diff options
2 files changed, 122 insertions, 37 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index 348b1c45a..94353fb6b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -18,6 +18,7 @@ import java.util.Map;  import java.util.Properties;  import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.transaction.annotation.Transactional;  import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.commons.MOAIDConstants; @@ -38,13 +39,13 @@ import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;  import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl;  import at.gv.egovernment.moa.id.config.ConfigurationUtils;  import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.ConnectionParameterForeign;  import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP;  import at.gv.egovernment.moa.id.config.ConnectionParameterMandate;  import at.gv.egovernment.moa.id.config.stork.STORKConfig;  import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.MiscUtil; +import iaik.pki.revocation.RevocationSourceTypes;  /**   * A class providing access to the Auth Part of the MOA-ID configuration data. @@ -196,6 +197,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getPropertiesWithPrefix(java.lang.String)  	 */  	@Override +	@Transactional  	public Map<String, String> getConfigurationWithPrefix(String Prefix) {  		try {  			return configuration.getPropertySubset(Prefix); @@ -212,6 +214,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getPropertiesWithPrefix(java.lang.String)  	 */  	@Override +	@Transactional  	public Map<String, String> getConfigurationWithWildCard(String key) {  		try {			  			return configuration.searchPropertiesWithWildcard(key); @@ -228,23 +231,33 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	} +	public String getBasicMOAIDConfiguration(final String key, final String defaultValue) { +		return properties.getProperty(key, defaultValue); +		 +	} +	 +	  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getPropertyWithKey(java.lang.String)  	 */  	@Override +	@Transactional  	public String getConfigurationWithKey(String key) {  		try { -			return configuration.getStringValue(key).trim(); -			 -		} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { -			return null; -		} +			String value = configuration.getStringValue(key); +			if (value != null) +				return value.trim(); +						 +		} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {} +		 +		return null;  	}  	/**  	 * Returns the general pvp2 properties config. NOTE: may be empty but never {@code null}.  	 * @return the general pvp2 properties config.  	 */ +	@Transactional  	public Properties getGeneralPVP2ProperiesConfig() {  		return this.getGeneralProperiesConfig("protocols.pvp2.");  	} @@ -253,6 +266,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * Returns the general oauth20 properties config. NOTE: may be empty but never {@code null}.  	 * @return the general oauth20 properties config.  	 */ +	@Transactional  	public Properties getGeneralOAuth20ProperiesConfig() {  		return this.getGeneralProperiesConfig("protocols.oauth20.");  	} @@ -262,6 +276,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 *   	 * @return the allowed protocols or {@code null}.  	 */ +	@Transactional  	public ProtocolAllowed getAllowedProtocols() {  		try {  			ProtocolAllowed allowedProtcols = new ProtocolAllowed(); @@ -287,6 +302,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getTransactionTimeOut()  	 */  	@Override +	@Transactional  	public int getTransactionTimeOut() {  		try {  			return configuration.getIntegerValue( @@ -302,6 +318,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getSSOCreatedTimeOut()  	 */  	@Override +	@Transactional  	public int getSSOCreatedTimeOut() {  		try {  			return configuration.getIntegerValue( @@ -317,6 +334,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getSSOUpdatedTimeOut()  	 */  	@Override +	@Transactional  	public int getSSOUpdatedTimeOut() {  		try {  			return configuration.getIntegerValue( @@ -334,6 +352,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @return an alternative source ID or {@code null}.  	 * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}  	 */ +	@Transactional  	public String getAlternativeSourceID() throws ConfigurationException {  		try {  			return configuration.getStringValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_SOURCEID); @@ -349,6 +368,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 *   	 * @return the list of protocols.  	 */ +	@Transactional  	public List<String> getLegacyAllowedProtocols() {  		List<String> legacy = new ArrayList<String>(); @@ -380,6 +400,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @param oaURL URL requested for an online application  	 * @return an <code>OAAuthParameter</code>, or <code>null</code> if none is applicable  	 */ +	@Transactional  	public OAAuthParameter getOnlineApplicationParameter(String oaURL) {  		Map<String, String> oa = getActiveOnlineApplication(oaURL);  		if (oa == null) {			 @@ -395,6 +416,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @return a string with a url-reference to the VerifyAuthBlock trust profile ID.  	 * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}.  	 */ +	@Transactional  	public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException {  		if (useTestTrustStore)  			return getMoaSpAuthBlockTestTrustProfileID(); @@ -451,6 +473,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @return a list of strings containing all urls to the verify transform info IDs.  	 * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}.  	 */ +	@Transactional  	public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException {  		try {  			return Arrays.asList(configuration.getStringValue( @@ -468,6 +491,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @return ConnectionParameter of the authentication component moa-sp element.  	 * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}.  	 */ +	@Transactional  	public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException {  		ConnectionParameter result = null;  		String moaspURL; @@ -494,24 +518,34 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @return the connection parameter.  	 * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}.  	 */ -	public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException { -		ConnectionParameter result = null; -		String serviceURL; +	@Transactional +	public ConnectionParameter getForeignIDConnectionParameter(IOAAuthParameters oaParameters) throws ConfigurationException { +		String serviceURL = null;  		try { -			serviceURL = configuration.getStringValue( -					MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL); -			if (serviceURL != null) { -				result =  -						new ConnectionParameterForeign(serviceURL, this.getProperties(), this.getRootConfigFileDir()); +			//load OA specific MIS service URL if OA configuration exists +			if (oaParameters != null) +				serviceURL = oaParameters.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL); +			//get first entry from general configuration if no OA specific URL exists				 +			if (MiscUtil.isEmpty(serviceURL)) { +					List<String> serviceURLs = KeyValueUtils.getListOfCSVValues( +							configuration.getStringValue(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL)); +					if (serviceURLs.size() > 0) +						serviceURL = serviceURLs.get(0); +										  			} +			if (MiscUtil.isNotEmpty(serviceURL)) +				return new ConnectionParameterMandate(serviceURL, this.getProperties(), this.getRootConfigFileDir()); +			 +			else +				throw new ConfigurationException("service.09", new Object[]{"NO SZR-GW Service URL"}); +					  		} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { -			Logger.warn("Loading SZRGW Service URL from configuration FAILED.", e); +			Logger.warn("Initialize SZR-GW service connection parameters FAILED.", e); +			throw new ConfigurationException("service.09", new Object[]{e.getMessage()}, e); -		} - -		return result; +		}		  	}  	/** @@ -520,24 +554,35 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @return the connection parameter.  	 * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}  	 */ -	public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException { -		ConnectionParameter result = null; -		String serviceURL; +	@Transactional +	public ConnectionParameter getOnlineMandatesConnectionParameter(IOAAuthParameters oaParameters) throws ConfigurationException { +		String serviceURL = null;  		try { -			serviceURL = configuration.getStringValue( -					MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL); -			if (serviceURL != null) { -				result =  -						new ConnectionParameterMandate(serviceURL, this.getProperties(), this.getRootConfigFileDir()); +			//load OA specific MIS service URL if OA configuration exists +			if (oaParameters != null) +				serviceURL = oaParameters.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_MIS_SERVICE_URL); +			//get first entry from general configuration if no OA specific URL exists				 +			if (MiscUtil.isEmpty(serviceURL)) { +					List<String> serviceURLs = KeyValueUtils.getListOfCSVValues( +							configuration.getStringValue(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL)); +					if (serviceURLs.size() > 0) +						serviceURL = serviceURLs.get(0); +										  			} +			if (MiscUtil.isNotEmpty(serviceURL)) +				return new ConnectionParameterMandate(serviceURL, this.getProperties(), this.getRootConfigFileDir()); +			 +			else +				throw new ConfigurationException("service.06", new Object[]{"NO MIS Service URL"}); +					  		} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { -			Logger.warn("Loading SZRGW Service URL from configuration FAILED.", e); +			Logger.warn("Initialize MIS service connection parameters FAILED.", e); +			throw new ConfigurationException("service.06", new Object[]{e.getMessage()}, e);  		} - -		return result; +		  	}  	/** @@ -563,6 +608,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @return a list of transform infos.  	 * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link SecurityLayer}.  	 */ +	@Transactional  	public List<String> getTransformsInfos() throws ConfigurationException {  		try {  			String securityLayer = configuration.getStringValue( @@ -595,6 +641,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 *   	 * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}  	 */ +	@Transactional  	public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException {  		ArrayList<String> identityLinkX509SubjectNames = new ArrayList<String>(); @@ -616,6 +663,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @return list of default SLRequestTemplates.  	 * @throws ConfigurationException is never thrown  	 */ +	@Transactional  	public List<String> getSLRequestTemplates() throws ConfigurationException {  		List<String> templatesList = new ArrayList<String>(); @@ -642,6 +690,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 *   	 * @throws ConfigurationException is never thrown  	 */ +	@Transactional  	public String getSLRequestTemplates(String type) throws ConfigurationException {  		String slRequestTemplate = null; @@ -677,6 +726,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @return list of default BKUURLs.  	 * @throws ConfigurationException is never thrown  	 */ +	@Transactional  	public List<String> getDefaultBKUURLs() throws ConfigurationException {  		List<String> bkuurlsList = new ArrayList<String>();  		try { @@ -702,6 +752,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 *   	 * @throws ConfigurationException is never thrown  	 */ +	@Transactional  	public String getDefaultBKUURL(String type) throws ConfigurationException {  		String defaultBKUUrl = null;  		try { @@ -736,6 +787,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @return the SSOTagetIdentifier or {@code null}  	 * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}  	 */ +	@Transactional  	public String getSSOTagetIdentifier() throws ConfigurationException {  		try {  			String value = configuration.getStringValue( @@ -756,6 +808,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 *   	 * @return the SSOFriendlyName or a default String  	 */ +	@Transactional  	public String getSSOFriendlyName() {  		try {  			return configuration.getStringValue( @@ -772,6 +825,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 *   	 * @return the SSOSpecialText or an empty String  	 */ +	@Transactional  	public String getSSOSpecialText() {  		try {  			String text = configuration.getStringValue( @@ -858,6 +912,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  		return Boolean.valueOf(prop);  	} +	@Transactional  	public List<String> getPublicURLPrefix() throws ConfigurationException{  		try {			  			String publicURLPrefixList = configuration.getStringValue( @@ -923,6 +978,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @return a new STORK Configuration or {@code null}  	 * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}  	 */ +	@Transactional  	public IStorkConfig getStorkConfig() throws ConfigurationException {  		IStorkConfig result = null;  		try { @@ -1009,6 +1065,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @return {@code true} if enable, {@code false} if disabled  	 */  	@Override +	@Transactional  	public boolean isTrustmanagerrevoationchecking() {  		try { @@ -1027,6 +1084,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @return the path to the certstore directory or {@code null}  	 */  	@Override +	@Transactional  	public String getCertstoreDirectory() {  		try {  			String path = rootConfigFileDir + configuration.getStringValue( @@ -1047,6 +1105,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	}  	@Override +	@Transactional  	public String getTrustedCACertificates() {  		try {  			String path = rootConfigFileDir + configuration.getStringValue( @@ -1073,6 +1132,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @param id the id of the requested online application  	 * @return the requested online application or {@code null}  	 */ +	@Transactional  	public Map<String, String> getActiveOnlineApplication(String id) {  		Logger.trace("Get active OnlineApplication with ID " + id + " from database.");  		Map<String, String> oaConfig = null; @@ -1174,9 +1234,34 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	}  	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.commons.api.AuthConfiguration#getRevocationMethodOrder() +	 */ +	@Override +	public String[] getRevocationMethodOrder() { +		final String[] DEFAULTORDER = new String[] {RevocationSourceTypes.OCSP, RevocationSourceTypes.CRL}; +		List<String> result = new ArrayList<String>(); +		 +		String prop = properties.getProperty("configuration.ssl.validation.revocation.method.order"); +		if (MiscUtil.isNotEmpty(prop)) { +			String[] configOrder = prop.split(","); +			for (String el : configOrder) { +				if (RevocationSourceTypes.ALL.contains(el.trim())) { +					result.add(el.trim()); +				} +			}			 +		} +		 +		if (result.isEmpty())		 +			return DEFAULTORDER; +		else +			return result.toArray(new String[result.size()]); +	} +	 +	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getDefaultRevisionsLogEventCodes()  	 */  	@Override +	@Transactional  	public List<Integer> getDefaultRevisionsLogEventCodes() {  		try {  			String eventcodes = configuration.getStringValue(MOAIDConfigurationConstants.GENERAL_REVERSION_LOGS_EVENTCODES); @@ -1209,6 +1294,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getMoaSpIdentityLinkTrustProfileID(boolean)  	 */  	@Override +	@Transactional  	public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore)  			throws ConfigurationException {  		if (useTestTrustStore) @@ -1221,6 +1307,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide  	 * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#isVirtualIDPsEnabled()  	 */  	@Override +	@Transactional  	public boolean isVirtualIDPsEnabled() {  		try {  			String value = configuration.getStringValue( diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java index 8153fa2a8..c5d2a9553 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java @@ -23,7 +23,6 @@  package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;  import java.util.List; -import java.util.Timer;  import javax.xml.namespace.QName; @@ -54,7 +53,8 @@ import at.gv.egovernment.moa.util.MiscUtil;   */  @Service("ELGAMandate_MetadataProvider") -public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider { +public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider  +		implements IDestroyableObject  {  	@Autowired AuthConfiguration authConfig; @@ -74,6 +74,8 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide  	public void destroy() {  		fullyDestroy(); +	} +		  	/* (non-Javadoc)  	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#requireValidMetadata()  	 */ @@ -239,17 +241,13 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide  				Logger.error("Create ELGA Mandate-Service Client FAILED: No trustProfileID to verify PVP metadata." );  				throw new MetadataProviderException("No trustProfileID to verify PVP metadata.");  			} -		 -			//initialize Timer if it is null -			if (timer == null) -				timer = new Timer(true); -				 +					  			//create metadata validation filter chain  			MetadataFilterChain filter = new MetadataFilterChain();  			filter.addFilter(new SchemaValidationFilter(true));  			filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID)); -			metadataProvider = createNewHTTPMetaDataProvider(metdataURL,  +			HTTPMetadataProvider idpMetadataProvider = createNewHTTPMetaDataProvider(metdataURL,   					filter,   					ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING); | 
