diff options
12 files changed, 381 insertions, 3 deletions
| diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml index 4e01c6260..b8bdad311 100644 --- a/id/server/auth-edu/pom.xml +++ b/id/server/auth-edu/pom.xml @@ -202,6 +202,13 @@  			<artifactId>moa-id-module-ssoTransfer</artifactId>  			<version>${moa-id-version}</version>  		</dependency> + +		<dependency> +			<groupId>MOA.id.server.modules</groupId> +			<artifactId>moa-id-module-bkaMobilaAuthSAML2Test</artifactId> +			<version>${moa-id-version}</version> +		</dependency>				 +				  <!-- 		<dependency>  			<groupId>org.apache.santuario</groupId> diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java index 8d893be9d..b16941f51 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java @@ -181,6 +181,7 @@ public class MOAIDAuthConstants extends MOAIDConstants{    public static final String PROCESSCONTEXT_REQUIRELOCALAUTHENTICATION = "requireLocalAuthentication";    public static final String PROCESSCONTEXT_PERFORM_BKUSELECTION = "performBKUSelection";    public static final String PROCESSCONTEXT_ISLEGACYREQUEST = "isLegacyRequest"; +  public static final String PROCESSCONTEXT_UNIQUE_OA_IDENTFIER = "uniqueSPId";    //General protocol-request data-store keys    public static final String AUTHPROCESS_DATA_TARGET = "authProces_Target"; @@ -189,5 +190,5 @@ public class MOAIDAuthConstants extends MOAIDConstants{    //General MOASession data-store keys    public static final String MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE = "holderofkey_cert"; -   +      } diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml new file mode 100644 index 000000000..0db2b26a8 --- /dev/null +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml @@ -0,0 +1,10 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> +  <modelVersion>4.0.0</modelVersion> +  <parent> +    <groupId>MOA.id.server.modules</groupId> +    <artifactId>moa-id-modules</artifactId> +    <version>${moa-id-version}</version> +  </parent> +  <artifactId>moa-id-module-bkaMobilaAuthSAML2Test</artifactId> +  <description>BKA MobileAuth Test for SAML2 applications</description> +</project>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java new file mode 100644 index 000000000..72087180a --- /dev/null +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java @@ -0,0 +1,83 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests; + +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class BKAMobileAuthModule implements AuthModule { + +	private int priority = 1; +	 +	@Autowired protected AuthConfiguration authConfig; +	 +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() +	 */ +	@Override +	public int getPriority() { +		return priority; +	} + +	/** +	 * Sets the priority of this module. Default value is {@code 0}. +	 * @param priority The priority. +	 */ +	public void setPriority(int priority) { +		this.priority = priority; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) +	 */ +	@Override +	public String selectProcess(ExecutionContext context) { +		String spEntityID = (String) context.get(MOAIDAuthConstants.PROCESSCONTEXT_UNIQUE_OA_IDENTFIER); +		if (MiscUtil.isNotEmpty(spEntityID)) { +			String sensitiveSpIdentifier = authConfig.getBasicMOAIDConfiguration("modules.bkamobileAuth.entityID"); +			if (spEntityID.equalsIgnoreCase(sensitiveSpIdentifier))			 +				return "BKAMobileAuthentication"; +			 +		} +		 +		return null; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() +	 */ +	@Override +	public String[] getProcessDefinitions() { +		return new String[] { "classpath:/BKAMobileAuth.process.xml" }; +	} + +} diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthSpringResourceProvider.java new file mode 100644 index 000000000..884129453 --- /dev/null +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthSpringResourceProvider.java @@ -0,0 +1,62 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +/** + * @author tlenz + * + */ +public class BKAMobileAuthSpringResourceProvider implements SpringResourceProvider { + +	/* (non-Javadoc) +	 * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() +	 */ +	@Override +	public Resource[] getResourcesToLoad() { +		ClassPathResource authConfig = new ClassPathResource("/moaid_bka_mobileauth.beans.xml", BKAMobileAuthSpringResourceProvider.class);							 +		return new Resource[] {authConfig}; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() +	 */ +	@Override +	public String[] getPackagesToScan() { +		// TODO Auto-generated method stub +		return null; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() +	 */ +	@Override +	public String getName() { +		return "BKA MobileAuth SAML2 Test"; +	} + +} diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java new file mode 100644 index 000000000..66112edc5 --- /dev/null +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java @@ -0,0 +1,56 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Component; + +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.logging.Logger; + + +/** + * @author tlenz + * + */ +@Component("FirstBKAMobileAuthTask") +public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) +	 */ +	@Override +	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) +			throws TaskExecutionException { + +		Logger.info("Redirect to Second BKA Mobile Auth task");	 +		performRedirectToItself(pendingReq, response, GeneralProcessEngineSignalController.ENDPOINT_GENERIC); + +	} + +} diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java new file mode 100644 index 000000000..4b18e7112 --- /dev/null +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java @@ -0,0 +1,104 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URL; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Component; + +import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.FileUtils; + +/** + * @author tlenz + * + */ +@Component("SecondBKAMobileAuthTask") +public class SecondBKAMobileAuthTask extends AbstractAuthServletTask { + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) +	 */ +	@Override +	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) +			throws TaskExecutionException { +		 +		try { +			Logger.info("Add user credentials for BKA MobileAuth SAML2 test and finalize authentication");	 +			parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession()); + +			// store MOASession into database +	    	requestStoreage.storePendingRequest(pendingReq); +						 +		} catch (MOAIDException e) { +			throw new TaskExecutionException(pendingReq, e.getMessage(), e); +			 +		} catch (Exception e) { +			throw new TaskExecutionException(pendingReq, e.getMessage(), e); +			 +		}		 +	} + +	/** +	 * @param pendingReq +	 * @param moaSession +	 * @throws MOAIDException  +	 */ +	private void parseDemoValuesIntoMOASession(IRequest pendingReq, IAuthenticationSession moaSession) throws MOAIDException { +		moaSession.setUseMandates(false); +		moaSession.setForeigner(false); +		 +		moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest");			 +		moaSession.setQAALevel(PVPConstants.STORK_QAA_1_4); +			 +		try { +			String idlurl = FileUtils.makeAbsoluteURL(authConfig.getMonitoringTestIdentityLinkURL(), authConfig.getRootConfigFileDir());				 +		  	URL keystoreURL = new URL(idlurl);					 +			InputStream idlstream = keystoreURL.openStream(); +			IIdentityLink identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink();			 +			moaSession.setIdentityLink(identityLink); +			 +		} catch (ParseException | IOException e) { +			Logger.error("IdentityLink is not parseable.", e); +			throw new MOAIDException("IdentityLink is not parseable.", null); +			 +		} +			 +	} + +} diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml new file mode 100644 index 000000000..4a0f4d5f2 --- /dev/null +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pd:ProcessDefinition id="BKAMobileAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> + +<!-- +	STORK authentication both with C-PEPS supporting xml signatures and with C-PEPS not supporting xml signatures. +--> +	<pd:Task id="firstStep"                            class="FirstBKAMobileAuthTask" /> +	<pd:Task id="secondStep"                           class="SecondBKAMobileAuthTask" async="true" /> +	<pd:Task id="finalizeAuthentication" 							 class="FinalizeAuthenticationTask" /> + +	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. --> +	<pd:StartEvent id="start" /> +	 +	<pd:Transition from="start" to="firstStep" />	 +	<pd:Transition from="firstStep" to="secondStep"/>		 +	<pd:Transition from="secondStep" to="finalizeAuthentication" /> +	 +	<pd:Transition from="finalizeAuthentication"    to="end" /> +	 +	<pd:EndEvent id="end" /> + +</pd:ProcessDefinition> diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..42dbf09e7 --- /dev/null +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.BKAMobileAuthSpringResourceProvider
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml new file mode 100644 index 000000000..ef13b0348 --- /dev/null +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" +	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" +	xmlns:context="http://www.springframework.org/schema/context" +	xmlns:tx="http://www.springframework.org/schema/tx" +	xmlns:aop="http://www.springframework.org/schema/aop" +	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd +		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd +		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd +		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + +	<bean id="BKAMobileAuthModule" class="at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.BKAMobileAuthModule"> +		<property name="priority" value="1" /> +	</bean> + 						 + +	<bean id="FirstBKAMobileAuthTask"  +				class="at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks.FirstBKAMobileAuthTask" +				scope="prototype"/> +				 +	<bean id="SecondBKAMobileAuthTask"  +				class="at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks.SecondBKAMobileAuthTask" +				scope="prototype"/> +																						 +</beans>
\ No newline at end of file diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index 3ca3497a0..000851a5f 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -32,6 +32,7 @@  		<module>moa-id-module-elga_mandate_service</module>  		<module>moa-id-module-ssoTransfer</module> +		<module>moa-id-module-bkaMobilaAuthSAML2Test</module>  	</modules>  	<dependencies> @@ -91,13 +91,13 @@                      <name>local</name>                      <url>file:${basedir}/../../../repository</url>                  </repository> -                <repository> +<!--                 <repository>                      <id>hyberjaxb</id>                      <url>http://repository.highsource.org/maven2/releases/</url>                      <releases>                          <enabled>false</enabled>                      </releases> -                </repository> +                </repository> -->                  <repository>                      <id>jboss</id>                      <url>https://repository.jboss.org/nexus/content/repositories/central/</url> @@ -524,6 +524,12 @@      		<artifactId>moa-id-module-elga_mandate_service</artifactId>      		<version>${moa-id-module-elga_mandate_client}</version>  			</dependency> +			  +			<dependency> +				<groupId>MOA.id.server.modules</groupId> +				<artifactId>moa-id-module-bkaMobilaAuthSAML2Test</artifactId> +				<version>${moa-id-version}</version> +			</dependency>	               <dependency>                  <groupId>MOA.id.server</groupId> | 
