diff options
2 files changed, 156 insertions, 128 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index 5a054b142..11e9cb860 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -3,15 +3,13 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.config; import java.io.File; import java.io.FileInputStream; import java.util.ArrayList; -import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Properties; import java.util.Set; -import javax.xml.namespace.QName; - -import org.opensaml.saml2.common.Extensions; +import org.apache.commons.io.FileUtils; +import org.apache.commons.io.filefilter.DirectoryFileFilter; import org.opensaml.saml2.metadata.Company; import org.opensaml.saml2.metadata.ContactPerson; import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration; @@ -24,15 +22,6 @@ import org.opensaml.saml2.metadata.OrganizationName; import org.opensaml.saml2.metadata.OrganizationURL; import org.opensaml.saml2.metadata.SurName; import org.opensaml.saml2.metadata.TelephoneNumber; -import org.opensaml.xml.Namespace; -import org.opensaml.xml.NamespaceManager; -import org.opensaml.xml.XMLObject; -import org.opensaml.xml.schema.XSBooleanValue; -import org.opensaml.xml.util.AttributeMap; -import org.opensaml.xml.util.IDIndex; -import org.opensaml.xml.validation.ValidationException; -import org.opensaml.xml.validation.Validator; -import org.w3c.dom.Element; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.Digester; @@ -41,227 +30,254 @@ import at.gv.egovernment.moa.logging.Logger; public class PVPConfiguration { private static PVPConfiguration instance; - + public static PVPConfiguration getInstance() { - if(instance == null) { + if (instance == null) { instance = new PVPConfiguration(); } return instance; } - + public static final String PVP_CONFIG_FILE = "pvp2config.properties"; public static final String IDP_JAVAKEYSTORE = "idp.ks.file"; public static final String IDP_KEYALIAS = "idp.ks.alias"; public static final String IDP_KS_PASS = "idp.ks.kspassword"; public static final String IDP_KEY_PASS = "idp.ks.keypassword"; - + public static final String IDP_ISSUER_NAME = "idp.issuer.name"; - - public static final String METADATA_FILE = "md.file"; - + + public static final String METADATA_FILE = "md.dir"; + public static final String METADATA_EXTENSION = "md.ext"; + public static final String IDP_ENTITY = "idp.entityid"; public static final String IDP_ORG_NAME = "idp.org.name"; public static final String IDP_ORG_DISPNAME = "idp.org.dispname"; public static final String IDP_ORG_URL = "idp.org.url"; - + public static final String IDP_POST_SSO_SERVICE = "idp.sso.post"; public static final String IDP_REDIRECT_SSO_SERVICE = "idp.sso.redirect"; public static final String IDP_SOAP_RESOLVE_SERVICE = "idp.resolve.soap"; - - + public static final String IDP_TRUST_STORE = "idp.truststore"; public static final String SP_TARGET_PREFIX = "sp.target."; - + public static final String IDP_CONTACT_PREFIX = "idp.contact"; public static final String IDP_CONTACT_LIST = "idp.contact_list"; - + public static final String IDP_CONTACT_SURNAME = "surname"; public static final String IDP_CONTACT_GIVENNAME = "givenname"; public static final String IDP_CONTACT_MAIL = "mail"; public static final String IDP_CONTACT_TYPE = "type"; public static final String IDP_CONTACT_COMPANY = "company"; public static final String IDP_CONTACT_PHONE = "phone"; - - + Properties props = new Properties(); - + private PVPConfiguration() { try { - String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); + String fileName = System + .getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); String pathName = (new File(fileName)).getParent(); String configFile = pathName + "/" + PVP_CONFIG_FILE; - + Logger.info("PVP Config file " + configFile); FileInputStream is = new FileInputStream(configFile); props.load(is); is.close(); - } catch(Exception e) { + } catch (Exception e) { e.printStackTrace(); } } - + public String getIDPSSOPostService() { return props.getProperty(IDP_POST_SSO_SERVICE); } - + public String getIDPSSORedirectService() { return props.getProperty(IDP_REDIRECT_SSO_SERVICE); } - + public String getIDPResolveSOAPService() { return props.getProperty(IDP_SOAP_RESOLVE_SERVICE); } - + public String getIDPKeyStoreFilename() { return props.getProperty(IDP_JAVAKEYSTORE); } - + public String getIDPKeyStorePassword() { return props.getProperty(IDP_KS_PASS); } - + public String getIDPKeyAlias() { return props.getProperty(IDP_KEYALIAS); } - + public String getIDPKeyPassword() { return props.getProperty(IDP_KEY_PASS); } - + public String getIDPIssuerName() { return props.getProperty(IDP_ISSUER_NAME); } - - public String getMetadataFile() { - return props.getProperty(METADATA_FILE); + + public List<String> getMetadataFiles() { + String filter = props.getProperty(METADATA_EXTENSION); + + if (filter == null) { + filter = ".mdxml"; + } + + List<String> files = new ArrayList<String>(); + + File[] faFiles = new File(props.getProperty(METADATA_FILE)).listFiles(); + for (File file : faFiles) { + if (!file.isDirectory()) { + if (file.getName().endsWith(filter)) { + files.add(file.getAbsolutePath()); + } + } + } + + return files; } - + public String getTargetForSP(String sp) { String spHash = Digester.toSHA1(sp.getBytes()); Logger.info("SHA hash for sp: " + sp + " => " + spHash); return props.getProperty(SP_TARGET_PREFIX + spHash); } - + public String getTrustEntityCertificate(String entityID) { String path = props.getProperty(IDP_TRUST_STORE); - if(path == null) { + if (path == null) { return null; } - - if(!path.endsWith("/")) { + + if (!path.endsWith("/")) { path = path + "/"; } - + String entityIDHash = Digester.toSHA1(entityID.getBytes()); - + return path + entityIDHash; } - + public List<ContactPerson> getIDPContacts() { List<ContactPerson> list = new ArrayList<ContactPerson>(); - + String contactList = props.getProperty(IDP_CONTACT_LIST); - - if(contactList != null) { - + + if (contactList != null) { + String[] contact_keys = contactList.split(","); - - for(int i = 0; i < contact_keys.length; i++) { - + + for (int i = 0; i < contact_keys.length; i++) { + String key = contact_keys[i]; - - ContactPerson person = SAML2Utils.createSAMLObject(ContactPerson.class); - - String type = props.getProperty(IDP_CONTACT_PREFIX + - "." + key + "." + IDP_CONTACT_TYPE); - - if(type == null) { - Logger.error("IDP Contact with key " + key + " has no type defined!"); + + ContactPerson person = SAML2Utils + .createSAMLObject(ContactPerson.class); + + String type = props.getProperty(IDP_CONTACT_PREFIX + "." + key + + "." + IDP_CONTACT_TYPE); + + if (type == null) { + Logger.error("IDP Contact with key " + key + + " has no type defined!"); break; } - + ContactPersonTypeEnumeration enumType = null; - - if(type.equals(ContactPersonTypeEnumeration.ADMINISTRATIVE.toString())) { + + if (type.equals(ContactPersonTypeEnumeration.ADMINISTRATIVE + .toString())) { enumType = ContactPersonTypeEnumeration.ADMINISTRATIVE; - } else if(type.equals(ContactPersonTypeEnumeration.BILLING.toString())){ + } else if (type.equals(ContactPersonTypeEnumeration.BILLING + .toString())) { enumType = ContactPersonTypeEnumeration.BILLING; - } else if(type.equals(ContactPersonTypeEnumeration.OTHER.toString())){ + } else if (type.equals(ContactPersonTypeEnumeration.OTHER + .toString())) { enumType = ContactPersonTypeEnumeration.OTHER; - }else if(type.equals(ContactPersonTypeEnumeration.SUPPORT.toString())){ + } else if (type.equals(ContactPersonTypeEnumeration.SUPPORT + .toString())) { enumType = ContactPersonTypeEnumeration.SUPPORT; - }else if(type.equals(ContactPersonTypeEnumeration.TECHNICAL.toString())){ + } else if (type.equals(ContactPersonTypeEnumeration.TECHNICAL + .toString())) { enumType = ContactPersonTypeEnumeration.TECHNICAL; } - - if(enumType == null) { - Logger.error("IDP Contact with key " + key + " has invalid type defined: " + - type); + + if (enumType == null) { + Logger.error("IDP Contact with key " + key + + " has invalid type defined: " + type); break; } - + person.setType(enumType); - - String givenName = props.getProperty(IDP_CONTACT_PREFIX + - "." + key + "." + IDP_CONTACT_GIVENNAME); - - if(givenName != null) { - GivenName name = SAML2Utils.createSAMLObject(GivenName.class); + + String givenName = props.getProperty(IDP_CONTACT_PREFIX + "." + + key + "." + IDP_CONTACT_GIVENNAME); + + if (givenName != null) { + GivenName name = SAML2Utils + .createSAMLObject(GivenName.class); name.setName(givenName); person.setGivenName(name); } - - String company = props.getProperty(IDP_CONTACT_PREFIX + - "." + key + "." + IDP_CONTACT_COMPANY); - - if(company != null) { + + String company = props.getProperty(IDP_CONTACT_PREFIX + "." + + key + "." + IDP_CONTACT_COMPANY); + + if (company != null) { Company comp = SAML2Utils.createSAMLObject(Company.class); comp.setName(company); person.setCompany(comp); } - - String surname = props.getProperty(IDP_CONTACT_PREFIX + - "." + key + "." + IDP_CONTACT_SURNAME); - - if(surname != null) { + + String surname = props.getProperty(IDP_CONTACT_PREFIX + "." + + key + "." + IDP_CONTACT_SURNAME); + + if (surname != null) { SurName name = SAML2Utils.createSAMLObject(SurName.class); name.setName(surname); person.setSurName(name); } - + Set<Object> keySet = props.keySet(); Iterator<Object> keyIt = keySet.iterator(); - - while(keyIt.hasNext()) { - + + while (keyIt.hasNext()) { + String currentKey = keyIt.next().toString(); - - if(currentKey.startsWith(IDP_CONTACT_PREFIX + - "." + key + "." + IDP_CONTACT_PHONE)) { + + if (currentKey.startsWith(IDP_CONTACT_PREFIX + "." + key + + "." + IDP_CONTACT_PHONE)) { String phone = props.getProperty(currentKey); - - if(phone != null) { - TelephoneNumber telePhone = SAML2Utils.createSAMLObject(TelephoneNumber.class); + + if (phone != null) { + TelephoneNumber telePhone = SAML2Utils + .createSAMLObject(TelephoneNumber.class); telePhone.setNumber(phone); person.getTelephoneNumbers().add(telePhone); } - } else if(currentKey.startsWith(IDP_CONTACT_PREFIX + - "." + key + "." + IDP_CONTACT_MAIL)) { + } else if (currentKey.startsWith(IDP_CONTACT_PREFIX + "." + + key + "." + IDP_CONTACT_MAIL)) { String mail = props.getProperty(currentKey); - - if(mail != null) { - EmailAddress mailAddress = SAML2Utils.createSAMLObject(EmailAddress.class); + + if (mail != null) { + EmailAddress mailAddress = SAML2Utils + .createSAMLObject(EmailAddress.class); mailAddress.setAddress(mail); person.getEmailAddresses().add(mailAddress); } } } list.add(person); - } + } } return list; } - + public Organization getIDPOrganisation() { Organization org = SAML2Utils.createSAMLObject(Organization.class); @@ -269,22 +285,22 @@ public class PVPConfiguration { String org_dispname = props.getProperty(IDP_ORG_DISPNAME); String org_url = props.getProperty(IDP_ORG_URL); - if(org_name == null || org_dispname == null || org_url == null) { + if (org_name == null || org_dispname == null || org_url == null) { return null; } - - OrganizationDisplayName dispName = SAML2Utils.createSAMLObject( - OrganizationDisplayName.class); + + OrganizationDisplayName dispName = SAML2Utils + .createSAMLObject(OrganizationDisplayName.class); dispName.setName(new LocalizedString(org_dispname, "de")); org.getDisplayNames().add(dispName); - - OrganizationName name = SAML2Utils.createSAMLObject( - OrganizationName.class); + + OrganizationName name = SAML2Utils + .createSAMLObject(OrganizationName.class); name.setName(new LocalizedString(org_name, "de")); org.getOrganizationNames().add(name); - - OrganizationURL url = SAML2Utils.createSAMLObject( - OrganizationURL.class); + + OrganizationURL url = SAML2Utils + .createSAMLObject(OrganizationURL.class); url.setURL(new LocalizedString(org_url, "de")); org.getURLs().add(url); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 71de16a97..b38b862ef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.metadata; import java.io.File; +import java.util.Iterator; import java.util.List; import javax.xml.namespace.QName; @@ -8,6 +9,7 @@ import javax.xml.namespace.QName; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; +import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider; import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.saml2.metadata.provider.MetadataProvider; @@ -17,20 +19,30 @@ import org.opensaml.xml.parse.BasicParserPool; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.MetadataSignatureFilter; +import at.gv.egovernment.moa.logging.Logger; public class MOAMetadataProvider implements MetadataProvider { MetadataProvider internalProvider; public MOAMetadataProvider() throws MetadataProviderException { - FilesystemMetadataProvider fsProvider = new FilesystemMetadataProvider( - new File(PVPConfiguration.getInstance().getMetadataFile())); - fsProvider.setParserPool(new BasicParserPool()); - internalProvider = fsProvider; - internalProvider.setRequireValidMetadata(true); - MetadataFilter filter = new MetadataSignatureFilter(); - internalProvider.setMetadataFilter(filter); - fsProvider.initialize(); + ChainingMetadataProvider chainProvider = new ChainingMetadataProvider(); + Logger.info("Loading metadata"); + List<String> files = PVPConfiguration.getInstance().getMetadataFiles(); + Iterator<String> fileIt = files.iterator(); + while (fileIt.hasNext()) { + String file = fileIt.next(); + Logger.info("Loading metadata file: " + file); + FilesystemMetadataProvider fsProvider = new FilesystemMetadataProvider( + new File(file)); + fsProvider.setParserPool(new BasicParserPool()); + fsProvider.setRequireValidMetadata(true); + MetadataFilter filter = new MetadataSignatureFilter(); + fsProvider.setMetadataFilter(filter); + chainProvider.addMetadataProvider(fsProvider); + fsProvider.initialize(); + } + internalProvider = chainProvider; } public boolean requireValidMetadata() { |