diff options
15 files changed, 153 insertions, 407 deletions
| diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index 032f06911..d33cae207 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -2,33 +2,29 @@  <!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 4.0//EN"          "http://www.tuckey.org/res/dtds/urlrewrite4.0.dtd"> -<!-- - -    Configuration file for UrlRewriteFilter -    http://www.tuckey.org/urlrewrite/ - ---> +<!-- Configuration file for UrlRewriteFilter http://www.tuckey.org/urlrewrite/ -->  <urlrewrite> -    <rule> -        <note> -            The rule means that requests to /test/status/ will be redirected to /rewrite-status -            the url will be rewritten. -        </note> -        <from>/test/status/</from> -        <to type="redirect">%{context-path}/rewrite-status</to> -    </rule> +	<rule> +		<note> +			The rule means that requests to /test/status/ will be redirected to +			/rewrite-status +			the url will be rewritten. +		</note> +		<from>/test/status/</from> +		<to type="redirect">%{context-path}/rewrite-status</to> +	</rule> + +	<!-- Legacy Rules --> +	<rule match-type="regex"> +		<from>^/StartAuthentication$</from> +		<to type="forward">/dispatcher?mod=id_saml1&action=GetArtifact</to> +	</rule> +	<rule match-type="regex"> +		<from>^/StartAuthentication\?(.*)$</from> +		<to type="forward">/dispatcher?mod=id_saml1&action=GetArtifact&$1</to> +	</rule> -    <!-- Legacy Rules --> -    <rule match-type="regex"> -        <from>^/StartAuthentication$</from> -        <to type="forward">/dispatcher?mod=id_saml1&action=GetArtifact</to> -    </rule> -    <rule match-type="regex"> -        <from>^/StartAuthentication\?(.*)$</from> -        <to type="forward">/dispatcher?mod=id_saml1&action=GetArtifact&$1</to> -    </rule> -      	<rule match-type="regex">  		<from>^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)$</from>  		<to type="forward">/dispatcher?mod=$1&action=$2</to> @@ -39,86 +35,37 @@  	</rule> -    <outbound-rule> -        <note> -            The outbound-rule specifies that when response.encodeURL is called (if you are using JSTL c:url) -            the url /rewrite-status will be rewritten to /test/status/. - -            The above rule and this outbound-rule means that end users should never see the -            url /rewrite-status only /test/status/ both in thier location bar and in hyperlinks -            in your pages. -        </note> -        <from>/rewrite-status</from> -        <to>/test/status/</to> -    </outbound-rule> - -	<outbound-rule> -		<from>^/AuthDispatcher?mod=([a-zA-Z0-9]+)&action=([a-zA-Z0-9]+)$</from> -		<to>/auth/$1/$2</to> -	</outbound-rule> +	<rule match-type="regex"> +		<from>^/pvp2/metadata$</from> +		<to type="forward">/dispatcher?mod=id_pvp2x&action=Metadata&%{query-string}</to> +	</rule> +	<rule match-type="regex"> +		<from>^/pvp2/redirect$</from> +		<to type="forward">/dispatcher?mod=id_pvp2x&action=Redirect&%{query-string}</to> +	</rule> +	<rule match-type="regex"> +		<from>^/pvp2/post$</from> +		<to type="forward">/dispatcher?mod=id_pvp2x&action=Post&%{query-string}</to> +	</rule> +	<rule match-type="regex"> +		<from>^/PVP2Soap$</from> +		<to type="forward">/dispatcher?mod=id_pvp2x&action=Soap</to> +	</rule>  	<outbound-rule> -		<from>^/AuthDispatcher?mod=([a-zA-Z0-9]+)&action=([a-zA-Z0-9]+)&(.*)$</from> -		<to>/auth/$1/$2&$3</to> +		<note> +			The outbound-rule specifies that when response.encodeURL is called (if +			you are using JSTL c:url) +			the url /rewrite-status will be rewritten to /test/status/. + +			The above rule and this outbound-rule means that end users should never +			see the +			url /rewrite-status only /test/status/ both in thier location bar and in +			hyperlinks +			in your pages. +		</note> +		<from>/rewrite-status</from> +		<to>/test/status/</to>  	</outbound-rule> -    <!-- - -    INSTALLATION - -        in your web.xml add... - -        <filter> -            <filter-name>UrlRewriteFilter</filter-name> -            <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class> -            <init-param> -                <param-name>logLevel</param-name> -                <param-value>WARN</param-value> -            </init-param> -        </filter> -        <filter-mapping> -            <filter-name>UrlRewriteFilter</filter-name> -            <url-pattern>/*</url-pattern> -        </filter-mapping> - -     EXAMPLES - -     Redirect one url -        <rule> -            <from>/some/old/page.html</from> -            <to type="redirect">/very/new/page.html</to> -        </rule> - -    Redirect a directory -        <rule> -            <from>/some/olddir/(.*)</from> -            <to type="redirect">/very/newdir/$1</to> -        </rule> - -    Clean a url -        <rule> -            <from>/products/([0-9]+)</from> -            <to>/products/index.jsp?product_id=$1</to> -        </rule> -    eg, /products/1234 will be passed on to /products/index.jsp?product_id=1234 without the user noticing. - -    Browser detection -        <rule> -            <condition name="user-agent">Mozilla/[1-4]</condition> -            <from>/some/page.html</from> -            <to>/some/page-for-old-browsers.html</to> -        </rule> -    eg, will pass the request for /some/page.html on to /some/page-for-old-browsers.html only for older -    browsers whose user agent srtings match Mozilla/1, Mozilla/2, Mozilla/3 or Mozilla/4. - -    Centralised browser detection -        <rule> -            <condition name="user-agent">Mozilla/[1-4]</condition> -            <set type="request" name="browser">moz</set> -        </rule> -    eg, all requests will be checked against the condition and if matched -    request.setAttribute("browser", "moz") will be called. - -    --> -  </urlrewrite> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index d9f3ef7e8..45f269f0a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -2872,16 +2872,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {      	Logger.debug("Issuer value: " + issuerValue); -    	QualityAuthenticationAssuranceLevel qaaLevel = null;//TODO UNCOMMENT AGAIN !! = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); +    	QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue());      	Logger.debug("QAALevel: " + qaaLevel.getValue());      	RequestedAttributes requestedAttributes = null; -    	//TODO UNCOMMENT AGAIN !! requestedAttributes = oaParam.getRequestedAttributes(); +    	requestedAttributes = oaParam.getRequestedAttributes();  		requestedAttributes.detach();      	List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>();      	List<RequestedAttribute> oaReqAttributeList = null;  -    	//TODO UNCOMMENT AGAIN !! oaReqAttributeList =  new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes()); +    	oaReqAttributeList =  new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes());      	//check if country specific attributes must be additionally requested      	if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) {      		//add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 8279b28d8..cef9f9ff9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -28,6 +28,7 @@ import iaik.pki.PKIException;  import iaik.pki.jsse.IAIKX509TrustManager;  import java.io.IOException; +import java.io.PrintWriter;  import java.security.GeneralSecurityException;  import java.util.Properties; @@ -36,6 +37,9 @@ import javax.activation.MailcapCommandMap;  import javax.mail.Session;  import javax.net.ssl.SSLSocketFactory; +import org.apache.commons.logging.impl.SLF4JLog; +import org.apache.log4j.config.PropertyPrinter; +  import at.gv.egovernment.moa.id.config.ConfigurationException;  import at.gv.egovernment.moa.id.config.ConnectionParameter;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -158,6 +162,7 @@ public class MOAIDAuthInitializer {          // Initializes IAIKX509TrustManager logging          String log4jConfigURL = System.getProperty("log4j.configuration"); +        Logger.info("Log4J Configuration: " + log4jConfigURL);          if (log4jConfigURL != null) {              IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL));          } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index b86b2ec68..82acd0897 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -279,7 +279,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {  		  }  		//Initialize OpenSAML for STORK -		Logger.trace("Starting initialization of OpenSAML..."); +		Logger.info("Starting initialization of OpenSAML...");  		STORKBootstrap.bootstrap();  		Logger.debug("OpenSAML successfully initialized"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 10dd2cfea..7c174de77 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -133,17 +133,17 @@ public class OAAuthParameter extends OAParameter {    /**     * STORK QAA Level, Default = 4     */ - // private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4); + private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4);    /**     * STORK RequestedAttributes for Online Application     * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth      */ -  //private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes( -//		  STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null),  -//		  STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null),  -//		  STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null),  -//		  STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null)); +  private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes( +		  STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null),  +		  STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null),  +		  STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null),  +		  STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null));  /** @@ -469,33 +469,33 @@ public class OAAuthParameter extends OAParameter {    	 * Returns the defined STORK QAALevel    	 * @return STORK QAALevel    	 */ -	/*public QualityAuthenticationAssuranceLevel getQaaLevel() { +	public QualityAuthenticationAssuranceLevel getQaaLevel() {  		return qaaLevel; -	}*/ +	}  	/**  	 * Sets the STORK QAALevel  	 * @param qaaLevel  	 */ -	/*public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) { +	public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) {  		this.qaaLevel = qaaLevel; -	}*/ +	}  	/**  	 * Returns the desired STORK Requested Attributes  	 * @return STORK Requested Attributes  	 */ -	//public RequestedAttributes getRequestedAttributes() { -	//	return requestedAttributes; -	//} +	public RequestedAttributes getRequestedAttributes() { +		return requestedAttributes; +	}  	/**  	 * Sets the desired STORK Requested Attributes  	 * @param requestedAttributes  	 */ -	//public void setRequestedAttributes(RequestedAttributes requestedAttributes) { -	//	this.requestedAttributes = requestedAttributes; -	//} +	public void setRequestedAttributes(RequestedAttributes requestedAttributes) { +		this.requestedAttributes = requestedAttributes; +	} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java deleted file mode 100644 index e04600b42..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java +++ /dev/null @@ -1,263 +0,0 @@ -package at.gv.egovernment.moa.id.entrypoints; - -import java.io.IOException; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; -import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IModulInfo; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.ModulStorage; -import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; -import at.gv.egovernment.moa.id.moduls.ServletInfo; -import at.gv.egovernment.moa.id.moduls.ServletType; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; - -public class AuthDispatcherServlet extends AuthServlet { - -	/** -	 *  -	 */ -	private static final long serialVersionUID = 1L; - -	public static final String PARAM_TARGET_PATH = "mod"; -	public static final String PARAM_TARGET_PROTOCOL = "action"; -/*	public static final String PARAM_DISPATCHER_TARGETS = "DispatcherTargets"; -	public static final String PARAM_DISPATCHER_TYPE = "DispatcherType"; -	public static final String PARAM_DISPATCHER_TYPE_UNAUTH = "UNAUTH"; -	public static final String PARAM_DISPATCHER_TYPE_AUTH = "AUTH"; -	public static String SYSTEM_NEWLINE = System.getProperty("line.separator"); - -	private HashMap<String, HashMap<String, HttpServlet>> endpointMap = new HashMap<String, HashMap<String, HttpServlet>>(); - -	private void registerModule(IModulInfo modulInfo) { - -		HashMap<String, HttpServlet> tempMap = new HashMap<String, HttpServlet>(); - -		try { - -			String path = modulInfo.getPath(); - -			if (path == null) { -				throw new Exception(String.format( -						"%s does not return a valid target path!", -						new Object[] { modulInfo.getClass().getName() })); -			} - -			Logger.debug("Registering: " + modulInfo.getName() + " under " -					+ path); - -			List<ServletInfo> servletInfos = modulInfo.getServlets(); - -			Iterator<ServletInfo> servletInfoIterator = servletInfos.iterator(); - -			while (servletInfoIterator.hasNext()) { - -				ServletInfo servletInfo = servletInfoIterator.next(); - -				if (servletInfo.getType() == ServletType.AUTH) { -					HttpServlet servlet = servletInfo.getServletInstance(); -					String target = servletInfo.getTarget(); - -					if (target == null) { -						throw new Exception( -								String.format( -										"%s does not return a valid target identifier!", -										new Object[] { servlet.getClass() -												.getName() })); -					} - -					if (tempMap.containsKey(target)) { -						throw new Exception(String.format( -								"%s tried to overwrite %s/%s", new Object[] { -										servlet.getClass().getName(), path, -										target })); -					} - -					tempMap.put(target, servlet); -					Logger.info("Registered Servlet class: " -							+ servlet.getClass().getName() + " OK"); -				} - -			} - -			// when there was no error we register all servlets into the real -			// endpoint map ... -			if (!tempMap.isEmpty()) { -				endpointMap.put(path, tempMap); -			} -		} catch (Throwable e) { -			Logger.error("Registering Modul class: " -					+ modulInfo.getClass().getName() + " FAILED!!", e); -		} -	} -*/ -	@Override -	public void init(ServletConfig config) throws ServletException { -		try { -			super.init(config); -			MOAIDAuthInitializer.initialize(); -			Logger.info(MOAIDMessageProvider.getInstance().getMessage( -					"init.00", null)); -		} catch (Exception ex) { -			Logger.fatal( -					MOAIDMessageProvider.getInstance().getMessage("init.02", -							null), ex); -			throw new ServletException(ex); -		} -		Logger.info("Auth dispatcher Servlet initialization"); -/* -		List<IModulInfo> modules = ModulStorage.getAllModules(); -		Iterator<IModulInfo> it = modules.iterator(); -		while (it.hasNext()) { -			IModulInfo info = it.next(); -			String targetClass = info.getClass().getName(); -			try { -				registerModule(info); -			} catch (Throwable e) { -				Logger.error("Registering Class " + targetClass + " FAILED!!", -						e); -			} -		}*/ -	} - -	protected void processRequest(HttpServletRequest req, -			HttpServletResponse resp) throws ServletException, IOException { -		try { -			Object pathObject = req.getParameter(PARAM_TARGET_PATH); -			String path = null; - -			HttpSession session = req.getSession(); - -			if (pathObject != null && (pathObject instanceof String)) { -				path = (String) pathObject; -			} - -			if (path == null) { -				path = (String) session.getAttribute(PARAM_TARGET_PATH); -			} - -			Object protocolObject = req.getParameter(PARAM_TARGET_PROTOCOL); -			String protocol = null; -			if (protocolObject != null && (protocolObject instanceof String)) { -				protocol = (String) protocolObject; -			} - -			if (protocol == null) { -				protocol = (String) session.getAttribute(PARAM_TARGET_PROTOCOL); -			} - -			Logger.debug("dispatching to " + path + " protocol " + protocol); -/* -			if (path != null && protocol != null -					&& endpointMap.containsKey(path)) { -				 -				IModulInfo info = ModulStorage.getModuleByPath(path); -				 -				if (info == null) { -					resp.sendError(HttpServletResponse.SC_NOT_FOUND); -					Logger.error("Path " + path + " has no module registered"); -					return; -				} -				 -				IAction action = info.getAction(protocol); -				 -				if (action == null) { -					resp.sendError(HttpServletResponse.SC_NOT_FOUND); -					Logger.error("Action " + protocol + " is not available!"); -					return; -				} -				 -				 -				 -				try { -				IRequest configuration = info.preProcess(req, resp, protocol); - -				if(configuration.forceAuth()) { -					session.setAttribute(PARAM_TARGET_PATH, path); -					session.setAttribute(PARAM_TARGET_PROTOCOL, protocol); - -					AuthenticationManager.doAuthentication(req, resp, -							configuration); -					return; -				} -				 -				if (!AuthenticationManager.isAuthenticated(req, resp)) { - -					session.setAttribute(PARAM_TARGET_PATH, path); -					session.setAttribute(PARAM_TARGET_PROTOCOL, protocol); - -					if(configuration.isPassiv()) { -						throw new NoPassivAuthenticationException(); -					} -					 -					AuthenticationManager.doAuthentication(req, resp, -							configuration); -					return; -				} - -				HashMap<String, HttpServlet> pathMap = endpointMap.get(path); -				Logger.debug("found path"); -				if (pathMap.containsKey(protocol)) { -					Logger.debug("found protocol"); -					try { -						HttpServlet servlet = (HttpServlet) pathMap -								.get(protocol); -						String forward = servlet.getClass().getName(); -						Logger.info("Forwarding to Servlet: " + forward); -						getServletContext().getNamedDispatcher(forward) -								.forward(req, resp); -						// TODO: disabled SSO -						AuthenticationManager.logout(req, resp); -						return; -					} catch (Throwable e) { -						e.printStackTrace(); -						resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); -					} -				} -				} -				catch (Throwable e) { -					// Try handle module specific, if not possible rethrow -					if(!info.generateErrorMessage(e, req, resp)) { -						throw e; -					} -				} -			}*/ -			resp.sendError(HttpServletResponse.SC_NOT_FOUND); -		}/* catch (WrongParametersException ex) { -			handleWrongParameters(ex, req, resp); -		} catch (MOAIDException ex) { -			handleError(null, ex, req, resp); -		} */catch (Throwable e) { -			e.printStackTrace(); -			resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); -		} - -	} - -	@Override -	protected void doGet(HttpServletRequest req, HttpServletResponse resp) -			throws ServletException, IOException { -		processRequest(req, resp); -	} - -	@Override -	protected void doPost(HttpServletRequest req, HttpServletResponse resp) -			throws ServletException, IOException { -		processRequest(req, resp); -	} -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index c3f835edb..36a8d0d6b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -1,6 +1,7 @@  package at.gv.egovernment.moa.id.entrypoints;  import java.io.IOException; +import java.io.PrintWriter;  import java.util.Iterator;  import javax.servlet.RequestDispatcher; @@ -11,6 +12,10 @@ import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse;  import javax.servlet.http.HttpSession; +import org.apache.log4j.config.PropertyPrinter; + +import eu.stork.vidp.messages.common.STORKBootstrap; +  import at.gv.egovernment.moa.id.MOAIDException;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; @@ -56,6 +61,8 @@ public class DispatcherServlet extends AuthServlet {  	protected void processRequest(HttpServletRequest req,  			HttpServletResponse resp) throws ServletException, IOException {  		try { +			Logger.info("REQUEST: " + req.getRequestURI()); +			Logger.info("QUERY  : " + req.getQueryString());  			String errorid = req.getParameter(ERROR_CODE_PARAM);  			if (errorid != null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index c5fa53973..e752857dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;  import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;  import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;  import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;  import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; @@ -64,14 +65,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {  	private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); -	static { -		try { -			DefaultBootstrap.bootstrap(); -		} catch (ConfigurationException e) { -			// TODO Auto-generated catch block -			e.printStackTrace(); -		} -		 +	static {		  		servletList.add(new ServletInfo(PVPProcessor.class, REDIRECT,  				ServletType.AUTH));  		servletList.add(new ServletInfo(PVPProcessor.class, POST, @@ -172,7 +166,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {  				attributeIdx = aIdx.intValue();  			} -			EntityDescriptor metadata = moaRequest.getEntityMetadata();  +			EntityDescriptor metadata = moaRequest.getEntityMetadata(); +			if(metadata == null) { +				throw new NoMetadataInformationException(); +			}  			SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);  			AssertionConsumerService consumerService  = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);  			AttributeConsumingService attributeConsumer  = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java new file mode 100644 index 000000000..513939e5d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java @@ -0,0 +1,12 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import org.opensaml.common.binding.decoding.URIComparator; + +public class MOAURICompare implements URIComparator { + +	public boolean compare(String uri1, String uri2) { +		// TODO: implement proper equalizer for rewritten URLS +		return true; +	} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index 97e7ef80c..6e826005d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -16,6 +16,7 @@ import org.opensaml.saml2.core.StatusResponseType;  import org.opensaml.saml2.metadata.SPSSODescriptor;  import org.opensaml.saml2.metadata.SingleSignOnService;  import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.saml2.metadata.provider.MetadataProviderException;  import org.opensaml.ws.message.decoder.MessageDecodingException;  import org.opensaml.ws.message.encoder.MessageEncodingException;  import org.opensaml.ws.transport.http.HttpServletRequestAdapter; @@ -24,8 +25,10 @@ import org.opensaml.xml.parse.BasicParserPool;  import org.opensaml.xml.security.SecurityException;  import org.opensaml.xml.security.credential.Credential; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;  import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;  import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.logging.Logger;  public class PostBinding implements IDecoder, IEncoder { @@ -83,9 +86,16 @@ public class PostBinding implements IDecoder, IEncoder {  		BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();  		messageContext  				.setInboundMessageTransport(new HttpServletRequestAdapter(req)); - +		decode.setURIComparator(new MOAURICompare());  		messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - +		 +		try { +			messageContext.setMetadataProvider(new MOAMetadataProvider()); +		} catch (MetadataProviderException e) { +			Logger.error("Failed to get Metadata Provider"); +			throw new SecurityException("Failed to get Metadata Provider"); +		} +		  		decode.decode(messageContext);  		RequestAbstractType inboundMessage = (RequestAbstractType) messageContext diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index c0cf6ac63..4e7b08b21 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -76,6 +76,7 @@ public class RedirectBinding implements IDecoder, IEncoder {  		HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(  				new BasicParserPool()); +		decode.setURIComparator(new MOAURICompare());  		BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();  		messageContext  				.setInboundMessageTransport(new HttpServletRequestAdapter(req)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index 11e9cb860..c8059b2f9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -8,8 +8,6 @@ import java.util.List;  import java.util.Properties;  import java.util.Set; -import org.apache.commons.io.FileUtils; -import org.apache.commons.io.filefilter.DirectoryFileFilter;  import org.opensaml.saml2.metadata.Company;  import org.opensaml.saml2.metadata.ContactPerson;  import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration; @@ -38,6 +36,10 @@ public class PVPConfiguration {  		return instance;  	} +	public static final String PVP2_METADATA = "/pvp2/metadata"; +	public static final String PVP2_REDIRECT = "/pvp2/redirect"; +	public static final String PVP2_POST = "/pvp2/post"; +	  	public static final String PVP_CONFIG_FILE = "pvp2config.properties";  	public static final String IDP_JAVAKEYSTORE = "idp.ks.file";  	public static final String IDP_KEYALIAS = "idp.ks.alias"; @@ -54,9 +56,7 @@ public class PVPConfiguration {  	public static final String IDP_ORG_DISPNAME = "idp.org.dispname";  	public static final String IDP_ORG_URL = "idp.org.url"; -	public static final String IDP_POST_SSO_SERVICE = "idp.sso.post"; -	public static final String IDP_REDIRECT_SSO_SERVICE = "idp.sso.redirect"; -	public static final String IDP_SOAP_RESOLVE_SERVICE = "idp.resolve.soap"; +	public static final String IDP_PUBLIC_URL = "idp.public.url";  	public static final String IDP_TRUST_STORE = "idp.truststore";  	public static final String SP_TARGET_PREFIX = "sp.target."; @@ -88,17 +88,27 @@ public class PVPConfiguration {  			e.printStackTrace();  		}  	} +	 +	public String getIDPPublicPath() { +		String publicPath = props.getProperty(IDP_PUBLIC_URL); +		if(publicPath != null) { +			if(publicPath.endsWith("/")) { +				publicPath = publicPath.substring(0, publicPath.length()-2); +			} +		} +		return publicPath; +	}  	public String getIDPSSOPostService() { -		return props.getProperty(IDP_POST_SSO_SERVICE); +		return getIDPPublicPath() + PVP2_POST;  	}  	public String getIDPSSORedirectService() { -		return props.getProperty(IDP_REDIRECT_SSO_SERVICE); +		return getIDPPublicPath() + PVP2_REDIRECT;  	} - -	public String getIDPResolveSOAPService() { -		return props.getProperty(IDP_SOAP_RESOLVE_SERVICE); +	 +	public String getIDPSSOMetadataService() { +		return getIDPPublicPath() + PVP2_METADATA;  	}  	public String getIDPKeyStoreFilename() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java new file mode 100644 index 000000000..c45820cfb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class NoMetadataInformationException extends PVP2Exception { + +	public NoMetadataInformationException() { +		super("pvp2.15", null); +		this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI; +	} + +	/** +	 *  +	 */ +	private static final long serialVersionUID = -4608068445208032193L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java index 7bb5b052f..d6ac121b1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java @@ -19,6 +19,8 @@ import org.opensaml.xml.io.Marshaller;  import org.opensaml.xml.io.MarshallingException;  import org.w3c.dom.Document; +import eu.stork.vidp.messages.common.STORKBootstrap; +  public class SAML2Utils {  	public static <T> T createSAMLObject(final Class<T> clazz) { diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 369cbd5b6..c757e7f8b 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -200,4 +200,5 @@ pvp2.10=Attribut {0} nicht verfuegbar  pvp2.11=Binding {0} wird nicht unterstuetzt
  pvp2.12=NameID Format {0} wird nicht unterstuetzt
  pvp2.13=Interner Server Fehler
 -pvp2.14=SAML Anfrage verweigert
\ No newline at end of file +pvp2.14=SAML Anfrage verweigert
 +pvp2.15=Keine Metadateninformation gefunden
\ No newline at end of file | 
