diff options
14 files changed, 833 insertions, 596 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 961a40303..48320c4f5 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -45,7 +45,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { * Builds the <code><CreateXMLSignatureRequest></code>. * * @param authBlock String representation of XML authentication block - * @param keyBoxIdentfier the key box identifier which will be used (e.g. CertifiedKeyPair) + * @param keyBoxIdentfier the key box identifier which will be used (e.g. CertifiedKeypair) * @return String representation of <code><CreateXMLSignatureRequest></code> */ public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos) { diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index 58332984e..e52a3e73c 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -9,11 +9,9 @@ import org.w3c.dom.Text; import at.gv.egovernment.moa.id.*; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.OutputXML2File; import at.gv.egovernment.moa.util.XPathUtils; /** diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java index 8faa69260..a18cf7322 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java @@ -62,7 +62,6 @@ public class SignatureVerificationInvoker { String endPoint; AuthConfigurationProvider authConfigProvider = AuthConfigurationProvider.getInstance(); authConnParam = authConfigProvider.getMoaSpConnectionParameter(); - //If the ConnectionParameter do NOT exist, we try to get the api to work.... if (authConnParam != null) { endPoint = authConnParam.getUrl(); @@ -74,18 +73,20 @@ public class SignatureVerificationInvoker { else { SignatureVerificationService svs = SignatureVerificationService.getInstance(); VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request); + VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest); - Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse); + Logger.setHierarchy("moa.id.auth"); return result.getDocumentElement(); } } catch (Exception ex) { - if (authConnParam != null) - throw new ServiceException("service.00", new Object[] { ex.toString()}, ex); - else + if (authConnParam != null) { + throw new ServiceException("service.00", new Object[] { ex.toString()}, ex); + } else { throw new ServiceException("service.03", new Object[] { ex.toString()}, ex); + } } } }
\ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java index c1146218e..012a5b559 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.auth.parser; import java.io.ByteArrayInputStream; import java.io.InputStream; - import org.w3c.dom.Element; import at.gv.egovernment.moa.id.AuthenticationException; @@ -54,7 +53,7 @@ public class InfoboxReadResponseParser { infoBoxElem = DOMUtils.parseXmlValidating(s); } catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString()}, t); + throw new ParseException("parser.01", new Object[] { t.toString()}, t); } } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java index 9c74114ad..e628cb997 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -124,7 +124,6 @@ public class VerifyXMLSignatureResponseParser { VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); try { - respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,"")); Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH); respData.setQualifiedCertificate(e!=null); @@ -133,7 +132,6 @@ public class VerifyXMLSignatureResponseParser { verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true); respData.setX509certificate(new X509Certificate(in)); - Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH); respData.setPublicAuthority(publicAuthority != null); respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,"")); diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 103d3cc83..3c15b9ec4 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -64,9 +64,11 @@ public class CreateXMLSignatureResponseValidator { // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier + XPathUtils.selectNodeList(createXMLSignatureResponse.getSamlAssertion(),SAML_SUBJECT_NAME_IDENTIFIER_XPATH); SAMLAttribute[] samlattributes = createXMLSignatureResponse.getSamlAttributes(); + boolean foundOA = false; boolean foundGB = false; for (int i = 0; i < samlattributes.length; i++) diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 512d571ab..223abc632 100644 --- a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -15,7 +15,7 @@ public class OAAuthParameter { private String publicURLPrefix; /** - * key box Identifier (e.g. CertifiedKeyPair, SecureSignatureKeyPair) + * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair) */ private String keyBoxIdentifier; /** diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java index c391fc16f..f43bbd9e4 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java @@ -29,8 +29,7 @@ public interface LoginParameterResolver { /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ public static final String MOABKZ = "MOABKZ"; /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAQualifiedCertificate = - "MOAQualifiedCertificate"; + public static final String MOAQualifiedCertificate = "MOAQualifiedCertificate"; /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ public static final String MOAStammzahl = "MOAStammzahl"; /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ @@ -70,8 +69,8 @@ public interface LoginParameterResolver { public Map getAuthenticationParameters( OAConfiguration oaConf, AuthenticationData authData, - String clientIPAddress) throws LoginParameterResolverException; + String clientIPAddress) throws LoginParameterResolverException, NotAllowedException; - public void configure(String configuration) throws LoginParameterResolverException, NotAllowedException; + public void configure(String configuration) throws LoginParameterResolverException; } diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java index 0db7f66fe..856afe74c 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java @@ -1,5 +1,6 @@ package at.gv.egovernment.moa.id.proxy; +import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.util.HashMap; import java.util.Map; @@ -53,10 +54,9 @@ public class LoginParameterResolverFactory { Object[] arguments = { new String(configuration) }; confMethod.invoke( lpr, arguments ); - lpr.configure(configuration); loginParameterResolverMap.put(publicURLPrefix, lpr); } - catch (LoginParameterResolverException lpex) { + catch (InvocationTargetException lpex) { throw new ConfigurationException("config.11", new Object[] {className}, lpex); } catch (Throwable ex) { diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java deleted file mode 100644 index 3958bb206..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java +++ /dev/null @@ -1,483 +0,0 @@ -package at.gv.egovernment.moa.id.proxy; - -import java.io.File; -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; -import java.io.IOException; -import java.util.*; -//import org.apache.xerces.parsers.AbstractDOMParser; -import org.apache.xerces.parsers.DOMParser; -import org.w3c.dom.*; - -/** - * XMLLoginParameterResolver an implementation of implementation of interface - * <code>LoginParameterResolver</code> - * This implementation used to map identities stored in an XML file to parameters - * which are given to OAs. - * - * @author Rudolf Schamberger - * @version $Id$ - */ -public class XMLLoginParameterResolver implements LoginParameterResolver { - - //file which is parsed and interpreted for paremeter resolving. - private String identityFile; - - /** - * inner class used to store mapped parameters - */ - class LPRParams { - - /** - * getter method for parameter Enabled. - * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver - */ - public boolean getEnabled() { - return enabled.booleanValue(); - } - - /** - * getter method for parameter UN (username) - * @return Parameter UN or <code>null</code> not set. - */ - public String getUN() { - return UN; - } - - /** - * getter method for parameter PW (password) - * @return Parameter PW or <code>null</code> not set. - */ - public String getPW() { - return PW; - } - - /** - * getter method for parameter Param1 - * @return Parameter Param1 or <code>null</code> not set. - */ - public String getParam1() { - return Param1; - } - - /** - * getter method for parameter Param2 - * @return Parameter Param2 or <code>null</code> not set. - */ - public String getParam2() { - return Param2; - } - - /** - * getter method for parameter Param3 - * @return Parameter Param3 or <code>null</code> not set. - */ - public String getParam3() { - return Param3; - } - - /** - * Returns a string representation of LPRParams - * - * @return a <code>String</code> representation of this object. - * @see XMLLoginParameterResolver.LPRParams - */ - public String toString() { - return "Enabled: " - + enabled.toString() - + "UN: '" - + UN - + "' PW: '" - + PW - + "' Param1: '" - + Param1 - + "' Param2: '" - + Param2 - + "' Param3: '" - + Param3 - + "'\n"; - } - - //private member variables used - private Boolean enabled = null; - private String UN = null; - private String PW = null; - private String Param1 = null; - private String Param2 = null; - private String Param3 = null; - - /** - * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object. - * - * @param enabled enable user mapping to parameter set for the parameter set. - * @param UN username used in HTTP 401 - BasicAuthentication - * @param PW password used in HTTP 401 - BasicAuthentication - * @param Param1 parameter1 used in HeaderAuthentication and ParameterAuthentication - * @param Param2 parameter2 used in HeaderAuthentication and ParameterAuthentication - * @param Param3 parameter3 used in HeaderAuthentication and ParameterAuthentication - **/ - LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) { - this.enabled = new Boolean(enabled); - this.UN = UN; - this.PW = PW; - this.Param1 = Param1; - this.Param1 = Param2; - this.Param1 = Param3; - } - - /** - * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object. - * - * @param enabled enable user mapping to parameter set for the parameter set. - * @param UN username used in HTTP 401 - BasicAuthentication - * @param PW password used in HTTP 401 - BasicAuthentication - **/ - LPRParams(boolean enabled, String UN, String PW) { - this(enabled, UN, PW, null, null, null); - } - } - - /** - * Constructs a newly allocated <code>XMLLoginParameterResolver</code> object. - **/ - public XMLLoginParameterResolver() { - bPKMap = new HashMap(); - namedMap = new HashMap(); - } - - /** - * configuration method - * @param configuration enabled enable user mapping to parameter set for the parameter set. - */ - public void configure(String configuration) throws LoginParameterResolverException { - File idFile; - this.identityFile = configuration; - - try { - if (null == identityFile || false == (idFile = new File(identityFile)).canRead()) { - Logger.error("XMLLoginParameterResolver could not read '" - + identityFile - + "' " ); - return; - } - Document doc = readXMLFile(identityFile); - buildInfo(doc); - } catch (Throwable ex) { - throw new LoginParameterResolverException("config.11", new Object[] {identityFile}, ex); - } - isConfigured = true; - } - - public Map getAuthenticationHeaders( - OAConfiguration oaConf, - AuthenticationData authData, - String clientIPAddress) throws LoginParameterResolverException { - Map result = new HashMap(); - - if (!isConfigured) { - throw new LoginParameterResolverException("XMLLoginParameterResolver with configuration '" + - identityFile + "' is not configured!", null); - } - - String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); - String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); - String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); - String bPK = resolveValue("MOABPK", authData, clientIPAddress); - String userid = ""; - String password = ""; - LPRParams params = null; - boolean userFound = false; - - //try bPK and named search - userFound = bPKIdentitySearch(bPK, params); - - if(false == userFound) - namedIdentitySearch(famName, givenName, dateOfBirth, params); - - if(false == userFound) - return result; - - //HTTP 401 - Basic Authentication - if (oaConf.getAuthType().equals("basic")) { - userid = params.getUN(); - password = params.getPW(); - - try { - String userIDPassword = userid + ":" + password; - String credentials = Base64Utils.encode(userIDPassword.getBytes()); - Logger.debug("XMLLoginParameterResolver: calculated credentials: " + credentials); - result.put("Authorization", "Basic " + credentials); - } catch (IOException ignore) { - } - return result; - } - if (oaConf.getAuthType().equals("header")) { - String key; - String resolvedValue; - result.put("Param1", params.getParam1()); - result.put("Param2", params.getParam2()); - result.put("Param3", params.getParam3()); - return result; - /* for (Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); - iter.hasNext(); - result.put(key, resolvedValue)) { - key = (String) iter.next(); - String predicate = (String) oaConf.getHeaderAuthMapping().get(key); - resolvedValue = resolveValue(predicate, authData, clientIPAddress); - } - */ - } - return result; - } - - public Map getAuthenticationParameters( - OAConfiguration oaConf, - AuthenticationData authData, - String clientIPAddress) { - - Map result = new HashMap(); - - if (!isConfigured) { - Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured"); - return result; - } - - String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); - String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); - String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); - String bPK = resolveValue("MOABPK", authData, clientIPAddress); - String userid = ""; - String password = ""; - LPRParams params = null; - boolean userFound = false; - - //try bPK and named search - userFound = bPKIdentitySearch(bPK, params); - - if (false == userFound) - namedIdentitySearch(famName, givenName, dateOfBirth, params); - - if (false == userFound) - return result; - - if (oaConf.getAuthType().equals("param")) { - result.put("Param1", params.getParam1()); - result.put("Param2", params.getParam2()); - result.put("Param3", params.getParam3()); - return result; - /* - String key; - String resolvedValue; - for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); - iter.hasNext(); - result.put(key, resolvedValue)) { - key = (String) iter.next(); - String predicate = (String) oaConf.getParamAuthMapping().get(key); - resolvedValue = resolveValue(predicate, authData, clientIPAddress); - } - */ - - } - return result; - } - - private static String resolveValue( - String predicate, - AuthenticationData authData, - String clientIPAddress) { - if (predicate.equals("MOAGivenName")) - return authData.getGivenName(); - if (predicate.equals("MOAFamilyName")) - return authData.getFamilyName(); - if (predicate.equals("MOADateOfBirth")) - return authData.getDateOfBirth(); - if (predicate.equals("MOABPK")) - return authData.getPBK(); - if (predicate.equals("MOAPublicAuthority")) - if (authData.isPublicAuthority()) - return "true"; - else - return "false"; - if (predicate.equals("MOABKZ")) - return authData.getPublicAuthorityCode(); - if (predicate.equals("MOAQualifiedCertificate")) - if (authData.isQualifiedCertificate()) - return "true"; - else - return "false"; - if (predicate.equals("MOAStammzahl")) - return authData.getIdentificationValue(); - if (predicate.equals(MOAIdentificationValueType)) - return authData.getIdentificationType(); - if (predicate.equals("MOAIPAddress")) - return clientIPAddress; - else - return null; - } - - private Document readXMLFile(String fileName) { - Logger.info("XMLLoginParameterResolver: Loading MOA-OA configuration " + fileName); - DOMParser parser = new DOMParser(); - try { - parser.setFeature("http://xml.org/sax/features/validation", true); - parser.setFeature("http://apache.org/xml/features/validation/schema", true); - parser.parse(fileName); - return parser.getDocument(); - } catch (Exception e) { - String msg = e.toString(); - Logger.error("XMLLoginParameterResolver: Error parsing file" + fileName + "\n" + msg); - return null; - } - } - - private void buildInfo(Document doc) { - Element root = doc.getDocumentElement(); - NodeList idList = root.getElementsByTagName(XSD_IDELEM); - NodeList paramList = root.getElementsByTagName("Parameters"); - for (int i = 0; i < idList.getLength(); i++) - Logger.debug("XMLLoginParameterResolver: LocalName idList: " + idList.item(i).getLocalName()); - - for (int i = 0; i < paramList.getLength(); i++) - Logger.debug( - "XMLLoginParameterResolver: LocalName paramList: " + paramList.item(i).getLocalName()); - - for (int i = 0; i < idList.getLength(); i++) { - Element tmpElem = (Element) idList.item(i); - NodeList tmpList = tmpElem.getElementsByTagName("NamedIdentity"); - for (int j = 0; j < tmpList.getLength(); j++) - Logger.debug("XMLLoginParameterResolver: LocalName tmp: " + tmpList.item(j).getLocalName()); - - if (1 == tmpList.getLength()) { - tmpElem = (Element) tmpList.item(0); - String tmpStr = tmpElem.getAttribute("SurName") + "," + tmpElem.getAttribute("GivenName"); - boolean tmpBool = false; - if (tmpElem.getFirstChild() != null - && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) - tmpBool = true; - Logger.debug( - "XMLLoginParameterResolver: tmpStr: " - + tmpStr - + " value: " - + (new Boolean(tmpBool)).toString()); - tmpElem = (Element) paramList.item(i); - Logger.debug( - "XMLLoginParameterResolver: attribute UN: " - + tmpElem.getAttribute("UN") - + " attribute PW: " - + tmpElem.getAttribute("PW")); - namedMap.put( - tmpStr, - new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); - } else { - tmpList = tmpElem.getElementsByTagName("bPKIdentity"); - if (1 == tmpList.getLength()) { - tmpElem = (Element) tmpList.item(0); - String tmpStr = tmpElem.getAttribute("bPK"); - boolean tmpBool = false; - if (tmpElem.getFirstChild() != null - && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) - tmpBool = true; - Logger.debug( - "XMLLoginParameterResolver: tmpStr: " - + tmpStr - + " value: " - + (new Boolean(tmpBool)).toString()); - tmpElem = (Element) paramList.item(i); - Logger.debug( - "XMLLoginParameterResolver: attribute UN: " - + tmpElem.getAttribute("UN") - + " attribute PW: " - + tmpElem.getAttribute("PW") - + " attribute Param1: " - + tmpElem.getAttribute("Param1")); - bPKMap.put( - tmpStr, - new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); - } else { - Logger.warn( - "XMLLoginParameterResolver: wrong format no NamedIdentity or bPKIdentity found"); - } - } - } - - Logger.debug("namedMap:" + namedMap.toString()); - Logger.debug("bPKMap:" + bPKMap.toString()); - } - - private void buildIdentityInfo(Document doc) { - - } - - - boolean bPKIdentitySearch(String bPK, LPRParams params) { - //search for mapping with bPK of the user - Logger.info("XMLLoginParameterResolver: search for login data mapped to bPK:" + bPK); - params = (LPRParams) bPKMap.get(bPK); - if (null == params) { - Logger.info("XMLLoginParameterResolver: params for bPK: " + bPK + " not found!"); - return false; - } else if (params.getEnabled()) { - Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list; user is enabled"); - Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); - return true; - } - Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list but user is NOT enabled"); - return false; - } - - boolean namedIdentitySearch( - String famName, - String givenName, - String dateOfBirth, - LPRParams params) { - Logger.info( - "XMLLoginParameterResolver: search for login data for SurName:" - + famName - + " GivenName: " - + givenName); - - params = (LPRParams) namedMap.get(famName + "," + givenName); - if (null == params) { - - Logger.info( - "XMLLoginParameterResolver: params for Surname: " - + famName - + " GivenName: " - + givenName - + " not found!"); - return false; - } - - if (params.getEnabled()) { - Logger.info( - "XMLLoginParameterResolver: SurName:" - + famName - + " GivenName: " - + givenName - + "found in list; user is enabled"); - Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); - return true; - } - Logger.info( - "XMLLoginParameterResolver: SurName:" - + famName - + " GivenName: " - + givenName - + "found in list; user is NOT enabled"); - return false; - } - - public static final String XSD_MAPPING = "Mapping"; - - public static final String XSD_DOCELEM = "MOAIdentities"; - public static final String XSD_IDELEM = "Identity"; - public static final String XSD_NAMEDIDELEM = "NamedIdentity"; - public static final String XSD_BPKIDELEM = "bPKIdentity"; - public static final String XSD_PARAMELEM = "Parameters"; - public static final String XML_LPR_CONFIG_PROPERTY_NAME = "moa.id.xmllpr.configuration"; - private Map bPKMap; - private Map namedMap; - private boolean isConfigured = false; -}
\ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java new file mode 100644 index 000000000..ab0845dc9 --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java @@ -0,0 +1,655 @@ +package at.gv.egovernment.moa.id.proxy; + +import iaik.security.provider.IAIK; + +import java.io.BufferedInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.io.UnsupportedEncodingException; + +import javax.crypto.Cipher; +import javax.crypto.BadPaddingException; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.spec.IvParameterSpec; + +import java.security.InvalidAlgorithmParameterException; +import java.security.Key; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Security; + + + +import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.URLEncoder; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; + +import java.io.IOException; +import java.util.*; + +import javax.xml.parsers.ParserConfigurationException; +import org.w3c.dom.*; +import org.xml.sax.SAXException; + +/** + * XMLLoginParameterResolver an implementation of implementation of interface + * <code>LoginParameterResolver</code> + * This implementation used to map identities stored in an XML file to parameters + * which are given to OAs. + * + * @author Rudolf Schamberger + * @version $Id$ + */ +public class XMLLoginParameterResolverEncryptedData implements LoginParameterResolver { + + //file which is parsed and interpreted for paremeter resolving. + private String identityFile; + + private Cipher blowfishCipher; + private Key key; + /** + * inner class used to store mapped parameters + */ + class LPRParams { + + /** + * getter method for parameter Enabled. + * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver + */ + public boolean getEnabled() { + return enabled.booleanValue(); + } + + /** + * getter method for parameter UN (username) + * @return Parameter UN or <code>null</code> not set. + */ + public String getUN() { + return UN; + } + + /** + * getter method for parameter UN (username) + * @return Parameter UN or <code>null</code> not set. + */ + //TODO XMLLPR decrypt + public String getPlainUN() { + //Security.addProvider(); + + + return UN; + } + + + /** + * getter method for parameter PW (password) + * @return Parameter PW or <code>null</code> not set. + */ + public String getPW() { + return PW; + } + + /** + * getter method for generic parameter Param1 + * @return Parameter Param1 or <code>null</code> not set. + */ + public String getParam1() { + return Param1; + } + + /** + * getter method for generic parameter Param2 + * @return Parameter Param2 or <code>null</code> not set. + */ + public String getParam2() { + return Param2; + } + + /** + * getter method for generic parameter Param3 + * @return Parameter Param3 or <code>null</code> not set. + */ + public String getParam3() { + return Param3; + } + + /** + * Returns a string representation of LPRParams + * + * @return a <code>String</code> representation of this object. + * @see XMLLoginParameterResolver.LPRParams + */ + public String toString() { + return "Enabled: " + + enabled.toString() + + "UN: '" + + UN + + "' PW: '" + + PW + + "' Param1: '" + + Param1 + + "' Param2: '" + + Param2 + + "' Param3: '" + + Param3 + + "'\n"; + } + + //private member variables used to store the parameters + private Boolean enabled = null; + private String UN = null; + private String PW = null; + private String Param1 = null; + private String Param2 = null; + private String Param3 = null; + + /** + * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object. + * + * @param enabled enable user mapping to parameter set for the parameter set. + * @param UN username used in HTTP 401 - BasicAuthentication + * @param PW password used in HTTP 401 - BasicAuthentication + * @param Param1 generic parameter1 used in HeaderAuthentication and ParameterAuthentication + * @param Param2 generic parameter2 used in HeaderAuthentication and ParameterAuthentication + * @param Param3 generic parameter3 used in HeaderAuthentication and ParameterAuthentication + **/ + LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) { + this.enabled = new Boolean(enabled); + this.UN = UN; + this.PW = PW; + this.Param1 = Param1; + this.Param1 = Param2; + this.Param1 = Param3; + } + + /** + * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object. + * + * @param enabled enable user mapping to parameter set for the parameter set. + * @param UN username used in HTTP 401 - BasicAuthentication + * @param PW password used in HTTP 401 - BasicAuthentication + **/ + LPRParams(boolean enabled, String UN, String PW) { + this(enabled, UN, PW, null, null, null); + } + } + + /** + * Constructs a newly allocated <code>XMLLoginParameterResolver</code> object. + **/ + public XMLLoginParameterResolverEncryptedData() { + bPKMap = new HashMap(); + namedMap = new HashMap(); + } + + /** + * configuration method + * @param configuration enabled enable user mapping to parameter set for the parameter set. + */ + public void configure(String configuration) throws LoginParameterResolverException { + File idFile; + Element rootElement; + + Security.addProvider(new IAIK()); + try { + blowfishCipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding", "IAIK"); + + } catch (NoSuchPaddingException e) { + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: NoSuchPaddingException \n" + e.toString()}); + } catch (NoSuchProviderException e) { + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: NoSuchProviderException \n" + e.toString()}); + } catch (NoSuchAlgorithmException e) { + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: NoSuchAlgorithmException \n" + e.toString()}); + } + + String plaintext = "start"; + String encrypted = encryptData(plaintext, "1234567890123456", "123hochgeheim"); + String decrypted = decryptData(encrypted, "1234567890123456", "123hochgeheim"); + Logger.debug("plaintext: " + plaintext); + Logger.debug("encrypted: " + encrypted); + Logger.debug("decrypted: " + decrypted); + + //make file name absolut (if it is relative to main config file) + //TODO MOAID XMLLPR check + String moaIDConfigFileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); + String rootConfigFileDir = new File(moaIDConfigFileName).getParent(); + this.identityFile = FileUtils.makeAbsoluteURL(configuration, rootConfigFileDir); + + if (null == identityFile || false == (idFile = new File(identityFile)).canRead()) { + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: could not read '" + identityFile + "' " }); + } + try { + rootElement = readXMLFile(identityFile); + } catch (IOException lex) { + Logger.error(lex.toString()); + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: could not read '" + identityFile + "' " }); + + } catch (SAXException sex) { + Logger.error(sex.toString()); + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: parsing problem in file:'" + identityFile + "' ", sex.toString() }); + } catch (ParserConfigurationException e) { + // TODO Auto-generated catch block + Logger.error(e.toString()); + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: parsing problem in file:'" + identityFile + "' ", e.toString() }); + } + buildInfo(rootElement); + isConfigured = true; + } + + /** + * encryptData method uses parameters masterSecret and bPK as key information to encrypt plaintext + * @param plaintext + * @param bPK + * @param masterSecret + * @returns encrypted data (blowfish encrypted, base64 encoded) + * @throws LoginParameterResolverException + */ + public String encryptData(String plaintext, String bPK, String masterSecret) throws LoginParameterResolverException + { + try { + String keyString = bPK + masterSecret; + key = new iaik.security.cipher.SecretKey(keyString.getBytes("UTF-8"), "Blowfish"); + IvParameterSpec param = new IvParameterSpec(new byte [] {0,0,0,0,0,0,0,0}); + + blowfishCipher.init(Cipher.ENCRYPT_MODE, key, param); + byte [] cipherText = blowfishCipher.doFinal(plaintext.getBytes("UTF-8")); + return Base64Utils.encode(cipherText); + } catch (UnsupportedEncodingException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (InvalidKeyException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (BadPaddingException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (IllegalBlockSizeException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (IllegalStateException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (InvalidAlgorithmParameterException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (IOException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } + } + + + /** + * encryptData method uses parameters masterSecret and bPK as key information to decrypt ciphertext + * @param ciphertext (blowfish encrypted, base64encoded) + * @param bPK + * @param masterSecret + * @returns decrypted Data (plaintext) + * @throws LoginParameterResolverException + */ + public String decryptData(String ciphertext, String bPK, String masterSecret) throws LoginParameterResolverException + { + try { + String keyString = bPK + masterSecret; + key = new iaik.security.cipher.SecretKey(keyString.getBytes("UTF-8"), "Blowfish"); + IvParameterSpec param = new IvParameterSpec(new byte [] {0,0,0,0,0,0,0,0}); + blowfishCipher.init(Cipher.DECRYPT_MODE, key, param); + byte [] plaintext = blowfishCipher.doFinal(Base64Utils.decode(ciphertext, true)); + return new String(plaintext); + } catch (UnsupportedEncodingException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (InvalidKeyException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (BadPaddingException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (IllegalBlockSizeException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (IllegalStateException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (InvalidAlgorithmParameterException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (IOException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } + } + + + + /** + * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.auth.data.AuthenticationData, java.lang.String) + */ + public Map getAuthenticationHeaders( + OAConfiguration oaConf, + AuthenticationData authData, + String clientIPAddress) throws LoginParameterResolverException, NotAllowedException { + Map result = new HashMap(); + + if (!isConfigured) { + //TODO XMLLPR + throw new LoginParameterResolverException("XMLLoginParameterResolver with configuration '" + + identityFile + "' is not configured!", null); + } + + //get the Identity of the user + String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); + String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); + String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); + String bPK = resolveValue("MOABPK", authData, clientIPAddress); + String userid = ""; + String password = ""; + LPRParams params = null; + boolean userFound = false; + + //try bPK and named search + params = bPKIdentitySearch(bPK); + + if (null == params) + params = namedIdentitySearch(famName, givenName, dateOfBirth); + + //if both searches failed, report error. + if(null == params) + throw new NotAllowedException("User:_bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null); + + //HTTP 401 - Basic Authentication + if (oaConf.getAuthType().equals("basic")) { + userid = (null != params.getUN()) ? params.getUN() : ""; + password = (null != params.getPW()) ? params.getPW() : ""; + + try { + String userIDPassword = userid + ":" + password; + String credentials = Base64Utils.encode(userIDPassword.getBytes("UTF-8")); + Logger.debug("XMLLoginParameterResolver: calculated credentials: " + credentials); + result.put("Authorization", "Basic " + credentials); + } catch (IOException ignore) { + throw new LoginParameterResolverException("config.14", new Object[] {"internal error while encoding in Base64"}); + } + } else if (oaConf.getAuthType().equals("header")) { //HTTP Authentication + String key; + String resolvedValue; + //TODO MOAID XMLLoginParameterResolver select value through OA-ConfigFile; + if(null != params.getUN()) result.put("UN", params.getUN()); + if(null != params.getPW()) result.put("UN", params.getPW()); + if(null != params.getParam1()) result.put("UN", params.getParam1()); + if(null != params.getParam2()) result.put("UN", params.getParam2()); + if(null != params.getParam3()) result.put("UN", params.getParam3()); + + } else { + throw new LoginParameterResolverException("config.14", new Object[] {"AuthType not supported"}); + } + + return result; + } + + /** + * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.auth.data.AuthenticationData, java.lang.String) + */ + public Map getAuthenticationParameters( + OAConfiguration oaConf, + AuthenticationData authData, + String clientIPAddress) throws LoginParameterResolverException, NotAllowedException { + + Map result = new HashMap(); + + if (!isConfigured) { + Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured"); + return result; + } + + String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); + String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); + String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); + String bPK = resolveValue("MOABPK", authData, clientIPAddress); + String userid = ""; + String password = ""; + LPRParams params = null; + + //try bPK and named search + params = bPKIdentitySearch(bPK); + + if (null == params) + params = namedIdentitySearch(famName, givenName, dateOfBirth); + + //if both searches failed, report error. + if(null == params) + throw new NotAllowedException("User:_bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null); + + //TODO MOAID XMLLoginParameterResolver URLEncoder.encode + if (oaConf.getAuthType().equals("param")) { + try { + if(null != params.getUN()) result.put(XSD_UNATTR, URLEncoder.encode(params.getUN(),"ISO-8859-1")); + if(null != params.getPW()) result.put(XSD_PWATTR, URLEncoder.encode(params.getPW(),"ISO-8859-1")); + if(null != params.getParam1()) result.put(XSD_PARAM1ATTR, URLEncoder.encode(params.getParam1(),"ISO-8859-1")); + if(null != params.getParam2()) result.put(XSD_PARAM2ATTR, URLEncoder.encode(params.getParam2(),"ISO-8859-1")); + if(null != params.getParam3()) result.put(XSD_PARAM3ATTR, URLEncoder.encode(params.getParam3(),"ISO-8859-1")); + } catch (UnsupportedEncodingException e) { + // ISO-8859-1 is supported + throw new LoginParameterResolverException("URLEncoder error", null); + } + } else { + throw new LoginParameterResolverException("AuthType not supported", null); + } + return result; + } + + /** + * Resolves a login header or parameter value. + * @param predicate header or parameter predicate name from online application configuration + * @param authData authentication data for current login + * @param clientIPAddress client IP address + * @return header or parameter value resolved; <code>null</code> if unknown name is given + */ + private static String resolveValue( + String predicate, + AuthenticationData authData, + String clientIPAddress) { + if (predicate.equals("MOAGivenName")) + return authData.getGivenName(); + if (predicate.equals("MOAFamilyName")) + return authData.getFamilyName(); + if (predicate.equals("MOADateOfBirth")) + return authData.getDateOfBirth(); + if (predicate.equals("MOABPK")) + return authData.getPBK(); + if (predicate.equals("MOAPublicAuthority")) + if (authData.isPublicAuthority()) + return "true"; + else + return "false"; + if (predicate.equals("MOABKZ")) + return authData.getPublicAuthorityCode(); + if (predicate.equals("MOAQualifiedCertificate")) + if (authData.isQualifiedCertificate()) + return "true"; + else + return "false"; + if (predicate.equals("MOAStammzahl")) + return authData.getIdentificationValue(); + if (predicate.equals(MOAIdentificationValueType)) + return authData.getIdentificationType(); + if (predicate.equals("MOAIPAddress")) + return clientIPAddress; + else + return null; + } + + /** + * reads, parses the configuration file of XMLLoginParameterResolver and returns the document element. + * @param fileName of the configuration file. + */ + private Element readXMLFile(String fileName) throws ParserConfigurationException, SAXException, IOException { + Logger.info("XMLLoginParameterResolver: Loading and parsing XMLPLoginParameterConfiguration configuration: " + fileName); + + InputStream stream = null; + Element configElem; + + stream = new BufferedInputStream(new FileInputStream(fileName)); + configElem = DOMUtils.parseDocument(stream, true, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); + return configElem; + } + + /** + * buildInfo builds up the internal data mapping between the "Identities" and the "Parameters" from the parsed XML file. + * @param root document root element. + */ + private void buildInfo(Element root) { + NodeList idList = root.getElementsByTagName(XSD_IDELEM); + NodeList paramList = root.getElementsByTagName(XSD_PARAMELEM); + for (int i = 0; i < idList.getLength(); i++) + Logger.debug("XMLLoginParameterResolver: LocalName idList: " + idList.item(i).getLocalName()); + + for (int i = 0; i < paramList.getLength(); i++) + Logger.debug("XMLLoginParameterResolver: LocalName paramList: " + paramList.item(i).getLocalName()); + + for (int i = 0; i < idList.getLength(); i++) { + Element tmpElem = (Element) idList.item(i); + NodeList tmpList = tmpElem.getElementsByTagName(XSD_NAMEDIDELEM); + for (int j = 0; j < tmpList.getLength(); j++) + Logger.debug("XMLLoginParameterResolver: LocalName tmp: " + tmpList.item(j).getLocalName()); + + //Search for NamedIdentity Elements + if (1 == tmpList.getLength()) { + tmpElem = (Element) tmpList.item(0); + String tmpStr = tmpElem.getAttribute(XSD_SURNAMEATTR) + "," + + tmpElem.getAttribute(XSD_GIVENNAMEATTR) + "," + + tmpElem.getAttribute(XSD_BIRTHDATEATTR); + boolean tmpBool = false; + if (tmpElem.getFirstChild() != null + && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) + tmpBool = true; + //TODO XMLLPR remove + Logger.debug("XMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); + tmpElem = (Element) paramList.item(i); + Logger.debug("XMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute(XSD_UNATTR) + + " attribute PW: " + tmpElem.getAttribute(XSD_PWATTR) + + " attribute Param1: " + tmpElem.getAttribute(XSD_PARAM1ATTR) + + " attribute Param2: " + tmpElem.getAttribute(XSD_PARAM2ATTR) + + " attribute Param3: " + tmpElem.getAttribute(XSD_PARAM3ATTR) ); + namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute(XSD_UNATTR), tmpElem.getAttribute(XSD_PWATTR), + tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR), + tmpElem.getAttribute(XSD_PARAM3ATTR)) ); + } else { //bPKIdentity Elements + + tmpList = tmpElem.getElementsByTagName(XSD_BPKIDELEM); + if (1 == tmpList.getLength()) { + tmpElem = (Element) tmpList.item(0); + String tmpStr = tmpElem.getAttribute(XSD_BPKATTR); + boolean tmpBool = false; + if (tmpElem.getFirstChild() != null + && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) + tmpBool = true; + Logger.debug("XMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); + tmpElem = (Element) paramList.item(i); + Logger.debug("XMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute(XSD_UNATTR) + + " attribute PW: " + tmpElem.getAttribute(XSD_PWATTR) + + " attribute Param1: " + tmpElem.getAttribute(XSD_PARAM1ATTR) + + " attribute Param2: " + tmpElem.getAttribute(XSD_PARAM2ATTR) + + " attribute Param3: " + tmpElem.getAttribute(XSD_PARAM3ATTR) ); + namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute(XSD_UNATTR), tmpElem.getAttribute(XSD_PWATTR), + tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR), + tmpElem.getAttribute(XSD_PARAM3ATTR)) ); + } else { + Logger.warn( + "XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_BPKIDELEM + " found"); + } + } + } + + Logger.debug("namedMap:" + namedMap.toString()); + Logger.debug("bPKMap:" + bPKMap.toString()); + } + + /** + * searches for a given bPK and returns the appropriate LPRParams structure + * @param bPK search argument + * @returns LPRParams if bPK could be found in internal mappings or null otherwise. + */ + LPRParams bPKIdentitySearch(String bPK) { + //search for mapping with bPK of the user + Logger.info("XMLLoginParameterResolver: search for login data mapped to bPK:" + bPK); + LPRParams params = (LPRParams) bPKMap.get(bPK); + if (null == params) { + Logger.info("XMLLoginParameterResolver: params for bPK: " + bPK + " not found!"); + return null; + } else if (params.getEnabled()) { + Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); + return params; + } + Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list but user is NOT enabled"); + return null; + } + + /** + * searches for a given namedIdentity and returns the appropriate LPRParams structure + * @param surName surname search argument + * @param givenName givenname search argument + * @param dateOfBirth dateofbirth search argument + * @returns LPRParams if bPK could be found in internal mappings or null otherwise. + */ + LPRParams namedIdentitySearch(String surName, String givenName, String dateOfBirth) { + Logger.info("XMLLoginParameterResolver: search for login data for SurName:" + surName + + " GivenName: " + givenName + + " DateOfBirth" + dateOfBirth); + + //try first a search with surname, givenname and birthdate + LPRParams params = (LPRParams) namedMap.get(surName + "," + givenName + "," + dateOfBirth); + if (null == params) { + Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + + givenName + "BirthDate: " + dateOfBirth + " not found!"); + + //try a search with surname, givenname only + params = (LPRParams) namedMap.get(surName + "," + givenName + "," + XSD_BIRTHDATEBLANKATTR); + if(null == params) { + Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + + givenName + " not found!"); + return null; + } + } + + if (params.getEnabled()) { + Logger.info("XMLLoginParameterResolver: Surname:" + surName + + " GivenName: " + + givenName + + " found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); + return params; + } + Logger.info( + "XMLLoginParameterResolver: SurName:" + + surName + + " GivenName: " + + givenName + + "found in list; user is NOT enabled"); + return null; + } + + //public static final String XSD_MAPPING = "Mapping"; + + //public static final String XSD_DOCELEM = "MOAIdentities"; + public static final String XSD_IDELEM = "Identity"; + public static final String XSD_NAMEDIDELEM = "NamedIdentity"; + public static final String XSD_BPKIDELEM = "bPKIdentity"; + public static final String XSD_PARAMELEM = "Parameters"; + public static final String XSD_SURNAMEATTR = "SurName"; + public static final String XSD_GIVENNAMEATTR = "GivenName"; + public static final String XSD_BIRTHDATEATTR = "BirthDate"; + public static final String XSD_BIRTHDATEBLANKATTR = "any"; + public static final String XSD_BPKATTR = "bPK"; + public static final String XSD_UNATTR = "UN"; + public static final String XSD_PWATTR = "PW"; + public static final String XSD_PARAM1ATTR = "Param1"; + public static final String XSD_PARAM2ATTR = "Param2"; + public static final String XSD_PARAM3ATTR = "Param3"; + private Map bPKMap; + private Map namedMap; + private boolean isConfigured = false; +}
\ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java index 9766ef57b..61172a699 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java @@ -10,81 +10,138 @@ import org.apache.xerces.parsers.DOMParser; import org.w3c.dom.*; // Referenced classes of package at.gv.egovernment.moa.id.proxy: -// LoginParameterResolver -// Old Implementation of XMLLoginParameterResolver // -// TODO MOA-ID CIO internal: migrate this to XMLLoginParameterResolver +// TODO MOA-ID CIO internal: test full functionality - -public class OldXMLLoginParameterResolver +public class XMLLoginParameterResolverPlainData implements LoginParameterResolver { private String configuration; - class LPRParams - { - - public boolean getEnabled() - { - return enabled.booleanValue(); - } - - public String getUN() - { - return UN; - } - - public String getPW() - { - return PW; - } - - public String getParam1() - { - return Param1; - } - - public String getParam2() - { - return Param2; - } - - public String getParam3() - { - return Param3; - } - - public String toString() - { - return "Enabled:" + enabled.toString() + "UN: '" + UN + "' PW: '" + PW + "' Param1: '" + Param1 + "' Param2: '" + Param2 + "' Param3: '" + Param3 + "'\n"; - } - - private Boolean enabled; - private String UN; - private String PW; - private String Param1; - private String Param2; - private String Param3; - - LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) - { - this.enabled = new Boolean(enabled); - this.UN = UN; - this.PW = PW; - this.Param1 = Param1; - this.Param1 = Param2; - this.Param1 = Param3; - } - - LPRParams(boolean enabled, String UN, String PW) - { - this(enabled, UN, PW, null, null, null); - } + /** + * inner class used to store mapped parameters + */ + class LPRParams { + + /** + * getter method for parameter Enabled. + * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver + */ + public boolean getEnabled() { + return enabled.booleanValue(); + } + + /** + * getter method for parameter UN (username) + * @return Parameter UN or <code>null</code> not set. + */ + public String getUN() { + return UN; + } + + /** + * getter method for parameter UN (username) + * @return Parameter UN or <code>null</code> not set. + */ + public String getPlainUN() { + return UN; + } + + + /** + * getter method for parameter PW (password) + * @return Parameter PW or <code>null</code> not set. + */ + public String getPW() { + return PW; + } + + /** + * getter method for generic parameter Param1 + * @return Parameter Param1 or <code>null</code> not set. + */ + public String getParam1() { + return Param1; + } + + /** + * getter method for generic parameter Param2 + * @return Parameter Param2 or <code>null</code> not set. + */ + public String getParam2() { + return Param2; + } + + /** + * getter method for generic parameter Param3 + * @return Parameter Param3 or <code>null</code> not set. + */ + public String getParam3() { + return Param3; + } + + /** + * Returns a string representation of LPRParams + * + * @return a <code>String</code> representation of this object. + * @see XMLLoginParameterResolver.LPRParams + */ + public String toString() { + return "Enabled: " + + enabled.toString() + + "UN: '" + + UN + + "' PW: '" + + PW + + "' Param1: '" + + Param1 + + "' Param2: '" + + Param2 + + "' Param3: '" + + Param3 + + "'\n"; + } + + //private member variables used to store the parameters + private Boolean enabled = null; + private String UN = null; + private String PW = null; + private String Param1 = null; + private String Param2 = null; + private String Param3 = null; + + /** + * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object. + * + * @param enabled enable user mapping to parameter set for the parameter set. + * @param UN username used in HTTP 401 - BasicAuthentication + * @param PW password used in HTTP 401 - BasicAuthentication + * @param Param1 generic parameter1 used in HeaderAuthentication and ParameterAuthentication + * @param Param2 generic parameter2 used in HeaderAuthentication and ParameterAuthentication + * @param Param3 generic parameter3 used in HeaderAuthentication and ParameterAuthentication + **/ + LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) { + this.enabled = new Boolean(enabled); + this.UN = UN; + this.PW = PW; + this.Param1 = Param1; + this.Param1 = Param2; + this.Param1 = Param3; + } + + /** + * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object. + * + * @param enabled enable user mapping to parameter set for the parameter set. + * @param UN username used in HTTP 401 - BasicAuthentication + * @param PW password used in HTTP 401 - BasicAuthentication + **/ + LPRParams(boolean enabled, String UN, String PW) { + this(enabled, UN, PW, null, null, null); + } } - - - public OldXMLLoginParameterResolver() + public XMLLoginParameterResolverPlainData() { bPKMap = new HashMap(); namedMap = new HashMap(); @@ -101,53 +158,63 @@ public class OldXMLLoginParameterResolver String bPK = resolveValue("MOABPK", authData, clientIPAddress); String userid = ""; String password = ""; + String param1 = ""; + String param2 = ""; + String param3 = ""; + LPRParams params = null; boolean userFound = false; - Logger.debug("OldXMLLoginParameterResolver: search for automatic login data for bPK:" + bPK); + Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for bPK:" + bPK); params = (LPRParams)bPKMap.get(bPK); if(params == null) - Logger.debug("OldXMLLoginParameterResolver: params for bPK: " + bPK + " not found!"); + Logger.debug("XMLLoginParameterResolverPlainData: params for bPK: " + bPK + " not found!"); else if(params.getEnabled()) { - Logger.debug("OldXMLLoginParameterResolver: bPK: " + bPK + "found in list; user is enabled"); - Logger.debug("OldXMLLoginParameterResolver: using: " + params.toString()); + Logger.debug("XMLLoginParameterResolverPlainData: bPK: " + bPK + "found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString()); userid = params.getUN(); password = params.getPW(); + param1 = params.getParam1(); + param2 = params.getParam2(); + param3 = params.getParam3(); userFound = true; } else { - Logger.info("OldXMLLoginParameterResolver: bPK: " + bPK + "found in list; user is NOT enabled"); + Logger.info("XMLLoginParameterResolverPlainData: bPK: " + bPK + "found in list; user is NOT enabled"); } if(!userFound) { - Logger.debug("OldXMLLoginParameterResolver: search for automatic login data for SurName:" + famName + " GivenName: " + givenName); + Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for SurName:" + famName + " GivenName: " + givenName); params = (LPRParams)namedMap.get(famName + "," + givenName); if(params == null) - Logger.debug("OldXMLLoginParameterResolver: params for Surname: " + famName + " GivenName: " + givenName + " not found!"); + Logger.debug("XMLLoginParameterResolverPlainData: params for Surname: " + famName + " GivenName: " + givenName + " not found!"); else if(params.getEnabled()) { - Logger.debug("OldXMLLoginParameterResolver: SurName:" + famName + " GivenName: " + givenName + "found in list; user is enabled"); - Logger.debug("OldXMLLoginParameterResolver: using: " + params.toString()); + Logger.debug("XMLLoginParameterResolverPlainData: SurName:" + famName + " GivenName: " + givenName + "found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString()); userid = params.getUN(); password = params.getPW(); + param1 = params.getParam1(); + param2 = params.getParam2(); + param3 = params.getParam3(); userFound = true; } else { - Logger.info("OldXMLLoginParameterResolver: SurName:" + famName + " GivenName: " + givenName + "found in list; user is NOT enabled"); + Logger.info("XMLLoginParameterResolverPlainData: SurName:" + famName + " GivenName: " + givenName + "found in list; user is NOT enabled"); } } if(!userFound) { - Logger.info("OldXMLLoginParameterResolver: Person is not allowed No automatic login"); + Logger.info("XMLLoginParameterResolverPlainData: Person is not allowed No automatic login"); return result; } try { String userIDPassword = userid + ":" + password; String credentials = Base64Utils.encode(userIDPassword.getBytes()); - Logger.debug("OldXMLLoginParameterResolver: calculated credentials: " + credentials); + Logger.debug("XMLLoginParameterResolverPlainData: calculated credentials: " + credentials); result.put("Authorization", "Basic " + credentials); } catch(IOException ignore) { } @@ -219,7 +286,7 @@ public class OldXMLLoginParameterResolver private Document readXMLFile(String fileName) { - Logger.info("OldXMLLoginParameterResolver: Loading MOA-OA configuration " + fileName); + Logger.info("XMLLoginParameterResolverPlainData: Loading MOA-OA configuration " + fileName); DOMParser parser = new DOMParser(); try { @@ -231,7 +298,7 @@ public class OldXMLLoginParameterResolver catch(Exception e) { String msg = e.toString(); - Logger.error("OldXMLLoginParameterResolver: Error parsing file" + fileName + "\n" + msg); + Logger.error("XMLLoginParameterResolverPlainData: Error parsing file" + fileName + "\n" + msg); return null; } } @@ -242,17 +309,17 @@ public class OldXMLLoginParameterResolver NodeList idList = root.getElementsByTagName("Identity"); NodeList paramList = root.getElementsByTagName("Parameters"); for(int i = 0; i < idList.getLength(); i++) - Logger.debug("OldXMLLoginParameterResolver: LocalName idList: " + idList.item(i).getLocalName()); + Logger.debug("XMLLoginParameterResolverPlainData: LocalName idList: " + idList.item(i).getLocalName()); for(int i = 0; i < paramList.getLength(); i++) - Logger.debug("OldXMLLoginParameterResolver: LocalName paramList: " + paramList.item(i).getLocalName()); + Logger.debug("XMLLoginParameterResolverPlainData: LocalName paramList: " + paramList.item(i).getLocalName()); for(int i = 0; i < idList.getLength(); i++) { Element tmpElem = (Element)idList.item(i); NodeList tmpList = tmpElem.getElementsByTagName("NamedIdentity"); for(int j = 0; j < tmpList.getLength(); j++) - Logger.debug("OldXMLLoginParameterResolver: LocalName tmp: " + tmpList.item(j).getLocalName()); + Logger.debug("XMLLoginParameterResolverPlainData: LocalName tmp: " + tmpList.item(j).getLocalName()); if(1 == tmpList.getLength()) { @@ -261,9 +328,9 @@ public class OldXMLLoginParameterResolver boolean tmpBool = false; if(tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) tmpBool = true; - Logger.debug("OldXMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); + Logger.debug("XMLLoginParameterResolverPlainData: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); tmpElem = (Element)paramList.item(i); - Logger.debug("OldXMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW")); + Logger.debug("XMLLoginParameterResolverPlainData: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW")); namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); } else { @@ -275,13 +342,13 @@ public class OldXMLLoginParameterResolver boolean tmpBool = false; if(tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) tmpBool = true; - Logger.debug("OldXMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); + Logger.debug("XMLLoginParameterResolverPlainData: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); tmpElem = (Element)paramList.item(i); - Logger.debug("OldXMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW") + " attribute Param1: " + tmpElem.getAttribute("Param1")); + Logger.debug("XMLLoginParameterResolverPlainData: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW") + " attribute Param1: " + tmpElem.getAttribute("Param1")); bPKMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); } else { - Logger.warn("OldXMLLoginParameterResolver: wrong format no NamedIdentity or bPKIdentity found"); + Logger.warn("XMLLoginParameterResolverPlainData: wrong format no NamedIdentity or bPKIdentity found"); } } } @@ -301,12 +368,12 @@ public class OldXMLLoginParameterResolver public void configure(String configuration) throws LoginParameterResolverException { - Logger.info("OldXMLLoginParameterResolver: initialization string: " + configuration); + Logger.info("XMLLoginParameterResolverPlainData: initialization string: " + configuration); this.configuration = configuration; String fileName = configuration; if(fileName == null) { fileName = "file:conf/moa-id/Identities.xml"; - Logger.info("OldXMLLoginParameterResolver: used file name string: " + fileName); + Logger.info("XMLLoginParameterResolverPlainData: used file name string: " + fileName); } Document doc = readXMLFile(fileName); buildInfo(doc); diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 7980778d9..f82ad93ed 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -129,9 +129,9 @@ public class ProxyServlet extends HttpServlet { try { authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact); } catch (ServiceException ex) { - throw new ProxyException("proxy.14", new Object[] {ex}); + throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex); } catch (ProxyException ex) { - throw new ProxyException("proxy.14", new Object[] {ex}); + throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex); } String urlRequested = req.getRequestURL().toString(); diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java index 2717ee8c0..0cc15e5da 100644 --- a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java +++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java @@ -15,6 +15,7 @@ public class AuthenticationBlockAssertionBuilderTest extends UnitTestCase { private static final String AUTH_URL = "https://auth.moa.gv.at/"; private static final String TARGET = "Grundbuch"; private static final String OA_URL = "https://grundbuch.gv.at/"; + private static final String GEB_DAT = "2004-01-02"; // wird auch von CreateXMLSignatureBuilderTest verwendet ! public static final String ASSERTION_SHOULD = @@ -38,7 +39,7 @@ public class AuthenticationBlockAssertionBuilderTest extends UnitTestCase { public void testBuild() throws Exception { AuthenticationBlockAssertionBuilder builder = new AuthenticationBlockAssertionBuilder(); - String assertionBuilt = builder.build(ISSUER, ISSUE_INSTANT, AUTH_URL, TARGET, OA_URL); + String assertionBuilt = builder.build(ISSUER, ISSUE_INSTANT, AUTH_URL, TARGET, OA_URL, GEB_DAT); assertionBuilt = XML_DECL + assertionBuilt; String assertionShould = XML_DECL + ASSERTION_SHOULD; assertXmlEquals(assertionShould, assertionBuilt); |