fehler aufgetreten und wird aus diesem Grund nicht ausgeliefert.
+builder.06=Fehler beim generieren der Anmeldedaten aus SSO IDP Interfederation Informationen.
service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
@@ -232,6 +233,8 @@ pvp2.14=SAML Anfrage verweigert
pvp2.15=Keine Metadateninformation gefunden
pvp2.16=Fehler beim verschl\u00FCsseln der PVP2 Assertion
pvp2.17=Der QAA Level {0} entspricht nicht dem angeforderten QAA Level {1}
+pvp2.18=Es konnten nicht alle Single Sign-On Sessions beendet werden.
+pvp2.19=Der Single LogOut Vorgang wurde wegen eines unkorregierbaren Fehler abgebrochen.
oauth20.01=Fehlerhafte redirect url
oauth20.02=Fehlender Parameter "{0}"
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
index e5bde81fd..3acf20a41 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
@@ -52,6 +52,7 @@ import test.at.gv.egovernment.moa.id.UnitTestCase;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.data.SAMLStatus;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -209,7 +210,7 @@ public class SAMLResponseParserTest extends UnitTestCase {
assertEquals("samlp:Success", status.getStatusCode());
assertEquals("samlp:Success", status.getSubStatusCode());
assertEquals("Ollas leiwand", status.getStatusMessage());
- AuthenticationData authData = parser.parseAuthenticationData();
+ SAML1AuthenticationData authData = parser.parseAuthenticationData();
assertEquals(1, authData.getMajorVersion());
assertEquals(0, authData.getMinorVersion());
assertEquals("-4633313027464114584", authData.getAssertionID());
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index 6c2e12c65..1831d0e1c 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -4,11 +4,12 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>2.0.1</version>
+ <version>2.0.x</version>
</parent>
<artifactId>moa-id-commons</artifactId>
<name>moa-id-commons</name>
<groupId>MOA.id.server</groupId>
+ <version>${moa-id-version}</version>
<profiles>
<profile>
@@ -64,11 +65,20 @@
<version>3.3.1</version>
</dependency>
<dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ </dependency>
+ <dependency>
<groupId>MOA</groupId>
<artifactId>moa-common</artifactId>
<type>jar</type>
</dependency>
+ <dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_X509TrustManager</artifactId>
+ </dependency>
+
<!-- dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-xjc</artifactId>
@@ -127,6 +137,7 @@
</resources>
<plugins>
+
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
@@ -227,9 +238,9 @@
</execution>
</executions>
</plugin>
- </plugins>
- <pluginManagement>
- <plugins>
+ </plugins>
+ <pluginManagement>
+ <plugins>
<!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.-->
<plugin>
<groupId>org.eclipse.m2e</groupId>
@@ -261,6 +272,24 @@
</lifecycleMappingMetadata>
</configuration>
</plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
</pluginManagement>
</build>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
index 730a328ab..2a65366b8 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
@@ -53,7 +53,13 @@ import org.hibernate.annotations.DynamicUpdate;
@NamedQuery(name="getSessionWithID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.sessionid = :sessionid"),
@NamedQuery(name="getSessionWithSSOID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.SSOsessionid = :sessionid"),
@NamedQuery(name="getSessionWithPendingRequestID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.pendingRequestID = :sessionid"),
- @NamedQuery(name="getMOAISessionsWithTimeOut", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.created < :timeoutcreate or authenticatedsessionstore.updated < :timeoutupdate")
+ @NamedQuery(name="getMOAISessionsWithTimeOut", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.created < :timeoutcreate or authenticatedsessionstore.updated < :timeoutupdate"),
+ @NamedQuery(name="getMOAISessionWithUserNameID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.userNameID = :usernameid and activeOAsessions.attributeQueryUsed is false"),
+ @NamedQuery(name="getActiveOAWithSessionIDandOAIDandProtocol", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.oaurlprefix = :oaID and activeOAsessions.protocolType = :protocol and authenticatedsessionstore.sessionid = :sessionID"),
+ @NamedQuery(name="getMOASessionWithNameIDandOAID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.oaurlprefix = :oaID and activeOAsessions.userNameID = :nameID"),
+ @NamedQuery(name="getInterfederatedIDPForAttributeQueryWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is false and authenticatedsessionstore.sessionid = :sessionID"),
+ @NamedQuery(name="getInterfederatedIDPForSSOWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID order by inderfederations.QAALevel DESC"),
+ @NamedQuery(name="getInterfederatedIDPForSSOWithSessionIDIDPID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID and inderfederations.idpurlprefix = :idpID")
})
public class AuthenticatedSessionStore implements Serializable{
@@ -82,6 +88,9 @@ public class AuthenticatedSessionStore implements Serializable{
@Column(name = "isSSOSession", nullable=false)
private boolean isSSOSession = false;
+
+ @Column(name = "isInterfederatedSSOSession", nullable=false)
+ private boolean isInterfederatedSSOSession = false;
@Column(name = "pendingRequestID", nullable=false)
private String pendingRequestID = "";
@@ -100,6 +109,9 @@ public class AuthenticatedSessionStore implements Serializable{
@OneToMany(mappedBy="moasession", cascade=CascadeType.ALL)
private List<OldSSOSessionIDStore> oldssosessionids = null;
+ @OneToMany(mappedBy="moasession", cascade=CascadeType.ALL)
+ private List<InterfederationSessionStore> inderfederation = null;
+
@PrePersist
protected void created() {
this.updated = this.created = new Date();
@@ -193,6 +205,20 @@ public class AuthenticatedSessionStore implements Serializable{
public void setOldssosessionids(List<OldSSOSessionIDStore> oldssosessionids) {
this.oldssosessionids = oldssosessionids;
}
+
+ /**
+ * @return the inderfederation
+ */
+ public List<InterfederationSessionStore> getInderfederation() {
+ return inderfederation;
+ }
+
+ /**
+ * @param inderfederation the inderfederation to set
+ */
+ public void setInderfederation(List<InterfederationSessionStore> inderfederation) {
+ this.inderfederation = inderfederation;
+ }
/**
* @return the pendingRequestID
@@ -221,8 +247,21 @@ public class AuthenticatedSessionStore implements Serializable{
public void setIv(byte[] iv) {
this.iv = iv;
}
+
+ /**
+ * @return the isInterfederatedSSOSession
+ */
+ public boolean isInterfederatedSSOSession() {
+ return isInterfederatedSSOSession;
+ }
+
+ /**
+ * @param isInterfederatedSSOSession the isInterfederatedSSOSession to set
+ */
+ public void setInterfederatedSSOSession(boolean isInterfederatedSSOSession) {
+ this.isInterfederatedSSOSession = isInterfederatedSSOSession;
+ }
-
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java
new file mode 100644
index 000000000..1fcdd9b9b
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java
@@ -0,0 +1,195 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.commons.db.dao.session;
+
+import java.io.Serializable;
+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.FetchType;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.JoinColumn;
+import javax.persistence.ManyToOne;
+import javax.persistence.Table;
+
+import org.hibernate.annotations.DynamicUpdate;
+
+@Entity
+@DynamicUpdate(value=true)
+@Table(name = "interfederation")
+
+public class InterfederationSessionStore implements Serializable{
+
+ private static final long serialVersionUID = 1L;
+
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id", unique=true, nullable=false)
+ private long id;
+
+ @Column(name = "idpurlprefix", unique=false, nullable=false)
+ private String idpurlprefix;
+
+ @Column(name = "sessionIndex", unique=false, nullable=false)
+ private String sessionIndex;
+
+ @Column(name = "nameID", unique=false, nullable=false)
+ private String userNameID;
+
+ @Column(name = "QAALevel", unique=false, nullable=false)
+ private String QAALevel;
+
+ @Column(name = "attributesRequested", unique=false, nullable=true)
+ private boolean attributesRequested;
+
+ @Column(name = "created", updatable=false, nullable=false)
+// @Temporal(TemporalType.TIMESTAMP)
+ private Date created;
+
+// @PrePersist
+// protected void created() {
+// this.created = new Date();
+// }
+
+ @ManyToOne(fetch=FetchType.LAZY)
+ @JoinColumn(name = "moasession")
+ private AuthenticatedSessionStore moasession;
+
+ /**
+ * @return the id
+ */
+ public long getId() {
+ return id;
+ }
+
+ /**
+ * @param id the id to set
+ */
+ public void setId(long id) {
+ this.id = id;
+ }
+
+ /**
+ * @return the idpurlprefix
+ */
+ public String getIdpurlprefix() {
+ return idpurlprefix;
+ }
+
+ /**
+ * @param idpurlprefix the idpurlprefix to set
+ */
+ public void setIdpurlprefix(String idpurlprefix) {
+ this.idpurlprefix = idpurlprefix;
+ }
+
+ /**
+ * @return the sessionIndex
+ */
+ public String getSessionIndex() {
+ return sessionIndex;
+ }
+
+ /**
+ * @param sessionIndex the sessionIndex to set
+ */
+ public void setSessionIndex(String sessionIndex) {
+ this.sessionIndex = sessionIndex;
+ }
+
+ /**
+ * @return the userNameID
+ */
+ public String getUserNameID() {
+ return userNameID;
+ }
+
+ /**
+ * @param userNameID the userNameID to set
+ */
+ public void setUserNameID(String userNameID) {
+ this.userNameID = userNameID;
+ }
+
+ /**
+ * @return the attributesRequested
+ */
+ public boolean isAttributesRequested() {
+ return attributesRequested;
+ }
+
+ /**
+ * @param attributesRequested the attributesRequested to set
+ */
+ public void setAttributesRequested(boolean attributesRequested) {
+ this.attributesRequested = attributesRequested;
+ }
+
+ /**
+ * @return the created
+ */
+ public Date getCreated() {
+ return created;
+ }
+
+ /**
+ * @param created the created to set
+ */
+ public void setCreated(Date created) {
+ this.created = created;
+ }
+
+ /**
+ * @return the moasession
+ */
+ public AuthenticatedSessionStore getMoasession() {
+ return moasession;
+ }
+
+ /**
+ * @param moasession the moasession to set
+ */
+ public void setMoasession(AuthenticatedSessionStore moasession) {
+ this.moasession = moasession;
+ }
+
+ /**
+ * @return the qAALevel
+ */
+ public String getQAALevel() {
+ return QAALevel;
+ }
+
+ /**
+ * @param qAALevel the qAALevel to set
+ */
+ public void setQAALevel(String qAALevel) {
+ QAALevel = qAALevel;
+ }
+
+
+}
+
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
index 25b48310e..539de990f 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
@@ -59,9 +59,15 @@ public class OASessionStore implements Serializable{
@Column(name = "userNameID", unique=false, nullable=true)
private String userNameID;
+ @Column(name = "userNameIDFormat", unique=false, nullable=true)
+ private String userNameIDFormat;
+
@Column(name = "protocolType", unique=false, nullable=true)
private String protocolType;
+ @Column(name = "attributequeryused", unique=false, nullable=false)
+ private boolean attributeQueryUsed = false;
+
@Column(name = "created", updatable=false, nullable=false)
// @Temporal(TemporalType.TIMESTAMP)
private Date created;
@@ -149,6 +155,36 @@ public class OASessionStore implements Serializable{
this.protocolType = protocolType;
}
+ /**
+ * @return the attributeQueryUsed
+ */
+ public boolean isAttributeQueryUsed() {
+ return attributeQueryUsed;
+ }
+
+ /**
+ * @param attributeQueryUsed the attributeQueryUsed to set
+ */
+ public void setAttributeQueryUsed(boolean attributeQueryUsed) {
+ this.attributeQueryUsed = attributeQueryUsed;
+ }
+
+ /**
+ * @return the userNameIDFormat
+ */
+ public String getUserNameIDFormat() {
+ return userNameIDFormat;
+ }
+
+ /**
+ * @param userNameIDFormat the userNameIDFormat to set
+ */
+ public void setUserNameIDFormat(String userNameIDFormat) {
+ this.userNameIDFormat = userNameIDFormat;
+ }
+
+
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
index 65c9003e3..b557d2dc9 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
@@ -78,6 +78,9 @@ public class StatisticLog implements Serializable{
@Column(name = "isSSOLogin", unique=false)
private boolean ssosession;
+ @Column(name = "isInterfederatedSSOLogin", unique=false)
+ private boolean interfederatedSSOSession;
+
@Column(name = "isBusinessService", unique=false)
private boolean businessservice;
@@ -390,6 +393,21 @@ public class StatisticLog implements Serializable{
public void setErrortype(String errortype) {
this.errortype = errortype;
}
+
+ /**
+ * @return the interfederatedSSOSession
+ */
+ public boolean isInterfederatedSSOSession() {
+ return interfederatedSSOSession;
+ }
+
+ /**
+ * @param interfederatedSSOSession the interfederatedSSOSession to set
+ */
+ public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
+ this.interfederatedSSOSession = interfederatedSSOSession;
+ }
+
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java
new file mode 100644
index 000000000..c6d8b1d79
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.ex;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAHttpProtocolSocketFactoryException extends Exception {
+
+ private static final long serialVersionUID = 4934502074731319897L;
+
+
+ public MOAHttpProtocolSocketFactoryException(String message) {
+ super(message);
+ }
+
+ public MOAHttpProtocolSocketFactoryException(String message, Throwable e) {
+ super(message, e );
+ }
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
new file mode 100644
index 000000000..3b6fc34ea
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.utils;
+
+import iaik.pki.PKIException;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.GeneralSecurityException;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.commons.httpclient.ConnectTimeoutException;
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
+import at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory {
+
+
+
+ private SSLSocketFactory sslfactory = null;
+
+ public MOAHttpProtocolSocketFactory (
+ String url,
+ String certStoreRootDirParam,
+ String trustStoreURL,
+ String acceptedServerCertURL,
+ ChainingModeType chainingMode,
+ boolean checkRevocation
+ ) throws MOAHttpProtocolSocketFactoryException {
+ super();
+
+ try {
+ this.sslfactory = SSLUtils.getSSLSocketFactory(
+ url,
+ certStoreRootDirParam,
+ trustStoreURL,
+ acceptedServerCertURL,
+ chainingMode.value(),
+ checkRevocation,
+ null,
+ null,
+ null);
+
+ } catch (IOException e) {
+ throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
+
+ } catch (GeneralSecurityException e) {
+ throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
+
+ } catch (SSLConfigurationException e) {
+ throw new MOAHttpProtocolSocketFactoryException("SSL Configuration loading FAILED.", e);
+
+ } catch (PKIException e) {
+ throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
+
+ }
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int)
+ */
+ public Socket createSocket(String host, int port, InetAddress localAddress,
+ int localPort) throws IOException, UnknownHostException {
+ return this.sslfactory.createSocket(host, port,
+ localAddress, localPort);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int, org.apache.commons.httpclient.params.HttpConnectionParams)
+ */
+ public Socket createSocket(String host, int port, InetAddress localAddress,
+ int localPort, HttpConnectionParams params) throws IOException,
+ UnknownHostException, ConnectTimeoutException {
+ return this.sslfactory.createSocket(host, port,
+ localAddress, localPort);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int)
+ */
+ public Socket createSocket(String host, int port) throws IOException,
+ UnknownHostException {
+ return this.sslfactory.createSocket(host, port);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory#createSocket(java.net.Socket, java.lang.String, int, boolean)
+ */
+ public Socket createSocket(Socket socket, String host, int port,
+ boolean autoClose) throws IOException, UnknownHostException {
+ return this.sslfactory.createSocket(socket, host,
+ port, autoClose);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
index b6fe20a61..00e750f58 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
@@ -44,11 +44,8 @@
*/
-package at.gv.egovernment.moa.id.iaik.config;
+package at.gv.egovernment.moa.id.commons.utils.ssl;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
import at.gv.egovernment.moa.logging.Logger;
import iaik.pki.store.certstore.CertStoreConfiguration;
import iaik.pki.store.certstore.CertStoreParameters;
@@ -69,10 +66,7 @@ public class CertStoreConfigurationImpl extends ObservableImpl
* identifies the rootDirectory
*/
private String rootDirectory;
- /**
- * ConfigurationProvider
- */
- private ConfigurationProvider conf;
+
/**
* Array for storing all CertStoreParameters
*/
@@ -85,13 +79,10 @@ public class CertStoreConfigurationImpl extends ObservableImpl
* @throws ConfigurationException an any config-error
* being read.
*/
- public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
- this.conf = conf;
-
- String certStoreRootDirParam = conf.getCertstoreDirectory();
+ public CertStoreConfigurationImpl(String certStoreRootDirParam) throws SSLConfigurationException {
if (certStoreRootDirParam == null)
- throw new ConfigurationException(
+ throw new SSLConfigurationException(
"config.08", new Object[]{"CertStoreDirectory"});
//rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir());
@@ -105,13 +96,13 @@ public class CertStoreConfigurationImpl extends ObservableImpl
if (!f.exists()) {
Logger.error("File does not exists: " + f.getAbsolutePath());
- throw new ConfigurationException(
+ throw new SSLConfigurationException(
"config.05", new Object[]{"CertStoreDirectory"});
}
if (!f.isDirectory()) {
Logger.error("File is not a directory: " + f.getAbsolutePath());
- throw new ConfigurationException(
+ throw new SSLConfigurationException(
"config.05", new Object[]{"CertStoreDirectory"});
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
index 202be882e..eaef3f1d4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
@@ -44,7 +44,7 @@
*/
-package at.gv.egovernment.moa.id.iaik.pki.jsse;
+package at.gv.egovernment.moa.id.commons.utils.ssl;
import java.io.File;
import java.io.FileInputStream;
@@ -56,7 +56,6 @@ import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.logging.LoggingContext;
import at.gv.egovernment.moa.logging.LoggingContextManager;
@@ -150,7 +149,7 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
if (serverCert.equals(acceptedServerCert))
return true;
}
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("ssl.01", null));
+ Logger.warn("SSL certificate validation FAILED.");
return false;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ObservableImpl.java
index 16184502d..fa9cd879d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ObservableImpl.java
@@ -44,7 +44,7 @@
*/
-package at.gv.egovernment.moa.id.iaik.servertools.observer;
+package at.gv.egovernment.moa.id.commons.utils.ssl;
import iaik.pki.store.observer.NotificationData;
import iaik.pki.store.observer.Observable;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
index 064d8a835..5d8c7a54e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
@@ -44,10 +44,8 @@
*/
-package at.gv.egovernment.moa.id.iaik.config;
+package at.gv.egovernment.moa.id.commons.utils.ssl;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import iaik.pki.PKIConfiguration;
import iaik.pki.pathvalidation.ValidationConfiguration;
import iaik.pki.revocation.RevocationConfiguration;
@@ -74,11 +72,11 @@ public class PKIConfigurationImpl implements PKIConfiguration {
* @param conf the Configuration for the PKIConfig
* @throws ConfigurationException for any config error
*/
- public PKIConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
+ public PKIConfigurationImpl(String certStoreRootDirParam, String chainingMode) throws SSLConfigurationException {
- certStoreConfiguration = new CertStoreConfigurationImpl(conf);
+ certStoreConfiguration = new CertStoreConfigurationImpl(certStoreRootDirParam);
revocationConfiguration = new RevocationConfigurationImpl();
- validationConfiguration = new ValidationConfigurationImpl(conf);
+ validationConfiguration = new ValidationConfigurationImpl(chainingMode);
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
index 8afba2a12..59994a257 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
@@ -44,7 +44,7 @@
*/
-package at.gv.egovernment.moa.id.iaik.pki;
+package at.gv.egovernment.moa.id.commons.utils.ssl;
import java.security.cert.X509Certificate;
import java.util.Collections;
@@ -57,8 +57,6 @@ import iaik.pki.revocation.RevocationSourceTypes;
import iaik.pki.store.truststore.TrustStoreProfile;
import iaik.pki.store.truststore.TrustStoreTypes;
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-
/**
* Implementation of the <code>PKIProfile</code> interface and subinterfaces
* providing information needed for certificate path validation.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
index 2c24161f6..b5e0543db 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
@@ -44,7 +44,7 @@
*/
-package at.gv.egovernment.moa.id.iaik.config;
+package at.gv.egovernment.moa.id.commons.utils.ssl;
import iaik.pki.revocation.RevocationConfiguration;
@@ -53,8 +53,6 @@ import java.util.Collections;
import java.util.Date;
import java.util.Set;
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-
/**
* Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
* @author Paul Ivancsics
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java
new file mode 100644
index 000000000..b1334ad67
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SSLConfigurationException extends Exception {
+
+ private static final long serialVersionUID = -3705679559648920151L;
+
+ private String errorID = null;
+ private Object[] parameters = null;
+ private Throwable e = null;
+
+ public SSLConfigurationException(String errorID, Object[] parameters) {
+ this.errorID = errorID;
+ this.parameters = parameters;
+ }
+
+ public SSLConfigurationException(String errorID, Object[] parameters, Throwable e) {
+ this.errorID = errorID;
+ this.parameters = parameters;
+ this.e = e;
+ }
+
+ /**
+ * @return the errorID
+ */
+ public String getErrorID() {
+ return errorID;
+ }
+
+ /**
+ * @return the parameters
+ */
+ public Object[] getParameters() {
+ return parameters;
+ }
+
+ /**
+ * @return the e
+ */
+ public Throwable getE() {
+ return e;
+ }
+
+
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
new file mode 100644
index 000000000..68437a04d
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -0,0 +1,186 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+import iaik.pki.PKIConfiguration;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
+import iaik.pki.PKIProfile;
+import iaik.pki.jsse.IAIKX509TrustManager;
+import iaik.security.provider.IAIK;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.Security;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+
+/**
+ * Utility for a obtaining a secure socket factory using <code>IAIKX509TrustManager</code>.
+ * This <code>TrustManager</code> implementation features CRL checking.<br/>
+ * <code>SSLUtils</code> caches secure socket factories for given <code>ConnectionParameter</code>s.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SSLUtils {
+
+ /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/
+ private static Map<String, SSLSocketFactory> sslSocketFactories = new HashMap<String, SSLSocketFactory>();
+
+ /**
+ * Initializes the SSLSocketFactory store.
+ */
+ public static void initialize() {
+ sslSocketFactories = new HashMap<String, SSLSocketFactory>();
+ // JSSE Abhängigkeit
+ //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+ Security.addProvider(new IAIK());
+ //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+
+
+ }
+
+ /**
+ * Creates an <code>SSLSocketFactory</code> which utilizes an
+ * <code>IAIKX509TrustManager</code> for the given trust store,
+ * and the given key store.
+ *
+ * @param conf configuration provider providing a generic properties pointing
+ * to trusted CA store and certificate store root
+ * @param connParam connection parameter containing the client key store settings
+ * to be used in case of client authentication;
+ * if <code>connParam.getClientKeyStore() == null</code>, client authentication
+ * is assumed to be disabled
+ * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
+ * @throws IOException thrown while reading key store file
+ * @throws GeneralSecurityException thrown while creating the socket factory
+ * @throws ConfigurationException on invalid configuration data
+ * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
+ */
+ public static SSLSocketFactory getSSLSocketFactory(
+ String url,
+ String certStoreRootDirParam,
+ String trustStoreURL,
+ String acceptedServerCertURL,
+ String chainingMode,
+ boolean checkRevocation,
+ String clientKeyStoreURL,
+ String clientKeyStorePassword,
+ String clientKeyStoreType
+ )
+ throws IOException, GeneralSecurityException, SSLConfigurationException, PKIException {
+
+ Logger.debug("Get SSLSocketFactory for " + url);
+ // retrieve SSLSocketFactory if already created
+ SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(url);
+ if (ssf != null)
+ return ssf;
+
+ TrustManager[] tms = getTrustManagers(
+ certStoreRootDirParam,
+ chainingMode,
+ trustStoreURL,
+ acceptedServerCertURL,
+ checkRevocation);
+
+ KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
+ clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
+ SSLContext ctx = SSLContext.getInstance("TLS");
+ ctx.init(kms, tms, null);
+ ssf = ctx.getSocketFactory();
+ // store SSLSocketFactory
+ sslSocketFactories.put(url, ssf);
+ return ssf;
+ }
+
+ public static void removeSSLSocketFactory(String url) {
+ Logger.info("Remove SSLSocketFactory for URL " + url);
+ if (sslSocketFactories.containsKey(url))
+ sslSocketFactories.remove(url);
+
+ }
+
+ /**
+ * Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
+ * using configuration data.
+ *
+ * @param conf MOA-ID configuration provider
+ * @param trustStoreURL trust store URL
+ * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates
+ * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code>
+ * @throws ConfigurationException on invalid configuration data
+ * @throws IOException on data-reading problems
+ * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
+ */
+ private static TrustManager[] getTrustManagers(String certStoreRootDirParam,
+ String chainingMode, String trustStoreURL, String acceptedServerCertURL,
+ boolean checkRevocation)
+ throws SSLConfigurationException, PKIException, IOException, GeneralSecurityException {
+
+ PKIConfiguration cfg = null;
+ if (! PKIFactory.getInstance().isAlreadyConfigured())
+ cfg = new PKIConfigurationImpl(certStoreRootDirParam, chainingMode);
+ PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
+ // This call fixes a bug occuring when PKIConfiguration is
+ // initialized by the MOA-SP initialization code, in case
+ // MOA-SP is called by API
+ MOAIDTrustManager.initializeLoggingContext();
+ IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
+ tm.init(cfg, profile);
+ return new TrustManager[] {tm};
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ValidationConfigurationImpl.java
index d230eef26..275aed4c4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ValidationConfigurationImpl.java
@@ -44,15 +44,13 @@
*/
-package at.gv.egovernment.moa.id.iaik.config;
+package at.gv.egovernment.moa.id.commons.utils.ssl;
import iaik.pki.pathvalidation.ValidationConfiguration;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
/**
* Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
@@ -62,21 +60,23 @@ import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
public class ValidationConfigurationImpl extends ObservableImpl
implements ValidationConfiguration {
/** The ConfigurationProvider for the validation*/
- private ConfigurationProvider conf;
+ private String chainingMode;
/**
* Constructor
* @param conf with the configuration
*/
- public ValidationConfigurationImpl(ConfigurationProvider conf) {
- this.conf = conf;
+ public ValidationConfigurationImpl(String chainingMode) {
+ this.chainingMode = chainingMode;
}
/**
* @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate)
*/
public String getChainingMode(X509Certificate trustAnchor) {
- String chainingMode = conf.getChainingMode(trustAnchor);
+
+ //INFO: MOA-ID 2.x always use defaultChainingMode
+
return chainingMode;
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/TargetValidator.java
index 6d7032f9d..2ad50568a 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/TargetValidator.java
@@ -20,7 +20,7 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*******************************************************************************/
-package at.gv.egovernment.moa.id.configuration.validation;
+package at.gv.egovernment.moa.id.commons.validation;
import java.util.ArrayList;
import java.util.Collections;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java
index 3749975df..be6d7d01e 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java
@@ -20,7 +20,7 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*******************************************************************************/
-package at.gv.egovernment.moa.id.configuration.validation;
+package at.gv.egovernment.moa.id.commons.validation;
import iaik.asn1.ObjectID;
import iaik.utils.Util;
@@ -46,12 +46,15 @@ import javax.net.ssl.SSLSocketFactory;
import org.apache.log4j.Logger;
+
public class ValidationHelper {
- private static final Logger log = Logger.getLogger(ValidationHelper.class);
+ public static final String PUBLICSERVICE_URL_POSTFIX = ".gv.at";
+ private static final Logger log = Logger.getLogger(ValidationHelper.class);
private static final String TEMPLATE_DATEFORMAT = "dd.MM.yyyy";
+
public static boolean isPublicServiceAllowed(String identifier) {
@@ -64,7 +67,7 @@ public class ValidationHelper {
if (host.endsWith("/"))
host = host.substring(0, host.length()-1);
- if (url.getHost().endsWith(at.gv.egovernment.moa.id.configuration.Constants.PUBLICSERVICE_URL_POSTFIX)) {
+ if (url.getHost().endsWith(PUBLICSERVICE_URL_POSTFIX)) {
log.debug("PublicURLPrefix with .gv.at Domain found.");
return true;
diff --git a/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java
new file mode 100644
index 000000000..e4aa6a284
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package org.apache.commons.httpclient;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import org.apache.commons.httpclient.HostConfiguration;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.HttpException;
+import org.apache.commons.httpclient.HttpMethod;
+import org.apache.commons.httpclient.HttpMethodDirector;
+import org.apache.commons.httpclient.HttpState;
+import org.apache.commons.httpclient.URI;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+
+/**
+ * @author tlenz
+ *
+ *HTTP client which can be used with MOA SSL TrustStore implementation
+ *
+ */
+public class MOAHttpClient extends HttpClient {
+
+
+ public void setCustomSSLTrustStore(String metadataURL, SecureProtocolSocketFactory protoSocketFactory) throws MOAHttpProtocolSocketFactoryException, MalformedURLException {
+ ;
+
+ URL url = new URL(metadataURL);
+ int port = -1;
+ if (url.getPort() < 0)
+ port = url.getDefaultPort();
+ else
+ port = url.getPort();
+
+ Protocol authhttps = new Protocol("https", protoSocketFactory, port);
+ getHostConfiguration().setHost(url.getHost(), port, authhttps);
+
+ }
+
+ public int executeMethod(HostConfiguration hostconfig,
+ final HttpMethod method, final HttpState state)
+ throws IOException, HttpException {
+
+ if (method == null) {
+ throw new IllegalArgumentException("HttpMethod parameter may not be null");
+ }
+ HostConfiguration defaulthostconfig = getHostConfiguration();
+ if (hostconfig == null) {
+ hostconfig = defaulthostconfig;
+ }
+ URI uri = method.getURI();
+ if (hostconfig == defaulthostconfig || uri.isAbsoluteURI()) {
+ // make a deep copy of the host defaults
+ hostconfig = (HostConfiguration) hostconfig.clone();
+
+ /**
+ * Only build default host with default protocol if protocol is empty
+ *
+ * In case of https, the methode setCustomSSLTrustStore can be used to set a
+ * the MOA TrustStore for SSL connection validation
+ */
+ if (uri.isAbsoluteURI() && hostconfig.getProtocol() == null) {
+ hostconfig.setHost(uri);
+ }
+ }
+
+ HttpMethodDirector methodDirector = new HttpMethodDirector(
+ getHttpConnectionManager(),
+ hostconfig,
+ getParams(),
+ (state == null ? getState() : state));
+ methodDirector.executeMethod(method);
+ return method.getStatusCode();
+ }
+}
diff --git a/id/server/moa-id-commons/src/main/resources/config/bindings.xjb b/id/server/moa-id-commons/src/main/resources/config/bindings.xjb
index f2701bec4..cf04319c8 100644
--- a/id/server/moa-id-commons/src/main/resources/config/bindings.xjb
+++ b/id/server/moa-id-commons/src/main/resources/config/bindings.xjb
@@ -1,7 +1,8 @@
-<jaxb:bindings version="1.0"
+<jaxb:bindings version="2.1"
xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
- xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc">
+ xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc"
+ jaxb:extensionBindingPrefixes="hj">
<jaxb:bindings schemaLocation="moaid_config_2.0.xsd" node="/xsd:schema">
<jaxb:globalBindings localScoping="toplevel">
diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
index e8562a57b..3a2914cb4 100644
--- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
+++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Mit XMLSpy v2013 sp1 (http://www.altova.com) von Thomas Lenz (Graz University of Technology IAIK) bearbeitet -->
-<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.0.0">
+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:jaxb="http://java.sun.com/xml/ns/jaxb" xmlns:hj="http://hyperjaxb3.jvnet.org/ejb/schemas/customizations" xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.0.0" jaxb:extensionBindingPrefixes="xjc hj" jaxb:version="2.0">
<xsd:complexType name="OnlineApplication">
<xsd:complexContent>
<xsd:extension base="OnlineApplicationType">
@@ -481,10 +481,27 @@
</xsd:element>
</xsd:sequence>
</xsd:complexType>
+ <xsd:complexType name="InterfederationIDPType">
+ <xsd:sequence>
+ <xsd:element name="attributeQueryURL" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="storeSSOSession" type="xsd:boolean" minOccurs="1" maxOccurs="1" default="true"/>
+ </xsd:sequence>
+ <xsd:attribute name="inboundSSO" type="xsd:boolean" default="true"/>
+ <xsd:attribute name="outboundSSO" type="xsd:boolean" default="true"/>
+ </xsd:complexType>
<xsd:complexType name="OnlineApplicationType">
<xsd:sequence>
+ <xsd:element name="isNew" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:appinfo>
+ <hj:ignored/>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
<xsd:element name="isActive" type="xsd:boolean" default="false" minOccurs="1" maxOccurs="1"/>
<xsd:element name="isAdminRequired" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="isInterfederationIDP" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="InterfederationIDP" type="InterfederationIDPType" minOccurs="0" maxOccurs="1"/>
<xsd:element name="AuthComponent_OA" minOccurs="0">
<xsd:annotation>
<xsd:documentation>enthält Parameter über die OA, die die
@@ -938,6 +955,20 @@
<xsd:element name="isPVP2Generated" type="xsd:boolean" minOccurs="0" maxOccurs="1"/>
<xsd:element name="lastLogin" type="xsd:string" minOccurs="1" maxOccurs="1"/>
<xsd:element name="OnlineApplication" type="OnlineApplication" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="onlyBusinessService" type="xsd:boolean" default="false" minOccurs="1" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:appinfo>
+ <hj:ignored/>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="businessServiceType" type="xsd:string" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:appinfo>
+ <hj:ignored/>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="BKUSelectionCustomizationType">
diff --git a/id/server/pom.xml b/id/server/pom.xml
index d748c01eb..bbaac8e5e 100644
--- a/id/server/pom.xml
+++ b/id/server/pom.xml
@@ -4,7 +4,7 @@
<parent>
<groupId>MOA</groupId>
<artifactId>id</artifactId>
- <version>2.0.1</version>
+ <version>2.0.x</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml
index e47b31144..ff6608451 100644
--- a/id/server/proxy/pom.xml
+++ b/id/server/proxy/pom.xml
@@ -2,7 +2,7 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>2.0.1</version>
+ <version>2.0.x</version>
</parent>
<properties>