diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-09-18 10:05:01 +0200 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-09-18 10:05:01 +0200 |
| commit | 7625168308b648dab99db5c99c9de09b173ed05c (patch) | |
| tree | 6b0784fbffd20200379761ab186caa940a5d7975 /id | |
| parent | 466342e91b92a68f9738937dbfdeff5348a2b730 (diff) | |
| download | moa-id-spss-7625168308b648dab99db5c99c9de09b173ed05c.tar.gz moa-id-spss-7625168308b648dab99db5c99c9de09b173ed05c.tar.bz2 moa-id-spss-7625168308b648dab99db5c99c9de09b173ed05c.zip | |
change to 1.9.96-snapshot
--set SL-Version to hardcoded version 1.2
--add "RemoveBPK form AuthBlock" feature
--set UTC time as default (SAML1)
--add PVP2 Attributes:
++ AuthBlock
++ Certificate
++ BASEID
++ BASEID-TYPE
++BKUURL
Bugfix:
-- NullPointerException: GetMISSessionIDServlet.java
-- Check if it is empty: MOAMetadataProvider.java
Diffstat (limited to 'id')
36 files changed, 442 insertions, 173 deletions
diff --git a/id/pom.xml b/id/pom.xml index f91f7874a..cc87b73f2 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -3,14 +3,14 @@ <parent> <groupId>MOA</groupId> <artifactId>MOA</artifactId> - <version>1.5.2</version> + <version>1.9.96-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>MOA</groupId> <artifactId>id</artifactId> <packaging>pom</packaging> - <version>1.5.2</version> + <version>1.9.96-SNAPSHOT</version> <name>MOA ID</name> <modules> diff --git a/id/server/auth/.settings/org.eclipse.wst.common.component b/id/server/auth/.settings/org.eclipse.wst.common.component index 26d55725b..b20ec67b6 100644 --- a/id/server/auth/.settings/org.eclipse.wst.common.component +++ b/id/server/auth/.settings/org.eclipse.wst.common.component @@ -3,16 +3,13 @@ <dependent-module archiveName="moa-spss-lib-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib"> <dependency-type>uses</dependency-type> </dependent-module> - <dependent-module archiveName="moa-common-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common"> - <dependency-type>uses</dependency-type> - </dependent-module> - <dependent-module archiveName="moa-id-lib-1.9.95-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib"> + <dependent-module archiveName="moa-id-lib-1.9.96-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib"> <dependency-type>uses</dependency-type> </dependent-module> <dependent-module archiveName="stork-saml-engine-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/stork-saml-engine/stork-saml-engine"> <dependency-type>uses</dependency-type> </dependent-module> - <dependent-module archiveName="moa-id-commons-1.9.95-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-commons/moa-id-commons"> + <dependent-module archiveName="moa-id-commons-1.9.96-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-commons/moa-id-commons"> <dependency-type>uses</dependency-type> </dependent-module> <property name="context-root" value="moa-id-auth"/> diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index bd29cde26..9214b6f12 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -2,14 +2,14 @@ <parent> <groupId>MOA.id</groupId> <artifactId>moa-id</artifactId> - <version>1.5.2</version> + <version>1.9.96-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>MOA.id.server</groupId> <artifactId>moa-id-auth</artifactId> <packaging>war</packaging> - <version>1.9.95-SNAPSHOT</version> + <version>1.9.96-SNAPSHOT</version> <name>MOA ID-Auth WebService</name> <properties> @@ -68,7 +68,7 @@ <dependency> <groupId>MOA.spss.server</groupId> <artifactId>moa-spss-lib</artifactId> - <!--version>${project.version}</version--> + <version>1.5.2</version> </dependency> <dependency> <groupId>MOA.id.server</groupId> diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 37663c08b..245f9a254 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -2,14 +2,14 @@ <parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>1.5.2</version>
+ <version>1.9.96-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
<packaging>jar</packaging>
- <version>1.9.95-SNAPSHOT</version>
+ <version>1.9.96-SNAPSHOT</version>
<name>MOA ID API</name>
<properties>
@@ -41,7 +41,7 @@ <dependency>
<groupId>MOA.spss.server</groupId>
<artifactId>moa-spss-lib</artifactId>
- <!--version>${project.version}</version-->
+ <version>1.5.2</version>
</dependency>
<dependency>
<groupId>axis</groupId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index a19ac724e..dec5b81cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -440,12 +440,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { //build ReadInfobox request infoboxReadRequest = new InfoboxReadRequestBuilder().build( - oaParam.isSlVersion12(), isbuisness, domainIdentifier); + isbuisness, domainIdentifier); } else { //build ReadInfobox request infoboxReadRequest = new InfoboxReadRequestBuilder().build( - oaParam.isSlVersion12(), oaParam.getBusinessService(), oaParam + oaParam.getBusinessService(), oaParam .getIdentityLinkDomainIdentifier()); } @@ -465,7 +465,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { //build CertInfo request String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() - .build(oaParam.isSlVersion12()); + .build(); String certInfoDataURL = new DataURLBuilder() .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, session.getSessionID()); @@ -788,7 +788,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() .build(authBlock, oaParam.getKeyBoxIdentifier(), - transformsInfos, oaParam.isSlVersion12()); + transformsInfos); return createXMLSignatureRequest; } @@ -1054,40 +1054,40 @@ public class AuthenticationServer implements MOAIDAuthConstants { String identificationValue = null; String identificationType = null; - if (identityLink.getIdentificationType().equals( - Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we - // have the Stammzahl + //set empty AuthBlock BPK in case of OW or SSO or bpk is not requested + if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) { + identificationType = ""; + identificationValue = ""; + } else if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + + if (oaParam.getBusinessService()) { - if (session.isSsoRequested()) { - identificationType = ""; - identificationValue = ""; + String bpkBase64 = new BPKBuilder().buildWBPK(identityLink + .getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier()); + identificationValue = bpkBase64; + + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK + "+" )) + identificationType = oaParam.getIdentityLinkDomainIdentifier(); + else + identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); } else { String bpkBase64 = new BPKBuilder().buildBPK(identityLink - .getIdentificationValue(), session.getTarget()); + .getIdentificationValue(), session.getTarget()); identificationValue = bpkBase64; identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); } -// identityLink.setIdentificationValue(bpkBase64); -// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); - + } else { identificationValue = identityLink.getIdentificationValue(); identificationType = identityLink.getIdentificationType(); } - - //set empty AuthBlock BPK in case of OW - if (session.isOW()) { - identificationType = ""; - identificationValue = ""; - } - - String issueInstant = DateTimeUtils.buildDateTime(Calendar - .getInstance(), oaParam.getUseUTC()); + + String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar + .getInstance()); session.setIssueInstant(issueInstant); String authURL = session.getAuthURL(); String target = session.getTarget(); @@ -2274,15 +2274,17 @@ public class AuthenticationServer implements MOAIDAuthConstants { AuthenticationData authData = new AuthenticationData(); VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); - boolean useUTC = oaParam.getUseUTC(); + +// boolean useUTC = oaParam.getUseUTC(); boolean businessService = oaParam.getBusinessService(); authData.setMajorVersion(1); authData.setMinorVersion(0); authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); - authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar - .getInstance(), useUTC)); + + authData.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar + .getInstance())); //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO authData.setIdentificationValue(identityLink.getIdentificationValue()); @@ -2297,7 +2299,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setPublicAuthorityCode(verifyXMLSigResp .getPublicAuthorityCode()); authData.setBkuURL(session.getBkuURL()); - authData.setUseUTC(oaParam.getUseUTC()); +// authData.setUseUTC(oaParam.getUseUTC()); try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java index 7528bc2e8..f3044e7e5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java @@ -71,25 +71,25 @@ public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder implements * @return the XML structure * @throws BuildException */ - public String build(boolean slVersion12) throws BuildException { + public String build() throws BuildException { String sl10Prefix; String sl11Prefix; String slNsDeclaration; - if (slVersion12) { +// if (slVersion12) { sl10Prefix = SL12_PREFIX; sl11Prefix = SL12_PREFIX; slNsDeclaration = "xmlns:" + SL12_PREFIX + "=\"" + SL12_NS_URI + "\""; - } else { - - sl10Prefix = SL10_PREFIX; - sl11Prefix = SL11_PREFIX; - slNsDeclaration = "xmlns:" + sl11Prefix + "=\"" + SL11_NS_URI + "\" xmlns:" + sl10Prefix + "=\"" + SL10_NS_URI + "\""; - - } +// } else { +// +// sl10Prefix = SL10_PREFIX; +// sl11Prefix = SL11_PREFIX; +// slNsDeclaration = "xmlns:" + sl11Prefix + "=\"" + SL11_NS_URI + "\" xmlns:" + sl10Prefix + "=\"" + SL10_NS_URI + "\""; +// +// } String certInfoRequest = MessageFormat.format(CERTINFO_REQUEST, new Object[] {sl11Prefix, sl10Prefix, slNsDeclaration}); String resDsigSignature = "resources/xmldata/CertInfoDsigSignature.xml"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 23596abda..51c0c039a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -81,7 +81,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { * @param slVersion12 specifies whether the Security Layer version number is 1.2 or not * @return String representation of <code><CreateXMLSignatureRequest></code> */ - public String build(String authBlock, String keyBoxIdentifier, List<String> dsigTransformInfos, boolean slVersion12) { + public String build(String authBlock, String keyBoxIdentifier, List<String> dsigTransformInfos) { String sl10Prefix; String sl11Prefix; @@ -97,7 +97,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { // dsigTransformInfosString += dsigTransformInfos[i]; // } - if (slVersion12) { +// if (slVersion12) { // replace the SecurityLayer namespace prefixes and URIs within the transforms dsigTransformInfosString = StringUtils.changeSLVersion(dsigTransformInfosString, @@ -107,13 +107,13 @@ public class CreateXMLSignatureRequestBuilder implements Constants { sl11Prefix = SL12_PREFIX; slNsDeclaration = "xmlns:" + SL12_PREFIX + "='" + SL12_NS_URI + "'"; - } else { - - sl10Prefix = SL10_PREFIX; - sl11Prefix = SL11_PREFIX; - slNsDeclaration = "xmlns:" + sl10Prefix + "='" + SL10_NS_URI + "' xmlns:" + sl11Prefix + "='" + SL11_NS_URI + "'"; - - } +// } else { +// +// sl10Prefix = SL10_PREFIX; +// sl11Prefix = SL11_PREFIX; +// slNsDeclaration = "xmlns:" + sl10Prefix + "='" + SL10_NS_URI + "' xmlns:" + sl11Prefix + "='" + SL11_NS_URI + "'"; +// +// } String request = MessageFormat.format( CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java index b2acf9f2d..7edd9df9c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java @@ -57,18 +57,18 @@ public class InfoboxReadRequestBuilder implements Constants { * * @return <code><InfoboxReadRequest></code> as String */ - public String build(boolean slVersion12, boolean businessService, String identityLinkDomainIdentifier) { + public String build(boolean businessService, String identityLinkDomainIdentifier) { String slPrefix; String slNsDeclaration; - if (slVersion12) { +// if (slVersion12) { slPrefix = SL12_PREFIX; slNsDeclaration = SL12_NS_URI; - } else { - slPrefix = SL10_PREFIX; - slNsDeclaration = SL10_NS_URI; - } +// } else { +// slPrefix = SL10_PREFIX; +// slNsDeclaration = SL10_NS_URI; +// } StringBuffer sb = new StringBuffer("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>"); sb.append("<"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index ee5afa5dc..f90634ab4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -20,8 +20,6 @@ public class LoginFormBuilder { private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; private static final String HTMLTEMPLATEFULL = "loginFormFull.html"; - private static final String HTMLTEMPLATEIFRAME = "loginFormFull.html"; - //private static final String HTMLTEMPLATEIFRAME = "loginFormIFrame.html"; private static String AUTH_URL = "#AUTH_URL#"; private static String MODUL = "#MODUL#"; @@ -35,7 +33,7 @@ public class LoginFormBuilder { private static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate"; - private static String getTemplate(boolean isIFrame) { + private static String getTemplate() { String template = null; @@ -46,10 +44,8 @@ public class LoginFormBuilder { String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); - if (isIFrame) - pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEIFRAME; - else - pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; + + pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; try { File file = new File(new URI(pathLocation)); @@ -59,10 +55,7 @@ public class LoginFormBuilder { Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package."); - if (isIFrame) - pathLocation = "resources/templates/" + HTMLTEMPLATEIFRAME; - else - pathLocation = "resources/templates/" + HTMLTEMPLATEFULL; + pathLocation = "resources/templates/" + HTMLTEMPLATEFULL; input = Thread.currentThread() .getContextClassLoader() @@ -86,8 +79,8 @@ public class LoginFormBuilder { return template; } - public static String buildLoginForm(String modul, String action, String oaname, String contextpath, boolean isIFrame, String moaSessionID) { - String value = getTemplate(isIFrame); + public static String buildLoginForm(String modul, String action, String oaname, String contextpath, String moaSessionID) { + String value = getTemplate(); if(value != null) { if(modul == null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java index 59cbbe25e..3f6a7d9d6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java @@ -20,8 +20,6 @@ public class SendAssertionFormBuilder { private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; private static final String HTMLTEMPLATEFULL = "sendAssertionFormFull.html"; - private static final String HTMLTEMPLATEIFRAME = "sendAssertionFormFull.html"; - //private static final String HTMLTEMPLATEIFRAME = "sendAssertionFormIFrame.html"; private static String URL = "#URL#"; private static String MODUL = "#MODUL#"; @@ -32,7 +30,7 @@ public class SendAssertionFormBuilder { private static String SERVLET = CONTEXTPATH+"/SSOSendAssertionServlet"; - private static String getTemplate(boolean isIFrame) { + private static String getTemplate() { String template = null; @@ -42,10 +40,7 @@ public class SendAssertionFormBuilder { String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); - if (isIFrame) - pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEIFRAME; - else - pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; + pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; try { File file = new File(new URI(pathLocation)); @@ -55,10 +50,7 @@ public class SendAssertionFormBuilder { Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package."); - if (isIFrame) - pathLocation = "resources/templates/" + HTMLTEMPLATEIFRAME; - else - pathLocation = "resources/templates/" + HTMLTEMPLATEFULL; + pathLocation = "resources/templates/" + HTMLTEMPLATEFULL; input = Thread.currentThread() .getContextClassLoader() @@ -77,8 +69,8 @@ public class SendAssertionFormBuilder { return template; } - public static String buildForm(String modul, String action, String id, String oaname, String contextpath, boolean isIFrame) { - String value = getTemplate(isIFrame); + public static String buildForm(String modul, String action, String id, String oaname, String contextpath) { + String value = getTemplate(); if(value != null) { if(modul == null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index e461197e2..b699de074 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -181,7 +181,7 @@ public class GetMISSessionIDServlet extends AuthServlet { MISMandate mandate = (MISMandate) list.get(0); String sMandate = new String(mandate.getMandate()); - if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) { + if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) { Logger.error("Mandate is empty."); throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index c1715d6fc..7d76ce9d5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -52,6 +52,8 @@ public class OAParameter { this.targetFriendlyName = oa.getTargetFriendlyName(); + this.removePBKFromAuthblock = oa.isRemoveBPKFromAuthBlock(); + } /** @@ -84,7 +86,7 @@ public class OAParameter { */ private String targetFriendlyName; - + private boolean removePBKFromAuthblock; public String getOaType() { return oaType; @@ -104,6 +106,9 @@ public class OAParameter { public String getTargetFriendlyName() { return targetFriendlyName; } - + + public boolean isRemovePBKFromAuthBlock() { + return removePBKFromAuthblock; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index c62594d6f..99d15a612 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -94,27 +94,31 @@ public class OAAuthParameter extends OAParameter { /** * @return the slVersion */ -public String getSlVersion() { - return oa_auth.getSlVersion(); -} - -/** - * @return the slVersion12 - */ -public boolean isSlVersion12() { - if ("1.2".equals(oa_auth.getSlVersion())) - return true; - else - return false; - } - -public boolean getUseUTC() { - return oa_auth.isUseUTC(); -} +//public String getSlVersion() { +// return oa_auth.getSlVersion(); +//} +// +///** +// * @return the slVersion12 +// */ +//public boolean isSlVersion12() { +// +// // set SLVersion to 1.2 per default +// return true; +// +//// if ("1.2".equals(oa_auth.getSlVersion())) +//// return true; +//// else +//// return false; +//} -public boolean useIFrame() { - return oa_auth.isUseIFrame(); -} +//public boolean getUseUTC() { +// return oa_auth.isUseUTC(); +//} +// +//public boolean useIFrame() { +// return oa_auth.isUseIFrame(); +//} /** * @return the identityLinkDomainIdentifier diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index 96d0bd2ed..10729e981 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -411,9 +411,9 @@ public class BuildFromLegacyConfig { moa_oa.setAuthComponentOA(oa_auth); //SLLayer Version / useIframe - oa_auth.setSlVersion(oa.getSlVersion()); - oa_auth.setUseIFrame(false); - oa_auth.setUseUTC(oa.getUseUTC()); +// oa_auth.setSlVersion(oa.getSlVersion()); +// oa_auth.setUseIFrame(false); +// oa_auth.setUseUTC(oa.getUseUTC()); //BKUURLs diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index e18981032..aa95bc38c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -124,7 +124,7 @@ public class AuthenticationData implements Serializable { private String samlAssertion; /** useUTC */ - private boolean useUTC; +// private boolean useUTC; /** * creation timestamp */ @@ -186,13 +186,13 @@ public class AuthenticationData implements Serializable { return bPK; } - /** - * Returns useUTC - * @return useUTC - */ - public boolean getUseUTC() { - return useUTC; - } +// /** +// * Returns useUTC +// * @return useUTC +// */ +// public boolean getUseUTC() { +// return useUTC; +// } /** * Sets the minorVersion. @@ -242,9 +242,9 @@ public class AuthenticationData implements Serializable { // this.wbPK = wbPK; // } - public void setUseUTC(boolean useUTC) { - this.useUTC = useUTC; - } +// public void setUseUTC(boolean useUTC) { +// this.useUTC = useUTC; +// } /** * Returns the assertionID. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 7dba67174..f2352e11e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -284,7 +284,7 @@ public class AuthenticationManager extends AuthServlet { String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), - target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame(), moasession.getSessionID()); + target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), moasession.getSessionID()); //store MOASession try { @@ -310,7 +310,7 @@ public class AuthenticationManager extends AuthServlet { throws ServletException, IOException, MOAIDException { String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), - target.requestedAction(), target.getRequestID(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame()); + target.requestedAction(), target.getRequestID(), oaParam.getFriendlyName(), request.getContextPath()); response.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(response.getOutputStream()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java index 2748d74a6..9403cb205 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java @@ -12,10 +12,15 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BirthdateAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDAuthBlock; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCcsURL; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCitizenQAALevelAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIdentityLinkBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIssuingNationAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSectorForIDAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSignerCertificate; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSourcePIN; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSourcePINType; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.GivenNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateFullMandateAttributeBuilder; @@ -56,6 +61,11 @@ public class PVPAttributeBuilder { addBuilder(new EIDIssuingNationAttributeBuilder()); addBuilder(new EIDSectorForIDAttributeBuilder()); addBuilder(new EIDIdentityLinkBuilder()); + addBuilder(new EIDAuthBlock()); + addBuilder(new EIDCcsURL()); + addBuilder(new EIDSignerCertificate()); + addBuilder(new EIDSourcePIN()); + addBuilder(new EIDSourcePINType()); // Mandate Attributes addBuilder(new MandateTypeAttributeBuilder()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 17fc52a8c..a02959e39 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -307,7 +307,10 @@ public class PVP2AssertionBuilder implements PVPConstants { audience.setAudienceURI(peerEntity.getEntityID()); audienceRestriction.getAudiences().add(audience); conditions.setNotBefore(new DateTime()); + conditions.setNotOnOrAfter(new DateTime().plusMinutes(20)); +// conditions.setNotOnOrAfter(new DateTime()); + conditions.getAudienceRestrictions().add(audienceRestriction); assertion.setConditions(conditions); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java new file mode 100644 index 000000000..16d05842a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java @@ -0,0 +1,45 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import iaik.util.logging.Log; + +import java.io.IOException; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +public class EIDAuthBlock extends BaseAttributeBuilder { + + public String getName() { + return EID_AUTH_BLOCK_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + + try { + String authblock = authSession.getAuthBlock(); + if (MiscUtil.isNotEmpty(authblock)) { + return buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, + EID_AUTH_BLOCK_NAME, Base64Utils.encode(authblock.getBytes())); + } + + } catch (IOException e) { + Log.info("Encode AuthBlock BASE64 failed."); + } + throw new UnprovideableAttributeException(EID_AUTH_BLOCK_NAME); + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java new file mode 100644 index 000000000..0d96d4817 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java @@ -0,0 +1,33 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.util.MiscUtil; + +public class EIDCcsURL extends BaseAttributeBuilder{ + + public String getName() { + return EID_CCS_URL_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + + String bkuurl = authSession.getBkuURL(); + if (MiscUtil.isNotEmpty(bkuurl)) + return buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl); + else + throw new UnprovideableAttributeException(EID_CCS_URL_NAME); + } + + public Attribute buildEmpty() { + return buildemptyAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java new file mode 100644 index 000000000..f5cb51228 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java @@ -0,0 +1,45 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import iaik.util.logging.Log; + +import java.io.IOException; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.util.Base64Utils; + +public class EIDSignerCertificate extends BaseAttributeBuilder { + + public String getName() { + return EID_SIGNER_CERTIFICATE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + + try { + byte[] signerCertificate = authSession.getEncodedSignerCertificate(); + if (signerCertificate != null) { + return buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, Base64Utils + .encode(signerCertificate)); + } + + }catch (IOException e) { + Log.info("Signer certificate BASE64 encoding error"); + } + + throw new UnprovideableAttributeException(EID_SIGNER_CERTIFICATE_NAME); + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java new file mode 100644 index 000000000..d21d264f6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java @@ -0,0 +1,33 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; + +public class EIDSourcePIN extends BaseAttributeBuilder { + + public String getName() { + return EID_SOURCE_PIN_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + + if (oaParam.getBusinessService()) + throw new UnprovideableAttributeException(EID_SOURCE_PIN_NAME); + + else { + return buildStringAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME, authData.getIdentificationValue()); + } + } + + public Attribute buildEmpty() { + return buildemptyAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java new file mode 100644 index 000000000..9bc9716cf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java @@ -0,0 +1,33 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; + +public class EIDSourcePINType extends BaseAttributeBuilder { + + public String getName() { + return EID_SOURCE_PIN_TYPE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + + if (oaParam.getBusinessService()) + throw new UnprovideableAttributeException(EID_SOURCE_PIN_TYPE_NAME); + + else { + return buildStringAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME, authData.getIdentificationType()); + } + } + + public Attribute buildEmpty() { + return buildemptyAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index 0786f896a..ebe597ed2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -98,7 +98,8 @@ public class PVPConfiguration { String publicPath = generalpvpconfigdb.getPublicURLPrefix(); if(publicPath != null) { if(publicPath.endsWith("/")) { - publicPath = publicPath.substring(0, publicPath.length()-2); + int length = publicPath.length(); + publicPath = publicPath.substring(0, length-1); } } return publicPath; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 99567478d..a92ac8e7f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -1,20 +1,15 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.metadata; -import java.io.File; import java.security.cert.CertificateException; import java.util.Iterator; import java.util.List; -import java.util.Timer; import javax.xml.namespace.QName; -import org.apache.commons.httpclient.HttpClient; -import org.apache.commons.httpclient.protocol.Protocol; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider; -import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.saml2.metadata.provider.MetadataProvider; @@ -22,15 +17,12 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.xml.XMLObject; import org.opensaml.xml.parse.BasicParserPool; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.MetadataSignatureFilter; -import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public class MOAMetadataProvider implements MetadataProvider { @@ -62,7 +54,8 @@ public class MOAMetadataProvider implements MetadataProvider { OnlineApplication oa = oaIt.next(); Logger.info("Loading metadata for: " + oa.getFriendlyName()); OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2(); - if (pvp2Config != null) { + if (pvp2Config != null && MiscUtil.isNotEmpty(pvp2Config.getMetadataURL())) { +// if (pvp2Config != null) { String metadataURL = pvp2Config.getMetadataURL(); try { // TODO: use proper SSL checking diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java index 36dc2442c..fb1f08132 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java @@ -49,6 +49,8 @@ public class MetadataSignatureFilter implements MetadataFilter { Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator(); + + //TODO: check this!!!! while(entID.hasNext()) { processEntityDescriptorr(entIT.next()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index 1fbcb9a46..9fade4864 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -119,7 +119,7 @@ public class GetAuthenticationDataService implements Constants { AuthenticationData authData = saml1server.getSaml1AuthenticationData(samlArtifact); - useUTC = authData.getUseUTC(); +// useUTC = authData.getUseUTC(); // success samlAssertion = authData.getSamlAssertion(); @@ -170,7 +170,7 @@ public class GetAuthenticationDataService implements Constants { try { String responseID = Random.nextRandom(); - String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC); + String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()); if (statusMessage == null) statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java index 2493f42b8..6f601334b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java @@ -63,7 +63,7 @@ public class SAMLRequestBuilder implements Constants { */ public Element build(String requestID, String samlArtifactBase64) throws BuildException { try { - String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), true); + String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()); String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64}); Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); return requestElem; diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java index 2887454ec..f8c5b565f 100644 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java +++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java @@ -73,9 +73,9 @@ public class GetIdentityLinkFormBuilderTest extends TestCase { "http://localhost:3495/http-security-layer-request"; public void testBuild() throws Exception { - String xmlRequest = new InfoboxReadRequestBuilder().build(false, false, null); + String xmlRequest = new InfoboxReadRequestBuilder().build(false, null); String dataURL = "https://1.2.3.4/auth/VerifyIdentityLink?MOASessionID=1234567"; - String infoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(false); + String infoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(); String infoDataURL = "https://1.2.3.4/auth/StartAuthentication?Target=gb&OA=https://oa.gv.at/"; String form = new GetIdentityLinkFormBuilder().build(null, null, xmlRequest, dataURL, infoRequest, infoDataURL, null); String formShould = MessageFormat.format( @@ -83,9 +83,9 @@ public class GetIdentityLinkFormBuilderTest extends TestCase { assertEquals(formShould, form); } public void testBuildCustomBKU() throws Exception { - String xmlRequest = new InfoboxReadRequestBuilder().build(false, false, null); + String xmlRequest = new InfoboxReadRequestBuilder().build(false, null); String dataURL = "https://1.2.3.4/auth/AuthServlet/StartAuthentication?MOASessionID=1234567"; - String infoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(false); + String infoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(); String infoDataURL = "https://1.2.3.4/auth/StartAuthentication?Target=gb&OA=https://oa.gv.at/"; String bkuURL = "http://bku.at/"; String form = new GetIdentityLinkFormBuilder().build(null, bkuURL, xmlRequest, dataURL, infoRequest, infoDataURL, null); diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java index 968055384..07bed3492 100644 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java +++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java @@ -43,7 +43,7 @@ public class InfoboxReadRequestBuilderTest extends UnitTestCase implements Const public void testBuild() throws Exception { InfoboxReadRequestBuilder builder = new InfoboxReadRequestBuilder(); - String xmlBuilt = builder.build(false, false, null); + String xmlBuilt = builder.build(false, null); Document docBuilt = DOMUtils.parseDocument(xmlBuilt, false, ALL_SCHEMA_LOCATIONS, null); String xmlBuiltSerialized = DOMUtils.serializeNode(docBuilt); // xmlShould was generated by Hot:Sign Tester diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 4bf57d743..9a48b7782 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -3,12 +3,12 @@ <parent> <groupId>MOA.id</groupId> <artifactId>moa-id</artifactId> - <version>1.9.95-SNAPSHOT</version> + <version>1.9.96-SNAPSHOT</version> </parent> <artifactId>moa-id-commons</artifactId> <name>moa-id-commons</name> <groupId>MOA.id.server</groupId> - <version>1.9.95-SNAPSHOT</version> + <version>1.9.96-SNAPSHOT</version> <dependencies> <dependency> diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java index 795981777..20fc4c845 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java @@ -6,6 +6,8 @@ import java.util.Map; import javax.persistence.EntityManager; +import org.apache.commons.lang.StringEscapeUtils; + import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; @@ -22,8 +24,12 @@ public class ConfigurationDBRead { QUERIES.put("getOnlineApplicationWithDBID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.hjid = :id"); QUERIES.put("getAllOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication"); QUERIES.put("getAllActiveOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.isActive = '1'"); + QUERIES.put("getAllNewOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.isActive = '0' and onlineapplication.isAdminRequired = '1'"); QUERIES.put("getMOAIDConfiguration", "select moaidconfiguration from MOAIDConfiguration moaidconfiguration"); QUERIES.put("getUserWithUserID", "select userdatabase from UserDatabase userdatabase where userdatabase.hjid = :id"); + QUERIES.put("getNewUserWithUserTokken", "select userdatabase from UserDatabase userdatabase where userdatabase.userRequestTokken = :tokken and userdatabase.isUserRequest = '1'"); + QUERIES.put("getAllNewUsers", "select userdatabase from UserDatabase userdatabase where userdatabase.userRequestTokken is null and userdatabase.isUserRequest = '1'"); + QUERIES.put("getUserWithUserBPKWBPK", "select userdatabase from UserDatabase userdatabase where userdatabase.bpk = :bpk"); QUERIES.put("getUserWithUserUsername", "select userdatabase from UserDatabase userdatabase where userdatabase.username = :username"); QUERIES.put("getAllUsers", "select userdatabase from UserDatabase userdatabase"); QUERIES.put("searchOnlineApplicationsWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.friendlyName like :id"); } @@ -32,6 +38,9 @@ public class ConfigurationDBRead { public static OnlineApplication getActiveOnlineApplication(String id) { MiscUtil.assertNotNull(id, "OnlineApplictionID"); Logger.trace("Getting OnlineApplication with ID " + id + " from database."); + + //TODO: check!!! + id = StringEscapeUtils.escapeHtml(id); List result; EntityManager session = ConfigurationDBUtils.getCurrentSession(); @@ -135,6 +144,24 @@ public class ConfigurationDBRead { return result; } + public static List<OnlineApplication> getAllNewOnlineApplications() { + Logger.trace("Get All OnlineApplications from database."); + + List<OnlineApplication> result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getAllNewOnlineApplications")); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return result; + } + public static List<UserDatabase> getAllUsers() { Logger.trace("Get All OnlineApplications from database."); @@ -235,4 +262,62 @@ public class ConfigurationDBRead { } return (UserDatabase) result.get(0); } + + public static UserDatabase getUserWithUserBPKWBPK(String bpkwbpk) { + MiscUtil.assertNotNull(bpkwbpk, "bpk/wbpk"); + Logger.trace("Getting Userinformation with ID " + bpkwbpk + " from database."); + + List<UserDatabase> result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getUserWithUserBPKWBPK")); + query.setParameter("bpk", bpkwbpk); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return (UserDatabase) result.get(0); + } + + public static UserDatabase getNewUserWithTokken(String tokken) { + MiscUtil.assertNotNull(tokken, "bpk/wbpk"); + Logger.trace("Getting Userinformation with Tokken " + tokken + " from database."); + + List<UserDatabase> result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getNewUserWithUserTokken")); + query.setParameter("tokken", tokken); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return (UserDatabase) result.get(0); + } + + public static List<UserDatabase> getAllNewUsers() { + Logger.trace("Get all new Users from Database"); + + List<UserDatabase> result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getAllNewUsers")); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return result; + } } diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index 9f825d4aa..701994d1f 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -18,6 +18,7 @@ <xsd:attribute name="friendlyName" type="xsd:string" use="optional"/> <xsd:attribute name="target" type="xsd:string" use="optional"/> <xsd:attribute name="targetFriendlyName" type="xsd:string" use="optional"/> + <xsd:attribute name="removeBPKFromAuthBlock" type="xsd:boolean" use="optional" default="false"/> </xsd:extension> </xsd:complexContent> </xsd:complexType> @@ -497,6 +498,7 @@ <xsd:complexType name="OnlineApplicationType"> <xsd:sequence> <xsd:element name="isActive" type="xsd:boolean" default="false" minOccurs="1" maxOccurs="1"/> + <xsd:element name="isAdminRequired" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1"/> <xsd:element name="AuthComponent_OA" minOccurs="0"> <xsd:annotation> <xsd:documentation>enthält Parameter über die OA, die die @@ -537,16 +539,6 @@ <xsd:element ref="OA_SAML1" minOccurs="0"/> <xsd:element ref="OA_PVP2" minOccurs="0"/> </xsd:sequence> - <xsd:attribute name="slVersion" use="optional" default="1.1"> - <xsd:simpleType> - <xsd:restriction base="xsd:string"> - <xsd:enumeration value="1.1"/> - <xsd:enumeration value="1.2"/> - </xsd:restriction> - </xsd:simpleType> - </xsd:attribute> - <xsd:attribute name="useIFrame" type="xsd:boolean" default="false"/> - <xsd:attribute name="useUTC" type="xsd:boolean" default="true"/> <!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/ --> </xsd:complexType> @@ -936,15 +928,19 @@ <xsd:complexType name="UserDatabase"> <xsd:sequence> <xsd:element name="bpk" type="xsd:string" minOccurs="0" maxOccurs="1"/> - <xsd:element name="familyname" type="xsd:string" minOccurs="1" maxOccurs="1"/> - <xsd:element name="givenname" type="xsd:string" minOccurs="1" maxOccurs="1"/> + <xsd:element name="familyname" type="xsd:string" minOccurs="0" maxOccurs="1"/> + <xsd:element name="givenname" type="xsd:string" minOccurs="0" maxOccurs="1"/> <xsd:element name="institut" type="xsd:string" minOccurs="1" maxOccurs="1"/> <xsd:element name="mail" type="xsd:string" minOccurs="1" maxOccurs="1"/> <xsd:element name="phone" type="xsd:string" minOccurs="1" maxOccurs="1"/> <xsd:element name="username" type="xsd:string" minOccurs="1" maxOccurs="1"/> <xsd:element name="password" type="xsd:string" minOccurs="1" maxOccurs="1"/> + <xsd:element name="userRequestTokken" type="xsd:string" minOccurs="0" maxOccurs="1"/> <xsd:element name="isActive" type="xsd:boolean" default="true" minOccurs="1" maxOccurs="1"/> <xsd:element name="isAdmin" type="xsd:boolean" default="true" minOccurs="1" maxOccurs="1"/> + <xsd:element name="isUserRequest" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1"/> + <xsd:element name="isUsernamePasswordAllowed" type="xsd:boolean" default="true" minOccurs="0" maxOccurs="1"/> + <xsd:element name="isMandateUser" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1"/> <xsd:element name="lastLogin" type="xsd:date" minOccurs="1" maxOccurs="1"/> <xsd:element name="OnlineApplication" type="OnlineApplication" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> diff --git a/id/server/pom.xml b/id/server/pom.xml index b3d467294..e84b92eec 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -4,14 +4,14 @@ <parent>
<groupId>MOA</groupId>
<artifactId>id</artifactId>
- <version>1.5.2</version>
+ <version>1.9.96-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
<packaging>pom</packaging>
- <version>1.9.95-SNAPSHOT</version>
+ <version>1.9.96-SNAPSHOT</version>
<name>MOA ID Server</name>
<modules>
diff --git a/id/server/proxy/.settings/org.eclipse.wst.common.component b/id/server/proxy/.settings/org.eclipse.wst.common.component index ed42e9405..66337d8aa 100644 --- a/id/server/proxy/.settings/org.eclipse.wst.common.component +++ b/id/server/proxy/.settings/org.eclipse.wst.common.component @@ -3,16 +3,13 @@ <dependent-module archiveName="moa-spss-lib-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
<dependency-type>uses</dependency-type>
</dependent-module>
- <dependent-module archiveName="moa-common-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <dependent-module archiveName="moa-id-lib-1.9.95-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
+ <dependent-module archiveName="moa-id-lib-1.9.96-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
<dependency-type>uses</dependency-type>
</dependent-module>
<dependent-module archiveName="stork-saml-engine-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/stork-saml-engine/stork-saml-engine">
<dependency-type>uses</dependency-type>
</dependent-module>
- <dependent-module archiveName="moa-id-commons-1.9.95-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-commons/moa-id-commons">
+ <dependent-module archiveName="moa-id-commons-1.9.96-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-commons/moa-id-commons">
<dependency-type>uses</dependency-type>
</dependent-module>
<property name="context-root" value="moa-id-proxy"/>
diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml index fad47450b..cf71d669b 100644 --- a/id/server/proxy/pom.xml +++ b/id/server/proxy/pom.xml @@ -2,7 +2,7 @@ <parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>1.5.2</version>
+ <version>1.9.96-SNAPSHOT</version>
</parent>
<properties>
@@ -58,12 +58,12 @@ <dependency>
<groupId>MOA.spss.server</groupId>
<artifactId>moa-spss-lib</artifactId>
- <!--version>${project.version}</version-->
+ <version>1.5.2</version>
</dependency>
<dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
- <version>1.9.95-SNAPSHOT</version>
+ <version>1.9.96-SNAPSHOT</version>
<!--version>${project.version}</version-->
</dependency>
<!-- transitive dependencies we don't want to include into the war -->
|