diff options
266 files changed, 13485 insertions, 5071 deletions
diff --git a/common/pom.xml b/common/pom.xml index fffb1a460..37c083ec7 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -3,11 +3,10 @@ <parent> <groupId>MOA</groupId> <artifactId>MOA</artifactId> - <version>2.0.1</version> + <version>2.0.2</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>moa-common</artifactId> - <!-- <version>2.0.0</version> --> <packaging>jar</packaging> <name>MOA common library</name> diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java index 1e219b784..dbc9faba6 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java @@ -107,6 +107,20 @@ public class DateTimeUtils { } /** + * Builds a <code>dateTime</code> value in UTC from a <code>Calendar</code> value. + * @param cal the <code>Calendar</code> value + * @return the <code>dateTime</code> value + */ + public static String buildDateTimeUTC(Date cal) { + + SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); + f.setTimeZone(TimeZone.getTimeZone("UTC")); + + return f.format(cal); + + } + + /** * Builds a <code>dateTime</code> value from a <code>Calendar</code> value. * @param cal the <code>Calendar</code> value * @return the <code>dateTime</code> value diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 57aa5c794..aaadb1969 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -3,13 +3,13 @@ <parent> <groupId>MOA</groupId> <artifactId>id</artifactId> - <version>2.0.1</version> + <version>2.0.x</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>MOA.id</groupId> <artifactId>moa-id-configuration</artifactId> - <version>1.0.1</version> + <version>${configtool-version}</version> <packaging>war</packaging> <name>MOA-ID 2.0 Configuration Tool</name> <description>Web based Configuration Tool for MOA-ID 2.x</description> @@ -73,7 +73,6 @@ <dependency> <groupId>MOA.id.server</groupId> <artifactId>moa-id-lib</artifactId> - <!-- <version>1.9.98-SNAPSHOT</version> --> <exclusions> <exclusion> <groupId>*</groupId> @@ -142,20 +141,42 @@ </dependencies> <build> + <pluginManagement> <plugins> - <plugin> + + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>properties-maven-plugin</artifactId> + <version>1.0-alpha-2</version> + <executions> + <execution> + <phase>initialize</phase> + <goals> + <goal>read-project-properties</goal> + </goals> + <configuration> + <files> + <file>${basedir}/moa-id.properties</file> + </files> + </configuration> + </execution> + </executions> + </plugin> + + <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <version>2.4</version> <configuration> <archive> <manifestEntries> - <version>${project.version}</version> + <version>${configtool-version}</version> </manifestEntries> - </archive> - </configuration> -</plugin> - </plugins> + </archive> + </configuration> + </plugin> + </plugins> + </pluginManagement> </build> </project> diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java index 70241fafb..df1faa7c0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java @@ -82,9 +82,7 @@ public class Constants { public static final String DEFAULT_LOCALBKU_URL = "https://127.0.0.1:3496/https-security-layer-request"; public static final String DEFAULT_HANDYBKU_URL = "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"; - - public static final String PUBLICSERVICE_URL_POSTFIX = ".gv.at"; - + public static final String IDENIFICATIONTYPE_FN = "FN"; public static final String IDENIFICATIONTYPE_ERSB = "ERSB"; public static final String IDENIFICATIONTYPE_ZVR = "ZVR"; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java index b7da86db7..330ed7036 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java @@ -24,6 +24,9 @@ package at.gv.egovernment.moa.id.configuration.auth; import java.util.Date; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; public class AuthenticatedUser { @@ -39,27 +42,89 @@ public class AuthenticatedUser { private String institute; private String userName; private Date lastLogin; - - public AuthenticatedUser() { + + private boolean onlyBusinessService = false; + private String businessServiceType; + private String businessServiceNumber; + + private AuthenticatedUser() { } - public AuthenticatedUser(long userID, String givenName, String familyName, String institute, - String userName, boolean isAuthenticated, boolean isAdmin, boolean isMandateUser, + public static AuthenticatedUser generateDefaultUser() { + + AuthenticatedUser user = new AuthenticatedUser(); + user.familyName = "TestUser"; + user.givenName = "Max"; + user.userName = "maxtestuser"; + user.userID = 0; + user.institute = new String(); + user.isAdmin = true; + user.isAuthenticated = true; + user.isMandateUser = false; + user.isPVP2Login = false; + user.lastLogin = new Date(); + + return user; + } + + public static AuthenticatedUser generateUserRequestUser(UserDatabaseFrom form) { + + AuthenticatedUser user = new AuthenticatedUser(); + user.familyName = form.getFamilyName(); + user.givenName = form.getGivenName(); + user.userName = form.getUsername(); + user.userID = 0; + user.institute = form.getInstitut(); + user.isAdmin = false; + user.isAuthenticated = false; + user.isMandateUser = form.isIsmandateuser(); + user.isPVP2Login = form.isPVPGenerated(); + user.lastLogin = new Date(); + + return user; + } + + public AuthenticatedUser(UserDatabase userdb, boolean isAuthenticated, boolean isMandateUser, boolean isPVP2Login) { - this.familyName = familyName; - this.givenName = givenName; - this.userName = userName; - this.userID = userID; - this.institute = institute; - this.isAdmin = isAdmin; + this.familyName = userdb.getFamilyname(); + this.givenName = userdb.getGivenname(); + this.userName = userdb.getUsername(); + this.userID = userdb.getHjid(); + this.institute = userdb.getInstitut(); + this.isAdmin = userdb.isIsAdmin(); this.isAuthenticated = isAuthenticated; this.isMandateUser = isMandateUser; this.isPVP2Login = isPVP2Login; this.lastLogin = new Date(); + + if (!this.isAdmin) generateUserSpecificConfigurationOptions(userdb); } + + private void generateUserSpecificConfigurationOptions(UserDatabase userdb) { + + if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { + String bpk = userdb.getBpk(); + if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN) || bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_ZVR) || bpk.startsWith(Constants.IDENIFICATIONTYPE_STORK)) { + onlyBusinessService = true; + + String[] split = bpk.split("\\+"); + this.businessServiceType = split[1].substring(1); + + if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN)) + this.businessServiceNumber = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(split[2]); + else + this.businessServiceNumber = split[2]; + + } else + onlyBusinessService = false; + + } + + } + public String getFormatedLastLogin() { return DateTimeHelper.getDateTime(lastLogin); } @@ -72,13 +137,6 @@ public class AuthenticatedUser { } /** - * @param isAuthenticated the isAuthenticated to set - */ - public void setAuthenticated(boolean isAuthenticated) { - this.isAuthenticated = isAuthenticated; - } - - /** * @return the isAdmin */ public boolean isAdmin() { @@ -86,13 +144,6 @@ public class AuthenticatedUser { } /** - * @param isAdmin the isAdmin to set - */ - public void setAdmin(boolean isAdmin) { - this.isAdmin = isAdmin; - } - - /** * @return the userID */ public long getUserID() { @@ -100,13 +151,6 @@ public class AuthenticatedUser { } /** - * @param userID the userID to set - */ - public void setUserID(long userID) { - this.userID = userID; - } - - /** * @return the givenName */ public String getGivenName() { @@ -114,13 +158,6 @@ public class AuthenticatedUser { } /** - * @param givenName the givenName to set - */ - public void setGivenName(String givenName) { - this.givenName = givenName; - } - - /** * @return the familyName */ public String getFamilyName() { @@ -128,25 +165,11 @@ public class AuthenticatedUser { } /** - * @param familyName the familyName to set - */ - public void setFamilyName(String familyName) { - this.familyName = familyName; - } - - /** * @return the lastLogin */ public Date getLastLogin() { return lastLogin; } - - /** - * @param lastLogin the lastLogin to set - */ - public void setLastLogin(Date lastLogin) { - this.lastLogin = lastLogin; - } /** * @return the userName @@ -156,54 +179,57 @@ public class AuthenticatedUser { } /** - * @param userName the userName to set + * @return the institute */ - public void setUserName(String userName) { - this.userName = userName; + public String getInstitute() { + return institute; } /** - * @return the institute + * @return the isPVP2Login */ - public String getInstitute() { - return institute; + public boolean isPVP2Login() { + return isPVP2Login; } /** - * @param institute the institute to set + * @return the isMandateUser */ - public void setInstitute(String institute) { - this.institute = institute; + public boolean isMandateUser() { + return isMandateUser; } /** - * @return the isPVP2Login + * @return the onlyBusinessService */ - public boolean isPVP2Login() { - return isPVP2Login; + public boolean isOnlyBusinessService() { + return onlyBusinessService; } /** - * @param isPVP2Login the isPVP2Login to set + * @return the businessServiceType */ - public void setPVP2Login(boolean isPVP2Login) { - this.isPVP2Login = isPVP2Login; + public String getBusinessServiceType() { + return businessServiceType; } /** - * @return the isMandateUser + * @return the businessServiceNumber */ - public boolean isMandateUser() { - return isMandateUser; + public String getBusinessServiceNumber() { + return businessServiceNumber; } /** - * @param isMandateUser the isMandateUser to set + * @param lastLogin the lastLogin to set */ - public void setMandateUser(boolean isMandateUser) { - this.isMandateUser = isMandateUser; + public void setLastLogin(Date lastLogin) { + this.lastLogin = lastLogin; } + + + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index bcc9a87ab..84af0d225 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -41,7 +41,7 @@ import java.util.jar.Manifest; import javax.servlet.http.HttpServletRequest; -import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; import org.apache.log4j.Logger; import org.opensaml.DefaultBootstrap; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; @@ -49,7 +49,11 @@ import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.x509.BasicX509Credential; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; @@ -436,6 +440,26 @@ public class ConfigurationProvider { return parseVersionFromManifest(); } + public String getCertStoreDirectory() throws CertificateException { + String dir = props.getProperty("general.ssl.certstore"); + if (MiscUtil.isNotEmpty(dir)) + return FileUtils.makeAbsoluteURL(dir, configRootDir); + + else + throw new CertificateException("No SSLCertStore configured use default JAVA TrustStore."); + + } + + public String getTrustStoreDirectory() throws CertificateException { + String dir = props.getProperty("general.ssl.truststore"); + if (MiscUtil.isNotEmpty(dir)) + return FileUtils.makeAbsoluteURL(dir, configRootDir); + + else + throw new CertificateException("No SSLTrustStore configured use default JAVA TrustStore."); + + } + private void initalPVP2Login() throws ConfigurationException { try { @@ -458,8 +482,28 @@ public class ConfigurationProvider { log.info("NO IDP Metadata URL."); throw new ConfigurationException("NO IDP Metadata URL."); } - - idpMetadataProvider = new HTTPMetadataProvider(new Timer(), new HttpClient(), metadataurl); + + MOAHttpClient httpClient = new MOAHttpClient(); + + if (metadataurl.startsWith("https:")) { + try { + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + "MOAMetaDataProvider", + AuthConfigurationProvider.getInstance().getCertstoreDirectory(), + AuthConfigurationProvider.getInstance().getTrustedCACertificates(), + null, + ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()), + AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking()); + + httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException e) { + log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); + + } + } + + idpMetadataProvider = new HTTPMetadataProvider(new Timer(), httpClient, metadataurl); idpMetadataProvider.setRequireValidMetadata(true); idpMetadataProvider.setParserPool(new BasicParserPool()); idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential)); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java index 687925c18..25f20372a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java @@ -22,20 +22,40 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.data; +import java.io.File; +import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; import java.util.List; import java.util.Map; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; + +import org.apache.log4j.Logger; + import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationType; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData; +import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationValitator; +import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.util.MiscUtil; -public class FormularCustomization { +public class FormularCustomization implements IOnlineApplicationData { + private static final Logger log = Logger.getLogger(FormularCustomization.class); + private boolean showMandateLoginButton = true; private boolean onlyMandateAllowed = false; @@ -52,25 +72,79 @@ public class FormularCustomization { private String applet_height = null; private String applet_width = null; + private Map<String, String> map = null; private String appletRedirectTarget = null; public static List<String> appletRedirectTargetList = null; - + public static List<String> fontTypeList = null; public String fontTypeListValue = null; + private Map<String, byte[]> sendAssertionForm = new HashMap<String, byte[]>(); + private Map<String, byte[]> bkuSelectionForm = new HashMap<String, byte[]>(); + + private List<File> bkuSelectionFileUpload = null; + private List<String> bkuSelectionFileUploadContentType = null; + private List<String> bkuSelectionFileUploadFileName = new ArrayList<String>(); + private boolean deleteBKUTemplate = false; + + private List<File> sendAssertionFileUpload = null; + private List<String> sendAssertionFileUploadContentType = null; + private List<String> sendAssertionFileUploadFileName = new ArrayList<String>();; + private boolean deleteSendAssertionTemplate = false; + + private String aditionalAuthBlockText = null; + private boolean isHideBPKAuthBlock = false; + public FormularCustomization() { + new FormularCustomization(null); + } + + public FormularCustomization(Map<String, String> map) { appletRedirectTargetList = Arrays.asList("","_blank","_self","_parent","_top"); fontTypeList = Arrays.asList("","Verdana","Geneva","Arial","Helvetica","sans-serif","Times New Roman"); Collections.sort(fontTypeList); + + if (map == null) + this.map = new HashMap<String, String>(); + else + this.map = map; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "OAFormularCustomization"; } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + AuthComponentOA auth = dbOA.getAuthComponentOA(); + + if (dbOA.getAuthComponentOA() != null) + isHideBPKAuthBlock = dbOA.isRemoveBPKFromAuthBlock(); - public void parse(OnlineApplication dbOAConfig, Map<String, String> map) { - AuthComponentOA auth = dbOAConfig.getAuthComponentOA(); - if (auth != null) { TemplatesType templates = auth.getTemplates(); - if (templates != null) { + + if (templates != null) { + aditionalAuthBlockText = templates.getAditionalAuthBlockText(); + + TransformsInfoType bkuSelectTemplate = templates.getBKUSelectionTemplate(); + if (bkuSelectTemplate != null && MiscUtil.isNotEmpty(bkuSelectTemplate.getFilename())) { + bkuSelectionFileUploadFileName.add(bkuSelectTemplate.getFilename()); + } + + TransformsInfoType sendAssertionTemplate = templates.getSendAssertionTemplate(); + if (sendAssertionTemplate != null && MiscUtil.isNotEmpty(sendAssertionTemplate.getFilename())) { + sendAssertionFileUploadFileName.add(sendAssertionTemplate.getFilename()); + } + BKUSelectionCustomizationType formcustom = templates.getBKUSelectionCustomization(); if (formcustom != null) { @@ -140,8 +214,179 @@ public class FormularCustomization { } } } + + request.getSession().setAttribute(Constants.SESSION_BKUFORMPREVIEW, map); + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + dbOA.setRemoveBPKFromAuthBlock(isHideBPKAuthBlock()); + + TemplatesType templates = authoa.getTemplates(); + if (templates == null) { + templates = new TemplatesType(); + authoa.setTemplates(templates); + } + + templates.setAditionalAuthBlockText(getAditionalAuthBlockText()); + + //store BKU-selection and send-assertion templates + if (authUser.isAdmin()) { + + if (isDeleteBKUTemplate()) + templates.setBKUSelectionTemplate(null); + + if (isDeleteSendAssertionTemplate()) + templates.setSendAssertionTemplate(null); + + + if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) { + TransformsInfoType template = new TransformsInfoType(); + + Iterator<String> interator = bkuSelectionForm.keySet().iterator(); + template.setFilename(interator.next()); + template.setTransformation(bkuSelectionForm.get( + template.getFilename())); + + templates.setBKUSelectionTemplate(template); + } + + if (sendAssertionForm != null && sendAssertionForm.size() > 0) { + TransformsInfoType template = new TransformsInfoType(); + + Iterator<String> interator = sendAssertionForm.keySet().iterator(); + template.setFilename(interator.next()); + template.setTransformation(sendAssertionForm.get( + template.getFilename())); + + templates.setSendAssertionTemplate(template); + } + } + + BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization(); + if (bkuselectioncustom == null) { + bkuselectioncustom = new BKUSelectionCustomizationType(); + templates.setBKUSelectionCustomization(bkuselectioncustom); + } + + if (authoa.getMandates() != null && + (authoa.getMandates().getProfileName() != null + && authoa.getMandates().getProfileName().size() > 0) + || MiscUtil.isNotEmpty(authoa.getMandates().getProfiles())) + + bkuselectioncustom.setMandateLoginButton(true); + else + bkuselectioncustom.setMandateLoginButton(false); + + bkuselectioncustom.setOnlyMandateLoginAllowed(isOnlyMandateAllowed()); + + bkuselectioncustom.setBackGroundColor(parseColor(getBackGroundColor())); + bkuselectioncustom.setFrontColor(parseColor(getFrontColor())); + + bkuselectioncustom.setHeaderBackGroundColor(parseColor(getHeader_BackGroundColor())); + bkuselectioncustom.setHeaderFrontColor(parseColor(getHeader_FrontColor())); + bkuselectioncustom.setHeaderText(getHeader_text()); + + bkuselectioncustom.setButtonBackGroundColor(parseColor(getButton_BackGroundColor())); + bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(getButton_BackGroundColorFocus())); + bkuselectioncustom.setButtonFontColor(parseColor(getButton_FrontColor())); + + if (MiscUtil.isNotEmpty(getAppletRedirectTarget())) + bkuselectioncustom.setAppletRedirectTarget(getAppletRedirectTarget()); + + bkuselectioncustom.setFontType(getFontType()); + + bkuselectioncustom.setAppletHeight(getApplet_height()); + bkuselectioncustom.setAppletWidth(getApplet_width()); + + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + + HttpSession session = request.getSession(); + List<String> errors = new ArrayList<String>(); + + String check = null; + if (authUser.isAdmin()) { + //validate aditionalAuthBlockText + check = getAditionalAuthBlockText(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); + } + } + } + + OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); + //validate BKU-selection template + List<String> templateError = valiator_fileUpload.validate(getBkuSelectionFileUploadFileName() + , getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm, request); + if (templateError != null && templateError.size() == 0) { + if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) + session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm); + + else + bkuSelectionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); + + } else { + errors.addAll(templateError); + + } + + //validate send-assertion template + templateError = valiator_fileUpload.validate(getSendAssertionFileUploadFileName() + , getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm, request); + if (templateError != null && templateError.size() == 0) { + if (sendAssertionForm != null && sendAssertionForm.size() > 0) + session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm); + + else + sendAssertionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); + + } else { + errors.addAll(templateError); + + } + + //validate BKUFormCustomization + errors.addAll(new FormularCustomizationValitator().validate(this, request)); + + return errors; } + private String parseColor(String color) { + String value = ""; + + if (MiscUtil.isNotEmpty(color)) { + if (!color.startsWith("#")) + value = "#" + color; + else + value = color; + } + return value; + } /** * @return the showMandateLoginButton @@ -389,9 +634,165 @@ public class FormularCustomization { public void setApplet_width(String applet_width) { this.applet_width = applet_width; } - - - - + + + /** + * @return the bkuSelectionFileUpload + */ + public List<File> getBkuSelectionFileUpload() { + return bkuSelectionFileUpload; + } + + + /** + * @param bkuSelectionFileUpload the bkuSelectionFileUpload to set + */ + public void setBkuSelectionFileUpload(List<File> bkuSelectionFileUpload) { + this.bkuSelectionFileUpload = bkuSelectionFileUpload; + } + + + /** + * @return the bkuSelectionFileUploadContentType + */ + public List<String> getBkuSelectionFileUploadContentType() { + return bkuSelectionFileUploadContentType; + } + + + /** + * @param bkuSelectionFileUploadContentType the bkuSelectionFileUploadContentType to set + */ + public void setBkuSelectionFileUploadContentType( + List<String> bkuSelectionFileUploadContentType) { + this.bkuSelectionFileUploadContentType = bkuSelectionFileUploadContentType; + } + + + /** + * @return the bkuSelectionFileUploadFileName + */ + public List<String> getBkuSelectionFileUploadFileName() { + return bkuSelectionFileUploadFileName; + } + + + /** + * @param bkuSelectionFileUploadFileName the bkuSelectionFileUploadFileName to set + */ + public void setBkuSelectionFileUploadFileName( + List<String> bkuSelectionFileUploadFileName) { + this.bkuSelectionFileUploadFileName = bkuSelectionFileUploadFileName; + } + + + /** + * @return the sendAssertionFileUpload + */ + public List<File> getSendAssertionFileUpload() { + return sendAssertionFileUpload; + } + + + /** + * @param sendAssertionFileUpload the sendAssertionFileUpload to set + */ + public void setSendAssertionFileUpload(List<File> sendAssertionFileUpload) { + this.sendAssertionFileUpload = sendAssertionFileUpload; + } + + + /** + * @return the sendAssertionFileUploadContentType + */ + public List<String> getSendAssertionFileUploadContentType() { + return sendAssertionFileUploadContentType; + } + + + /** + * @param sendAssertionFileUploadContentType the sendAssertionFileUploadContentType to set + */ + public void setSendAssertionFileUploadContentType( + List<String> sendAssertionFileUploadContentType) { + this.sendAssertionFileUploadContentType = sendAssertionFileUploadContentType; + } + + + /** + * @return the sendAssertionFileUploadFileName + */ + public List<String> getSendAssertionFileUploadFileName() { + return sendAssertionFileUploadFileName; + } + + + /** + * @param sendAssertionFileUploadFileName the sendAssertionFileUploadFileName to set + */ + public void setSendAssertionFileUploadFileName( + List<String> sendAssertionFileUploadFileName) { + this.sendAssertionFileUploadFileName = sendAssertionFileUploadFileName; + } + + + /** + * @return the deleteBKUTemplate + */ + public boolean isDeleteBKUTemplate() { + return deleteBKUTemplate; + } + + + /** + * @param deleteBKUTemplate the deleteBKUTemplate to set + */ + public void setDeleteBKUTemplate(boolean deleteBKUTemplate) { + this.deleteBKUTemplate = deleteBKUTemplate; + } + + + /** + * @return the deleteSendAssertionTemplate + */ + public boolean isDeleteSendAssertionTemplate() { + return deleteSendAssertionTemplate; + } + + + /** + * @param deleteSendAssertionTemplate the deleteSendAssertionTemplate to set + */ + public void setDeleteSendAssertionTemplate(boolean deleteSendAssertionTemplate) { + this.deleteSendAssertionTemplate = deleteSendAssertionTemplate; + } + + /** + * @return the aditionalAuthBlockText + */ + public String getAditionalAuthBlockText() { + return aditionalAuthBlockText; + } + + /** + * @param aditionalAuthBlockText the aditionalAuthBlockText to set + */ + public void setAditionalAuthBlockText(String aditionalAuthBlockText) { + this.aditionalAuthBlockText = aditionalAuthBlockText; + } + + /** + * @return the isHideBPKAuthBlock + */ + public boolean isHideBPKAuthBlock() { + return isHideBPKAuthBlock; + } + + /** + * @param isHideBPKAuthBlock the isHideBPKAuthBlock to set + */ + public void setHideBPKAuthBlock(boolean isHideBPKAuthBlock) { + this.isHideBPKAuthBlock = isHideBPKAuthBlock; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java index 69bf5dc0c..c4a825589 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java @@ -24,11 +24,21 @@ package at.gv.egovernment.moa.id.configuration.data; public class OAListElement { + public enum ServiceType {OA, VIDP, IDP} + private long dataBaseID; private String oaIdentifier; private String oaFriendlyName; private String oaType; private boolean isActive; + private ServiceType serviceType; + + /** + * + */ + public OAListElement(ServiceType type) { + this.serviceType = type; + } /** @@ -95,5 +105,10 @@ public class OAListElement { public String getIsActive(){ return String.valueOf(isActive); } - + /** + * @return the serviceType + */ + public String getServiceType() { + return serviceType.name(); + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java new file mode 100644 index 000000000..37f8fbc07 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java @@ -0,0 +1,64 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.data.oa; + +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; + +/** + * @author tlenz + * + */ +public interface IOnlineApplicationData { + + public String getName(); + + /** + * Parse OnlineApplication database object to formData + * @param dbOAConfig + * @return List of Errors + */ + public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request); + + /** + * Store formData to OnlineApplication database object + * @param dboa: Database data object + * @param authUser + * @param request: + * @return Error description + */ + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request); + + /** + * Validate formData + * @param general + * @param request + * @return + */ + public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser, HttpServletRequest request); + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java new file mode 100644 index 000000000..cb60a21a0 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java @@ -0,0 +1,542 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.data.oa; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; +import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; +import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.validation.oa.OAAuthenticationDataValidation; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class OAAuthenticationData implements IOnlineApplicationData { + + private String bkuOnlineURL = null; + private String bkuHandyURL = null; + private String bkuLocalURL = null; + + private String mandateProfiles = null; + private boolean useMandates = false; + + private boolean calculateHPI = false; + + private String keyBoxIdentifier = null; + private static Map<String, String> keyBoxIdentifierList; + + private boolean legacy = false; + List<String> SLTemplates = null; + + private Map<String, byte[]> transformations; + + /** + * + */ + public OAAuthenticationData() { + keyBoxIdentifierList = new HashMap<String, String>(); + MOAKeyBoxSelector[] values = MOAKeyBoxSelector.values(); + for (int i=0; i<values.length; i++) { + keyBoxIdentifierList.put(values[i].value(), values[i].value()); + } + + keyBoxIdentifier = MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR.value(); + + bkuLocalURL = Constants.DEFAULT_LOCALBKU_URL; + bkuHandyURL = Constants.DEFAULT_HANDYBKU_URL; + + MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + if (moaidconfig != null) { + DefaultBKUs defaultbkus = moaidconfig.getDefaultBKUs(); + if (defaultbkus != null) { + setBkuHandyURL(defaultbkus.getHandyBKU()); + setBkuLocalURL(defaultbkus.getLocalBKU()); + setBkuOnlineURL(defaultbkus.getOnlineBKU()); + } + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "OAAuthenticationData"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + keyBoxIdentifier = dbOA.getKeyBoxIdentifier().value(); + + AuthComponentOA oaauth = dbOA.getAuthComponentOA(); + if (oaauth != null) { + BKUURLS bkuurls = oaauth.getBKUURLS(); + + String defaulthandy = ""; + String defaultlocal = ""; + String defaultonline = ""; + + MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); + if (dbconfig != null) { + DefaultBKUs defaultbkus = dbconfig.getDefaultBKUs(); + if (defaultbkus != null) { + defaulthandy = defaultbkus.getHandyBKU(); + defaultlocal = defaultbkus.getLocalBKU(); + defaultonline = defaultbkus.getOnlineBKU(); + } + } + + if (bkuurls != null) { + + if (MiscUtil.isEmpty(bkuurls.getHandyBKU())) + bkuHandyURL = defaulthandy; + else + bkuHandyURL = bkuurls.getHandyBKU(); + + if (MiscUtil.isEmpty(bkuurls.getLocalBKU())) + bkuLocalURL = defaultlocal; + else + bkuLocalURL = bkuurls.getLocalBKU(); + + if (MiscUtil.isEmpty(bkuurls.getOnlineBKU())) + bkuOnlineURL = defaultonline; + else + bkuOnlineURL = bkuurls.getOnlineBKU(); + } + + Mandates mandates = oaauth.getMandates(); + if (mandates != null) { + + mandateProfiles = null; + + List<String> profileList = mandates.getProfileName(); + for (String el : profileList) { + if (mandateProfiles == null) + mandateProfiles = el; + + else + mandateProfiles += "," + el; + } + + //TODO: only for RC1 + if (MiscUtil.isNotEmpty(mandates.getProfiles())) { + if (mandateProfiles == null) + mandateProfiles = mandates.getProfiles(); + + else + mandateProfiles += "," + mandates.getProfiles(); + + } + + if (mandateProfiles != null) + useMandates = true; + + else + useMandates = false; + + } + + TemplatesType templates = oaauth.getTemplates(); + if (templates != null) { + List<TemplateType> templatetype = templates.getTemplate(); + + if (templatetype != null) { + if (SLTemplates == null) { + SLTemplates = new ArrayList<String>(); + } + + for (TemplateType el : templatetype) { + SLTemplates.add(el.getURL()); + } + } + } + + if (SLTemplates != null && SLTemplates.size() > 0) + legacy = true; + + List<TransformsInfoType> transforminfos = oaauth.getTransformsInfo(); + transformations = new HashMap<String, byte[]>(); + for (TransformsInfoType el : transforminfos) { + transformations.put(el.getFilename(), el.getTransformation()); + } + } + + return null; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + dbOA.setCalculateHPI(isCalculateHPI()); + + if (authUser.isAdmin()) { + + //store BKU-URLs + BKUURLS bkuruls = new BKUURLS(); + authoa.setBKUURLS(bkuruls); + bkuruls.setHandyBKU(getBkuHandyURL()); + bkuruls.setLocalBKU(getBkuLocalURL()); + bkuruls.setOnlineBKU(getBkuOnlineURL()); + + //store SecurtiyLayerTemplates + TemplatesType templates = authoa.getTemplates(); + if (templates == null) { + templates = new TemplatesType(); + authoa.setTemplates(templates); + } + List<TemplateType> template = templates.getTemplate(); + if (isLegacy()) { + + if (template == null) + template = new ArrayList<TemplateType>(); + else + template.clear(); + + if (MiscUtil.isNotEmpty(getSLTemplateURL1())) { + TemplateType el = new TemplateType(); + el.setURL(getSLTemplateURL1()); + template.add(el); + } else + template.add(new TemplateType()); + if (MiscUtil.isNotEmpty(getSLTemplateURL2())) { + TemplateType el = new TemplateType(); + el.setURL(getSLTemplateURL2()); + template.add(el); + } else + template.add(new TemplateType()); + if (MiscUtil.isNotEmpty(getSLTemplateURL3())) { + TemplateType el = new TemplateType(); + el.setURL(getSLTemplateURL3()); + template.add(el); + } else + template.add(new TemplateType()); + + } else { + if (template != null && template.size() > 0) template.clear(); + } + + + //store keyBox Identifier + dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(getKeyBoxIdentifier())); + } else { + if (dbOA.isIsNew()) dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR); + } + + Mandates mandates = new Mandates(); + if (isUseMandates()) { + + String[] profileList = getMandateProfiles().split(","); + + List<String> dbProfiles = mandates.getProfileName(); + if (dbProfiles == null) { + dbProfiles = new ArrayList<String>(); + mandates.setProfileName(dbProfiles); + + } + + for (String el: profileList) + dbProfiles.add(el.trim()); + + mandates.setProfiles(null); + + } else { + mandates.setProfiles(null); + mandates.getProfileName().clear(); + } + authoa.setMandates(mandates); + + // set default transformation if it is empty + List<TransformsInfoType> transformsInfo = authoa.getTransformsInfo(); + if (transformsInfo == null) { + // TODO: set OA specific transformation if it is required + + } + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OAAuthenticationDataValidation().validate(this, authUser.isAdmin(), request); + } + + + /** + * @return the bkuOnlineURL + */ + public String getBkuOnlineURL() { + return bkuOnlineURL; + } + + + /** + * @param bkuOnlineURL the bkuOnlineURL to set + */ + public void setBkuOnlineURL(String bkuOnlineURL) { + this.bkuOnlineURL = bkuOnlineURL; + } + + + /** + * @return the bkuHandyURL + */ + public String getBkuHandyURL() { + return bkuHandyURL; + } + + + /** + * @param bkuHandyURL the bkuHandyURL to set + */ + public void setBkuHandyURL(String bkuHandyURL) { + this.bkuHandyURL = bkuHandyURL; + } + + + /** + * @return the bkuLocalURL + */ + public String getBkuLocalURL() { + return bkuLocalURL; + } + + + /** + * @param bkuLocalURL the bkuLocalURL to set + */ + public void setBkuLocalURL(String bkuLocalURL) { + this.bkuLocalURL = bkuLocalURL; + } + + + /** + * @return the mandateProfiles + */ + public String getMandateProfiles() { + return mandateProfiles; + } + + + /** + * @param mandateProfiles the mandateProfiles to set + */ + public void setMandateProfiles(String mandateProfiles) { + this.mandateProfiles = mandateProfiles; + } + + + /** + * @return the useMandates + */ + public boolean isUseMandates() { + return useMandates; + } + + + /** + * @param useMandates the useMandates to set + */ + public void setUseMandates(boolean useMandates) { + this.useMandates = useMandates; + } + + + /** + * @return the calculateHPI + */ + public boolean isCalculateHPI() { + return calculateHPI; + } + + + /** + * @param calculateHPI the calculateHPI to set + */ + public void setCalculateHPI(boolean calculateHPI) { + this.calculateHPI = calculateHPI; + } + + + /** + * @return the keyBoxIdentifier + */ + public String getKeyBoxIdentifier() { + return keyBoxIdentifier; + } + + + /** + * @param keyBoxIdentifier the keyBoxIdentifier to set + */ + public void setKeyBoxIdentifier(String keyBoxIdentifier) { + this.keyBoxIdentifier = keyBoxIdentifier; + } + + + /** + * @return the keyBoxIdentifierList + */ + public Map<String, String> getKeyBoxIdentifierList() { + return keyBoxIdentifierList; + } + + + /** + * @return the legacy + */ + public boolean isLegacy() { + return legacy; + } + + + /** + * @param legacy the legacy to set + */ + public void setLegacy(boolean legacy) { + this.legacy = legacy; + } + + + /** + * @return the transformations + */ + public Map<String, byte[]> getTransformations() { + return transformations; + } + + + /** + * @param transformations the transformations to set + */ + public void setTransformations(Map<String, byte[]> transformations) { + this.transformations = transformations; + } + + + /** + * @return the sLTemplates + */ + public List<String> getSLTemplates() { + return SLTemplates; + } + + /** + * @return the sLTemplateURL1 + */ + public String getSLTemplateURL1() { + if (SLTemplates != null && SLTemplates.size() > 0) + return SLTemplates.get(0); + else + return null; + } + + + /** + * @param sLTemplateURL1 the sLTemplateURL1 to set + */ + public void setSLTemplateURL1(String sLTemplateURL1) { + if (SLTemplates == null) + SLTemplates = new ArrayList<String>(); + SLTemplates.add(sLTemplateURL1); + } + + + /** + * @return the sLTemplateURL2 + */ + public String getSLTemplateURL2() { + if (SLTemplates != null && SLTemplates.size() > 1) + return SLTemplates.get(1); + else + return null; + } + + + /** + * @param sLTemplateURL2 the sLTemplateURL2 to set + */ + public void setSLTemplateURL2(String sLTemplateURL2) { + if (SLTemplates == null) + SLTemplates = new ArrayList<String>(); + SLTemplates.add(sLTemplateURL2); + } + + + /** + * @return the sLTemplateURL3 + */ + public String getSLTemplateURL3() { + if (SLTemplates != null && SLTemplates.size() > 2) + return SLTemplates.get(2); + else + return null; + } + + + /** + * @param sLTemplateURL3 the sLTemplateURL3 to set + */ + public void setSLTemplateURL3(String sLTemplateURL3) { + if (SLTemplates == null) + SLTemplates = new ArrayList<String>(); + SLTemplates.add(sLTemplateURL3); + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java index d43c97aed..05e163c23 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java @@ -22,273 +22,125 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.data.oa; -import java.io.File; import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; import java.util.List; -import java.util.Map; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import javax.servlet.http.HttpServletRequest; + +import org.apache.log4j.Logger; + import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; -import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; -import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; -import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; -import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; -import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; -import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; -import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; -import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; -import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; -import at.gv.egovernment.moa.id.configuration.validation.TargetValidator; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; -public class OAGeneralConfig { - +public class OAGeneralConfig implements IOnlineApplicationData{ + private static final Logger log = Logger.getLogger(OAGeneralConfig.class); + + private boolean isActive = false; + private String dbID = null; - private String bkuOnlineURL = null; - private String bkuHandyURL = null; - private String bkuLocalURL = null; - private String identifier = null; private String friendlyName = null; + private boolean businessService = false; - private boolean businessService = false; - - private String target = null; - private String target_subsector = null; - private String target_admin = null; - private static List<String> targetList = null; - private String targetFriendlyName = null; - private boolean isAdminTarget = false; - - private String identificationNumber = null; - private String identificationType = null; - private static List<String> identificationTypeList = null; - - private String aditionalAuthBlockText = null; - - private String mandateProfiles = null; - private boolean useMandates = false; - - private boolean isActive = false; - private boolean calculateHPI = false; - - private String keyBoxIdentifier = null; - private static Map<String, String> keyBoxIdentifierList; - - private boolean legacy = false; - List<String> SLTemplates = null; - - private boolean isHideBPKAuthBlock = false; - - private Map<String, byte[]> transformations; - - private List<File> bkuSelectionFileUpload = null; - private List<String> bkuSelectionFileUploadContentType = null; - private List<String> bkuSelectionFileUploadFileName = new ArrayList<String>(); - - private List<File> sendAssertionFileUpload = null; - private List<String> sendAssertionFileUploadContentType = null; - private List<String> sendAssertionFileUploadFileName = new ArrayList<String>();; - - private boolean deleteBKUTemplate = false; - private boolean deleteSendAssertionTemplate = false; - - public OAGeneralConfig() { - keyBoxIdentifierList = new HashMap<String, String>(); - MOAKeyBoxSelector[] values = MOAKeyBoxSelector.values(); - for (int i=0; i<values.length; i++) { - keyBoxIdentifierList.put(values[i].value(), values[i].value()); - } - - keyBoxIdentifier = MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR.value(); - - bkuLocalURL = Constants.DEFAULT_LOCALBKU_URL; - bkuHandyURL = Constants.DEFAULT_HANDYBKU_URL; - - targetList = TargetValidator.getListOfTargets(); - target = ""; - - identificationTypeList = Arrays.asList( - Constants.IDENIFICATIONTYPE_FN, - Constants.IDENIFICATIONTYPE_ZVR, - Constants.IDENIFICATIONTYPE_ERSB, - Constants.IDENIFICATIONTYPE_STORK); + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "OAGeneralInformation"; } - - public void parse(OnlineApplication dbOAConfig) { - + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { isActive = dbOAConfig.isIsActive(); - friendlyName = dbOAConfig.getFriendlyName(); - - keyBoxIdentifier = dbOAConfig.getKeyBoxIdentifier().value(); - + friendlyName = dbOAConfig.getFriendlyName(); identifier = dbOAConfig.getPublicURLPrefix(); - String target_full = dbOAConfig.getTarget(); - if (MiscUtil.isNotEmpty(target_full)) { - if (TargetValidator.isValidTarget(target_full)) { - target = target_full; - - } else { - String[] target_split = target_full.split("-"); - - if (TargetValidator.isValidTarget(target_split[0])) { - target = target_split[0]; - if (target_split.length > 1) - target_subsector = target_split[1]; - - } else { - target = ""; - target_subsector = null; - target_admin = target_full; - isAdminTarget = true; - } - } - targetFriendlyName = dbOAConfig.getTargetFriendlyName(); - } - if (dbOAConfig.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) businessService = true; else businessService = false; + + return null; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + if (authUser.isAdmin()) dbOA.setIsActive(isActive()); + + dbOA.setPublicURLPrefix(getIdentifier()); + dbOA.setFriendlyName(getFriendlyName()); + + if (isBusinessService() || authUser.isOnlyBusinessService()) { + dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); + + } else { + dbOA.setType(null); + } + + return null; + + } - AuthComponentOA oaauth = dbOAConfig.getAuthComponentOA(); - if (oaauth != null) { - BKUURLS bkuurls = oaauth.getBKUURLS(); - - String defaulthandy = ""; - String defaultlocal = ""; - String defaultonline = ""; - - MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); - if (dbconfig != null) { - DefaultBKUs defaultbkus = dbconfig.getDefaultBKUs(); - if (defaultbkus != null) { - defaulthandy = defaultbkus.getHandyBKU(); - defaultlocal = defaultbkus.getLocalBKU(); - defaultonline = defaultbkus.getOnlineBKU(); - } - } - - if (bkuurls != null) { - - if (MiscUtil.isEmpty(bkuurls.getHandyBKU())) - bkuHandyURL = defaulthandy; - else - bkuHandyURL = bkuurls.getHandyBKU(); - - if (MiscUtil.isEmpty(bkuurls.getLocalBKU())) - bkuLocalURL = defaultlocal; - else - bkuLocalURL = bkuurls.getLocalBKU(); - - if (MiscUtil.isEmpty(bkuurls.getOnlineBKU())) - bkuOnlineURL = defaultonline; - else - bkuOnlineURL = bkuurls.getOnlineBKU(); - } - - IdentificationNumber idnumber = oaauth.getIdentificationNumber(); - if (idnumber != null) { - String number = idnumber.getValue(); - if (MiscUtil.isNotEmpty(number)) { - String[] split = number.split("\\+"); - - if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) { - identificationType = split[1]; - identificationNumber = split[2]; - } else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) { - //identificationType = split[1]; // setting at as iden category ? - identificationType = Constants.IDENIFICATIONTYPE_STORK; - identificationNumber = split[2]; // setting sp country as ident type -> sp ident - } - } - } - - Mandates mandates = oaauth.getMandates(); - if (mandates != null) { - - mandateProfiles = null; - - List<MandatesProfileNameItem> profileList = mandates.getProfileNameItems(); - for (MandatesProfileNameItem el : profileList) { - if (mandateProfiles == null) - mandateProfiles = el.getItem(); - - else - mandateProfiles += "," + el.getItem(); - } - - //TODO: only for RC1 - if (MiscUtil.isNotEmpty(mandates.getProfiles())) { - if (mandateProfiles == null) - mandateProfiles = mandates.getProfiles(); - - else - mandateProfiles += "," + mandates.getProfiles(); - - } - - if (mandateProfiles != null) - useMandates = true; - - else - useMandates = false; - - } - - TemplatesType templates = oaauth.getTemplates(); - if (templates != null) { - aditionalAuthBlockText = templates.getAditionalAuthBlockText(); - List<TemplateType> templatetype = templates.getTemplate(); - - if (templatetype != null) { - if (SLTemplates == null) { - SLTemplates = new ArrayList<String>(); - } - - for (TemplateType el : templatetype) { - SLTemplates.add(el.getURL()); - } - } - - TransformsInfoType bkuSelectTemplate = templates.getBKUSelectionTemplate(); - if (bkuSelectTemplate != null && MiscUtil.isNotEmpty(bkuSelectTemplate.getFilename())) { - bkuSelectionFileUploadFileName.add(bkuSelectTemplate.getFilename()); - } - - TransformsInfoType sendAssertionTemplate = templates.getSendAssertionTemplate(); - if (sendAssertionTemplate != null && MiscUtil.isNotEmpty(sendAssertionTemplate.getFilename())) { - sendAssertionFileUploadFileName.add(sendAssertionTemplate.getFilename()); - } - } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { - if (SLTemplates != null && SLTemplates.size() > 0) - legacy = true; + List<String> errors = new ArrayList<String>(); + String check; - List<TransformsInfoType> transforminfos = oaauth.getTransformsInfo(); - transformations = new HashMap<String, byte[]>(); - for (TransformsInfoType el : transforminfos) { - transformations.put(el.getFilename(), el.getTransformation()); + //check OA FriendlyName + check = getFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("OAFriendlyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } - + } else { + log.info("OA friendlyName is empty"); + errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); } - isHideBPKAuthBlock = dbOAConfig.isRemoveBPKFromAuthBlock(); + return errors; } + public boolean isBusinessService() { + return businessService; + } + + public void setBusinessService(boolean businessService) { + this.businessService = businessService; + } + public String getIdentifier() { return identifier; } @@ -305,54 +157,6 @@ public class OAGeneralConfig { this.friendlyName = friendlyName; } - public String getTarget() { - return target; - } - - public void setTarget(String target) { - this.target = target; - } - - public String getTargetFriendlyName() { - return targetFriendlyName; - } - - public void setTargetFriendlyName(String targetFriendlyName) { - this.targetFriendlyName = targetFriendlyName; - } - - public String getIdentificationNumber() { - return identificationNumber; - } - - public void setIdentificationNumber(String identificationNumber) { - this.identificationNumber = identificationNumber; - } - - public String getIdentificationType() { - return identificationType; - } - - public void setIdentificationType(String identificationType) { - this.identificationType = identificationType; - } - - public String getAditionalAuthBlockText() { - return aditionalAuthBlockText; - } - - public void setAditionalAuthBlockText(String aditionalAuthBlockText) { - this.aditionalAuthBlockText = aditionalAuthBlockText; - } - - public String getMandateProfiles() { - return mandateProfiles; - } - - public void setMandateProfiles(String mandateProfiles) { - this.mandateProfiles = mandateProfiles; - } - public boolean isActive() { return isActive; } @@ -361,67 +165,6 @@ public class OAGeneralConfig { this.isActive = isActive; } - public boolean isBusinessService() { - return businessService; - } - - public void setBusinessService(boolean businessService) { - this.businessService = businessService; - } - - public String getBkuOnlineURL() { - return bkuOnlineURL; - } - - public void setBkuOnlineURL(String bkuOnlineURL) { - this.bkuOnlineURL = bkuOnlineURL; - } - - public String getBkuHandyURL() { - return bkuHandyURL; - } - - public void setBkuHandyURL(String bkuHandyURL) { - this.bkuHandyURL = bkuHandyURL; - } - - public String getBkuLocalURL() { - return bkuLocalURL; - } - - public void setBkuLocalURL(String bkuLocalURL) { - this.bkuLocalURL = bkuLocalURL; - } - - /** - * @return the keyBoxIdentifier - */ - public String getKeyBoxIdentifier() { - return keyBoxIdentifier; - } - - /** - * @param keyBoxIdentifier the keyBoxIdentifier to set - */ - public void setKeyBoxIdentifier(String keyBoxIdentifier) { - this.keyBoxIdentifier = keyBoxIdentifier; - } - - /** - * @return the transformations - */ - public Map<String, byte[]> getTransformations() { - return transformations; - } - - /** - * @param transformations the transformations to set - */ - public void setTransformations(Map<String, byte[]> transformations) { - this.transformations = transformations; - } - - /** * @return the dbID */ @@ -443,346 +186,4 @@ public class OAGeneralConfig { public void setDbID(String dbID) { this.dbID = dbID; } - - - /** - * @return the calculateHPI - */ - public boolean isCalculateHPI() { - return calculateHPI; - } - - - /** - * @param calculateHPI the calculateHPI to set - */ - public void setCalculateHPI(boolean calculateHPI) { - this.calculateHPI = calculateHPI; - } - - - /** - * @return the keyBoxIdentifierList - */ - public Map<String, String> getKeyBoxIdentifierList() { - return keyBoxIdentifierList; - } - - - /** - * @param keyBoxIdentifierList the keyBoxIdentifierList to set - */ - public void setKeyBoxIdentifierList(Map<String, String> list) { - keyBoxIdentifierList = list; - } - - - /** - * @return the legacy - */ - public boolean isLegacy() { - return legacy; - } - - - /** - * @param legacy the legacy to set - */ - public void setLegacy(boolean legacy) { - this.legacy = legacy; - } - - - /** - * @return the sLTemplateURL1 - */ - public String getSLTemplateURL1() { - if (SLTemplates != null && SLTemplates.size() > 0) - return SLTemplates.get(0); - else - return null; - } - - - /** - * @param sLTemplateURL1 the sLTemplateURL1 to set - */ - public void setSLTemplateURL1(String sLTemplateURL1) { - if (SLTemplates == null) - SLTemplates = new ArrayList<String>(); - SLTemplates.add(sLTemplateURL1); - } - - - /** - * @return the sLTemplateURL2 - */ - public String getSLTemplateURL2() { - if (SLTemplates != null && SLTemplates.size() > 1) - return SLTemplates.get(1); - else - return null; - } - - - /** - * @param sLTemplateURL2 the sLTemplateURL2 to set - */ - public void setSLTemplateURL2(String sLTemplateURL2) { - if (SLTemplates == null) - SLTemplates = new ArrayList<String>(); - SLTemplates.add(sLTemplateURL2); - } - - - /** - * @return the sLTemplateURL3 - */ - public String getSLTemplateURL3() { - if (SLTemplates != null && SLTemplates.size() > 2) - return SLTemplates.get(2); - else - return null; - } - - - /** - * @param sLTemplateURL3 the sLTemplateURL3 to set - */ - public void setSLTemplateURL3(String sLTemplateURL3) { - if (SLTemplates == null) - SLTemplates = new ArrayList<String>(); - SLTemplates.add(sLTemplateURL3); - } - - - /** - * @return the target_subsector - */ - public String getTarget_subsector() { - return target_subsector; - } - - - /** - * @param target_subsector the target_subsector to set - */ - public void setTarget_subsector(String target_subsector) { - this.target_subsector = target_subsector; - } - - - /** - * @return the target_admin - */ - public String getTarget_admin() { - return target_admin; - } - - - /** - * @param target_admin the target_admin to set - */ - public void setTarget_admin(String target_admin) { - this.target_admin = target_admin; - } - - - /** - * @return the targetList - */ - public List<String> getTargetList() { - return targetList; - } - - - /** - * @return the identificationTypeList - */ - public List<String> getIdentificationTypeList() { - return identificationTypeList; - } - - - /** - * @return the isAdminTarget - */ - public boolean isAdminTarget() { - return isAdminTarget; - } - - - /** - * @param isAdminTarget the isAdminTarget to set - */ - public void setAdminTarget(boolean isAdminTarget) { - this.isAdminTarget = isAdminTarget; - } - - - /** - * @return the isHideBPKAuthBlock - */ - public boolean isHideBPKAuthBlock() { - return isHideBPKAuthBlock; - } - - - /** - * @param isHideBPKAuthBlock the isHideBPKAuthBlock to set - */ - public void setHideBPKAuthBlock(boolean isHideBPKAuthBlock) { - this.isHideBPKAuthBlock = isHideBPKAuthBlock; - } - - - /** - * @return the useMandates - */ - public boolean isUseMandates() { - return useMandates; - } - - - /** - * @param useMandates the useMandates to set - */ - public void setUseMandates(boolean useMandates) { - this.useMandates = useMandates; - } - - - /** - * @return the bkuSelectionFileUpload - */ - public List<File> getBkuSelectionFileUpload() { - return bkuSelectionFileUpload; - } - - - /** - * @param bkuSelectionFileUpload the bkuSelectionFileUpload to set - */ - public void setBkuSelectionFileUpload(List<File> bkuSelectionFileUpload) { - this.bkuSelectionFileUpload = bkuSelectionFileUpload; - } - - - /** - * @return the bkuSelectionFileUploadContentType - */ - public List<String> getBkuSelectionFileUploadContentType() { - return bkuSelectionFileUploadContentType; - } - - - /** - * @param bkuSelectionFileUploadContentType the bkuSelectionFileUploadContentType to set - */ - public void setBkuSelectionFileUploadContentType( - List<String> bkuSelectionFileUploadContentType) { - this.bkuSelectionFileUploadContentType = bkuSelectionFileUploadContentType; - } - - - /** - * @return the bkuSelectionFileUploadFileName - */ - public List<String> getBkuSelectionFileUploadFileName() { - return bkuSelectionFileUploadFileName; - } - - - /** - * @param bkuSelectionFileUploadFileName the bkuSelectionFileUploadFileName to set - */ - public void setBkuSelectionFileUploadFileName( - List<String> bkuSelectionFileUploadFileName) { - this.bkuSelectionFileUploadFileName = bkuSelectionFileUploadFileName; - } - - - /** - * @return the sendAssertionFileUpload - */ - public List<File> getSendAssertionFileUpload() { - return sendAssertionFileUpload; - } - - - /** - * @param sendAssertionFileUpload the sendAssertionFileUpload to set - */ - public void setSendAssertionFileUpload(List<File> sendAssertionFileUpload) { - this.sendAssertionFileUpload = sendAssertionFileUpload; - } - - - /** - * @return the sendAssertionFileUploadContentType - */ - public List<String> getSendAssertionFileUploadContentType() { - return sendAssertionFileUploadContentType; - } - - - /** - * @param sendAssertionFileUploadContentType the sendAssertionFileUploadContentType to set - */ - public void setSendAssertionFileUploadContentType( - List<String> sendAssertionFileUploadContentType) { - this.sendAssertionFileUploadContentType = sendAssertionFileUploadContentType; - } - - - /** - * @return the sendAssertionFileUploadFileName - */ - public List<String> getSendAssertionFileUploadFileName() { - return sendAssertionFileUploadFileName; - } - - - /** - * @param sendAssertionFileUploadFileName the sendAssertionFileUploadFileName to set - */ - public void setSendAssertionFileUploadFileName( - List<String> sendAssertionFileUploadFileName) { - this.sendAssertionFileUploadFileName = sendAssertionFileUploadFileName; - } - - - /** - * @return the deleteBKUTemplate - */ - public boolean isDeleteBKUTemplate() { - return deleteBKUTemplate; - } - - - /** - * @param deleteBKUTemplate the deleteBKUTemplate to set - */ - public void setDeleteBKUTemplate(boolean deleteBKUTemplate) { - this.deleteBKUTemplate = deleteBKUTemplate; - } - - - /** - * @return the deleteSendAssertionTemplate - */ - public boolean isDeleteSendAssertionTemplate() { - return deleteSendAssertionTemplate; - } - - - /** - * @param deleteSendAssertionTemplate the deleteSendAssertionTemplate to set - */ - public void setDeleteSendAssertionTemplate(boolean deleteSendAssertionTemplate) { - this.deleteSendAssertionTemplate = deleteSendAssertionTemplate; - } - - - } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java new file mode 100644 index 000000000..5db9029bd --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java @@ -0,0 +1,186 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.data.oa; + +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationIDPType; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class OAMOAIDPInterfederationConfig implements IOnlineApplicationData { + + private static final Logger log = Logger.getLogger(OAMOAIDPInterfederationConfig.class); + + private String queryURL; + private boolean inboundSSO = true; + private boolean outboundSSO = true; + private boolean storeSSOSession = true; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "MOAIDPInterfederation"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + + InterfederationIDPType moaIDP = dbOA.getInterfederationIDP(); + if (moaIDP != null) { + this.queryURL = moaIDP.getAttributeQueryURL(); + this.inboundSSO = moaIDP.isInboundSSO(); + this.outboundSSO = moaIDP.isOutboundSSO(); + this.storeSSOSession = moaIDP.isStoreSSOSession(); + } + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + if (authUser.isAdmin()) { + dbOA.setIsInterfederationIDP(true); + + InterfederationIDPType moaIDP = dbOA.getInterfederationIDP(); + if (moaIDP == null) { + moaIDP = new InterfederationIDPType(); + dbOA.setInterfederationIDP(moaIDP); + } + + moaIDP.setAttributeQueryURL(queryURL); + moaIDP.setInboundSSO(inboundSSO); + moaIDP.setOutboundSSO(outboundSSO); + moaIDP.setStoreSSOSession(storeSSOSession); + } + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + + List<String> errors = new ArrayList<String>(); + + if (MiscUtil.isNotEmpty(queryURL)) { + if (!ValidationHelper.validateURL(queryURL)) { + log.info("AttributeQuery URL is not valid"); + errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.valid", request)); + + } + } + + if (inboundSSO && MiscUtil.isEmpty(queryURL)) { + log.info("Inbound Single Sign-On requires AttributQueryURL configuration."); + errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.empty", request)); + } + + return errors; + } + + /** + * @return the queryURL + */ + public String getQueryURL() { + return queryURL; + } + + /** + * @param queryURL the queryURL to set + */ + public void setQueryURL(String queryURL) { + this.queryURL = queryURL; + } + + /** + * @return the inboundSSO + */ + public boolean isInboundSSO() { + return inboundSSO; + } + + /** + * @param inboundSSO the inboundSSO to set + */ + public void setInboundSSO(boolean inboundSSO) { + this.inboundSSO = inboundSSO; + } + + /** + * @return the outboundSSO + */ + public boolean isOutboundSSO() { + return outboundSSO; + } + + /** + * @param outboundSSO the outboundSSO to set + */ + public void setOutboundSSO(boolean outboundSSO) { + this.outboundSSO = outboundSSO; + } + + /** + * @return the storeSSOSession + */ + public boolean isStoreSSOSession() { + return storeSSOSession; + } + + /** + * @param storeSSOSession the storeSSOSession to set + */ + public void setStoreSSOSession(boolean storeSSOSession) { + this.storeSSOSession = storeSSOSession; + } + + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java index 3617c192e..b95090a55 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java @@ -27,6 +27,7 @@ import java.util.List; import java.util.UUID; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; @@ -34,10 +35,13 @@ import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.oa.OAOAUTH20ConfigValidation; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; -public class OAOAuth20Config { +public class OAOAuth20Config implements IOnlineApplicationData{ private final Logger log = Logger.getLogger(OAOAuth20Config.class); @@ -45,12 +49,24 @@ public class OAOAuth20Config { private String clientSecret = null; private String redirectUri = null; - public OAOAuth20Config() { + public OAOAuth20Config() { + this.generateClientSecret(); + } - public List<String> parse(OnlineApplication dbOAConfig, HttpServletRequest request) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "OAOpenIDConnect"; + } + + public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); + HttpSession session = request.getSession(); + AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); if (authdata != null) { // set client id to public url prefix @@ -77,7 +93,52 @@ public class OAOAuth20Config { } } - return errors; + session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.getClientSecret()); + + return null; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OAOAUTH20ConfigValidation().validate(this, request); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + log.debug("Saving OAuth 2.0 configuration:"); + OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20(); + if (oaOAuth20 == null) { + oaOAuth20 = new OAOAUTH20(); + authoa.setOAOAUTH20(oaOAuth20); + } + + oaOAuth20.setOAuthClientId(dbOA.getPublicURLPrefix()); + // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret()); + oaOAuth20.setOAuthRedirectUri(getRedirectUri()); + log.debug("client id: " + getClientId()); + log.debug("client secret: " + getClientSecret()); + log.debug("redirect uri:" + getRedirectUri()); + + oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute(Constants.SESSION_OAUTH20SECRET)); + request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null); + + return null; } public String getClientId() { @@ -106,6 +167,5 @@ public class OAOAuth20Config { public void generateClientSecret() { this.clientSecret = UUID.randomUUID().toString(); - } - + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java index a61e1ea96..bcac63a5f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java @@ -27,6 +27,7 @@ import java.io.FileInputStream; import java.io.IOException; import java.security.cert.CertificateException; import java.util.ArrayList; +import java.util.Date; import java.util.List; import javax.servlet.http.HttpServletRequest; @@ -37,10 +38,12 @@ import iaik.x509.X509Certificate; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation; import at.gv.egovernment.moa.util.MiscUtil; -public class OAPVP2Config { +public class OAPVP2Config implements IOnlineApplicationData{ private final Logger log = Logger.getLogger(OAPVP2Config.class); @@ -56,7 +59,72 @@ public class OAPVP2Config { public OAPVP2Config() { } - public List<String> parse(OnlineApplication dbOAConfig, HttpServletRequest request) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "OAPVP2"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser) + */ + @Override + public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) { + AuthComponentOA authoa = dboa.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dboa.setAuthComponentOA(authoa); + } + OAPVP2 pvp2 = authoa.getOAPVP2(); + if (pvp2 == null) { + pvp2 = new OAPVP2(); + authoa.setOAPVP2(pvp2); + } + + try { + + if (getFileUpload() != null) { + pvp2.setCertificate(getCertificate()); + setReLoad(true); + } + + } catch (CertificateException e) { + log.info("Uploaded Certificate can not be found", e); + return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request); + } catch (IOException e) { + log.info("Uploaded Certificate can not be parsed", e); + return LanguageHelper.getErrorString("validation.pvp2.certificate.format", request); + } + + if (getMetaDataURL() != null && + !getMetaDataURL().equals(pvp2.getMetadataURL())) + setReLoad(true); + pvp2.setMetadataURL(getMetaDataURL()); + + if (isReLoad()) + pvp2.setUpdateRequiredItem(new Date()); + + return null; + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OAPVP2ConfigValidation().validate(this, general.getIdentifier(), request); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication) + */ + @Override + public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); @@ -158,7 +226,6 @@ public class OAPVP2Config { this.reLoad = reLoad; } - } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java index bb5baf53e..8d7d02048 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java @@ -22,11 +22,18 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.data.oa; +import java.math.BigInteger; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.validation.oa.OASAML1ConfigValidation; -public class OASAML1Config { +public class OASAML1Config implements IOnlineApplicationData{ private Boolean isActive = false; private Boolean provideStammZahl = false; @@ -41,8 +48,20 @@ public class OASAML1Config { public OASAML1Config() { } - public void parse(OnlineApplication dbOAConfig) { - AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "OASAML1"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + AuthComponentOA authdata = dbOA.getAuthComponentOA(); if (authdata != null) { OASAML1 saml1 = authdata.getOASAML1(); if (saml1 != null) { @@ -62,8 +81,55 @@ public class OASAML1Config { isActive = saml1.isIsActive(); } } + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OASAML1ConfigValidation().validate(this, general, request); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + OASAML1 saml1 = authoa.getOASAML1(); + if (saml1 == null) { + saml1 = new OASAML1(); + authoa.setOASAML1(saml1); + saml1.setIsActive(false); + } + + if (authUser.isAdmin()) { + saml1.setIsActive(isActive()); + } + + if (saml1.isIsActive() != null && saml1.isIsActive()) { + saml1.setProvideAUTHBlock(isProvideAuthBlock()); + saml1.setProvideCertificate(isProvideCertificate()); + saml1.setProvideFullMandatorData(isProvideFullMandateData()); + saml1.setProvideIdentityLink(isProvideIdentityLink()); + saml1.setProvideStammzahl(isProvideStammZahl()); + saml1.setUseCondition(isUseCondition()); + saml1.setConditionLength(BigInteger.valueOf(getConditionLength())); + // TODO: set sourceID + // saml1.setSourceID(""); + } + + return null; + } + public boolean isProvideStammZahl() { return provideStammZahl; } @@ -119,8 +185,5 @@ public class OASAML1Config { */ public void setActive(boolean isActive) { this.isActive = isActive; - } - - - + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java index 593c2291f..28144666b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java @@ -22,11 +22,17 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.data.oa; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.validation.oa.OASSOConfigValidation; -public class OASSOConfig { +public class OASSOConfig implements IOnlineApplicationData{ private boolean useSSO = false; private boolean showAuthDataFrame = true; @@ -36,7 +42,15 @@ public class OASSOConfig { } - public void parse(OnlineApplication dbOAConfig) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "OASingleSignOn"; + } + + public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); if (authdata != null) { OASSO ssoconfig = authdata.getOASSO(); @@ -46,6 +60,42 @@ public class OASSOConfig { singleLogOutURL = ssoconfig.getSingleLogOutURL(); } } + + return null; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser, + HttpServletRequest request) { + return new OASSOConfigValidation().validate(this, authUser.isAdmin(), request); + } + + public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) { + + AuthComponentOA authoa = dboa.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dboa.setAuthComponentOA(authoa); + } + + OASSO sso = authoa.getOASSO(); + if (sso == null) { + sso = new OASSO(); + authoa.setOASSO(sso); + sso.setAuthDataFrame(true); + } + sso.setUseSSO(this.useSSO); + + if (authUser.isAdmin()) + sso.setAuthDataFrame(this.showAuthDataFrame); + + sso.setSingleLogOutURL(this.singleLogOutURL); + + return null; } public boolean isUseSSO() { @@ -65,7 +115,5 @@ public class OASSOConfig { } public void setSingleLogOutURL(String singleLogOutURL) { this.singleLogOutURL = singleLogOutURL; - } - - + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index b43e76d53..f5c92fec9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.configuration.data.oa; import java.util.ArrayList; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; @@ -35,10 +37,11 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OASTORK; import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; -import at.gv.egovernment.moa.id.configuration.helper.MailHelper; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation; import at.gv.egovernment.moa.id.protocols.stork2.AttributeProviderFactory; -public class OASTORKConfig { +public class OASTORKConfig implements IOnlineApplicationData{ private static final Logger log = Logger.getLogger(OASTORKConfig.class); @@ -62,15 +65,24 @@ public class OASTORKConfig { for(CPEPS current : ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS()) { citizenCountries.add(current.getCountryCode()); } + } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "OASTORK2"; + } + /** * Parses the OA config for stork entities. * * @param dbOAConfig * the db oa config */ - public void parse(OnlineApplication dbOAConfig) { + public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); if (authdata != null) { OASTORK config = authdata.getOASTORK(); @@ -128,8 +140,53 @@ public class OASTORKConfig { } } } + + return null; } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser, + HttpServletRequest request) { + return new OASTORKConfigValidation().validate(this, request); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + // fetch stork configuration from database model + OASTORK stork = authoa.getOASTORK(); + if (stork == null) { + // if there is none, create a new one with default values. + stork = new OASTORK(); + authoa.setOASTORK(stork); + stork.setStorkLogonEnabled(false); + } + // transfer the incoming data to the database model + stork.setStorkLogonEnabled(isStorkLogonEnabled()); + stork.setQaa(getQaa()); + stork.setOAAttributes(getAttributes()); + stork.setVidpEnabled(isVidpEnabled()); + stork.setRequireConsent(isRequireConsent()); + stork.setAttributeProviders(getAttributeProviderPlugins()); + stork.setCPEPS(getEnabledCPEPS()); + + return null; + + } + public boolean isStorkLogonEnabled() { return isStorkLogonEnabled; } @@ -189,12 +246,17 @@ public class OASTORKConfig { } public List<CPEPS> getEnabledCPEPS() { - List<CPEPS> result = new ArrayList<CPEPS>(); - for(CPEPS current : ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS()) { - if(enabledCitizenCountries.contains(current.getCountryCode())) - result.add(current); + if (enabledCitizenCountries != null) { + List<CPEPS> result = new ArrayList<CPEPS>(); + for(CPEPS current : ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS()) { + if(enabledCitizenCountries.contains(current.getCountryCode())) + result.add(current); + } + return result; } - return result; + + return null; + } public List<String> getAvailableAttributeProviderPlugins() { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java new file mode 100644 index 000000000..4036bc25f --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java @@ -0,0 +1,368 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.data.oa; + +import java.util.Arrays; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.validation.TargetValidator; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.validation.oa.OATargetConfigValidation; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class OATargetConfiguration implements IOnlineApplicationData { + + private boolean deaktivededBusinessService = false; + + private boolean subTargetSet = false; + + private String target = null; + private String target_subsector = null; + private String target_admin = null; + private static List<String> targetList = null; + private String targetFriendlyName = null; + private boolean isAdminTarget = false; + + private String identificationNumber = null; + private String identificationType = null; + private static List<String> identificationTypeList = null; + + public OATargetConfiguration() { + targetList = TargetValidator.getListOfTargets(); + target = ""; + + identificationTypeList = Arrays.asList( + Constants.IDENIFICATIONTYPE_FN, + Constants.IDENIFICATIONTYPE_ZVR, + Constants.IDENIFICATIONTYPE_ERSB, + Constants.IDENIFICATIONTYPE_STORK); + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "OATargetConfig"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + subTargetSet = MiscUtil.isNotEmpty(getTarget_subsector()); + + String target_full = dbOA.getTarget(); + if (MiscUtil.isNotEmpty(target_full)) { + if (TargetValidator.isValidTarget(target_full)) { + target = target_full; + + } else { + String[] target_split = target_full.split("-"); + + if (TargetValidator.isValidTarget(target_split[0])) { + target = target_split[0]; + if (target_split.length > 1) + target_subsector = target_split[1]; + + } else { + target = ""; + target_subsector = null; + target_admin = target_full; + isAdminTarget = true; + } + } + targetFriendlyName = dbOA.getTargetFriendlyName(); + } + + AuthComponentOA oaauth = dbOA.getAuthComponentOA(); + if (oaauth != null) { + + IdentificationNumber idnumber = oaauth.getIdentificationNumber(); + if (idnumber != null) { + String number = idnumber.getValue(); + if (MiscUtil.isNotEmpty(number)) { + String[] split = number.split("\\+"); + + if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) { + identificationType = split[1]; + identificationNumber = split[2]; + } else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) { + //identificationType = split[1]; // setting at as iden category ? + identificationType = Constants.IDENIFICATIONTYPE_STORK; + identificationNumber = split[2]; // setting sp country as ident type -> sp ident + } + } + + if (authUser.isOnlyBusinessService()) { + deaktivededBusinessService = authUser.isOnlyBusinessService(); + + identificationType = authUser.getBusinessServiceType(); + identificationNumber = authUser.getBusinessServiceNumber(); + + } + + } + } + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + if (isBusinessService(dbOA) || authUser.isOnlyBusinessService()) { + + dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); + + String num = null; + if (authUser.isOnlyBusinessService()) { + deaktivededBusinessService = authUser.isOnlyBusinessService(); + num = authUser.getBusinessServiceType() + authUser.getBusinessServiceNumber(); + + } else { + + num = getIdentificationNumber().replaceAll(" ", ""); + if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { + num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); + + num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); + + // num = StringUtils.leftPad(num, 7, '0'); + } + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) + num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) + num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); + } + + IdentificationNumber idnumber = new IdentificationNumber(); + + if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) { + idnumber.setValue(Constants.PREFIX_STORK + "AT" + "+" + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); + } else { + idnumber.setValue(Constants.PREFIX_WPBK + getIdentificationType() + "+" + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); + } + + authoa.setIdentificationNumber(idnumber); + + } else { + dbOA.setType(null); + + if (authUser.isAdmin()) { + if (MiscUtil.isNotEmpty(getTarget_admin()) && isAdminTarget()) { + dbOA.setTarget(getTarget_admin()); + dbOA.setTargetFriendlyName(getTargetFriendlyName()); + + } else { + + String target = getTarget(); + + if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet) + dbOA.setTarget(target + "-" + getTarget_subsector()); + else + dbOA.setTarget(target); + + String targetname = TargetValidator.getTargetFriendlyName(target); + if (MiscUtil.isNotEmpty(targetname)) dbOA.setTargetFriendlyName(targetname); + + } + + } else { + + if (MiscUtil.isNotEmpty(getTarget())) { + + String target = getTarget(); + + if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet) + dbOA.setTarget(target + "-" + getTarget_subsector()); + + else + dbOA.setTarget(target); + + String targetname = TargetValidator.getTargetFriendlyName(target); + if (MiscUtil.isNotEmpty(targetname)) dbOA.setTargetFriendlyName(targetname); + + } + } + } + return null; + } + + /** + * @return + */ + private boolean isBusinessService(OnlineApplication dbOA) { + if (dbOA.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) + return true; + else + return false; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OATargetConfigValidation().validate(this, authUser.isAdmin(), general, request); + } + + public String getTarget() { + return target; + } + + public void setTarget(String target) { + this.target = target; + } + + public String getTargetFriendlyName() { + return targetFriendlyName; + } + + public void setTargetFriendlyName(String targetFriendlyName) { + this.targetFriendlyName = targetFriendlyName; + } + + public String getIdentificationNumber() { + return identificationNumber; + } + + public void setIdentificationNumber(String identificationNumber) { + this.identificationNumber = identificationNumber; + } + + public String getIdentificationType() { + return identificationType; + } + + public void setIdentificationType(String identificationType) { + this.identificationType = identificationType; + } + + /** + * @return the target_subsector + */ + public String getTarget_subsector() { + return target_subsector; + } + + + /** + * @param target_subsector the target_subsector to set + */ + public void setTarget_subsector(String target_subsector) { + this.target_subsector = target_subsector; + } + + + /** + * @return the target_admin + */ + public String getTarget_admin() { + return target_admin; + } + + + /** + * @param target_admin the target_admin to set + */ + public void setTarget_admin(String target_admin) { + this.target_admin = target_admin; + } + + + /** + * @return the targetList + */ + public List<String> getTargetList() { + return targetList; + } + + + /** + * @return the identificationTypeList + */ + public List<String> getIdentificationTypeList() { + return identificationTypeList; + } + + + /** + * @return the isAdminTarget + */ + public boolean isAdminTarget() { + return isAdminTarget; + } + + + /** + * @param isAdminTarget the isAdminTarget to set + */ + public void setAdminTarget(boolean isAdminTarget) { + this.isAdminTarget = isAdminTarget; + } + + /** + * @return the deaktivededBusinessService + */ + public boolean isDeaktivededBusinessService() { + return deaktivededBusinessService; + } + + + /** + * @param deaktivededBusinessService the deaktivededBusinessService to set + */ + public void setDeaktivededBusinessService(boolean deaktivededBusinessService) { + this.deaktivededBusinessService = deaktivededBusinessService; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/BasicOAActionException.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/BasicOAActionException.java new file mode 100644 index 000000000..0bca3be0d --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/BasicOAActionException.java @@ -0,0 +1,61 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.exception; + +/** + * @author tlenz + * + */ +public class BasicOAActionException extends Exception { + + private String strutsError; + private String strutsReturnValue; + + private static final long serialVersionUID = -7989218660771842780L; + + /** + * + */ + public BasicOAActionException(String strutsError, String strutsReturnValue) { + this.strutsError = strutsError; + this.strutsReturnValue = strutsReturnValue; + } + + /** + * @return the strutsError + */ + public String getStrutsError() { + return strutsError; + } + + /** + * @return the strutsReturnValue + */ + public String getStrutsReturnValue() { + return strutsReturnValue; + } + + + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java index 0d52234bc..190773bf0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java @@ -150,7 +150,7 @@ public class AuthenticationFilter implements Filter{ if (authuser == null) { - authuser = new AuthenticatedUser(0, "Max", "TestUser", null, "maxtestuser", true, true, false, false); + authuser = AuthenticatedUser.generateDefaultUser(); //authuser = new AuthenticatedUser(1, "Max", "TestUser", true, false); httpServletRequest.getSession().setAttribute(Constants.SESSION_AUTH, authuser); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java index d3a9ffcd4..24ee653f3 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java @@ -29,26 +29,53 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.OAListElement; +import at.gv.egovernment.moa.id.configuration.data.OAListElement.ServiceType; public class FormDataHelper { - public static ArrayList<OAListElement> addFormOAs(List<OnlineApplication> dbOAs) { + public static ArrayList<OAListElement> populateFormWithInderfederationIDPs(List<OnlineApplication> dbOAs) { ArrayList<OAListElement> formOAs = new ArrayList<OAListElement>(); for (OnlineApplication dboa : dbOAs) { - OAListElement listoa = new OAListElement(); - listoa.setActive(dboa.isIsActive()); - listoa.setDataBaseID(dboa.getHjid()); - listoa.setOaFriendlyName(dboa.getFriendlyName()); - listoa.setOaIdentifier(dboa.getPublicURLPrefix()); - listoa.setOaType(dboa.getType()); - formOAs.add(listoa); - } + + if (dboa.isIsInterfederationIDP()!= null && dboa.isIsInterfederationIDP()) + formOAs.add(addOAFormListElement(dboa, ServiceType.IDP)); + + else if (dboa.getAuthComponentOA().getOASTORK() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()) + formOAs.add(addOAFormListElement(dboa, ServiceType.VIDP)); + } + return formOAs; + } + + public static ArrayList<OAListElement> populateFormWithOAs(List<OnlineApplication> dbOAs) { + ArrayList<OAListElement> formOAs = new ArrayList<OAListElement>(); + + for (OnlineApplication dboa : dbOAs) { + + if ( !((dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) || + (dboa.getAuthComponentOA().getOASTORK() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()))) { + formOAs.add(addOAFormListElement(dboa, ServiceType.OA)); + } + } return formOAs; } + private static OAListElement addOAFormListElement(OnlineApplication dboa, ServiceType type) { + OAListElement listoa = new OAListElement(type); + listoa.setActive(dboa.isIsActive()); + listoa.setDataBaseID(dboa.getHjid()); + listoa.setOaFriendlyName(dboa.getFriendlyName()); + listoa.setOaIdentifier(dboa.getPublicURLPrefix()); + listoa.setOaType(dboa.getType()); + return listoa; + } + public static ArrayList<AuthenticatedUser> addFormUsers(List<UserDatabase> dbuserlist) { ArrayList<AuthenticatedUser> userlist = new ArrayList<AuthenticatedUser>(); @@ -57,16 +84,9 @@ public class FormDataHelper { boolean ismandate = false; if (dbuser.isIsMandateUser() != null) ismandate = dbuser.isIsMandateUser(); - - - userlist.add(new AuthenticatedUser( - dbuser.getHjid(), - dbuser.getGivenname(), - dbuser.getFamilyname(), - dbuser.getInstitut(), - dbuser.getUsername(), + + userlist.add(new AuthenticatedUser(dbuser, dbuser.isIsActive(), - dbuser.isIsAdmin(), ismandate, false)); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java index 67bd13dd2..9630bc232 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java @@ -54,6 +54,7 @@ public class BasicAction extends ActionSupport implements ServletRequestAware, protected ConfigurationProvider configuration = null; protected AuthenticatedUser authUser = null; protected HttpSession session = null; + protected String formID; protected void populateBasicInformations() throws BasicActionException { try { @@ -101,6 +102,19 @@ public class BasicAction extends ActionSupport implements ServletRequestAware, } + /** + * @return the formID + */ + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + public void setFormID(String formID) { + this.formID = formID; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java new file mode 100644 index 000000000..43954828c --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java @@ -0,0 +1,452 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.struts.action; + +import java.util.ArrayList; +import java.util.Date; +import java.util.LinkedHashMap; +import java.util.List; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData; +import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; +import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.helper.MailHelper; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class BasicOAAction extends BasicAction { + + private static final long serialVersionUID = 5676123696807646246L; + private final Logger log = Logger.getLogger(BasicOAAction.class); + + protected LinkedHashMap<String, IOnlineApplicationData> formList; + protected long oaid = -1; + + private String oaidobj; + private boolean newOA; + private boolean isMetaDataRefreshRequired = false; + + /** + * + */ + public BasicOAAction() { + formList = new LinkedHashMap<String, IOnlineApplicationData>(); + + OAGeneralConfig generalOA = new OAGeneralConfig(); + formList.put(generalOA.getName(), generalOA); + + } + + protected OnlineApplication populateOnlineApplicationFromRequest() throws BasicOAActionException{ + if (!ValidationHelper.validateOAID(oaidobj)) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + + } + oaid = Long.valueOf(oaidobj); + + UserDatabase userdb = null; + OnlineApplication onlineapplication = null; + + if (authUser.isAdmin()) + onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); + + else { + userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + throw new BasicOAActionException( + LanguageHelper.getErrorString("error.editoa.mailverification", request), + Constants.STRUTS_SUCCESS); + + } + + // TODO: change to direct Database operation + List<OnlineApplication> oas = userdb.getOnlineApplication(); + for (OnlineApplication oa : oas) { + if (oa.getHjid() == oaid) { + onlineapplication = oa; + break; + } + } + if (onlineapplication == null) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + } + } + + return onlineapplication; + + } + + protected void populateBasicNewOnlineApplicationInformation() { + session.setAttribute(Constants.SESSION_OAID, null); + + setNewOA(true); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null); + } + + protected OnlineApplication postProcessSaveOnlineApplication(OnlineApplication onlineapplication ) throws BasicOAActionException { + if (onlineapplication == null) { + onlineapplication = new OnlineApplication(); + onlineapplication.setIsNew(true); + onlineapplication.setIsActive(false); + + if (!authUser.isAdmin()) { + onlineapplication.setIsAdminRequired(true); + + } else + isMetaDataRefreshRequired = true; + + } else { + onlineapplication.setIsNew(false); + if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(getGeneralOA().getIdentifier())) { + + onlineapplication.setIsAdminRequired(true); + onlineapplication.setIsActive(false); + log.info("User with ID " + authUser.getUserID() + " change OA-PublicURLPrefix. Reaktivation is required."); + } + + } + + if ((onlineapplication.isIsAdminRequired() == null) + || (authUser.isAdmin() && getGeneralOA().isActive() && onlineapplication.isIsAdminRequired())) { + + onlineapplication.setIsAdminRequired(false); + isMetaDataRefreshRequired = true; + + UserDatabase userdb = null; + if (onlineapplication.getHjid() != null) + userdb = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid()); + + if (userdb != null && !userdb.isIsAdmin()) { + try { + MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(), + userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail()); + } catch (ConfigurationException e) { + log.warn("Sending Mail to User " + userdb.getMail() + " failed", e); + } + } + } + + //save OA configuration + String error = saveOAConfigToDatabase(onlineapplication); + if (MiscUtil.isNotEmpty(error)) { + log.warn("OA configuration can not be stored!"); + addActionError(error); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw new BasicOAActionException(error, Constants.STRUTS_ERROR_VALIDATION); + } + + //set metadata reload flag if reload is required + + if (getPvp2OA() != null && getPvp2OA().getMetaDataURL() != null) { + + try { + if (isMetaDataRefreshRequired + || !getPvp2OA().getMetaDataURL().equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL()) + || getPvp2OA().getFileUpload() != null + || getPvp2OA().isReLoad()) { + + log.debug("Set PVP2 Metadata refresh flag."); + MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); + moaconfig.setPvp2RefreshItem(new Date()); + ConfigurationDBUtils.saveOrUpdate(moaconfig); + + } + } catch (Throwable e) { + log.info("Found no MetadataURL in OA-Databaseconfig!", e); + } + + } + + return onlineapplication; + } + + protected OnlineApplication preProcessSaveOnlineApplication() throws BasicOAActionException { + try { + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + } + } else { + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + + } + session.setAttribute(Constants.SESSION_FORMID, null); + + UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + throw new BasicOAActionException( + LanguageHelper.getErrorString("error.editoa.mailverification", request), + Constants.STRUTS_SUCCESS); + } + + OnlineApplication onlineapplication = null; + + Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); + Long oaid = (long) -1; + + if (oadbid != null) { + try { + oaid = (Long) oadbid; + if (oaid < 0 || oaid > Long.MAX_VALUE) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + } + + } catch (Throwable t) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + } + } + + // valid DBID and check entry + OAGeneralConfig oaGeneralForm = ((OAGeneralConfig)formList.get(new OAGeneralConfig().getName())); + String oaidentifier = oaGeneralForm.getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), + Constants.STRUTS_ERROR_VALIDATION); + + } else { + + if (!ValidationHelper.validateURL(oaidentifier)) { + log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request), + Constants.STRUTS_ERROR_VALIDATION); + + } else { + + if (oaid == -1) { + onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); + setNewOA(true); + if (onlineapplication != null) { + log.info("The OAIdentifier is not unique"); + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request), + Constants.STRUTS_ERROR_VALIDATION); + + } + + } else { + onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); + if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { + + if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) { + log.info("The OAIdentifier is not unique"); + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request), + Constants.STRUTS_ERROR_VALIDATION); + + } + } + } + } + } + + return onlineapplication; + + } catch (BasicOAActionException e) { + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw e; + } + + } + + protected String preProcessDeleteOnlineApplication() throws BasicOAActionException { + try { + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + } + session.setAttribute(Constants.SESSION_FORMID, null); + + UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + throw new BasicOAActionException( + LanguageHelper.getErrorString("error.editoa.mailverification", request), + Constants.STRUTS_SUCCESS); + + } + + String oaidentifier = getGeneralOA().getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), + Constants.STRUTS_ERROR_VALIDATION); + + } else { + if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request), + Constants.STRUTS_ERROR_VALIDATION); + } + } + + return oaidentifier; + + } catch (BasicOAActionException e) { + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw e; + } + } + + private String saveOAConfigToDatabase(OnlineApplication dboa) { + + for (IOnlineApplicationData form : formList.values()) + form.store(dboa, authUser, request); + + try { + if (dboa.isIsNew()) { + ConfigurationDBUtils.save(dboa); + + if (!authUser.isAdmin()) { + UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + + List<OnlineApplication> useroas = user.getOnlineApplication(); + if (useroas == null) useroas = new ArrayList<OnlineApplication>(); + + useroas.add(dboa); + ConfigurationDBUtils.saveOrUpdate(user); + } + } else + ConfigurationDBUtils.saveOrUpdate(dboa); + + } catch (MOADatabaseException e) { + log.warn("Online-Application can not be stored.", e); + return LanguageHelper.getErrorString("error.db.oa.store", request); + } + + return null; + } + + /** + * @param oaidobj the oaidobj to set + */ + public void setOaidobj(String oaidobj) { + this.oaidobj = oaidobj; + } + + /** + * @return the newOA + */ + public boolean isNewOA() { + return newOA; + } + + /** + * @param newOA the newOA to set + */ + public void setNewOA(boolean newOA) { + this.newOA = newOA; + } + + public OAGeneralConfig getGeneralOA() { + return (OAGeneralConfig) formList.get(new OAGeneralConfig().getName()); + } + + public void setGeneralOA(OAGeneralConfig generalOA) { + formList.put(generalOA.getName(), generalOA); + } + + + public OAPVP2Config getPvp2OA() { + return (OAPVP2Config) formList.get(new OAPVP2Config().getName()); + } + + public void setPvp2OA(OAPVP2Config pvp2oa) { + formList.put(pvp2oa.getName(), pvp2oa); + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index a54d6c74a..0a308a354 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -65,6 +65,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; @@ -72,7 +73,6 @@ import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.StringHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.StorkConfigValidator; import at.gv.egovernment.moa.id.util.Random; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index d2a2cfdf7..6d735a85b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -28,147 +28,98 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.*; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.configuration.Constants; -import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; import at.gv.egovernment.moa.id.configuration.data.oa.*; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; +import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; -import at.gv.egovernment.moa.id.configuration.helper.StringHelper; -import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationValitator; -import at.gv.egovernment.moa.id.configuration.validation.TargetValidator; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; -import at.gv.egovernment.moa.id.configuration.validation.oa.*; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; -import com.opensymphony.xwork2.ActionSupport; import iaik.utils.URLDecoder; import org.apache.log4j.Logger; -import org.apache.struts2.interceptor.ServletRequestAware; -import org.apache.struts2.interceptor.ServletResponseAware; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; import java.io.*; -import java.math.BigInteger; -import java.security.cert.CertificateException; import java.util.*; -public class EditOAAction extends BasicAction { +public class EditOAAction extends BasicOAAction { private final Logger log = Logger.getLogger(EditOAAction.class); private static final long serialVersionUID = 1L; - - private String oaidobj; - private boolean newOA; - private String formID; - - private boolean onlyBusinessService = false; - private boolean subTargetSet = false; - private boolean deaktivededBusinessService = false; - private boolean isMetaDataRefreshRequired = false; - + private String nextPage; - - private OAGeneralConfig generalOA = new OAGeneralConfig(); - private OAPVP2Config pvp2OA = new OAPVP2Config(); - private OASAML1Config saml1OA = new OASAML1Config(); - private OASSOConfig ssoOA = new OASSOConfig(); - private OAOAuth20Config oauth20OA = new OAOAuth20Config(); - private OASTORKConfig storkOA = new OASTORKConfig(); - private FormularCustomization formOA = new FormularCustomization(); - private InputStream stream; - - private Map<String, byte[]> sendAssertionForm = new HashMap<String, byte[]>(); - private Map<String, byte[]> bkuSelectionForm = new HashMap<String, byte[]>(); + + public EditOAAction() { + super(); + + OATargetConfiguration oaTarget = new OATargetConfiguration(); + formList.put(oaTarget.getName(), oaTarget); + + OAAuthenticationData authOA = new OAAuthenticationData(); + formList.put(authOA.getName(), authOA); + + OASSOConfig ssoOA = new OASSOConfig(); + formList.put(ssoOA.getName(), ssoOA); + + OASAML1Config saml1OA = new OASAML1Config(); + formList.put(saml1OA.getName(), saml1OA); + + OAPVP2Config pvp2OA = new OAPVP2Config(); + formList.put(pvp2OA.getName(), pvp2OA); + + OAOAuth20Config oauth20OA = new OAOAuth20Config(); + formList.put(oauth20OA.getName(), oauth20OA); + + OASTORKConfig storkOA = new OASTORKConfig(); + formList.put(storkOA.getName(), storkOA); + + Map<String, String> map = new HashMap<String, String>(); + map.putAll(FormBuildUtils.getDefaultMap()); + FormularCustomization formOA = new FormularCustomization(map); + formList.put(formOA.getName(), formOA); + + } + // STRUTS actions public String inital() { try { populateBasicInformations(); + + OnlineApplication onlineapplication = populateOnlineApplicationFromRequest(); + List<String> errors = new ArrayList<String>(); + for (IOnlineApplicationData form : formList.values()) { + List<String> error = form.parse(onlineapplication, authUser, request); + if (error != null) + errors.addAll(error); + } + if (errors.size() > 0) { + for (String el : errors) + addActionError(el); + } + + setNewOA(false); + + ConfigurationDBUtils.closeSession(); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_OAID, oaid); + + return Constants.STRUTS_OA_EDIT; + } catch (BasicActionException e) { return Constants.STRUTS_ERROR; + } catch (BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); } - - long oaid = -1; - - if (!ValidationHelper.validateOAID(oaidobj)) { - addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); - return Constants.STRUTS_ERROR; - } - oaid = Long.valueOf(oaidobj); - - UserDatabase userdb = null; - OnlineApplication onlineapplication = null; - - if (authUser.isAdmin()) - onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); - - else { - userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString("error.editoa.mailverification", request)); - return Constants.STRUTS_SUCCESS; - } - - // TODO: change to direct Database operation - List<OnlineApplication> oas = userdb.getOnlineApplication(); - for (OnlineApplication oa : oas) { - if (oa.getHjid() == oaid) { - onlineapplication = oa; - break; - } - } - if (onlineapplication == null) { - addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); - return Constants.STRUTS_ERROR; - } - } - - generalOA.parse(onlineapplication); - ssoOA.parse(onlineapplication); - saml1OA.parse(onlineapplication); - oauth20OA.parse(onlineapplication, request); - session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret()); - - storkOA.parse(onlineapplication); - - Map<String, String> map = new HashMap<String, String>(); - map.putAll(FormBuildUtils.getDefaultMap()); - formOA.parse(onlineapplication, map); - - session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, map); - - List<String> errors = pvp2OA.parse(onlineapplication, request); - - if (errors.size() > 0) { - for (String el : errors) - addActionError(el); - } - - subTargetSet = MiscUtil.isNotEmpty(generalOA.getTarget_subsector()); - - // set UserSpezific OA Parameters - if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); - - ConfigurationDBUtils.closeSession(); - session.setAttribute(Constants.SESSION_OAID, oaid); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - newOA = false; - - return Constants.STRUTS_OA_EDIT; } public String newOA() { @@ -177,14 +128,19 @@ public class EditOAAction extends BasicAction { try { populateBasicInformations(); + populateBasicNewOnlineApplicationInformation(); + + // prepare attribute helper list + ArrayList<AttributeHelper> attributes = new ArrayList<AttributeHelper>(); + for(StorkAttribute current : ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getAttributes()) + attributes.add(new AttributeHelper(current)); + getStorkOA().setHelperAttributes(attributes); + } catch (BasicActionException e) { return Constants.STRUTS_ERROR; } - - session.setAttribute(Constants.SESSION_OAID, null); - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - + UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { @@ -193,183 +149,45 @@ public class EditOAAction extends BasicAction { return Constants.STRUTS_SUCCESS; } - MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); - if (moaidconfig != null) { - DefaultBKUs defaultbkus = moaidconfig.getDefaultBKUs(); - if (defaultbkus != null) { - generalOA.setBkuHandyURL(defaultbkus.getHandyBKU()); - generalOA.setBkuLocalURL(defaultbkus.getLocalBKU()); - generalOA.setBkuOnlineURL(defaultbkus.getOnlineBKU()); - } - } - - // set UserSpezific OA Parameters - if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); - ConfigurationDBUtils.closeSession(); - - //VIDP attribute provider configuration - storkOA = new OASTORKConfig(); - storkOA.getAttributeProviderPlugins().add(new AttributeProviderPlugin()); + session.setAttribute(Constants.SESSION_OAUTH20SECRET, ((OAOAuth20Config)formList.get(new OAOAuth20Config().getName())).getClientSecret()); + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - newOA = true; - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null); - - this.oauth20OA.generateClientSecret(); - session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret()); - return Constants.STRUTS_OA_EDIT; } public String saveOA() { + + OnlineApplication onlineapplication= null; + try { populateBasicInformations(); + onlineapplication = preProcessSaveOnlineApplication(); + } catch (BasicActionException e) { return Constants.STRUTS_ERROR; + } catch (BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + } - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString("error.editoa.mailverification", request)); - return Constants.STRUTS_SUCCESS; - } - - OnlineApplication onlineapplication = null; List<String> errors = new ArrayList<String>(); - - Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); - Long oaid = (long) -1; - - if (oadbid != null) { - try { - oaid = (Long) oadbid; - if (oaid < 0 || oaid > Long.MAX_VALUE) { - addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); - return Constants.STRUTS_ERROR; - } - - } catch (Throwable t) { - addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); - return Constants.STRUTS_ERROR; - } - } - - // valid DBID and check entry - String oaidentifier = generalOA.getIdentifier(); - if (MiscUtil.isEmpty(oaidentifier)) { - log.info("Empty OA identifier"); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request)); - - } else { - - if (!ValidationHelper.validateURL(oaidentifier)) { - log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request)); - } else { - - if (oaid == -1) { - onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); - newOA = true; - if (onlineapplication != null) { - log.info("The OAIdentifier is not unique"); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request)); - } - - } else { - onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); - if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { - - if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) { - log.info("The OAIdentifier is not unique"); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request)); - } - } - } - } - } - - // set UserSpezific OA Parameters - if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); - - // check form - OAGeneralConfigValidation validatior_general = new OAGeneralConfigValidation(); - OAPVP2ConfigValidation validatior_pvp2 = new OAPVP2ConfigValidation(); - OASAML1ConfigValidation validatior_saml1 = new OASAML1ConfigValidation(); - OASSOConfigValidation validatior_sso = new OASSOConfigValidation(); - OASTORKConfigValidation validator_stork = new OASTORKConfigValidation(); - FormularCustomizationValitator validator_form = new FormularCustomizationValitator(); - OAOAUTH20ConfigValidation validatior_oauth20 = new OAOAUTH20ConfigValidation(); - OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); - - errors.addAll(validatior_general.validate(generalOA, authUser.isAdmin(), request)); - errors.addAll(validatior_pvp2.validate(pvp2OA, request)); - errors.addAll(validatior_saml1.validate(saml1OA, generalOA, request)); - errors.addAll(validatior_sso.validate(ssoOA, authUser.isAdmin(), request)); - errors.addAll(validator_stork.validate(storkOA, request)); - errors.addAll(validator_form.validate(formOA, request)); - errors.addAll(validatior_oauth20.validate(oauth20OA, request)); - - //validate BKU-selection template - List<String> templateError = valiator_fileUpload.validate(generalOA.getBkuSelectionFileUploadFileName() - , generalOA.getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm, request); - if (templateError != null && templateError.size() == 0) { - if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) - session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm); - - else - bkuSelectionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); - - } else { - errors.addAll(templateError); - - } - - //validate send-assertion template - templateError = valiator_fileUpload.validate(generalOA.getSendAssertionFileUploadFileName() - , generalOA.getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm, request); - if (templateError != null && templateError.size() == 0) { - if (sendAssertionForm != null && sendAssertionForm.size() > 0) - session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm); - - else - sendAssertionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); - - } else { - errors.addAll(templateError); - - } - + + //validate forms + for (IOnlineApplicationData form : formList.values()) + errors.addAll(form.validate(getGeneralOA(), authUser, request)); // Do not allow SSO in combination with special BKUSelection features - if (ssoOA.isUseSSO() && (formOA.isOnlyMandateAllowed() || !formOA.isShowMandateLoginButton())) { + if (getSsoOA().isUseSSO() && (getFormOA().isOnlyMandateAllowed() || !getFormOA().isShowMandateLoginButton())) { log.warn("Special BKUSelection features can not be used in combination with SSO"); errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.valid", request)); } if (errors.size() > 0) { - log.info("OAConfiguration with ID " + generalOA.getIdentifier() + " has some errors."); + log.info("OAConfiguration with ID " + getGeneralOA().getIdentifier() + " has some errors."); for (String el : errors) addActionError(el); @@ -378,80 +196,14 @@ public class EditOAAction extends BasicAction { return Constants.STRUTS_ERROR_VALIDATION; } else { - - boolean newentry = false; - - if (onlineapplication == null) { - onlineapplication = new OnlineApplication(); - newentry = true; - onlineapplication.setIsActive(false); - - if (!authUser.isAdmin()) { - onlineapplication.setIsAdminRequired(true); - - } else - isMetaDataRefreshRequired = true; - - } else { - if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(generalOA.getIdentifier())) { - - onlineapplication.setIsAdminRequired(true); - onlineapplication.setIsActive(false); - log.info("User with ID " + authUser.getUserID() + " change OA-PublicURLPrefix. Reaktivation is required."); - } - - } - - if ((onlineapplication.isIsAdminRequired() == null) - || (authUser.isAdmin() && generalOA.isActive() && onlineapplication.isIsAdminRequired())) { - - onlineapplication.setIsAdminRequired(false); - isMetaDataRefreshRequired = true; - - if (onlineapplication.getHjid() != null) - userdb = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid()); - - if (userdb != null && !userdb.isIsAdmin()) { - try { - MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(), - userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail()); - } catch (ConfigurationException e) { - log.warn("Sending Mail to User " + userdb.getMail() + " failed", e); - } - } - } - - //save OA configuration - String error = saveOAConfigToDatabase(onlineapplication, newentry); - if (MiscUtil.isNotEmpty(error)) { - log.warn("OA configuration can not be stored!"); - addActionError(error); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - } - - //set metadata reload flag if reload is required - if (pvp2OA.getMetaDataURL() != null) { - - try { - if (isMetaDataRefreshRequired - || !pvp2OA.getMetaDataURL().equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL()) - || pvp2OA.getFileUpload() != null - || pvp2OA.isReLoad()) { - - log.debug("Set PVP2 Metadata refresh flag."); - MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); - moaconfig.setPvp2RefreshItem(new Date()); - ConfigurationDBUtils.saveOrUpdate(moaconfig); - - } - } catch (Throwable e) { - log.info("Found no MetadataURL in OA-Databaseconfig!", e); - } - - } + try { + onlineapplication = postProcessSaveOnlineApplication(onlineapplication); + + } catch (BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + } + } Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); @@ -474,7 +226,7 @@ public class EditOAAction extends BasicAction { if (openUsers != null) numusers = openUsers.size(); try { - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success.admin", generalOA.getIdentifier(), request)); + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success.admin", getGeneralOA().getIdentifier(), request)); if (numusers > 0 || numoas > 0) MailHelper.sendAdminMail(numoas, numusers); @@ -483,7 +235,7 @@ public class EditOAAction extends BasicAction { } } else - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request)); + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", getGeneralOA().getIdentifier(), request)); //remove session attributes session.setAttribute(Constants.SESSION_OAID, null); @@ -514,7 +266,7 @@ public class EditOAAction extends BasicAction { session.setAttribute(Constants.SESSION_OAID, null); - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.cancle", generalOA.getIdentifier(), request)); + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.cancle", getGeneralOA().getIdentifier(), request)); ConfigurationDBUtils.closeSession(); @@ -522,65 +274,30 @@ public class EditOAAction extends BasicAction { } public String deleteOA() { + String oaidentifier = null; try { populateBasicInformations(); + + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + oaidentifier = preProcessDeleteOnlineApplication(); + } catch (BasicActionException e) { return Constants.STRUTS_ERROR; + } catch (BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + } - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String) { - nextPage = (String) nextPageAttr; - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - } - - UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString("error.editoa.mailverification", request)); - return Constants.STRUTS_SUCCESS; - } - - String oaidentifier = generalOA.getIdentifier(); - if (MiscUtil.isEmpty(oaidentifier)) { - log.info("Empty OA identifier"); - addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } else { - if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); - addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - } - } - OnlineApplication onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); request.getSession().setAttribute(Constants.SESSION_OAID, null); @@ -620,13 +337,13 @@ public class EditOAAction extends BasicAction { ConfigurationDBUtils.closeSession(); - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", generalOA.getIdentifier(), request)); + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", oaidentifier, request)); return Constants.STRUTS_SUCCESS; } else { ConfigurationDBUtils.closeSession(); - addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", generalOA.getIdentifier(), request)); + addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", oaidentifier, request)); return Constants.STRUTS_SUCCESS; } @@ -711,490 +428,37 @@ public class EditOAAction extends BasicAction { return Constants.STRUTS_SUCCESS; } - - private String saveOAConfigToDatabase(OnlineApplication dboa, boolean newentry) { - - AuthComponentOA authoa = dboa.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dboa.setAuthComponentOA(authoa); - } - - if (authUser.isAdmin()) dboa.setIsActive(generalOA.isActive()); - - dboa.setFriendlyName(generalOA.getFriendlyName()); - dboa.setCalculateHPI(generalOA.isCalculateHPI()); - dboa.setRemoveBPKFromAuthBlock(generalOA.isHideBPKAuthBlock()); - - if (authUser.isAdmin()) - dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier())); - else { - if (newentry) dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR); - } - - dboa.setPublicURLPrefix(generalOA.getIdentifier()); - - if (generalOA.isBusinessService() || onlyBusinessService) { - - dboa.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); - - String num = generalOA.getIdentificationNumber().replaceAll(" ", ""); - if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { - num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); - - num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); - - // num = StringUtils.leftPad(num, 7, '0'); - } - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) - num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) - num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); - - IdentificationNumber idnumber = new IdentificationNumber(); - - if (generalOA.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) { - idnumber.setValue(Constants.PREFIX_STORK + "AT" + "+" + num); - idnumber.setType(Constants.BUSINESSSERVICENAMES.get(generalOA.getIdentificationType())); - } else { - idnumber.setValue(Constants.PREFIX_WPBK + generalOA.getIdentificationType() + "+" + num); - idnumber.setType(Constants.BUSINESSSERVICENAMES.get(generalOA.getIdentificationType())); - } - - - authoa.setIdentificationNumber(idnumber); - - } else { - dboa.setType(null); - - if (authUser.isAdmin()) { - if (MiscUtil.isNotEmpty(generalOA.getTarget_admin()) && generalOA.isAdminTarget()) { - dboa.setTarget(generalOA.getTarget_admin()); - dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName()); - - } else { - - String target = generalOA.getTarget(); - - if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()) && subTargetSet) - dboa.setTarget(target + "-" + generalOA.getTarget_subsector()); - else - dboa.setTarget(target); - - String targetname = TargetValidator.getTargetFriendlyName(target); - if (MiscUtil.isNotEmpty(targetname)) dboa.setTargetFriendlyName(targetname); - - } - - } else { - - if (MiscUtil.isNotEmpty(generalOA.getTarget())) { - - String target = generalOA.getTarget(); - - if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()) && subTargetSet) - dboa.setTarget(target + "-" + generalOA.getTarget_subsector()); - - else - dboa.setTarget(target); - - String targetname = TargetValidator.getTargetFriendlyName(target); - if (MiscUtil.isNotEmpty(targetname)) dboa.setTargetFriendlyName(targetname); - - } - } - } - - //store BKU-URLs - BKUURLS bkuruls = new BKUURLS(); - authoa.setBKUURLS(bkuruls); - if (authUser.isAdmin()) { - bkuruls.setHandyBKU(generalOA.getBkuHandyURL()); - bkuruls.setLocalBKU(generalOA.getBkuLocalURL()); - bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL()); - } - - TemplatesType templates = authoa.getTemplates(); - if (templates == null) { - templates = new TemplatesType(); - authoa.setTemplates(templates); - } - - //store BKU-selection and send-assertion templates - if (authUser.isAdmin()) { - - if (generalOA.isDeleteBKUTemplate()) - templates.setBKUSelectionTemplate(null); - - if (generalOA.isDeleteSendAssertionTemplate()) - templates.setSendAssertionTemplate(null); - - - if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) { - TransformsInfoType template = new TransformsInfoType(); - - Iterator<String> interator = bkuSelectionForm.keySet().iterator(); - template.setFilename(interator.next()); - template.setTransformation(bkuSelectionForm.get( - template.getFilename())); - - templates.setBKUSelectionTemplate(template); - } - - if (sendAssertionForm != null && sendAssertionForm.size() > 0) { - TransformsInfoType template = new TransformsInfoType(); - - Iterator<String> interator = sendAssertionForm.keySet().iterator(); - template.setFilename(interator.next()); - template.setTransformation(sendAssertionForm.get( - template.getFilename())); - - templates.setSendAssertionTemplate(template); - } - } - - - //store BKU-selection customization - BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization(); - if (bkuselectioncustom == null) { - bkuselectioncustom = new BKUSelectionCustomizationType(); - templates.setBKUSelectionCustomization(bkuselectioncustom); - } - - Mandates mandates = new Mandates(); - if (generalOA.isUseMandates()) { - if (MiscUtil.isNotEmpty(generalOA.getMandateProfiles())) { - List<MandatesProfileNameItem> profileList = new ArrayList<MandatesProfileNameItem>(); - String[] inputList = generalOA.getMandateProfiles().split(","); - for (int i=0; i<inputList.length; i++) { - - MandatesProfileNameItem item = new MandatesProfileNameItem(); - item.setItem(inputList[i]); - profileList.add(item); - } - mandates.setProfileNameItems(profileList ); - mandates.setProfiles(null); - } - - - } else { - mandates.setProfiles(null); - mandates.setProfileNameItems(null); - } - - authoa.setMandates(mandates); - bkuselectioncustom.setMandateLoginButton(MiscUtil.isNotEmpty(generalOA.getMandateProfiles())); - bkuselectioncustom.setOnlyMandateLoginAllowed(formOA.isOnlyMandateAllowed()); - - if (authUser.isAdmin()) { - templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText()); - - List<TemplateType> template = templates.getTemplate(); - if (generalOA.isLegacy()) { - - if (template == null) - template = new ArrayList<TemplateType>(); - else - template.clear(); - - if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL1())) { - TemplateType el = new TemplateType(); - el.setURL(generalOA.getSLTemplateURL1()); - template.add(el); - } else - template.add(new TemplateType()); - if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL2())) { - TemplateType el = new TemplateType(); - el.setURL(generalOA.getSLTemplateURL2()); - template.add(el); - } else - template.add(new TemplateType()); - if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL3())) { - TemplateType el = new TemplateType(); - el.setURL(generalOA.getSLTemplateURL3()); - template.add(el); - } else - template.add(new TemplateType()); - - } else { - if (template != null && template.size() > 0) template.clear(); - } - - bkuselectioncustom.setBackGroundColor(parseColor(formOA.getBackGroundColor())); - bkuselectioncustom.setFrontColor(parseColor(formOA.getFrontColor())); - - bkuselectioncustom.setHeaderBackGroundColor(parseColor(formOA.getHeader_BackGroundColor())); - bkuselectioncustom.setHeaderFrontColor(parseColor(formOA.getHeader_FrontColor())); - bkuselectioncustom.setHeaderText(formOA.getHeader_text()); - - bkuselectioncustom.setButtonBackGroundColor(parseColor(formOA.getButton_BackGroundColor())); - bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(formOA.getButton_BackGroundColorFocus())); - bkuselectioncustom.setButtonFontColor(parseColor(formOA.getButton_FrontColor())); - - if (MiscUtil.isNotEmpty(formOA.getAppletRedirectTarget())) - bkuselectioncustom.setAppletRedirectTarget(formOA.getAppletRedirectTarget()); - - bkuselectioncustom.setFontType(formOA.getFontType()); - - bkuselectioncustom.setAppletHeight(formOA.getApplet_height()); - bkuselectioncustom.setAppletWidth(formOA.getApplet_width()); - - } - - // set default transformation if it is empty - List<TransformsInfoType> transformsInfo = authoa.getTransformsInfo(); - if (transformsInfo == null) { - // TODO: set OA specific transformation if it is required - - } - - OAPVP2 pvp2 = authoa.getOAPVP2(); - if (pvp2 == null) { - pvp2 = new OAPVP2(); - authoa.setOAPVP2(pvp2); - } - - try { - - if (pvp2OA.getFileUpload() != null) { - pvp2.setCertificate(pvp2OA.getCertificate()); - pvp2OA.setReLoad(true); - } - - } catch (CertificateException e) { - log.info("Uploaded Certificate can not be found", e); - return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request); - } catch (IOException e) { - log.info("Uploaded Certificate can not be parsed", e); - return LanguageHelper.getErrorString("validation.pvp2.certificate.format", request); - } - - if (pvp2OA.getMetaDataURL() != null && - !pvp2OA.getMetaDataURL().equals(pvp2.getMetadataURL())) - pvp2OA.setReLoad(true); - pvp2.setMetadataURL(pvp2OA.getMetaDataURL()); - - if (pvp2OA.isReLoad()) - pvp2.setUpdateRequiredItem(new Date()); - - OASAML1 saml1 = authoa.getOASAML1(); - if (saml1 == null) { - saml1 = new OASAML1(); - authoa.setOASAML1(saml1); - saml1.setIsActive(false); - } - - if (authUser.isAdmin()) { - saml1.setIsActive(saml1OA.isActive()); - } - - if (saml1.isIsActive() != null && saml1.isIsActive()) { - saml1.setProvideAUTHBlock(saml1OA.isProvideAuthBlock()); - saml1.setProvideCertificate(saml1OA.isProvideCertificate()); - saml1.setProvideFullMandatorData(saml1OA.isProvideFullMandateData()); - saml1.setProvideIdentityLink(saml1OA.isProvideIdentityLink()); - saml1.setProvideStammzahl(saml1OA.isProvideStammZahl()); - saml1.setUseCondition(saml1OA.isUseCondition()); - saml1.setConditionLength(BigInteger.valueOf(saml1OA.getConditionLength())); - // TODO: set sourceID - // saml1.setSourceID(""); - } - - OASSO sso = authoa.getOASSO(); - if (sso == null) { - sso = new OASSO(); - authoa.setOASSO(sso); - sso.setAuthDataFrame(true); - } - sso.setUseSSO(ssoOA.isUseSSO()); - - if (authUser.isAdmin()) sso.setAuthDataFrame(ssoOA.isShowAuthDataFrame()); - - sso.setSingleLogOutURL(ssoOA.getSingleLogOutURL()); - - if (oauth20OA != null) { - log.debug("Saving OAuth 2.0 configuration:"); - OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20(); - if (oaOAuth20 == null) { - oaOAuth20 = new OAOAUTH20(); - authoa.setOAOAUTH20(oaOAuth20); - } - - oaOAuth20.setOAuthClientId(generalOA.getIdentifier()); - // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret()); - oaOAuth20.setOAuthRedirectUri(oauth20OA.getRedirectUri()); - log.debug("client id: " + oauth20OA.getClientId()); - log.debug("client secret: " + oauth20OA.getClientSecret()); - log.debug("redirect uri:" + oauth20OA.getRedirectUri()); - - oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute(Constants.SESSION_OAUTH20SECRET)); - request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null); - - } - - - // fetch stork configuration from database model - OASTORK stork = authoa.getOASTORK(); - if (stork == null) { - // if there is none, create a new one with default values. - stork = new OASTORK(); - authoa.setOASTORK(stork); - stork.setStorkLogonEnabled(false); - } - // transfer the incoming data to the database model - stork.setStorkLogonEnabled(storkOA.isStorkLogonEnabled()); - stork.setQaa(storkOA.getQaa()); - stork.setOAAttributes(storkOA.getAttributes()); - stork.setVidpEnabled(storkOA.isVidpEnabled()); - stork.setRequireConsent(storkOA.isRequireConsent()); - stork.setAttributeProviders(storkOA.getAttributeProviderPlugins()); - stork.setCPEPS(storkOA.getEnabledCPEPS()); - - try { - if (newentry) { - ConfigurationDBUtils.save(dboa); - - if (!authUser.isAdmin()) { - UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - - List<OnlineApplication> useroas = user.getOnlineApplication(); - if (useroas == null) useroas = new ArrayList<OnlineApplication>(); - - useroas.add(dboa); - ConfigurationDBUtils.saveOrUpdate(user); - } - } else - ConfigurationDBUtils.saveOrUpdate(dboa); - - } catch (MOADatabaseException e) { - log.warn("Online-Application can not be stored.", e); - return LanguageHelper.getErrorString("error.db.oa.store", request); - } - - return null; + + public OAAuthenticationData getAuthOA() { + return (OAAuthenticationData) formList.get(new OAAuthenticationData().getName()); } - private String parseColor(String color) { - String value = ""; - - if (MiscUtil.isNotEmpty(color)) { - if (!color.startsWith("#")) - value = "#" + color; - else - value = color; - } - return value; - } - - private void generateUserSpecificConfigurationOptions(UserDatabase userdb) { - - if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { - String bpk = userdb.getBpk(); - if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN) || bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_ZVR) || bpk.startsWith(Constants.IDENIFICATIONTYPE_STORK)) { - onlyBusinessService = true; - generalOA.setBusinessService(true); - } - - deaktivededBusinessService = true; - - String[] split = bpk.split("\\+"); - generalOA.setIdentificationType(split[1].substring(1)); - - if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN)) - generalOA.setIdentificationNumber(at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(split[2])); - else - generalOA.setIdentificationNumber(split[2]); - - } - - } - - public String setGeneralOAConfig() { - - return Constants.STRUTS_SUCCESS; - } - - public String setSAML1OAConfig() { - - return Constants.STRUTS_SUCCESS; - } - - public String setPVP2OAConfig() { - - return Constants.STRUTS_SUCCESS; - } - - public String setSSOOAConfig() { - - return Constants.STRUTS_SUCCESS; - } - - public String setSTORKOAConfig() { - - return Constants.STRUTS_SUCCESS; - } - - public OAGeneralConfig getGeneralOA() { - return generalOA; - } - - public void setGeneralOA(OAGeneralConfig generalOA) { - this.generalOA = generalOA; - } - - public OAPVP2Config getPvp2OA() { - return pvp2OA; - } - - public void setPvp2OA(OAPVP2Config pvp2oa) { - pvp2OA = pvp2oa; + public void setAuthOA(OAAuthenticationData generalOA) { + formList.put(generalOA.getName(), generalOA); } public OASAML1Config getSaml1OA() { - return saml1OA; + return (OASAML1Config) formList.get(new OASAML1Config().getName()); } public void setSaml1OA(OASAML1Config saml1oa) { - saml1OA = saml1oa; + formList.put(saml1oa.getName(), saml1oa); } public OASSOConfig getSsoOA() { - return ssoOA; + return (OASSOConfig) formList.get(new OASSOConfig().getName()); } public void setSsoOA(OASSOConfig ssoOA) { - this.ssoOA = ssoOA; + formList.put(ssoOA.getName(), ssoOA); } public OASTORKConfig getStorkOA() { - return storkOA; + return (OASTORKConfig) formList.get(new OASTORKConfig().getName()); } public void setStorkOA(OASTORKConfig storkOA) { - this.storkOA = storkOA; - } - - /** - * @param oaidobj the oaidobj to set - */ - public void setOaidobj(String oaidobj) { - this.oaidobj = oaidobj; - } - - /** - * @return the newOA - */ - public boolean isNewOA() { - return newOA; - } - - /** - * @param newOA the newOA to set - */ - public void setNewOA(boolean newOA) { - this.newOA = newOA; + formList.put(storkOA.getName(), storkOA); } /** @@ -1205,75 +469,17 @@ public class EditOAAction extends BasicAction { } /** - * @return the formID - */ - public String getFormID() { - return formID; - } - - /** - * @param formID the formID to set - */ - public void setFormID(String formID) { - this.formID = formID; - } - - /** - * @return the onlyBusinessService - */ - public boolean isOnlyBusinessService() { - return onlyBusinessService; - } - - /** - * @param onlyBusinessService the onlyBusinessService to set - */ - public void setOnlyBusinessService(boolean onlyBusinessService) { - this.onlyBusinessService = onlyBusinessService; - } - - - /** - * @return the subTargetSet - */ - public boolean isSubTargetSet() { - return subTargetSet; - } - - /** - * @param subTargetSet the subTargetSet to set - */ - public void setSubTargetSet(boolean subTargetSet) { - this.subTargetSet = subTargetSet; - } - - /** - * @return the deaktivededBusinessService - */ - public boolean isDeaktivededBusinessService() { - return deaktivededBusinessService; - } - - - /** - * @param deaktivededBusinessService the deaktivededBusinessService to set - */ - public void setDeaktivededBusinessService(boolean deaktivededBusinessService) { - this.deaktivededBusinessService = deaktivededBusinessService; - } - - /** * @return the formOA */ public FormularCustomization getFormOA() { - return formOA; + return (FormularCustomization) formList.get(new FormularCustomization(null).getName()); } /** * @param formOA the formOA to set */ public void setFormOA(FormularCustomization formOA) { - this.formOA = formOA; + formList.put(formOA.getName(), formOA); } /** @@ -1284,11 +490,25 @@ public class EditOAAction extends BasicAction { } public OAOAuth20Config getOauth20OA() { - return oauth20OA; + return (OAOAuth20Config) formList.get(new OAOAuth20Config().getName()); } public void setOauth20OA(OAOAuth20Config oauth20OA) { - this.oauth20OA = oauth20OA; + formList.put(oauth20OA.getName(), oauth20OA); + } + + /** + * @return the formOA + */ + public OATargetConfiguration getTargetConfig() { + return (OATargetConfiguration) formList.get(new OATargetConfiguration().getName()); + } + + /** + * @param formOA the formOA to set + */ + public void setTargetConfig(OATargetConfiguration formOA) { + formList.put(formOA.getName(), formOA); } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java index d04592aa3..e019b70bb 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java @@ -77,13 +77,12 @@ import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine; -import com.opensymphony.xwork2.ActionSupport; - import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; @@ -94,7 +93,6 @@ import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; @@ -215,14 +213,8 @@ public class IndexAction extends BasicAction { if (dbuser.isIsMandateUser() != null) ismandateuser = dbuser.isIsMandateUser(); - AuthenticatedUser authuser = new AuthenticatedUser( - dbuser.getHjid(), - dbuser.getGivenname(), - dbuser.getFamilyname(), - dbuser.getInstitut(), - dbuser.getUsername(), + AuthenticatedUser authuser = new AuthenticatedUser(dbuser, true, - dbuser.isIsAdmin(), ismandateuser, false); @@ -424,16 +416,7 @@ public class IndexAction extends BasicAction { user.setIsusernamepasswordallowed(false); user.setIsmandateuser(false); user.setPVPGenerated(true); - - authUser = new AuthenticatedUser(); - authUser.setAdmin(false); - authUser.setAuthenticated(false); - authUser.setLastLogin(null); - authUser.setUserID(-1); - authUser.setUserName(null); - authUser.setPVP2Login(true); - authUser.setMandateUser(false); - + //loop through the nodes to get what we want List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements(); for (int i = 0; i < attributeStatements.size(); i++) @@ -445,26 +428,24 @@ public class IndexAction extends BasicAction { if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) { user.setFamilyName(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent()); - authUser.setFamilyName(user.getFamilyName()); } if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) { user.setGivenName(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent()); - authUser.setGivenName(user.getGivenName()); } if (strAttributeName.equals(PVPConstants.MANDATE_TYPE_NAME)) { - authUser.setMandateUser(true); user.setIsmandateuser(true); } if (strAttributeName.equals(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)) { user.setInstitut(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent()); - authUser.setInstitute(user.getInstitut()); } } } + authUser = AuthenticatedUser.generateUserRequestUser(user); + //set Random value formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); @@ -484,14 +465,8 @@ public class IndexAction extends BasicAction { session.setAttribute(Constants.SESSION_FORMID, formID); user = new UserDatabaseFrom(dbuser); - authUser = new AuthenticatedUser( - dbuser.getHjid(), - dbuser.getGivenname(), - dbuser.getFamilyname(), - dbuser.getInstitut(), - dbuser.getUsername(), + authUser = new AuthenticatedUser(dbuser, false, - false, dbuser.isIsMandateUser(), true); session.setAttribute(Constants.SESSION_FORM, user); @@ -511,14 +486,7 @@ public class IndexAction extends BasicAction { if (dbuser.isIsMandateUser() != null) ismandateuser = dbuser.isIsMandateUser(); - authUser = new AuthenticatedUser( - dbuser.getHjid(), - dbuser.getGivenname(), - dbuser.getFamilyname(), - dbuser.getInstitut(), - dbuser.getUsername(), - true, - dbuser.isIsAdmin(), + authUser = new AuthenticatedUser(dbuser, true, ismandateuser, true); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java new file mode 100644 index 000000000..7a05d6497 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java @@ -0,0 +1,441 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.struts.action; + +import java.util.ArrayList; +import java.util.Date; +import java.util.List; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; +import at.gv.egovernment.moa.id.configuration.data.OAListElement; +import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData; +import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData; +import at.gv.egovernment.moa.id.configuration.data.oa.OAMOAIDPInterfederationConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OAOAuth20Config; +import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration; +import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; +import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; +import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class InterfederationIDPAction extends BasicOAAction { + private static final Logger log = Logger.getLogger(InterfederationIDPAction.class); + private static final long serialVersionUID = 2879192135387083131L; + + public static final String STRUTS_IDP_VIDP = "-VIDP"; + public static final String STRUTS_IDP_MOA = "-MOAIDP"; + + private List<OAListElement> formOAs; + + private String interfederationType; + + public InterfederationIDPAction() { + super(); + + } + + public String listAllIDPs() { + try { + populateBasicInformations(); + + if (authUser.isAdmin()) { + List<OnlineApplication> dbOAs = ConfigurationDBRead.getAllOnlineApplications(); + + if (dbOAs == null || dbOAs.size() == 0) { + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); + + } else { + formOAs = FormDataHelper.populateFormWithInderfederationIDPs(dbOAs); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.main.name()); + + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_SUCCESS; + + } else { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + } catch (BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + } + + public String newIDP() { + log.debug("insert new interfederation IDP"); + + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + if (STRUTS_IDP_MOA.equals(interfederationType)) { + formList.putAll(MOAIDPAction.buildMOAIDPFormList()); + + } else if (STRUTS_IDP_VIDP.equals(interfederationType)) { + formList.putAll(VIDPAction.buildVIDPFormList()); + getStorkOA().setVidpEnabled(true); + getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin()); + + } else { + log.warn("Unkown interfederation IDP type"); + addActionError("Unkown interfederation IDP type"); + return Constants.STRUTS_ERROR; + } + + populateBasicNewOnlineApplicationInformation(); + + } catch (BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + return Constants.STRUTS_OA_EDIT + interfederationType; + + } + + public String loadIDPInformation() { + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + OnlineApplication oa = populateOnlineApplicationFromRequest(); + + if (oa.isIsInterfederationIDP() != null + && oa.isIsInterfederationIDP()) { + + formList.putAll(MOAIDPAction.buildMOAIDPFormList()); + interfederationType = STRUTS_IDP_MOA; + + } else if (oa.getAuthComponentOA().getOASTORK() != null + && oa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && oa.getAuthComponentOA().getOASTORK().isVidpEnabled()) { + + formList.putAll(VIDPAction.buildVIDPFormList()); + if (getStorkOA().getAttributeProviderPlugins() == null || + getStorkOA().getAttributeProviderPlugins().size() == 0) + getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin()); + interfederationType = STRUTS_IDP_VIDP; + + } else { + log.warn("Requested application is not an interfederation IDP."); + return Constants.STRUTS_NOTALLOWED; + } + + parseOAToForm(oa); + return Constants.STRUTS_SUCCESS + interfederationType; + + + } catch (BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } + } + + public String saveIDP() { + + OnlineApplication onlineapplication= null; + + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + onlineapplication = preProcessSaveOnlineApplication(); + + if ( onlineapplication != null && + !((onlineapplication.isIsInterfederationIDP() != null && onlineapplication.isIsInterfederationIDP()) || + (onlineapplication.getAuthComponentOA().getOASTORK() != null + && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled()))) { + log.warn("IDP which should be stored is not of type interfederation IDP."); + addActionError("IDP which should be stored is not of type MOA-ID interfederation IDP."); + return Constants.STRUTS_ERROR; + + } + + List<String> errors = new ArrayList<String>(); + + //validate forms + for (IOnlineApplicationData form : formList.values()) + errors.addAll(form.validate(getGeneralOA(), authUser, request)); + + + boolean publicServiceAllowed = ValidationHelper.isPublicServiceAllowed(getPvp2OA().getMetaDataURL()); + if (!publicServiceAllowed && !getGeneralOA().isBusinessService()) { + log.info("Metadata URL " + getPvp2OA().getMetaDataURL() + " does not allow PublicService."); + errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.metadataurl.publicservice", + new Object[] {getPvp2OA().getMetaDataURL()}, request )); + getGeneralOA().setBusinessService(true); + + } + + + if (errors.size() > 0) { + log.info("IDP-Configuration with ID " + getGeneralOA().getIdentifier() + " has some errors."); + for (String el : errors) + addActionError(el); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + postProcessSaveOnlineApplication(onlineapplication); + + } + + //remove session attributes + session.setAttribute(Constants.SESSION_OAID, null); + ConfigurationDBUtils.closeSession(); + + addActionMessage(LanguageHelper.getGUIString("webpages.idp.success", getGeneralOA().getIdentifier(), request)); + return Constants.STRUTS_SUCCESS; + + + } catch (BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } + } + + public String cancleAndBackIDP() { + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + } catch (BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + session.setAttribute(Constants.SESSION_OAID, null); + addActionMessage(LanguageHelper.getGUIString("webpages.idp.cancle", getGeneralOA().getIdentifier(), request)); + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_SUCCESS; + } + + public String deleteIDP() { + String oaidentifier = null; + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + oaidentifier = preProcessDeleteOnlineApplication(); + + + } catch (BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } + + session.setAttribute(Constants.SESSION_OAID, null); + OnlineApplication onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); + + try { + if (MiscUtil.isNotEmpty(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) { + + MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); + moaconfig.setPvp2RefreshItem(new Date()); + ConfigurationDBUtils.saveOrUpdate(moaconfig); + + } + } catch (Throwable e) { + log.info("Found no MetadataURL in OA-Databaseconfig!", e); + } + + if (ConfigurationDBUtils.delete(onlineapplication)) { + + ConfigurationDBUtils.closeSession(); + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", oaidentifier, request)); + return Constants.STRUTS_SUCCESS; + + } else { + ConfigurationDBUtils.closeSession(); + addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", oaidentifier, request)); + return Constants.STRUTS_SUCCESS; + } + + } + + /** + * @param oa + */ + private void parseOAToForm(OnlineApplication oa) { + List<String> errors = new ArrayList<String>(); + for (IOnlineApplicationData form : formList.values()) { + List<String> error = form.parse(oa, authUser, request); + if (error != null) + errors.addAll(error); + } + if (errors.size() > 0) { + for (String el : errors) + addActionError(el); + } + + setNewOA(false); + + ConfigurationDBUtils.closeSession(); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_OAID, oaid); + } + + /** + * @return the formOAs + */ + public List<OAListElement> getFormOAs() { + return formOAs; + } + + public OAMOAIDPInterfederationConfig getMoaIDP() { + return (OAMOAIDPInterfederationConfig) formList.get(new OAMOAIDPInterfederationConfig().getName()); + } + + public void setMoaIDP(OAMOAIDPInterfederationConfig pvp2oa) { + formList.put(pvp2oa.getName(), pvp2oa); + } + + /** + * @return the formOA + */ + public OATargetConfiguration getTargetConfig() { + return (OATargetConfiguration) formList.get(new OATargetConfiguration().getName()); + } + + /** + * @param formOA the formOA to set + */ + public void setTargetConfig(OATargetConfiguration formOA) { + formList.put(formOA.getName(), formOA); + } + + /** + * @return the formOA + */ + public FormularCustomization getFormOA() { + return (FormularCustomization) formList.get(new FormularCustomization(null).getName()); + } + + /** + * @param formOA the formOA to set + */ + public void setFormOA(FormularCustomization formOA) { + formList.put(formOA.getName(), formOA); + } + + public OASTORKConfig getStorkOA() { + return (OASTORKConfig) formList.get(new OASTORKConfig().getName()); + } + + public void setStorkOA(OASTORKConfig storkOA) { + formList.put(storkOA.getName(), storkOA); + } + + + public OAAuthenticationData getAuthOA() { + return (OAAuthenticationData) formList.get(new OAAuthenticationData().getName()); + } + + public void setAuthOA(OAAuthenticationData generalOA) { + formList.put(generalOA.getName(), generalOA); + } + + + /** + * @return the interfederationType + */ + public String getInterfederationType() { + return interfederationType; + } + + /** + * @param interfederationType the interfederationType to set + */ + public void setInterfederationType(String interfederationType) { + this.interfederationType = interfederationType; + } + + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java index e51ee7ca6..7f7f083c9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java @@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.OAListElement; @@ -46,7 +47,6 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.MiscUtil; public class ListOAsAction extends BasicAction { @@ -88,7 +88,7 @@ public class ListOAsAction extends BasicAction { addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); } else { - formOAs = FormDataHelper.addFormOAs(dbOAs); + formOAs = FormDataHelper.populateFormWithOAs(dbOAs); } session.setAttribute(Constants.SESSION_RETURNAREA, @@ -160,14 +160,11 @@ public class ListOAsAction extends BasicAction { } if (dbOAs == null || dbOAs.size() == 0) { - log.debug("No OAs found with Identifier " + friendlyname); + log.debug("No IDPs found with Identifier " + friendlyname); addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); - } else { - - formOAs = FormDataHelper.addFormOAs(dbOAs); - session.setAttribute(Constants.SESSION_RETURNAREA, - Constants.STRUTS_RETURNAREA_VALUES.main.name()); + } else { + formOAs = FormDataHelper.populateFormWithOAs(dbOAs); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java new file mode 100644 index 000000000..8c04a382a --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java @@ -0,0 +1,59 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.struts.action; + +import java.util.LinkedHashMap; + +import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData; +import at.gv.egovernment.moa.id.configuration.data.oa.OAMOAIDPInterfederationConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; + +/** + * @author tlenz + * + */ +public class MOAIDPAction extends InterfederationIDPAction { + + private static final long serialVersionUID = -2047128481980413334L; + + public MOAIDPAction() { + super(); + formList.putAll(buildMOAIDPFormList()); + } + + public static LinkedHashMap<String, IOnlineApplicationData> buildMOAIDPFormList() { + + LinkedHashMap<String, IOnlineApplicationData> forms = + new LinkedHashMap<String, IOnlineApplicationData>(); + + + OAPVP2Config pvp2OA = new OAPVP2Config(); + forms.put(pvp2OA.getName(), pvp2OA); + + OAMOAIDPInterfederationConfig moaidp = new OAMOAIDPInterfederationConfig(); + forms.put(moaidp.getName(), moaidp); + + return forms; + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java index a4c768eda..283b3604a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java @@ -67,7 +67,7 @@ public class OpenAdminRequestsAction extends BasicAction { List<OnlineApplication> dbOAs = ConfigurationDBRead.getAllNewOnlineApplications(); if (dbOAs != null) { - formOAs = FormDataHelper.addFormOAs(dbOAs); + formOAs = FormDataHelper.populateFormWithOAs(dbOAs); } List<UserDatabase> dbUsers = ConfigurationDBRead.getAllNewUsers(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java index 382dc6372..5799c88b2 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java @@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; @@ -48,7 +49,6 @@ import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java new file mode 100644 index 000000000..8588dd286 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java @@ -0,0 +1,75 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.struts.action; + +import java.util.HashMap; +import java.util.LinkedHashMap; +import java.util.Map; + +import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; +import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData; +import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData; +import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration; +import at.gv.egovernment.moa.id.util.FormBuildUtils; + +/** + * @author tlenz + * + */ +public class VIDPAction extends InterfederationIDPAction { + + private static final long serialVersionUID = 1981465294474566533L; + + + public VIDPAction() { + super(); + formList.putAll(buildVIDPFormList()); + } + + /** + * @return + * + */ + public static LinkedHashMap<String, IOnlineApplicationData> buildVIDPFormList() { + LinkedHashMap<String, IOnlineApplicationData> forms = + new LinkedHashMap<String, IOnlineApplicationData>(); + + OATargetConfiguration oaTarget = new OATargetConfiguration(); + forms.put(oaTarget.getName(), oaTarget); + + OAAuthenticationData authOA = new OAAuthenticationData(); + forms.put(authOA.getName(), authOA); + + OASTORKConfig storkOA = new OASTORKConfig(); + forms.put(storkOA.getName(), storkOA); + + Map<String, String> map = new HashMap<String, String>(); + map.putAll(FormBuildUtils.getDefaultMap()); + FormularCustomization formOA = new FormularCustomization(map); + forms.put(formOA.getName(), formOA); + + return forms; + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java index ae7ee3c8e..c9a174813 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java @@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java index 3ed0157da..662694ce7 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java @@ -31,6 +31,7 @@ import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index cfa00f0e1..c64ae35d3 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -34,13 +34,13 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.StringHelper; import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java index f7adc1a67..e4a091c7e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java @@ -30,9 +30,9 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index a63b3a7b1..8bc916e5a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -9,9 +9,9 @@ import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.MiscUtil; public class StorkConfigValidator { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java index 7b68f04d8..0bbf2116d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java @@ -30,33 +30,21 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; -import at.gv.egovernment.moa.id.configuration.Constants; -import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.MiscUtil; -public class OAGeneralConfigValidation { +public class OAAuthenticationDataValidation { private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); - public List<String> validate(OAGeneralConfig form, boolean isAdmin, HttpServletRequest request) { + public List<String> validate(OAAuthenticationData form, boolean isAdmin, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); String check; - if (isAdmin) { - //validate aditionalAuthBlockText - check = form.getAditionalAuthBlockText(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); - } - } - } + //Check BKU URLs if (isAdmin) { @@ -97,19 +85,6 @@ public class OAGeneralConfigValidation { } } - //check OA FriendlyName - check = form.getFriendlyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("OAFriendlyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); - } - } else { - log.info("OA friendlyName is empty"); - errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); - } - if (isAdmin) { //check KeyBoxIdentifier check = form.getKeyBoxIdentifier(); @@ -170,114 +145,7 @@ public class OAGeneralConfigValidation { new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request )); } } - - - - boolean businessservice = form.isBusinessService(); - - if (businessservice) { - - //check identification type - check = form.getIdentificationType(); - if (!form.getIdentificationTypeList().contains(check)) { - log.info("IdentificationType is not known."); - errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget", request)); - } - - //check identification number - check = form.getIdentificationNumber(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty IdentificationNumber"); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request)); - - } else { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); - } - - if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) { - CompanyNumberValidator val = new CompanyNumberValidator(); - if (!val.validate(check)) { - log.info("Not valid CompanyNumber"); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid", request)); - } - } - } - - } else { - - check = form.getTarget_subsector(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isValidAdminTarget(check)) { - log.info("Not valid Target-Subsector"); - errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid", request)); - } - } - - - if (!isAdmin) { - //check PublicURL Prefix allows PublicService - if (!ValidationHelper.isPublicServiceAllowed(form.getIdentifier())) { - log.warn("PublicURLPrefix does not allow PublicService: " + form.getIdentifier()); - errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl", - new Object[] {form.getIdentifier()}, request )); - form.setBusinessService(true); - return errors; - - } - - //check Target - check = form.getTarget(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); - - } else { - if (!ValidationHelper.isValidTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); - } - } - - } else { - //check targetFrindlyName(); - check = form.getTargetFriendlyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("TargetFriendlyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); - } - } - - if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) { - log.info("Empty Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); - } - - //check Target - check = form.getTarget(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isValidTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); - } - } - - //check Admin Target - check = form.getTarget_admin(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isValidAdminTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid", request)); - } - } - } - } - return errors; } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java index bee2ba06c..de32d31c7 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java @@ -36,9 +36,9 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.io.IOUtils; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index b26f2d9d5..62fc83ab9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -22,31 +22,68 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.validation.oa; +import iaik.x509.X509Certificate; + import java.io.IOException; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.List; +import java.util.Timer; +import javax.net.ssl.SSLHandshakeException; import javax.servlet.http.HttpServletRequest; +import org.apache.commons.httpclient.MOAHttpClient; import org.apache.log4j.Logger; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.x509.BasicX509Credential; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; public class OAPVP2ConfigValidation { private static final Logger log = Logger.getLogger(OAPVP2ConfigValidation.class); - public List<String> validate(OAPVP2Config form, HttpServletRequest request) { + public List<String> validate(OAPVP2Config form, String oaID, HttpServletRequest request) { + + Timer timer = null; + MOAHttpClient httpClient = null; + HTTPMetadataProvider httpProvider = null; List<String> errors = new ArrayList<String>(); try { - byte[] metadata = null; -// byte[] cert = null; + byte[] certSerialized = null; + if (form.getFileUpload() != null) + certSerialized = form.getCertificate(); + else { + OnlineApplication oa = ConfigurationDBRead.getOnlineApplication(oaID); + if (oa != null && + oa.getAuthComponentOA() != null && + oa.getAuthComponentOA().getOAPVP2() != null) { + certSerialized = oa.getAuthComponentOA().getOAPVP2().getCertificate(); + } + } + + if (certSerialized == null) { + log.info("No certificate for metadata validation"); + errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); + } + String check = form.getMetaDataURL(); if (MiscUtil.isNotEmpty(check)) { @@ -55,37 +92,48 @@ public class OAPVP2ConfigValidation { errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid", request)); } else { - metadata = FileUtils.readURL(check); - if (MiscUtil.isEmpty(metadata)) { - log.info("Filecontent can not be read form MetaDataURL."); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request)); + + if (certSerialized != null) { + X509Certificate cert = new X509Certificate(certSerialized); + BasicX509Credential credential = new BasicX509Credential(); + credential.setEntityCertificate(cert); + + timer = new Timer(); + httpClient = new MOAHttpClient(); + + if (form.getMetaDataURL().startsWith("https:")) + try { + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + "MOAMetaDataProvider", + ConfigurationProvider.getInstance().getCertStoreDirectory(), + ConfigurationProvider.getInstance().getTrustStoreDirectory(), + null, + ChainingModeType.PKIX, + true); + + httpClient.setCustomSSLTrustStore( + form.getMetaDataURL(), + protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException e) { + log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); + + } catch (ConfigurationException e) { + log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore."); + + } + + httpProvider = + new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL()); + httpProvider.setParserPool(new BasicParserPool()); + httpProvider.setRequireValidMetadata(true); + MetadataFilter filter = new MetaDataVerificationFilter(credential); + httpProvider.setMetadataFilter(filter); + httpProvider.initialize(); } } } - - if (form.getFileUpload() != null) - form.getCertificate(); - -// else { -// if (metadata != null) { -// log.info("No certificate to verify the Metadata defined."); -// errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound")); -// } -// } - -// if (cert != null && metadata != null) { -// HTTPMetadataProvider httpProvider = new HTTPMetadataProvider( -// check, 20000); -// httpProvider.setParserPool(new BasicParserPool()); -// httpProvider.setRequireValidMetadata(true); -// MetadataFilter filter = new MetadataSignatureFilter( -// check, cert); -// httpProvider.setMetadataFilter(filter); -// httpProvider.initialize(); -// -// } - - + } catch (CertificateException e) { log.info("Uploaded Certificate can not be found", e); errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); @@ -94,9 +142,24 @@ public class OAPVP2ConfigValidation { log.info("Metadata can not be loaded from URL", e); errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request)); -// } catch (MetadataProviderException e) { -// log.info("MetaDate verification failed"); -// errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify")); + } catch (MetadataProviderException e) { + + if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { + log.info("SSL Server certificate not trusted.", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); + + } else { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify", request)); + } + + } finally { + if (httpProvider != null) + httpProvider.destroy(); + + if (timer != null) + timer.cancel(); + } return errors; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java index 6de966b8d..971e11cc4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java @@ -29,9 +29,9 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.MiscUtil; public class OASSOConfigValidation { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java index 7bdcb65cf..60209542b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.configuration.validation.oa; import java.util.ArrayList; +import java.util.Iterator; import java.util.List; import javax.servlet.http.HttpServletRequest; @@ -30,9 +31,9 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.MiscUtil; public class OASTORKConfigValidation { @@ -52,7 +53,9 @@ public class OASTORKConfigValidation { } if (oageneral.isVidpEnabled()) { - for(AttributeProviderPlugin current : oageneral.getAttributeProviderPlugins()) { + Iterator<AttributeProviderPlugin> interator = oageneral.getAttributeProviderPlugins().iterator(); + while (interator.hasNext()) { + AttributeProviderPlugin current = interator.next(); if (MiscUtil.isEmpty(current.getUrl()) || !ValidationHelper.validateURL(current.getUrl())) { log.info("AttributeProviderPlugin URL has no valid form."); errors.add(LanguageHelper.getErrorString("validation.stork.ap.url.valid", request)); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java new file mode 100644 index 000000000..650553ab3 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java @@ -0,0 +1,154 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.validation.oa; + +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +public class OATargetConfigValidation { + + private static final Logger log = Logger.getLogger(OATargetConfigValidation.class); + + public List<String> validate(OATargetConfiguration form, boolean isAdmin, OAGeneralConfig general, HttpServletRequest request) { + + List<String> errors = new ArrayList<String>(); + String check; + + if (general.isBusinessService()) { + + //check identification type + check = form.getIdentificationType(); + if (!form.getIdentificationTypeList().contains(check)) { + log.info("IdentificationType is not known."); + errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget", request)); + } + + //check identification number + check = form.getIdentificationNumber(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty IdentificationNumber"); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request)); + + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); + } + + if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) { + CompanyNumberValidator val = new CompanyNumberValidator(); + if (!val.validate(check)) { + log.info("Not valid CompanyNumber"); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid", request)); + } + } + } + + } else { + + check = form.getTarget_subsector(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target-Subsector"); + errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid", request)); + } + } + + + if (!isAdmin) { + //check PublicURL Prefix allows PublicService + if (!ValidationHelper.isPublicServiceAllowed(general.getIdentifier())) { + log.warn("PublicURLPrefix does not allow PublicService: " + general.getIdentifier()); + errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl", + new Object[] {general.getIdentifier()}, request )); + general.setBusinessService(true); + return errors; + + } + + //check Target + check = form.getTarget(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); + + } else { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); + } + } + + } else { + + //check targetFrindlyName(); + check = form.getTargetFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("TargetFriendlyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); + } + } + + if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) { + log.info("Empty Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); + } + + //check Target + check = form.getTarget(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); + } + } + + //check Admin Target + check = form.getTarget_admin(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid", request)); + } + } + } + } + + return errors; + } +} diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index 916206cf1..acadde847 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -11,6 +11,7 @@ error.title=Fehler: error.login.internal=W\u00E4hrend der Verarbeitung ist ein interner Fehler auftetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator. error.general.text=W\u00E4hrend der Verarbeitung ist ein interner Fehler auftetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator. errors.listOAs.noOA=Es wurden keine Online-Applikationen in der Datenbank gefunden. +errors.listIDPs.noIDP=Es wurden kein IdentityProvider f\u00FCr Interfederation in der Datenbank gefunden. errors.edit.oa.oaid=Es wurde keine g\u00FCtige Online-Applikations-ID \u00FCbergeben. errors.edit.oa.oaid.allowed=Sie besitzen nicht die ben\u00F6tigen Rechte um auf diese Online-Applikation zuzugreifen. error.oa.pvp2.certificate=Das hinterlegte PVP2 Zertifikat konnte nicht gelesen werden. @@ -94,6 +95,21 @@ webpages.mainpage.menu.general.importexport=Importieren/Exportieren webpages.mainpage.menu.general.config.moaid=Allgemeine Konfiguration webpages.mainpage.menu.general.usermanagement=Benutzerverwaltung webpages.mainpage.menu.general.adminrequests=Offene Anfragen +webpages.mainpage.menu.interfederation=Interfederation + +webpages.interfederation.header=IDP Interfederation Konfiguration +webpages.interfederation.list.header=Liste aller konfiguerierten IDPs +webpages.inderfederation.moaid.header=Interfederation +webpages.inderfederation.moaid.businessServiceIDP=Privatwirtschaftlicher IDP +webpages.inderfederation.moaid.inboundSSO=Eingehendes SSO erlauben +webpages.inderfederation.moaid.outboundSSO=Ausgehendes SSO erlauben +webpages.inderfederation.moaid.storeSSOSession=SSO Session speichern +webpages.inderfederation.moaid.attributQueryURL=AttributQuery Service URL +webpages.interfederation.new.header=Neuen Identity Provider hinzuf\u00FCgen +webpages.interfederation.new.vidp=STORK VIDP +webpages.interfederation.new.moaid=MOA-ID IDP + + webpages.moaconfig.save.success=Die MOA-ID Konfiguration wurde erfolgreich gespeichert. webpages.moaconfig.header=Allgemeine Konfiguration @@ -152,6 +168,7 @@ webpages.moaconfig.sl.transormations.header=SecurityLayer Transformationen webpages.moaconfig.sl.transormations.filename=Dateiname webpages.moaconfig.sl.transormations.upload=Neue Transformation hochladen +webpages.listOAs.list.elInfo=Type webpages.listOAs.list.first=Eindeutige Kennung webpages.listOAs.list.second=Name der Online-Applikation @@ -294,6 +311,8 @@ message.title=Meldung: webpages.oaconfig.success=Die Online-Applikation {0} konnte erfolgreich gespeichert werden. webpages.oaconfig.success.admin=Die Online-Applikation {0} konnte erfolgreich gespeichert werden. Es ist jedoch eine Aktivierung durch den Administrator erforderlich. webpages.oaconfig.cancle=Die Bearbeitung der Online-Applikation {0} wurde abgebrochen. +webpages.idp.success=Der IdentityProvider {0} konnte erfolgreich gespeichert werden. +webpages.idp.cancle=Die Bearbeitung des IdentityProvider {0} wurde abgebrochen. webpages.oaconfig.delete.message=Die Online-Applikation {0} wurde erfolgreich gel\u00F6scht. webpages.oaconfig.delete.error=Die Online-Applikation {0} konnte nicht gel\u00F6scht werden. @@ -439,10 +458,15 @@ validation.pvp2.metadataurl.read=Unter der angegebenen Metadaten URL konnten kei validation.pvp2.metadata.verify=Die Metadaten konnten nicht mit dem angegebenen Zertifikat verifziert werden. validation.pvp2.certificate.format=Das angegebene PVP2 Zertifikat wei\u00DFt kein g\u00FCltiges Format auf. validation.pvp2.certificate.notfound=Kein PVP2 Zertifikat eingef\u00FCgt. +validation.pvp2.metadata.ssl=Das SSL Serverzertifikat des Metadaten Service ist nicht vertrauensw\u00FCrdig. validation.sso.logouturl.empty=Eine URL zum Single Log-Out Service ist erforderlich. validation.sso.logouturl.valid=Die URL zum Single Log-Out Service wei\u00DFt kein g\u00FCltiges Format auf. +validation.interfederation.moaidp.queryurl.valid=Die URL zum zum AttributQuery Service wei\u00DFt kein g\u00FCltiges Format auf. +validation.interfederation.moaidp.queryurl.empty=Die URL zum zum AttributQuery Service muss f\u00FCr eingehende Single Sign-On Interfederation konfiguriert werden. +validation.interfederation.moaidp.metadataurl.publicservice=Die Domain des Metadaten Services f\u00FCr diesen IDP erlaubt nur Applikationen aus dem privatwirtschaftlichen Bereich. + validation.saml1.providestammzahl=ProvideStammZahl kann nicht mit Applikationen aus dem privatwirtschaftlichen Bereich kombiniert werden. validation.general.bkuselection.specialfeatures.valid=Die speziellen Einstellungen f\u00FCr die BKU Auswahl (Vollmachtsanmeldung ausblenden / zwingend voraussetzen) k\u00F6nnen nicht in Kombination mit SSO verwendet werden. diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index 4d76ec1ac..7733be5d0 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -11,6 +11,7 @@ error.title=Error: error.login.internal=The error occurred during the processing. Please try again or contact Administrator. error.general.text=During the processing the error condition occured. Please try again or contact the administrator. errors.listOAs.noOA=There is no Online-Application found in the database. +errors.listIDPs.noIDP=There is no interfederation IdentityProvider found in the database. errors.edit.oa.oaid=There is no valid Online-Application ID transfered. errors.edit.oa.oaid.allowed=You do not possess the necessary rights in order to access this Online-Application. error.oa.pvp2.certificate=Provided PVP2 certificate could not be read. @@ -95,6 +96,19 @@ webpages.mainpage.menu.general.config.moaid=General configuration webpages.mainpage.menu.general.usermanagement=User management webpages.mainpage.menu.general.adminrequests=Open requests +webpages.mainpage.menu.interfederation=Interfederation +webpages.interfederation.header=IDP Interfederation Configuration +webpages.interfederation.list.header=List of all interfederation IDPs +webpages.inderfederation.moaid.businessServiceIDP=BusinessService IDP +webpages.inderfederation.moaid.header=Interfederation +webpages.inderfederation.moaid.inboundSSO=Allow inbound SSO +webpages.inderfederation.moaid.outboundSSO=Allow outbound SSO +webpages.inderfederation.moaid.storeSSOSession=Store SSO session +webpages.inderfederation.moaid.attributQueryURL=AttributQuery service URL +webpages.interfederation.new.header=Add new Identity Provider +webpages.interfederation.new.vidp=STORK VIDP +webpages.interfederation.new.moaid=MOA-ID IDP + webpages.moaconfig.save.success=MOA-ID has been successfully saved. webpages.moaconfig.header=General configuration webpages.oaconfig.general.publicURLPreFix=Public URL Prefix @@ -152,6 +166,7 @@ webpages.moaconfig.sl.transormations.header=SecurityLayer Transformations webpages.moaconfig.sl.transormations.filename=File name webpages.moaconfig.sl.transormations.upload=Upload new transformations +webpages.listOAs.list.elInfo=Type webpages.listOAs.list.first=Unique identifier webpages.listOAs.list.second=Name of the Online-Application @@ -294,6 +309,8 @@ message.title=Announcement: webpages.oaconfig.success=The Online-Application {0} could be saved. webpages.oaconfig.success.admin=Online-Applikation {0} could be saved. The activation by the Administrator is necessary. webpages.oaconfig.cancle=The processing of Online-Applikation {0} was interrupted. +webpages.idp.success=IdentityProvider {0} could be saved. +webpages.idp.cancle=The processing of IdentityProvider {0} was interrupted. webpages.oaconfig.delete.message=Online-Application {0} was succesfully removed. webpages.oaconfig.delete.error=Online-Application {0} could not be removed. @@ -439,14 +456,19 @@ validation.pvp2.metadataurl.read=No information could be found under provided UR validation.pvp2.metadata.verify=The metadata could not be verified with the provided certificate. validation.pvp2.certificate.format=The provided PVP2 certificate has invalid format. validation.pvp2.certificate.notfound=There is no PVP2 inserted. +validation.pvp2.metadata.ssl=The SSL server certificate is not trusted. validation.sso.logouturl.empty=URL for Single Log-Out Service is necessary. validation.sso.logouturl.valid=URL for Single Log-Out Service has incorrect format. +validation.interfederation.moaidp.queryurl.valid=URL for AttributQuery Service has incorrect format. +validation.interfederation.moaidp.queryurl.empty=URL for AttributQuery Service is necessary for inbound Single Sign-On interfederation. +validation.interfederation.moaidp.metadataurl.publicservice=The domain of Metadata service for that IDP permits private sector only. + validation.saml1.providestammzahl=ProvideSourcePIN cannot be combined with applications from private sector. validation.general.bkuselection.specialfeatures.valid=The special settings for the selection of CCE (Hide mandate login / compulsory required) could not be used in combination with SSO. -validation.general.bkuselection.specialfeatures.combination=Required mandate based in combination with hidden checkfbox for selection of mandating is not possible. +validation.general.bkuselection.specialfeatures.combination=Required mandate based in combination with hidden checkbox for selection of mandating is not possible. validation.general.form.color.background=Background color for CCE selection contains invalid hexadecimal value. (e.g. \\\#FFFFFF) validation.general.form.color.front=Foreground color for CCE selection contains invalid hexadecimal value. (e.g. \\\#FFFFFF) validation.general.form.header.color.back=Background color for the caption of CCE selection contains no valid hexadecimal value. (e.g. \\\#FFFFFF) diff --git a/id/ConfigWebTool/src/main/resources/struts.xml b/id/ConfigWebTool/src/main/resources/struts.xml index 4b006ffd9..3fc82f83f 100644 --- a/id/ConfigWebTool/src/main/resources/struts.xml +++ b/id/ConfigWebTool/src/main/resources/struts.xml @@ -365,6 +365,83 @@ <interceptor-ref name="OwnStack"/> </action> + <action name="listallinterfederationidps" method="listAllIDPs" class="at.gv.egovernment.moa.id.configuration.struts.action.InterfederationIDPAction"> + <result name="success">/jsp/interfederation/idplist.jsp</result> + <result name="notallowed" type="chain">main</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="OwnStack"/> + </action> + + <action name="loadIDP" method="loadIDPInformation" class="at.gv.egovernment.moa.id.configuration.struts.action.InterfederationIDPAction"> + <result name="success-VIDP">/jsp/interfederation/vidp.jsp</result> + <result name="success-MOAIDP">/jsp/interfederation/moa_idp.jsp</result> + <result name="notallowed" type="chain">main</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="OwnStack"/> + </action> + + <action name="newIDP" method="newIDP" class="at.gv.egovernment.moa.id.configuration.struts.action.InterfederationIDPAction"> + <result name="editOA-VIDP">/jsp/interfederation/vidp.jsp</result> + <result name="editOA-MOAIDP">/jsp/interfederation/moa_idp.jsp</result> + <result name="success" type="chain">main</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="OwnStack"/> + </action> + + + <action name="saveMOAIDP" method="saveIDP" class="at.gv.egovernment.moa.id.configuration.struts.action.MOAIDPAction"> + <result name="success" type="chain">main</result> + <result name="error_validation">/jsp/interfederation/moa_idp.jsp</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="OwnStack"/> + </action> + + <action name="saveVIDP" method="saveIDP" class="at.gv.egovernment.moa.id.configuration.struts.action.VIDPAction"> + <result name="success" type="chain">main</result> + <result name="error_validation">/jsp/interfederation/vidp.jsp</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="OwnStack"/> + </action> + + <action name="cancleandbackIDP" method="cancleAndBackIDP" class="at.gv.egovernment.moa.id.configuration.struts.action.InterfederationIDPAction"> + <result type="chain">main</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="OwnStack"/> + </action> + + <action name="deleteIDP" method="deleteIDP" class="at.gv.egovernment.moa.id.configuration.struts.action.InterfederationIDPAction"> + <result name="success" type="chain">main</result> + <result name="error_validation">/jsp/editOAGeneral.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="OwnStack"/> + </action> + </package> </struts>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/css/index.css b/id/ConfigWebTool/src/main/webapp/css/index.css index eb984a896..2c7a880f0 100644 --- a/id/ConfigWebTool/src/main/webapp/css/index.css +++ b/id/ConfigWebTool/src/main/webapp/css/index.css @@ -356,6 +356,12 @@ div .wwgrp br { font-size: 1.1em; } +.listElInfo { + position: relative; + width: 50px; + float: left; +} + .listFirst { position: relative; width: 450px; diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index 18c755f4b..32e79bb66 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -204,7 +204,7 @@ function oaOnLoad() { AdminTarget(); oaTargetSubSector(); - oaVIDP(); +// oaVIDP(); $(".colorfield").each( function() { diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 20a5ad1ea..a3541c9a7 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -34,352 +34,16 @@ <s:form namespace="/secure" method="POST" enctype="multipart/form-data"> - - <div class="oa_config_block"> - - <s:if test="authUser.isAdmin()"> - <s:checkbox name="generalOA.Active" - value="%{generalOA.Active}" - labelposition="left" - key="webpages.oaconfig.general.isActive" - cssClass="checkbox"> - </s:checkbox> - </s:if> + <s:include value="snippets/OA/generalInformation.jsp"></s:include> + + <s:include value="snippets/OA/targetConfiguration.jsp"></s:include> + + <s:include value="snippets/OA/authentication.jsp"></s:include> - <s:textfield name="generalOA.identifier" - value="%{generalOA.identifier}" - labelposition="left" - key="webpages.oaconfig.general.identification" - cssClass="textfield_long"> - </s:textfield> - - <s:textfield name="generalOA.friendlyName" - value="%{generalOA.friendlyName}" - labelposition="left" - key="webpages.oaconfig.general.friendlyname" - cssClass="textfield_long"> - </s:textfield> - - <s:checkbox name="generalOA.businessService" - value="%{generalOA.businessService}" - labelposition="left" - key="webpages.oaconfig.general.isbusinessservice" - cssClass="checkbox" - onclick="oaBusinessService();" - id="OAisbusinessservice" - > - </s:checkbox> - - - </div> + <s:include value="snippets/OA/sso.jsp"></s:include> - <div id="oa_config_businessservice" class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.business.header", request) %></h3> - - <s:select list="generalOA.identificationTypeList" - key="webpages.oaconfig.general.business.value" - labelposition="left" - cssClass="selectfield" - value="%{generalOA.identificationType}" - name="generalOA.identificationType" - disabled="%{isDeaktivededBusinessService()}"> - </s:select> - - <s:textfield name="generalOA.identificationNumber" - value="%{generalOA.identificationNumber}" - cssClass="textfield_middle" - disabled="%{isDeaktivededBusinessService()}"> - </s:textfield> - </div> - - <s:if test="!isOnlyBusinessService()"> - <div id="oa_config_publicservice" class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.public.header", request) %></h3> - - <s:if test="authUser.isAdmin()"> - <s:select list="generalOA.targetList" - key="webpages.oaconfig.general.target" - labelposition="left" - cssClass="selectfield" - value="%{generalOA.target}" - name="generalOA.target" - onchange="HideAdminTarget();"> - </s:select> - </s:if> - <s:else> - <s:select list="generalOA.targetList" - key="webpages.oaconfig.general.target" - labelposition="left" - cssClass="selectfield" - value="%{generalOA.target}" - name="generalOA.target"> - </s:select> - </s:else> + <s:include value="snippets/OA/stork.jsp"></s:include> - <s:checkbox name="subTargetSet" - value="%{subTargetSet}" - labelposition="left" - key="webpages.oaconfig.general.target.subsector.checkbox" - cssClass="checkbox" - onclick="oaTargetSubSector();" - id="OAisTargetSubSector"> - </s:checkbox> - - <s:textfield name="generalOA.target_subsector" - value="%{generalOA.target_subsector}" - labelposition="left" - key="webpages.oaconfig.general.target.subsector" - cssClass="selectfield" - id="OAtarget_subsector"> - </s:textfield> - - - <s:if test="authUser.isAdmin()"> - <s:checkbox - name="generalOA.AdminTarget" - value="%{generalOA.AdminTarget}" - cssClass="checkbox" - onclick="AdminTarget();" - labelposition="left" - key="webpages.oaconfig.general.target.admin.checkbox" - id="adminTarget"> - </s:checkbox> - - <div id="admin_target_area"> - <s:textfield name="generalOA.target_admin" - value="%{generalOA.target_admin}" - labelposition="left" - key="webpages.oaconfig.general.target.admin" - cssClass="textfield_short"> - </s:textfield> - <s:textfield name="generalOA.targetFriendlyName" - value="%{generalOA.targetFriendlyName}" - labelposition="left" - key="webpages.oaconfig.general.target.friendlyname" - cssClass="textfield_long"> - </s:textfield> - </div> - </s:if> - <s:else> - <s:if test="generalOA.target_admin neq null"> - <s:textfield name="generalOA.target_admin" - value="%{generalOA.target_admin}" - labelposition="left" - key="webpages.oaconfig.general.target.admin.disabled" - cssClass="textfield_short" - disabled="true"> - </s:textfield> - </s:if> - <%-- <s:if test="generalOA.targetFriendlyName neq null"> - <s:textfield name="generalOA.targetFriendlyName" - value="%{generalOA.targetFriendlyName}" - labelposition="left" - key="webpages.oaconfig.general.target.friendlyname.disabled" - cssClass="textfield_long"> - </s:textfield> - </s:if> --%> - </s:else> - </div> - </s:if> - - <s:if test="authUser.isAdmin()"> - <div class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.header", request) %></h3> - - <s:textfield name="generalOA.bkuOnlineURL" - value="%{generalOA.bkuOnlineURL}" - labelposition="left" - key="webpages.oaconfig.general.bku.online" - cssClass="textfield_long"> - </s:textfield> - - <s:textfield name="generalOA.bkuHandyURL" - value="%{generalOA.bkuHandyURL}" - labelposition="left" - key="webpages.oaconfig.general.bku.handy" - cssClass="textfield_long"> - </s:textfield> - - <s:textfield name="generalOA.bkuLocalURL" - value="%{generalOA.bkuLocalURL}" - labelposition="left" - key="webpages.oaconfig.general.bku.local" - cssClass="textfield_long"> - </s:textfield> - - <s:radio list="generalOA.keyBoxIdentifierList" - name="generalOA.keyBoxIdentifier" - value="%{generalOA.keyBoxIdentifier}" - labelposition="left" - key="webpages.oaconfig.general.bku.keyboxidentifier" - cssClass="radio"> - </s:radio> - <s:checkbox name="generalOA.legacy" - value="%{generalOA.legacy}" - labelposition="left" - key="webpages.oaconfig.general.bku.legacy" - cssClass="checkbox" - onclick="oaLegacyService();" - id="OAislegacy"> - </s:checkbox> - <div id="oa_config_sltemplates"> - <s:textfield name="generalOA.SLTemplateURL1" - value="%{generalOA.SLTemplateURL1}" - labelposition="left" - key="webpages.oaconfig.general.bku.sltemplate.first" - cssClass="textfield_long"> - </s:textfield> - <s:textfield name="generalOA.SLTemplateURL2" - value="%{generalOA.SLTemplateURL2}" - labelposition="left" - key="webpages.oaconfig.general.bku.sltemplate.second" - cssClass="textfield_long"> - </s:textfield> - <s:textfield name="generalOA.SLTemplateURL3" - value="%{generalOA.SLTemplateURL3}" - labelposition="left" - key="webpages.oaconfig.general.bku.sltemplate.third" - cssClass="textfield_long"> - </s:textfield> - </div> - - <div class="oa_protocol_area"> - <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.bkuselection.header", request) %></h4> - <s:iterator value="%{generalOA.bkuSelectionFileUploadFileName}" var="fileNameBKU"> - <div class="floatClass"> - <s:label key="webpages.oaconfig.general.bku.bkuselection.filename" value="%{fileNameBKU}"/> - <s:checkbox key="webpages.oaconfig.general.bku.delete" - labelposition="left" - cssClass="checkbox" - name="generalOA.deleteBKUTemplate"></s:checkbox> - </div> - <div id="pvp2_certificate_upload"> - <s:file name="generalOA.bkuSelectionFileUpload" key="webpages.oaconfig.general.bku.bkuselection.upload" cssClass="textfield_long"></s:file> - </div> - </s:iterator> - <s:if test="generalOA.bkuSelectionFileUploadFileName.size() == 0"> - <div id="pvp2_certificate_upload"> - <s:file name="generalOA.bkuSelectionFileUpload" key="webpages.oaconfig.general.bku.bkuselection.upload" cssClass="textfield_long"></s:file> - </div> - </s:if> - </div> - <div class="oa_protocol_area"> - <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.sendassertion.header", request) %></h4> - <s:iterator value="%{generalOA.sendAssertionFileUploadFileName}" var="fileNameBKU"> - <div class="floatClass"> - <s:label key="webpages.oaconfig.general.bku.sendassertion.filename" - value="%{fileNameBKU}"/> - <s:checkbox key="webpages.oaconfig.general.bku.delete" - labelposition="left" - cssClass="checkbox" - name="generalOA.deleteSendAssertionTemplate"></s:checkbox> - </div> - <div id="pvp2_certificate_upload"> - <s:file name="generalOA.sendAssertionFileUpload" key="webpages.oaconfig.general.bku.sendassertion.upload" cssClass="textfield_long"></s:file> - </div> - </s:iterator> - <s:if test="generalOA.sendAssertionFileUploadFileName.size() == 0"> - <div id="pvp2_certificate_upload"> - <s:file name="generalOA.sendAssertionFileUpload" key="webpages.oaconfig.general.bku.sendassertion.upload" cssClass="textfield_long"></s:file> - </div> - </s:if> - </div> - - </div> - </s:if> - - <div class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.mandate.header", request) %></h3> - - - <s:checkbox name="generalOA.useMandates" - value="%{generalOA.useMandates}" - labelposition="left" - key="webpages.oaconfig.general.mandate.usemandate" - cssClass="checkbox"> - </s:checkbox> - - <s:textfield name="generalOA.mandateProfiles" - value="%{generalOA.mandateProfiles}" - labelposition="left" - key="webpages.oaconfig.general.mandate.profiles" - cssClass="textfield_long"> - </s:textfield> - - <s:checkbox name="formOA.onlyMandateAllowed" - value="%{formOA.onlyMandateAllowed}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.isOnlyMandateLoginAllowed" - cssClass="checkbox"> - </s:checkbox> - - </div> - - <div class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.sso.header", request) %></h3> - - <s:checkbox name="ssoOA.useSSO" - value="%{ssoOA.useSSO}" - labelposition="left" - key="webpages.oaconfig.sso.usesso" - cssClass="checkbox" - onclick="oaSSOService();" - id="OAuseSSO"> - </s:checkbox> - - <div id="sso_bock"> - <s:if test="authUser.isAdmin()"> - <s:checkbox name="ssoOA.showAuthDataFrame" - value="%{ssoOA.showAuthDataFrame}" - labelposition="left" - key="webpages.oaconfig.sso.useauthdataframe" - cssClass="checkbox" - onclick="oaBusinessService();"> - </s:checkbox> - </s:if> - -<%--TODO: insert if SLO is implemented!!!--%> -<%-- <s:textfield name="ssoOA.singleLogOutURL" - value="%{ssoOA.singleLogOutURL}" - labelposition="left" - key="webpages.oaconfig.sso.singlelogouturl" - cssClass="textfield_long"> - </s:textfield> --%> - </div> - </div> - - <div class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %></h3> - - <s:checkbox name="storkOA.storkLogonEnabled" - value="%{storkOA.storkLogonEnabled}" - labelposition="left" - key="webpages.oaconfig.stork.usestork" - cssClass="checkbox" - onclick="oaStork();" - id="OAuseSTORKLogon" /> - <div id="stork_block"> - <s:select list="#{1:'1', 2:'2', 3:'3', 4:'4'}" - value="#{storkOA.qaa}" - name="storkOA.qaa" - key="webpages.moaconfig.stork.qaa" - labelposition="left" /> - <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.enabledcpeps", request) %></h4> - <s:checkboxlist name="storkOA.enabledCitizenCountries" list="storkOA.availableCitizenCountries" value="storkOA.enabledCitizenCountries" /> - <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.header", request) %></h4> - <table> - <tr><th><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.used", request) %></th> - <th><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.name", request) %></th> - <th><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.mandatory", request) %></th></tr> - <s:iterator value="storkOA.helperAttributes" status="stat"> - <tr><td><s:checkbox name="storkOA.helperAttributes[%{#stat.index}].used" value="%{used}" disabled="%{readOnly}" /></td> - <td><s:property value="%{name}" /><s:hidden name="storkOA.helperAttributes[%{#stat.index}].name" value="%{name}" /></td> - <td><s:checkbox name="storkOA.helperAttributes[%{#stat.index}].mandatory" value="%{mandatory}" /></td></tr> - </s:iterator> - </table> - </div> - </div> - <div class="oa_config_block"> <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.header", request) %></h3> @@ -390,13 +54,6 @@ <button type="button" class="oa_buttons" onclick="oaSAML1();" id="button_saml1_hidden"> <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.saml1.hidden", request) %> </button> - - <button type="button" class="oa_buttons" onclick="oaVIDP();" id="button_vidp_show"> - <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.vidp.show", request) %> - </button> - <button type="button" style="display:none" class="oa_buttons" onclick="oaVIDP();" id="button_vidp_hidden"> - <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.vidp.hidden", request) %> - </button> </s:if> <button type="button" class="oa_buttons" onclick="oaPVP2();" id="button_pvp2_show"> @@ -412,297 +69,19 @@ <button type="button" style="display:none" class="oa_buttons" onclick="oaOAuth20();" id="button_oauth20_hidden"> <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.oauth20.hidden", request) %> </button> - - <div id="oa_saml1_area" class="oa_protocol_area hidden"> - <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.saml1.header", request) %></h4> - - <s:if test="authUser.isAdmin()"> - <s:checkbox name="saml1OA.Active" - value="%{saml1OA.Active}" - labelposition="left" - key="webpages.oaconfig.saml1.isActice" - cssClass="checkbox"> - </s:checkbox> - </s:if> - <s:checkbox name="saml1OA.provideStammZahl" - value="%{saml1OA.provideStammZahl}" - labelposition="left" - key="webpages.oaconfig.saml1.provideStammZahl" - cssClass="checkbox"> - </s:checkbox> - <s:checkbox name="saml1OA.provideAuthBlock" - value="%{saml1OA.provideAuthBlock}" - labelposition="left" - key="webpages.oaconfig.saml1.provideAuthBlock" - cssClass="checkbox"> - </s:checkbox> - <br> - <s:checkbox name="saml1OA.provideIdentityLink" - value="%{saml1OA.provideIdentityLink}" - labelposition="left" - key="webpages.oaconfig.saml1.provideIdentityLink" - cssClass="checkbox"> - </s:checkbox> - <s:checkbox name="saml1OA.provideCertificate" - value="%{saml1OA.provideCertificate}" - labelposition="left" - key="webpages.oaconfig.saml1.provideCertificate" - cssClass="checkbox"> - </s:checkbox> - <s:checkbox name="saml1OA.provideFullMandateData" - value="%{saml1OA.provideFullMandateData}" - labelposition="left" - key="webpages.oaconfig.saml1.provideFullMandateData" - cssClass="checkbox"> - </s:checkbox> -<%-- <br> - <br> - <br> - <s:checkbox name="saml1OA.useCondition" - value="%{saml1OA.useCondition}" - labelposition="left" - key="webpages.oaconfig.saml1.useCondition" - cssClass="checkbox"> - </s:checkbox> - <s:textfield name="saml1OA.conditionLength" - value="%{saml1OA.conditionLength}" - labelposition="left" - key="webpages.oaconfig.saml1.conditionLength" - cssClass="textfield_short"> - </s:textfield> --%> - - </div> - - <div id="oa_pvp2_area" class="oa_protocol_area hidden"> - <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.pvp2.header", request) %></h4> - - <s:checkbox key="webpages.oaconfig.pvp2.reload" - labelposition="left" - cssClass="checkbox" - name="pvp2OA.reLoad"></s:checkbox> - - <s:textfield name="pvp2OA.metaDataURL" - value="%{pvp2OA.metaDataURL}" - labelposition="left" - key="webpages.oaconfig.pvp2.metaDataURL" - cssClass="textfield_long"> - </s:textfield> - - <s:label key="webpages.oaconfig.pvp2.certifcate.info" value="%{pvp2OA.certificateDN}"/> - - <div id="pvp2_certificate_upload"> - <s:file name="pvp2OA.fileUpload" key="webpages.oaconfig.pvp2.certifcate" cssClass="textfield_long"></s:file> - </div> - </div> - - <div id="oa_oauth20_area" class="oa_protocol_area hidden"> - <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.oauth20.header", request) %></h4> - - <s:label key="webpages.oaconfig.oauth20.clientId" value="%{oauth20OA.clientId}"/> - - <s:label key="webpages.oaconfig.oauth20.clientSecret" value="%{oauth20OA.clientSecret}"/> - - <s:textfield name="oauth20OA.redirectUri" - value="%{oauth20OA.redirectUri}" - labelposition="left" - key="webpages.oaconfig.oauth20.redirectUri" - cssClass="textfield_long"> - </s:textfield> - </div> - - - <div id="oa_vidp_area" class="oa_protocol_area"> - <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %></h4> - - <p><s:checkbox name="storkOA.vidpEnabled" - value="%{storkOA.vidpEnabled}" - labelposition="left" - key="webpages.oaconfig.vidp.enabled" - cssClass="checkbox" - id="OAuseVidp" /></p> - - <p><s:checkbox name="storkOA.requireConsent" - value="%{storkOA.requireConsent}" - labelposition="left" - key="webpages.oaconfig.vidp.requireconsent" - cssClass="checkbox" - id="OArequireConsent" /></p> - <h5><%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.list", request) %></h5> - <table id="stork_aplist"> - <tr><th>AP Plugin</th><th>URL</th><th>Attribute (CSV)</th></tr> - <s:iterator value="storkOA.attributeProviderPlugins" status="stat"> - <tr><td><s:select name="storkOA.attributeProviderPlugins[%{#stat.index}].name" value="%{name}" list="%{storkOA.availableAttributeProviderPlugins}"/></td> - <td><s:textfield name="storkOA.attributeProviderPlugins[%{#stat.index}].url" value="%{url}" cssClass="textfield_mail"/></td> - <td><s:textfield name="storkOA.attributeProviderPlugins[%{#stat.index}].attributes" value="%{attributes}" cssClass="textfield_mail"/></td> - <td><input type="button" value="<%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.remove", request) %>" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/></td></tr> - </s:iterator> - </table> - <input type="button" value="<%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.new", request) %>" onclick='newAp();' /> - - </div> - </div> - <div class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.aditional.header", request) %></h3> - -<%-- <s:checkbox name="generalOA.calculateHPI" - value="%{generalOA.calculateHPI}" - labelposition="left" - key="webpages.oaconfig.general.aditional.calculateHPI" - cssClass="textfield_long"> - </s:checkbox> --%> - - <s:checkbox name="generalOA.HideBPKAuthBlock" - value="%{generalOA.HideBPKAuthBlock}" - labelposition="left" - key="webpages.oaconfig.general.isHideBPKAuthBlock" - cssClass="checkbox"> - </s:checkbox> + <s:include value="snippets/OA/saml1.jsp"></s:include> + + <s:include value="snippets/OA/pvp2.jsp"> + <s:param name="hideBlock">hidden</s:param> + </s:include> - <s:if test="authUser.isAdmin()"> - <s:textarea name="generalOA.aditionalAuthBlockText" - value="%{generalOA.aditionalAuthBlockText}" - labelposition="left" - key="webpages.oaconfig.general.aditional.authblocktext" - cssClass="textfield_large"> - </s:textarea> - - - <button type="button" class="oa_buttons" onclick="oaFormCustom();" id="formcustom_button_show"> - <%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.button.show", request) %> - </button> - <button type="button" class="oa_buttons" onclick="oaFormCustom();" id="formcustom_button_hidden"> - <%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.button.hidden", request) %> - </button> - - <div id="formcustom_area" class="oa_protocol_area hidden"> - <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.header", request) %></h4> - - <div id="formCustomValues"> - <s:textfield name="formOA.backGroundColor" - value="%{formOA.backGroundColor}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.backgroundcolor" - cssClass="textfield_middle colorfield" - onchange='updateBKUFormPreview("MAIN_BACKGOUNDCOLOR")' - id="MAIN_BACKGOUNDCOLOR"> - </s:textfield> - <s:textfield name="formOA.frontColor" - value="%{formOA.frontColor}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.frontcolor" - cssClass="textfield_middle colorfield" - onchange='updateBKUFormPreview("MAIN_COLOR")' - id="MAIN_COLOR"> - </s:textfield> - - <s:textfield name="formOA.header_BackGroundColor" - value="%{formOA.header_BackGroundColor}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.header.backgroundcolor" - cssClass="textfield_middle colorfield" - onchange='updateBKUFormPreview("HEADER_BACKGROUNDCOLOR")' - id="HEADER_BACKGROUNDCOLOR"> - </s:textfield> - <s:textfield name="formOA.header_FrontColor" - value="%{formOA.header_FrontColor}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.header.frontcolor" - cssClass="textfield_middle colorfield" - onchange='updateBKUFormPreview("HEADER_COLOR")' - id="HEADER_COLOR"> - </s:textfield> - <s:textfield name="formOA.header_text" - value="%{formOA.header_text}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.header.text" - cssClass="textfield_middle" - onchange='updateBKUFormPreview("HEADER_TEXT")' - id="HEADER_TEXT"> - </s:textfield> - - <%-- <s:textfield name="formOA.button_BackGroundColor" - value="%{formOA.button_BackGroundColor}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.header.button.background" - cssClass="textfield_middle colorfield" - onchange='updateBKUFormPreview("BUTTON_BACKGROUNDCOLOR")' - id="BUTTON_BACKGROUNDCOLOR"> - </s:textfield> - <s:textfield name="formOA.button_BackGroundColorFocus" - value="%{formOA.button_BackGroundColorFocus}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.header.button.background.focus" - cssClass="textfield_middle colorfield" - onchange='updateBKUFormPreview("BUTTON_BACKGROUNDCOLOR_FOCUS")' - id="BUTTON_BACKGROUNDCOLOR_FOCUS"> - </s:textfield> - <s:textfield name="formOA.button_FrontColor" - value="%{formOA.button_FrontColor}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.header.button.front" - cssClass="textfield_middle colorfield" - onchange='updateBKUFormPreview("BUTTON_COLOR")' - id="BUTTON_COLOR"> - </s:textfield> --%> - - <s:select list="formOA.appletRedirectTargetList" - key="webpages.oaconfig.general.BKUSelection.redirectTarget" - labelposition="left" - cssClass="selectfield" - value="%{formOA.appletRedirectTarget}" - name="formOA.appletRedirectTarget"> - </s:select> - - <s:textfield name="formOA.applet_height" - value="%{formOA.applet_height}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.header.applet.height" - cssClass="textfield_middle" - id="HEADER_HEIGHT"> - </s:textfield> - - <s:textfield name="formOA.applet_width" - value="%{formOA.applet_width}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.header.applet.width" - cssClass="textfield_middle" - id="HEADER_WIDTH"> - </s:textfield> - - <s:select list="formOA.fontTypeList" - key="webpages.oaconfig.general.BKUSelection.fonttype.list" - labelposition="left" - cssClass="selectfield" - value="%{formOA.fontType}" - name="formOA.fontTypeListValue" - id="fontTypeList" - onchange='$("#FONTTYPE").val($("#fontTypeList").val());updateBKUFormPreview("FONTTYPE");'> - </s:select> - - <s:textfield name="formOA.fontType" - value="%{formOA.fontType}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.fonttype" - cssClass="textfield_mail" - onchange='updateBKUFormPreview("FONTTYPE")' - id="FONTTYPE"> - </s:textfield> - </div> - - <div id="formCustomPreview"> - <iframe scrolling="none" - title="BKUForm Preview" - height="260" - width="250"> - </iframe> - </div> - - </div> - </s:if> + <s:include value="snippets/OA/openIDConnect.jsp"></s:include> </div> + + <s:include value="snippets/OA/formCustomization.jsp"></s:include> <s:hidden name="formID" value="%{formID}"></s:hidden> diff --git a/id/ConfigWebTool/src/main/webapp/jsp/interfederation/idplist.jsp b/id/ConfigWebTool/src/main/webapp/jsp/interfederation/idplist.jsp new file mode 100644 index 000000000..3e7404dfc --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/interfederation/idplist.jsp @@ -0,0 +1,60 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> + +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <link rel="stylesheet" type="text/css" href="../css/index.css"> + <title><%=LanguageHelper.getGUIString("title", request) %></title> + <script type="text/javascript" src="../js/common.js"></script> + <script src="../js/jquery.js"></script> + </head> + + <body> + + <jsp:include page="../snippets/header_userinfos.jsp"></jsp:include> + + <jsp:include page="../snippets/main_menu.jsp"></jsp:include> + + <div id="information_area"> + <s:if test="hasActionErrors()"> + <div id="error_area"> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionerror/> + </div> + </s:if> + + <s:if test="authUser.isAdmin()"> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.interfederation.list.header", request) %></h3> + <s:include value="../snippets/oas_list.jsp"> + <s:param name="editAction">loadIDP</s:param> + </s:include> + </div> + <br> + <br> + <div id="button_area"> + <h3><%=LanguageHelper.getGUIString("webpages.interfederation.new.header", request) %></h3> + <s:form action="newIDP" namespace="/secure" method="POST" > + <s:hidden name="interfederationType" value="-MOAIDP"></s:hidden> + <s:submit key="webpages.interfederation.new.moaid"/> + </s:form> + <s:form action="newIDP" namespace="/secure" method="POST" > + <s:hidden name="interfederationType" value="-VIDP"></s:hidden> + <s:submit key="webpages.interfederation.new.vidp"/> + </s:form> + </div> + + + </s:if> + + </div> + + <jsp:include page="../snippets/footer.jsp"></jsp:include> + + </body> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/interfederation/moa_idp.jsp b/id/ConfigWebTool/src/main/webapp/jsp/interfederation/moa_idp.jsp new file mode 100644 index 000000000..f0d0671bf --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/interfederation/moa_idp.jsp @@ -0,0 +1,66 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> + +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <link rel="stylesheet" type="text/css" href="../css/index.css"> + <title><%=LanguageHelper.getGUIString("title", request) %></title> + <script type="text/javascript" src="../js/common.js"></script> + <script src="../js/jquery.js"></script> + </head> + + <body> + + <jsp:include page="../snippets/header_userinfos.jsp"></jsp:include> + + <jsp:include page="../snippets/main_menu.jsp"></jsp:include> + + <div id="information_area"> + <s:if test="hasActionErrors()"> + <div id="error_area"> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionerror/> + </div> + </s:if> + + <s:if test="authUser.isAdmin()"> + <div id="list_area"> + <h2><%=LanguageHelper.getGUIString("webpages.interfederation.header", request) %></h2> + + <s:form namespace="/secure" method="POST" enctype="multipart/form-data"> + + <s:include value="../snippets/OA/generalInformation.jsp"></s:include> + + <s:include value="../snippets/OA/interfederation.jsp"></s:include> + + <s:include value="../snippets/OA/pvp2.jsp"> + <s:param name="hideBlock">""</s:param> + </s:include> + + <s:hidden name="formID" value="%{formID}"></s:hidden> + <s:hidden name="interfederationType" value="%{interfederationType}"></s:hidden> + + + <div id="button_area"> + <s:submit key="webpages.edit.back" action="cancleandbackIDP"/> + <s:submit key="webpages.edit.save" action="saveMOAIDP"/> + <s:if test="!isNewOA()"> + <s:submit key="webpages.edit.delete" action="deleteIDP"/> + </s:if> + </div> + + </s:form> + + </div> + </s:if> + + </div> + + <jsp:include page="../snippets/footer.jsp"></jsp:include> + + </body> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/interfederation/vidp.jsp b/id/ConfigWebTool/src/main/webapp/jsp/interfederation/vidp.jsp new file mode 100644 index 000000000..3a5dd68c9 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/interfederation/vidp.jsp @@ -0,0 +1,70 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> + +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <link rel="stylesheet" type="text/css" href="../css/index.css"> + <title><%=LanguageHelper.getGUIString("title", request) %></title> + <script type="text/javascript" src="../js/common.js"></script> + <script src="../js/jquery.js"></script> + </head> + + <body onload="oaOnLoad()"> + + <jsp:include page="../snippets/header_userinfos.jsp"></jsp:include> + + <jsp:include page="../snippets/main_menu.jsp"></jsp:include> + + <div id="information_area"> + <s:if test="hasActionErrors()"> + <div id="error_area"> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionerror/> + </div> + </s:if> + + <s:if test="authUser.isAdmin()"> + <div id="list_area"> + <h2><%=LanguageHelper.getGUIString("webpages.interfederation.header", request) %></h2> + + <s:form namespace="/secure" method="POST" enctype="multipart/form-data"> + + <s:include value="../snippets/OA/generalInformation.jsp"></s:include> + + <s:include value="../snippets/OA/targetConfiguration.jsp"></s:include> + + <s:include value="../snippets/OA/authentication.jsp"></s:include> + + <s:include value="../snippets/OA/vidp.jsp"> + <s:param name="hideBlock"></s:param> + </s:include> + + <s:include value="../snippets/OA/formCustomization.jsp"></s:include> + + <s:hidden name="formID" value="%{formID}"></s:hidden> + <s:hidden name="interfederationType" value="%{interfederationType}"></s:hidden> + + + <div id="button_area"> + <s:submit key="webpages.edit.back" action="cancleandbackIDP"/> + <s:submit key="webpages.edit.save" action="saveVIDP"/> + <s:if test="!isNewOA()"> + <s:submit key="webpages.edit.delete" action="deleteIDP"/> + </s:if> + </div> + + </s:form> + + </div> + </s:if> + + </div> + + <jsp:include page="../snippets/footer.jsp"></jsp:include> + + </body> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/listOAs.jsp b/id/ConfigWebTool/src/main/webapp/jsp/listOAs.jsp index 11953ec86..bad50262d 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/listOAs.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/listOAs.jsp @@ -27,7 +27,9 @@ </div> </s:if> - <jsp:include page="snippets/oas_list.jsp"></jsp:include> + <s:include value="snippets/oas_list.jsp"> + <s:param name="editAction">loadOA</s:param> + </s:include> </div> diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp new file mode 100644 index 000000000..a659104ed --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp @@ -0,0 +1,97 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + + <s:if test="authUser.isAdmin()"> + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.header", request) %></h3> + + <s:textfield name="authOA.bkuOnlineURL" + value="%{authOA.bkuOnlineURL}" + labelposition="left" + key="webpages.oaconfig.general.bku.online" + cssClass="textfield_long"> + </s:textfield> + + <s:textfield name="authOA.bkuHandyURL" + value="%{authOA.bkuHandyURL}" + labelposition="left" + key="webpages.oaconfig.general.bku.handy" + cssClass="textfield_long"> + </s:textfield> + + <s:textfield name="authOA.bkuLocalURL" + value="%{authOA.bkuLocalURL}" + labelposition="left" + key="webpages.oaconfig.general.bku.local" + cssClass="textfield_long"> + </s:textfield> + + <s:radio list="authOA.keyBoxIdentifierList" + name="authOA.keyBoxIdentifier" + value="%{authOA.keyBoxIdentifier}" + labelposition="left" + key="webpages.oaconfig.general.bku.keyboxidentifier" + cssClass="radio"> + </s:radio> + <s:checkbox name="authOA.legacy" + value="%{authOA.legacy}" + labelposition="left" + key="webpages.oaconfig.general.bku.legacy" + cssClass="checkbox" + onclick="oaLegacyService();" + id="OAislegacy"> + </s:checkbox> + <div id="oa_config_sltemplates"> + <s:textfield name="authOA.SLTemplateURL1" + value="%{authOA.SLTemplateURL1}" + labelposition="left" + key="webpages.oaconfig.general.bku.sltemplate.first" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="authOA.SLTemplateURL2" + value="%{authOA.SLTemplateURL2}" + labelposition="left" + key="webpages.oaconfig.general.bku.sltemplate.second" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="authOA.SLTemplateURL3" + value="%{authOA.SLTemplateURL3}" + labelposition="left" + key="webpages.oaconfig.general.bku.sltemplate.third" + cssClass="textfield_long"> + </s:textfield> + </div> + </div> + </s:if> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.mandate.header", request) %></h3> + + + <s:checkbox name="authOA.useMandates" + value="%{authOA.useMandates}" + labelposition="left" + key="webpages.oaconfig.general.mandate.usemandate" + cssClass="checkbox"> + </s:checkbox> + + <s:textfield name="authOA.mandateProfiles" + value="%{authOA.mandateProfiles}" + labelposition="left" + key="webpages.oaconfig.general.mandate.profiles" + cssClass="textfield_long"> + </s:textfield> + + <s:checkbox name="formOA.onlyMandateAllowed" + value="%{formOA.onlyMandateAllowed}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.isOnlyMandateLoginAllowed" + cssClass="checkbox"> + </s:checkbox> + + </div> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/blank.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/blank.jsp new file mode 100644 index 000000000..ba7dc2cc4 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/blank.jsp @@ -0,0 +1,8 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/formCustomization.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/formCustomization.jsp new file mode 100644 index 000000000..008a8b521 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/formCustomization.jsp @@ -0,0 +1,209 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.aditional.header", request) %></h3> + +<%-- <s:checkbox name="generalOA.calculateHPI" + value="%{generalOA.calculateHPI}" + labelposition="left" + key="webpages.oaconfig.general.aditional.calculateHPI" + cssClass="textfield_long"> + </s:checkbox> --%> + + <s:checkbox name="formOA.HideBPKAuthBlock" + value="%{formOA.HideBPKAuthBlock}" + labelposition="left" + key="webpages.oaconfig.general.isHideBPKAuthBlock" + cssClass="checkbox"> + </s:checkbox> + + <s:if test="authUser.isAdmin()"> + <s:textarea name="formOA.aditionalAuthBlockText" + value="%{formOA.aditionalAuthBlockText}" + labelposition="left" + key="webpages.oaconfig.general.aditional.authblocktext" + cssClass="textfield_large"> + </s:textarea> + + <button type="button" class="oa_buttons" onclick="oaFormCustom();" id="formcustom_button_show"> + <%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.button.show", request) %> + </button> + <button type="button" class="oa_buttons" onclick="oaFormCustom();" id="formcustom_button_hidden"> + <%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.button.hidden", request) %> + </button> + + <div id="formcustom_area" class="oa_protocol_area hidden"> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.header", request) %></h4> + + <div id="formCustomValues"> + <s:textfield name="formOA.backGroundColor" + value="%{formOA.backGroundColor}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.backgroundcolor" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("MAIN_BACKGOUNDCOLOR")' + id="MAIN_BACKGOUNDCOLOR"> + </s:textfield> + <s:textfield name="formOA.frontColor" + value="%{formOA.frontColor}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.frontcolor" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("MAIN_COLOR")' + id="MAIN_COLOR"> + </s:textfield> + + <s:textfield name="formOA.header_BackGroundColor" + value="%{formOA.header_BackGroundColor}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.backgroundcolor" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("HEADER_BACKGROUNDCOLOR")' + id="HEADER_BACKGROUNDCOLOR"> + </s:textfield> + <s:textfield name="formOA.header_FrontColor" + value="%{formOA.header_FrontColor}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.frontcolor" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("HEADER_COLOR")' + id="HEADER_COLOR"> + </s:textfield> + <s:textfield name="formOA.header_text" + value="%{formOA.header_text}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.text" + cssClass="textfield_middle" + onchange='updateBKUFormPreview("HEADER_TEXT")' + id="HEADER_TEXT"> + </s:textfield> + + <%-- <s:textfield name="formOA.button_BackGroundColor" + value="%{formOA.button_BackGroundColor}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.button.background" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("BUTTON_BACKGROUNDCOLOR")' + id="BUTTON_BACKGROUNDCOLOR"> + </s:textfield> + <s:textfield name="formOA.button_BackGroundColorFocus" + value="%{formOA.button_BackGroundColorFocus}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.button.background.focus" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("BUTTON_BACKGROUNDCOLOR_FOCUS")' + id="BUTTON_BACKGROUNDCOLOR_FOCUS"> + </s:textfield> + <s:textfield name="formOA.button_FrontColor" + value="%{formOA.button_FrontColor}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.button.front" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("BUTTON_COLOR")' + id="BUTTON_COLOR"> + </s:textfield> --%> + + <s:select list="formOA.appletRedirectTargetList" + key="webpages.oaconfig.general.BKUSelection.redirectTarget" + labelposition="left" + cssClass="selectfield" + value="%{formOA.appletRedirectTarget}" + name="formOA.appletRedirectTarget"> + </s:select> + + <s:textfield name="formOA.applet_height" + value="%{formOA.applet_height}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.applet.height" + cssClass="textfield_middle" + id="HEADER_HEIGHT"> + </s:textfield> + + <s:textfield name="formOA.applet_width" + value="%{formOA.applet_width}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.applet.width" + cssClass="textfield_middle" + id="HEADER_WIDTH"> + </s:textfield> + + <s:select list="formOA.fontTypeList" + key="webpages.oaconfig.general.BKUSelection.fonttype.list" + labelposition="left" + cssClass="selectfield" + value="%{formOA.fontType}" + name="formOA.fontTypeListValue" + id="fontTypeList" + onchange='$("#FONTTYPE").val($("#fontTypeList").val());updateBKUFormPreview("FONTTYPE");'> + </s:select> + + <s:textfield name="formOA.fontType" + value="%{formOA.fontType}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.fonttype" + cssClass="textfield_mail" + onchange='updateBKUFormPreview("FONTTYPE")' + id="FONTTYPE"> + </s:textfield> + </div> + + <div id="formCustomPreview"> + <iframe scrolling="none" + title="BKUForm Preview" + height="260" + width="250"> + </iframe> + </div> + + </div> + + <div class="oa_protocol_area"> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.bkuselection.header", request) %></h4> + <s:iterator value="%{formOA.bkuSelectionFileUploadFileName}" var="fileNameBKU"> + <div class="floatClass"> + <s:label key="webpages.oaconfig.general.bku.bkuselection.filename" value="%{fileNameBKU}"/> + <s:checkbox key="webpages.oaconfig.general.bku.delete" + labelposition="left" + cssClass="checkbox" + name="formOA.deleteBKUTemplate"></s:checkbox> + </div> + <div id="pvp2_certificate_upload"> + <s:file name="formOA.bkuSelectionFileUpload" key="webpages.oaconfig.general.bku.bkuselection.upload" cssClass="textfield_long"></s:file> + </div> + </s:iterator> + <s:if test="formOA.bkuSelectionFileUploadFileName.size() == 0"> + <div id="pvp2_certificate_upload"> + <s:file name="formOA.bkuSelectionFileUpload" key="webpages.oaconfig.general.bku.bkuselection.upload" cssClass="textfield_long"></s:file> + </div> + </s:if> + </div> + <div class="oa_protocol_area"> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.sendassertion.header", request) %></h4> + <s:iterator value="%{formOA.sendAssertionFileUploadFileName}" var="fileNameBKU"> + <div class="floatClass"> + <s:label key="webpages.oaconfig.general.bku.sendassertion.filename" + value="%{fileNameBKU}"/> + <s:checkbox key="webpages.oaconfig.general.bku.delete" + labelposition="left" + cssClass="checkbox" + name="formOA.deleteSendAssertionTemplate"></s:checkbox> + </div> + <div id="pvp2_certificate_upload"> + <s:file name="formOA.sendAssertionFileUpload" key="webpages.oaconfig.general.bku.sendassertion.upload" cssClass="textfield_long"></s:file> + </div> + </s:iterator> + <s:if test="formOA.sendAssertionFileUploadFileName.size() == 0"> + <div id="pvp2_certificate_upload"> + <s:file name="formOA.sendAssertionFileUpload" key="webpages.oaconfig.general.bku.sendassertion.upload" cssClass="textfield_long"></s:file> + </div> + </s:if> + </div> + + </s:if> + + </div> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/generalInformation.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/generalInformation.jsp new file mode 100644 index 000000000..ade5bb185 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/generalInformation.jsp @@ -0,0 +1,43 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + + <div class="oa_config_block"> + + <s:if test="authUser.isAdmin()"> + <s:checkbox name="generalOA.Active" + value="%{generalOA.Active}" + labelposition="left" + key="webpages.oaconfig.general.isActive" + cssClass="checkbox"> + </s:checkbox> + </s:if> + + <s:textfield name="generalOA.identifier" + value="%{generalOA.identifier}" + labelposition="left" + key="webpages.oaconfig.general.identification" + cssClass="textfield_long"> + </s:textfield> + + <s:textfield name="generalOA.friendlyName" + value="%{generalOA.friendlyName}" + labelposition="left" + key="webpages.oaconfig.general.friendlyname" + cssClass="textfield_long"> + </s:textfield> + + <s:checkbox name="generalOA.businessService" + value="%{generalOA.businessService}" + labelposition="left" + key="webpages.oaconfig.general.isbusinessservice" + cssClass="checkbox" + onclick="oaBusinessService();" + id="OAisbusinessservice" + > + </s:checkbox> + + </div> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/interfederation.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/interfederation.jsp new file mode 100644 index 000000000..97d21bcb4 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/interfederation.jsp @@ -0,0 +1,33 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div id="oa_pvp2_area" class="oa_protocol_area"> + <h4><%=LanguageHelper.getGUIString("webpages.inderfederation.moaid.header", request) %></h4> + + <s:checkbox key="webpages.inderfederation.moaid.inboundSSO" + labelposition="left" + cssClass="checkbox" + name="moaIDP.inboundSSO"></s:checkbox> + + <s:checkbox key="webpages.inderfederation.moaid.outboundSSO" + labelposition="left" + cssClass="checkbox" + name="moaIDP.outboundSSO"></s:checkbox> + + <s:checkbox key="webpages.inderfederation.moaid.storeSSOSession" + labelposition="left" + cssClass="checkbox" + name="moaIDP.storeSSOSession"></s:checkbox> + + <s:textfield name="moaIDP.queryURL" + value="%{moaIDP.queryURL}" + labelposition="left" + key="webpages.inderfederation.moaid.attributQueryURL" + cssClass="textfield_long"> + </s:textfield> + + </div> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/openIDConnect.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/openIDConnect.jsp new file mode 100644 index 000000000..a9b1f88a2 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/openIDConnect.jsp @@ -0,0 +1,21 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div id="oa_oauth20_area" class="oa_protocol_area hidden"> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.oauth20.header", request) %></h4> + + <s:label key="webpages.oaconfig.oauth20.clientId" value="%{oauth20OA.clientId}"/> + + <s:label key="webpages.oaconfig.oauth20.clientSecret" value="%{oauth20OA.clientSecret}"/> + + <s:textfield name="oauth20OA.redirectUri" + value="%{oauth20OA.redirectUri}" + labelposition="left" + key="webpages.oaconfig.oauth20.redirectUri" + cssClass="textfield_long"> + </s:textfield> + </div> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/pvp2.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/pvp2.jsp new file mode 100644 index 000000000..398e6d110 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/pvp2.jsp @@ -0,0 +1,28 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div id="oa_pvp2_area" class="oa_protocol_area ${param.hideBlock}"> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.pvp2.header", request) %></h4> + + <s:checkbox key="webpages.oaconfig.pvp2.reload" + labelposition="left" + cssClass="checkbox" + name="pvp2OA.reLoad"></s:checkbox> + + <s:textfield name="pvp2OA.metaDataURL" + value="%{pvp2OA.metaDataURL}" + labelposition="left" + key="webpages.oaconfig.pvp2.metaDataURL" + cssClass="textfield_long"> + </s:textfield> + + <s:label key="webpages.oaconfig.pvp2.certifcate.info" value="%{pvp2OA.certificateDN}"/> + + <div id="pvp2_certificate_upload"> + <s:file name="pvp2OA.fileUpload" key="webpages.oaconfig.pvp2.certifcate" cssClass="textfield_long"></s:file> + </div> + </div> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/saml1.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/saml1.jsp new file mode 100644 index 000000000..4fd02aa61 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/saml1.jsp @@ -0,0 +1,66 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div id="oa_saml1_area" class="oa_protocol_area hidden"> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.saml1.header", request) %></h4> + + <s:if test="authUser.isAdmin()"> + <s:checkbox name="saml1OA.Active" + value="%{saml1OA.Active}" + labelposition="left" + key="webpages.oaconfig.saml1.isActice" + cssClass="checkbox"> + </s:checkbox> + </s:if> + <s:checkbox name="saml1OA.provideStammZahl" + value="%{saml1OA.provideStammZahl}" + labelposition="left" + key="webpages.oaconfig.saml1.provideStammZahl" + cssClass="checkbox"> + </s:checkbox> + <s:checkbox name="saml1OA.provideAuthBlock" + value="%{saml1OA.provideAuthBlock}" + labelposition="left" + key="webpages.oaconfig.saml1.provideAuthBlock" + cssClass="checkbox"> + </s:checkbox> + <br> + <s:checkbox name="saml1OA.provideIdentityLink" + value="%{saml1OA.provideIdentityLink}" + labelposition="left" + key="webpages.oaconfig.saml1.provideIdentityLink" + cssClass="checkbox"> + </s:checkbox> + <s:checkbox name="saml1OA.provideCertificate" + value="%{saml1OA.provideCertificate}" + labelposition="left" + key="webpages.oaconfig.saml1.provideCertificate" + cssClass="checkbox"> + </s:checkbox> + <s:checkbox name="saml1OA.provideFullMandateData" + value="%{saml1OA.provideFullMandateData}" + labelposition="left" + key="webpages.oaconfig.saml1.provideFullMandateData" + cssClass="checkbox"> + </s:checkbox> +<%-- <br> + <br> + <br> + <s:checkbox name="saml1OA.useCondition" + value="%{saml1OA.useCondition}" + labelposition="left" + key="webpages.oaconfig.saml1.useCondition" + cssClass="checkbox"> + </s:checkbox> + <s:textfield name="saml1OA.conditionLength" + value="%{saml1OA.conditionLength}" + labelposition="left" + key="webpages.oaconfig.saml1.conditionLength" + cssClass="textfield_short"> + </s:textfield> --%> + + </div> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/sso.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/sso.jsp new file mode 100644 index 000000000..f39668bd5 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/sso.jsp @@ -0,0 +1,39 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.sso.header", request) %></h3> + + <s:checkbox name="ssoOA.useSSO" + value="%{ssoOA.useSSO}" + labelposition="left" + key="webpages.oaconfig.sso.usesso" + cssClass="checkbox" + onclick="oaSSOService();" + id="OAuseSSO"> + </s:checkbox> + + <div id="sso_bock"> + <s:if test="authUser.isAdmin()"> + <s:checkbox name="ssoOA.showAuthDataFrame" + value="%{ssoOA.showAuthDataFrame}" + labelposition="left" + key="webpages.oaconfig.sso.useauthdataframe" + cssClass="checkbox" + onclick="oaBusinessService();"> + </s:checkbox> + </s:if> + +<%--TODO: insert if SLO is implemented!!!--%> +<%-- <s:textfield name="ssoOA.singleLogOutURL" + value="%{ssoOA.singleLogOutURL}" + labelposition="left" + key="webpages.oaconfig.sso.singlelogouturl" + cssClass="textfield_long"> + </s:textfield> --%> + </div> + </div> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp new file mode 100644 index 000000000..f1853dbeb --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp @@ -0,0 +1,38 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %></h3> + + <s:checkbox name="storkOA.storkLogonEnabled" + value="%{storkOA.storkLogonEnabled}" + labelposition="left" + key="webpages.oaconfig.stork.usestork" + cssClass="checkbox" + onclick="oaStork();" + id="OAuseSTORKLogon" /> + <div id="stork_block"> + <s:select list="#{1:'1', 2:'2', 3:'3', 4:'4'}" + value="#{storkOA.qaa}" + name="storkOA.qaa" + key="webpages.moaconfig.stork.qaa" + labelposition="left" /> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.enabledcpeps", request) %></h4> + <s:checkboxlist name="storkOA.enabledCitizenCountries" list="storkOA.availableCitizenCountries" value="storkOA.enabledCitizenCountries" /> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.header", request) %></h4> + <table> + <tr><th><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.used", request) %></th> + <th><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.name", request) %></th> + <th><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.mandatory", request) %></th></tr> + <s:iterator value="storkOA.helperAttributes" status="stat"> + <tr><td><s:checkbox name="storkOA.helperAttributes[%{#stat.index}].used" value="%{used}" disabled="%{readOnly}" /></td> + <td><s:property value="%{name}" /><s:hidden name="storkOA.helperAttributes[%{#stat.index}].name" value="%{name}" /></td> + <td><s:checkbox name="storkOA.helperAttributes[%{#stat.index}].mandatory" value="%{mandatory}" /></td></tr> + </s:iterator> + </table> + </div> + </div> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp new file mode 100644 index 000000000..261966a86 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp @@ -0,0 +1,115 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div id="oa_config_businessservice" class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.business.header", request) %></h3> + + <s:select list="targetConfig.identificationTypeList" + key="webpages.oaconfig.general.business.value" + labelposition="left" + cssClass="selectfield" + value="%{targetConfig.identificationType}" + name="targetConfig.identificationType" + disabled="%{isDeaktivededBusinessService()}"> + </s:select> + + <s:textfield name="targetConfig.identificationNumber" + value="%{targetConfig.identificationNumber}" + cssClass="textfield_middle" + disabled="%{isDeaktivededBusinessService()}"> + </s:textfield> + </div> + + <s:if test="!isOnlyBusinessService()"> + <div id="oa_config_publicservice" class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.public.header", request) %></h3> + + <s:if test="authUser.isAdmin()"> + <s:select list="targetConfig.targetList" + key="webpages.oaconfig.general.target" + labelposition="left" + cssClass="selectfield" + value="%{targetConfig.target}" + name="targetConfig.target" + onchange="HideAdminTarget();"> + </s:select> + </s:if> + <s:else> + <s:select list="targetConfig.targetList" + key="webpages.oaconfig.general.target" + labelposition="left" + cssClass="selectfield" + value="%{targetConfig.target}" + name="targetConfig.target"> + </s:select> + </s:else> + + <s:checkbox name="subTargetSet" + value="%{subTargetSet}" + labelposition="left" + key="webpages.oaconfig.general.target.subsector.checkbox" + cssClass="checkbox" + onclick="oaTargetSubSector();" + id="OAisTargetSubSector"> + </s:checkbox> + + <s:textfield name="targetConfig.target_subsector" + value="%{targetConfig.target_subsector}" + labelposition="left" + key="webpages.oaconfig.general.target.subsector" + cssClass="selectfield" + id="OAtarget_subsector"> + </s:textfield> + + + <s:if test="authUser.isAdmin()"> + <s:checkbox + name="targetConfig.AdminTarget" + value="%{targetConfig.AdminTarget}" + cssClass="checkbox" + onclick="AdminTarget();" + labelposition="left" + key="webpages.oaconfig.general.target.admin.checkbox" + id="adminTarget"> + </s:checkbox> + + <div id="admin_target_area"> + <s:textfield name="targetConfig.target_admin" + value="%{targetConfig.target_admin}" + labelposition="left" + key="webpages.oaconfig.general.target.admin" + cssClass="textfield_short"> + </s:textfield> + <s:textfield name="targetConfig.targetFriendlyName" + value="%{targetConfig.targetFriendlyName}" + labelposition="left" + key="webpages.oaconfig.general.target.friendlyname" + cssClass="textfield_long"> + </s:textfield> + </div> + </s:if> + <s:else> + <s:if test="targetConfig.target_admin neq null"> + <s:textfield name="targetConfig.target_admin" + value="%{targetConfig.target_admin}" + labelposition="left" + key="webpages.oaconfig.general.target.admin.disabled" + cssClass="textfield_short" + disabled="true"> + </s:textfield> + </s:if> + <%-- <s:if test="targetConfig.targetFriendlyName neq null"> + <s:textfield name="targetConfig.targetFriendlyName" + value="%{targetConfig.targetFriendlyName}" + labelposition="left" + key="webpages.oaconfig.general.target.friendlyname.disabled" + cssClass="textfield_long"> + </s:textfield> + </s:if> --%> + </s:else> + </div> + </s:if> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/vidp.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/vidp.jsp new file mode 100644 index 000000000..e8f1c86d3 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/vidp.jsp @@ -0,0 +1,36 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div id="oa_vidp_area" class="oa_protocol_area ${param.hideBlock}"> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %></h4> + + <p><s:checkbox name="storkOA.vidpEnabled" + value="%{storkOA.vidpEnabled}" + labelposition="left" + key="webpages.oaconfig.vidp.enabled" + cssClass="checkbox" + id="OAuseVidp" /></p> + + <p><s:checkbox name="storkOA.requireConsent" + value="%{storkOA.requireConsent}" + labelposition="left" + key="webpages.oaconfig.vidp.requireconsent" + cssClass="checkbox" + id="OArequireConsent" /></p> + <h5><%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.list", request) %></h5> + <table id="stork_aplist"> + <tr><th>AP Plugin</th><th>URL</th><th>Attribute (CSV)</th></tr> + <s:iterator value="storkOA.attributeProviderPlugins" status="stat"> + <tr><td><s:select name="storkOA.attributeProviderPlugins[%{#stat.index}].name" value="%{name}" list="%{storkOA.availableAttributeProviderPlugins}"/></td> + <td><s:textfield name="storkOA.attributeProviderPlugins[%{#stat.index}].url" value="%{url}" cssClass="textfield_mail"/></td> + <td><s:textfield name="storkOA.attributeProviderPlugins[%{#stat.index}].attributes" value="%{attributes}" cssClass="textfield_mail"/></td> + <td><input type="button" value="<%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.remove", request) %>" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/></td></tr> + </s:iterator> + </table> + <input type="button" value="<%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.new", request) %>" onclick='newAp();' /> + + </div> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp index 4d02f4bda..95d6de912 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp @@ -19,6 +19,10 @@ <s:if test="authUser.isAdmin()"> <div class="menu_element"> + <s:url action="listallinterfederationidps" var="interfederationConfig" namespace="/secure"/> + <a href="<s:property value="#interfederationConfig" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.interfederation", request) %></a> + </div> + <div class="menu_element"> <s:url action="loadGeneralConfig" var="generalConfig" namespace="/secure"/> <a href="<s:property value="#generalConfig" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.general.config.moaid", request) %></a> </div> diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/oas_list.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/oas_list.jsp index 113e822f8..e2af292d7 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/oas_list.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/oas_list.jsp @@ -1,4 +1,5 @@ <%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@page import="at.gv.egovernment.moa.id.configuration.data.OAListElement.ServiceType"%> <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@ taglib prefix="s" uri="/struts-tags" %> @@ -6,6 +7,11 @@ <s:if test="formOAs && formOAs.size > 0"> <div id="list_area"> <div id="listHeader" class="listElement"> + <s:if test="formOAs[0].serviceType != 'OA'"> + <div class="listElInfo"> + <%=LanguageHelper.getGUIString("webpages.listOAs.list.elInfo", request) %> + </div> + </s:if> <div class="listFirst"> <%=LanguageHelper.getGUIString("webpages.listOAs.list.first", request) %> </div> @@ -17,6 +23,11 @@ <s:iterator var="OAelement" value="formOAs"> <div class="listElement" onclick="editOA(<s:property value='dataBaseID'/>);"> + <s:if test="serviceType != 'OA'"> + <div class="listElInfo"> + <s:property value="serviceType"/> + </div> + </s:if> <div class="listFirst"> <s:property value="oaIdentifier"/> </div> @@ -28,7 +39,8 @@ </s:iterator> </div> - <s:form method="POST" id="selectOAForm" action="loadOA" namespace="/secure"> + <s:set var="myUrl">${param.editAction}</s:set> + <s:form method="POST" id="selectOAForm" action="%{#myUrl}" namespace="/secure"> <s:hidden id="selectOAForm_OAID" name="oaidobj"></s:hidden> </s:form> </s:if> diff --git a/id/oa/pom.xml b/id/oa/pom.xml index b88f560fb..63533c0bc 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -4,14 +4,14 @@ <parent> <groupId>MOA</groupId> <artifactId>id</artifactId> - <version>2.0.1</version> + <version>2.0.x</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>MOA.id</groupId> <artifactId>moa-id-oa</artifactId> <packaging>war</packaging> - <version>2.0.1</version> + <version>${demo-oa-version}</version> <name>MOA Sample OA</name> <properties> @@ -33,7 +33,26 @@ <build> <finalName>oa</finalName> + <pluginManagement> <plugins> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>properties-maven-plugin</artifactId> + <version>1.0-alpha-2</version> + <executions> + <execution> + <phase>initialize</phase> + <goals> + <goal>read-project-properties</goal> + </goals> + <configuration> + <files> + <file>${basedir}/moa-id.properties</file> + </files> + </configuration> + </execution> + </executions> + </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> @@ -43,6 +62,7 @@ </configuration> </plugin> </plugins> + </pluginManagement> </build> <dependencies> diff --git a/id/pom.xml b/id/pom.xml index 7bf09edfa..18631a8d1 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -3,13 +3,13 @@ <parent> <groupId>MOA</groupId> <artifactId>MOA</artifactId> - <version>2.0.1</version> + <version>2.0.2</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>id</artifactId> + <version>2.0.x</version> <packaging>pom</packaging> - <version>2.0.1</version> <name>MOA ID</name> <modules> @@ -25,7 +25,27 @@ </properties> <build> + <pluginManagement> <plugins> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>properties-maven-plugin</artifactId> + <version>1.0-alpha-2</version> + <executions> + <execution> + <phase>initialize</phase> + <goals> + <goal>read-project-properties</goal> + </goals> + <configuration> + <files> + <file>${basedir}/moa-id.properties</file> + </files> + </configuration> + </execution> + </executions> + </plugin> + <plugin> <artifactId>maven-enforcer-plugin</artifactId> <version>1.1.1</version> @@ -59,6 +79,7 @@ </executions> </plugin> </plugins> + </pluginManagement> </build> </project> diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index 618429a8e..72da9ea47 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -2,12 +2,13 @@ <parent> <groupId>MOA.id</groupId> <artifactId>moa-id</artifactId> - <version>2.0.1</version> + <version>2.0.x</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>MOA.id.server</groupId> <artifactId>moa-id-auth</artifactId> + <version>${moa-id-version}</version> <packaging>war</packaging> <name>MOA ID-Auth WebService</name> @@ -26,7 +27,27 @@ <build> <!--sourceDirectory>${basedir}/../idserverlib/src/main/java</sourceDirectory--> <!--testSourceDirectory>${basedir}/../idserverlib/src/test/java</testSourceDirectory--> + <pluginManagement> <plugins> + + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>properties-maven-plugin</artifactId> + <version>1.0-alpha-2</version> + <executions> + <execution> + <phase>initialize</phase> + <goals> + <goal>read-project-properties</goal> + </goals> + <configuration> + <files> + <file>moa-id.properties</file> + </files> + </configuration> + </execution> + </executions> + </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> @@ -58,6 +79,7 @@ </configuration> </plugin> </plugins> + </pluginManagement> </build> <dependencies> diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index 6f451ec79..6da7396a1 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -48,9 +48,13 @@ <to type="forward">/dispatcher?mod=id_pvp2x&action=Post&%{query-string}</to> </rule> <rule match-type="regex"> - <from>^/PVP2Soap$</from> + <from>^/pvp2/Soap$</from> <to type="forward">/dispatcher?mod=id_pvp2x&action=Soap</to> </rule> + <rule match-type="regex"> + <from>^/pvp2/attributequery$</from> + <to type="forward">/dispatcher?mod=id_pvp2x&action=AttributeQuery</to> + </rule> <rule match-type="regex"> <from>^/stork2/StartAuthentication$</from> diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html index 21d146b4d..57ed9a760 100644 --- a/id/server/doc/handbook/config/config.html +++ b/id/server/doc/handbook/config/config.html @@ -713,6 +713,16 @@ https://<host>:<port>/moa-id-auth/MonitoringServlet</pre> <td>password</td> <td>Passwort des Schlüssels mit dem die PVP 2.1 Assertion durch MOA-ID-Auth unterschieben wird</td> </tr> + <tr> + <td>protocols.pvp2.sp.ks.assertion.encryption.alias</td> + <td>pvp_encryption</td> + <td>Name des Schlüssels mit dem PVP 2.1 Assertion für MOA-ID-Auth als Service Provider durch einen weiteren IDP Verschlüsselt werden sollen (siehe Kapitel <a href="./../interfederation/interfederation.html">Interfederation</a>)</td> + </tr> + <tr> + <td>protocols.pvp2.sp.ks.assertion.encryption.keypassword</td> + <td>password</td> + <td>Passwort des Schlüssels mit dem PVP 2.1 Assertion für MOA-ID-Auth als Service Provider durch einen weiteren IDP Verschlüsselt werden sollen (siehe Kapitel <a href="./../interfederation/interfederation.html">Interfederation</a>)</td> + </tr> </table> <p> </p> <h5><a name="basisconfig_moa_id_auth_param_protocol_openid" id="uebersicht_bekanntmachung11"></a>2.2.2.3.2 OpenID Connect</h5> diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 285a5da9c..5ce26814a 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -3,12 +3,13 @@ <parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>2.0.1</version>
+ <version>2.0.x</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
+ <version>${moa-id-version}</version>
<packaging>jar</packaging>
<name>MOA ID API</name>
@@ -270,7 +271,26 @@ </dependencies>
<build>
+ <pluginManagement>
<plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
@@ -339,6 +359,7 @@ </executions>
</plugin>
</plugins>
+ </pluginManagement>
</build>
</project>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index d4b5d1c05..0e5f9bcc3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -51,7 +51,8 @@ import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; @@ -97,9 +98,9 @@ public class StatisticLogger { } } - public void logSuccessOperation(IRequest protocolRequest, AuthenticationSession moasession, boolean isSSOSession) { + public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSSOSession) { - if ( isAktive && protocolRequest != null && moasession != null) { + if ( isAktive && protocolRequest != null && authData != null) { OnlineApplication dbOA = ConfigurationDBRead.getOnlineApplication(protocolRequest.getOAURL()); @@ -128,9 +129,18 @@ public class StatisticLogger { dblog.setOatarget(dbOA.getAuthComponentOA().getIdentificationNumber().getValue()); else dblog.setOatarget(dbOA.getTarget()); + + dblog.setInterfederatedSSOSession(authData.isInterfederatedSSOSession()); - dblog.setBkuurl(moasession.getBkuURL()); - dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA)); + if (authData.isInterfederatedSSOSession()) { + dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP); + dblog.setBkuurl(authData.getInterfederatedIDP()); + + } else { + dblog.setBkuurl(authData.getBkuURL()); + dblog.setBkutype(findBKUType(authData.getBkuURL(), dbOA)); + + } dblog.setProtocoltype(protocolRequest.requestedModule()); dblog.setProtocolsubtype(protocolRequest.requestedAction()); @@ -138,10 +148,10 @@ public class StatisticLogger { //log MandateInforamtion - if (moasession.getUseMandate()) { - dblog.setMandatelogin(moasession.getUseMandate()); + if (authData.isUseMandate()) { + dblog.setMandatelogin(authData.isUseMandate()); - MISMandate mandate = moasession.getMISMandate(); + MISMandate mandate = authData.getMISMandate(); if (mandate != null) { if (MiscUtil.isNotEmpty(mandate.getProfRep())) { @@ -333,13 +343,13 @@ public class StatisticLogger { BKUURLS bkuurls = oaAuth.getBKUURLS(); if (bkuurls != null) { if (bkuURL.equals(bkuurls.getHandyBKU())) - return OAAuthParameter.HANDYBKU; + return IOAAuthParameters.HANDYBKU; if (bkuURL.equals(bkuurls.getLocalBKU())) - return OAAuthParameter.LOCALBKU; + return IOAAuthParameters.LOCALBKU; if (bkuURL.equals(bkuurls.getOnlineBKU())) - return OAAuthParameter.ONLINEBKU; + return IOAAuthParameters.ONLINEBKU; } } } @@ -348,14 +358,14 @@ public class StatisticLogger { try { AuthConfigurationProvider authconfig = AuthConfigurationProvider.getInstance(); - if (bkuURL.equals(authconfig.getDefaultBKUURL(OAAuthParameter.ONLINEBKU))) - return OAAuthParameter.ONLINEBKU; + if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.ONLINEBKU))) + return IOAAuthParameters.ONLINEBKU; - if (bkuURL.equals(authconfig.getDefaultBKUURL(OAAuthParameter.LOCALBKU))) - return OAAuthParameter.LOCALBKU; + if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU))) + return IOAAuthParameters.LOCALBKU; - if (bkuURL.equals(authconfig.getDefaultBKUURL(OAAuthParameter.HANDYBKU))) - return OAAuthParameter.HANDYBKU; + if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU))) + return IOAAuthParameters.HANDYBKU; } catch (ConfigurationException e) { Logger.info("Advanced Logging: Default BKUs read failed"); @@ -364,17 +374,17 @@ public class StatisticLogger { Logger.debug("Staticic Log search BKUType from generneric Parameters"); if (bkuURL.endsWith(GENERIC_LOCALBKU)) { - Logger.debug("BKUURL " + bkuURL + " is mapped to " + OAAuthParameter.LOCALBKU); - return OAAuthParameter.LOCALBKU; + Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.LOCALBKU); + return IOAAuthParameters.LOCALBKU; } if (bkuURL.startsWith(GENERIC_HANDYBKU)) { - Logger.debug("BKUURL " + bkuURL + " is mapped to " + OAAuthParameter.HANDYBKU); - return OAAuthParameter.HANDYBKU; + Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.HANDYBKU); + return IOAAuthParameters.HANDYBKU; } - Logger.debug("BKUURL " + bkuURL + " is mapped to " + OAAuthParameter.ONLINEBKU); - return OAAuthParameter.ONLINEBKU; + Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.ONLINEBKU); + return IOAAuthParameters.ONLINEBKU; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index c99c88f5f..e83718949 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1415,127 +1415,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { } /** - * Builds the AuthenticationData object together with the corresponding - * <code><saml:Assertion></code> - * - * @param session authentication session - * @param verifyXMLSigResp VerifyXMLSignatureResponse from MOA-SP - * @param useUTC uses correct UTC time format - * @param useUTC indicates that authenticated citizen is a foreigner - * @param isForeigner indicates whether Austrian (false) or foreigner (true) authenticates - * @return AuthenticationData object - * @throws ConfigurationException while accessing configuration data - * @throws BuildException while building the <code><saml:Assertion></code> - */ - public static AuthenticationData buildAuthenticationData( - AuthenticationSession session, OAAuthParameter oaParam, String target) - throws ConfigurationException, BuildException { - - IdentityLink identityLink = session.getIdentityLink(); - AuthenticationData authData = new AuthenticationData(); - - VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); - - boolean businessService = oaParam.getBusinessService(); - - authData.setMajorVersion(1); - authData.setMinorVersion(0); - authData.setAssertionID(Random.nextRandom()); - authData.setIssuer(session.getAuthURL()); - - authData.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar - .getInstance())); - - //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO - authData.setIdentificationValue(identityLink.getIdentificationValue()); - authData.setIdentificationType(identityLink.getIdentificationType()); - - authData.setGivenName(identityLink.getGivenName()); - authData.setFamilyName(identityLink.getFamilyName()); - authData.setDateOfBirth(identityLink.getDateOfBirth()); - authData.setQualifiedCertificate(verifyXMLSigResp - .isQualifiedCertificate()); - authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); - authData.setPublicAuthorityCode(verifyXMLSigResp - .getPublicAuthorityCode()); - authData.setBkuURL(session.getBkuURL()); - - try { - - MISMandate mandate = session.getMISMandate(); - - if (session.getUseMandate() && session.isOW() - && mandate != null && MiscUtil.isNotEmpty(mandate.getOWbPK())) { - authData.setBPK(mandate.getOWbPK()); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); - authData.setIdentityLink(identityLink); - Logger.trace("Authenticated User is OW: " + mandate.getOWbPK()); - - } else { - - if (businessService) { - //since we have foreigner, wbPK is not calculated in BKU - if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - - String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); - - if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { - // If domainIdentifier starts with prefix - // "urn:publicid:gv.at:wbpk+"; remove this prefix - registerAndOrdNr = registerAndOrdNr - .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " - + registerAndOrdNr); - } - - String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); - authData.setBPK(wbpkBase64); - authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); - - } else { - authData.setBPK(identityLink.getIdentificationValue()); - authData.setBPKType(identityLink.getIdentificationType()); - - } - - Logger.trace("Authenticate user with wbPK " + authData.getBPK()); - - Element idlassertion = session.getIdentityLink().getSamlAssertion(); - //set bpk/wpbk; - Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); - prIdentification.getFirstChild().setNodeValue(authData.getBPK()); - //set bkp/wpbk type - Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); - prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); - - IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); - IdentityLink idl = idlparser.parseIdentityLink(); - authData.setIdentityLink(idl); - - } else { - - if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); - authData.setBPK(bpkBase64); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); - } - - Logger.trace("Authenticate user with bPK " + authData.getBPK()); - - authData.setIdentityLink(identityLink); - } - } - - return authData; - - } catch (Throwable ex) { - throw new BuildException("builder.00", new Object[]{ - "AuthenticationData", ex.toString()}, ex); - } - } - - /** * Retrieves a session from the session store. * * @param id session ID diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 0173c67a1..6f83da367 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -31,6 +31,8 @@ public interface MOAIDAuthConstants { public static final String PARAM_MODUL = "MODUL"; public static final String PARAM_ACTION = "ACTION"; public static final String PARAM_SSO = "SSO"; + public static final String INTERFEDERATION_IDP = "interIDP"; + /** servlet parameter "sourceID" */ public static final String PARAM_SOURCEID = "sourceID"; /** servlet parameter "BKUSelectionTemplate" */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 30ad0bdc9..a6c2cde05 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -51,6 +51,7 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; @@ -496,7 +497,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String gebDat, List<ExtendedSAMLAttribute> extendedSAMLAttributes, AuthenticationSession session, - OAAuthParameter oaParam) + IOAAuthParameters oaParam) throws BuildException { session.setSAMLAttributeGebeORwbpk(true); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 531303300..ba4440bf8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DateTimeUtils; @@ -224,7 +225,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB * @throws BuildException if an error occurs during the build process */ public String build( - AuthenticationData authData, + SAML1AuthenticationData authData, String xmlPersonData, String xmlAuthBlock, String xmlIdentityLink, @@ -238,6 +239,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB { String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false"; + String publicAuthorityAttribute = ""; if (authData.isPublicAuthority()) { String publicAuthorityIdentification = authData.getPublicAuthorityCode(); @@ -344,7 +346,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB * @throws BuildException if an error occurs during the build process */ public String buildMandate( - AuthenticationData authData, + SAML1AuthenticationData authData, String xmlPersonData, String xmlMandateData, String xmlAuthBlock, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java new file mode 100644 index 000000000..792b6cdd7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -0,0 +1,628 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.builder; + +import iaik.x509.X509Certificate; + +import java.io.IOException; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.List; + +import javax.naming.ldap.LdapName; +import javax.naming.ldap.Rdn; + +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeQuery; +import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml2.core.Response; +import org.opensaml.ws.soap.common.SOAPException; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.security.SecurityException; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException; +import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * @author tlenz + * + */ +public class AuthenticationDataBuilder implements MOAIDAuthConstants { + + public static IAuthData buildAuthenticationData(IRequest protocolRequest, + AuthenticationSession session, List<Attribute> reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { + + + String oaID = protocolRequest.getOAURL(); + if (oaID == null) { + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.12"); + } + + // check parameter + if (!ParamValidatorUtils.isValidOA(oaID)) + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.12"); + + AuthenticationData authdata = null; + + if (protocolRequest instanceof SAML1RequestImpl) { + //request is SAML1 + SAML1AuthenticationData saml1authdata = new SAML1AuthenticationData(); + saml1authdata.setExtendedSAMLAttributesOA(session.getExtendedSAMLAttributesOA()); + + authdata = saml1authdata; + + } else { + authdata = new AuthenticationData(); + + } + + //reuse some parameters if it is a reauthentication + OASessionStore activeOA = AuthenticationSessionStoreage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule()); + if (activeOA != null) { + authdata.setSessionIndex(activeOA.getAssertionSessionID()); + authdata.setNameID(activeOA.getUserNameID()); + authdata.setNameIDFormat(activeOA.getUserNameIDFormat()); + + //mark AttributeQuery as used + if ( protocolRequest instanceof PVPTargetConfiguration && + ((PVPTargetConfiguration) protocolRequest).getRequest() instanceof MOARequest && + ((PVPTargetConfiguration) protocolRequest).getRequest().getInboundMessage() instanceof AttributeQuery) { + try { + activeOA.setAttributeQueryUsed(true); + MOASessionDBUtils.saveOrUpdate(activeOA); + + } catch (MOADatabaseException e) { + Logger.error("MOASession interfederation information can not stored to database.", e); + + } + } + + } + + InterfederationSessionStore interfIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session); + + IOAAuthParameters oaParam = null; + if (reqAttributes == null) { + //get OnlineApplication from MOA-ID-Auth configuration + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(oaID); + + } else { + //build OnlineApplication dynamic from requested attributes + oaParam = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes, interfIDP); + + } + + if (interfIDP != null ) { + //IDP is a chained interfederated IDP and Authentication is requested + if (oaParam.isInderfederationIDP() && protocolRequest instanceof PVPTargetConfiguration && + !(((PVPTargetConfiguration)protocolRequest).getRequest() instanceof AttributeQuery)) { + //only set minimal response attributes + authdata.setQAALevel(interfIDP.getQAALevel()); + authdata.setBPK(interfIDP.getUserNameID()); + + } else { + //get attributes from interfederated IDP + OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix()); + getAuthDataFromInterfederation(authdata, session, oaParam, protocolRequest, interfIDP, idp, reqAttributes); + + //mark attribute request as used + try { + if (idp.isInterfederationSSOStorageAllowed()) { + interfIDP.setAttributesRequested(true); + MOASessionDBUtils.saveOrUpdate(interfIDP); + + } else { + MOASessionDBUtils.delete(interfIDP); + } + + } catch (MOADatabaseException e) { + Logger.error("MOASession interfederation information can not stored to database.", e); + + } + } + + } else { + //build AuthenticationData from MOASession + buildAuthDataFormMOASession(authdata, session, oaParam); + + } + + return authdata; + } + + /** + * @param req + * @param session + * @param reqAttributes + * @return + * @throws WrongParametersException + * @throws ConfigurationException + * @throws BuildException + * @throws DynamicOABuildException + */ + public static IAuthData buildAuthenticationData(IRequest req, + AuthenticationSession session) throws WrongParametersException, ConfigurationException, BuildException, DynamicOABuildException { + return buildAuthenticationData(req, session, null); + } + + /** + * @param authdata + * @param session + * @param oaParam + * @param protocolRequest + * @param interfIDP + * @param idp + * @param reqQueryAttr + * @throws ConfigurationException + */ + private static void getAuthDataFromInterfederation( + AuthenticationData authdata, AuthenticationSession session, + IOAAuthParameters oaParam, IRequest req, + InterfederationSessionStore interfIDP, OAAuthParameter idp, List<Attribute> reqQueryAttr) throws BuildException, ConfigurationException{ + + try { + List<Attribute> attributs = null; + + //IDP is a chained interfederated IDP and request is of type AttributQuery + if (oaParam.isInderfederationIDP() && req instanceof PVPTargetConfiguration && + (((PVPTargetConfiguration)req).getRequest() instanceof AttributeQuery) && + reqQueryAttr != null) { + attributs = reqQueryAttr; + + //IDP is a service provider IDP and request interfederated IDP to collect attributes + } else { + + //TODO: check if response include attributes and map this attributes to requested attributes + + //get PVP 2.1 attributes from protocol specific requested attributes + attributs = req.getRequestedAttributes(); + + } + + //collect attributes by using BackChannel communication + String endpoint = idp.getIDPAttributQueryServiceURL(); + if (MiscUtil.isEmpty(endpoint)) { + Logger.error("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix()); + throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix(), null); + } + + //build attributQuery request + AttributeQuery query = + AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs); + + //build SOAP request + List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query); + + if (xmlObjects.size() == 0) { + Logger.error("Receive emptry AttributeQuery response-body."); + throw new AttributQueryException("Receive emptry AttributeQuery response-body.", null); + + } + + if (xmlObjects.get(0) instanceof Response) { + Response intfResp = (Response) xmlObjects.get(0); + + //validate PVP 2.1 response + try { + SAMLVerificationEngine engine = new SAMLVerificationEngine(); + engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + + SAMLVerificationEngine.validateAssertion(intfResp, false); + + } catch (Exception e) { + Logger.warn("PVP 2.1 assertion validation FAILED.", e); + throw new AssertionValidationExeption("PVP 2.1 assertion validation FAILED.", null, e); + } + + //parse response information to authData + buildAuthDataFormInterfederationResponse(authdata, session, intfResp); + + } else { + Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response"); + throw new AttributQueryException("Receive AttributeQuery response-body include no PVP 2.1 response.", null); + + } + + } catch (SOAPException e) { + throw new BuildException("builder.06", null, e); + + } catch (SecurityException e) { + throw new BuildException("builder.06", null, e); + + } catch (AttributQueryException e) { + throw new BuildException("builder.06", null, e); + + } catch (BuildException e) { + throw new BuildException("builder.06", null, e); + + } catch (AssertionValidationExeption e) { + throw new BuildException("builder.06", null, e); + + } catch (AssertionAttributeExtractorExeption e) { + throw new BuildException("builder.06", null, e); + + } + } + + private static void buildAuthDataFormInterfederationResponse(AuthenticationData authData, AuthenticationSession session, + Response intfResp) throws BuildException, AssertionAttributeExtractorExeption { + + Logger.debug("Build AuthData from assertion starts ...."); + + Assertion assertion = intfResp.getAssertions().get(0); + + if (assertion.getAttributeStatements().size() == 0) { + Logger.warn("Can not build AuthData from Assertion. NO Attributes included."); + throw new AssertionAttributeExtractorExeption("Can not build AuthData from Assertion. NO Attributes included.", null); + + } + + AttributeStatement attrStat = assertion.getAttributeStatements().get(0); + for (Attribute attr : attrStat.getAttributes()) { + + if (attr.getName().equals(PVPConstants.PRINCIPAL_NAME_NAME)) + authData.setFamilyName(attr.getAttributeValues().get(0).getDOM().getTextContent()); + + if (attr.getName().equals(PVPConstants.GIVEN_NAME_NAME)) + authData.setGivenName(attr.getAttributeValues().get(0).getDOM().getTextContent()); + + if (attr.getName().equals(PVPConstants.BIRTHDATE_NAME)) + authData.setDateOfBirth(attr.getAttributeValues().get(0).getDOM().getTextContent()); + + if (attr.getName().equals(PVPConstants.BPK_NAME)) { + String pvpbPK = attr.getAttributeValues().get(0).getDOM().getTextContent(); + authData.setBPK(pvpbPK.split(":")[1]); + } + + if (attr.getName().equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) + authData.setBPKType(attr.getAttributeValues().get(0).getDOM().getTextContent()); + + if (attr.getName().equals(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) + authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + + attr.getAttributeValues().get(0).getDOM().getTextContent()); + + if (attr.getName().equals(PVPConstants.EID_ISSUING_NATION_NAME)) + authData.setCcc(attr.getAttributeValues().get(0).getDOM().getTextContent()); + + if (attr.getName().equals(PVPConstants.EID_CCS_URL_NAME)) + authData.setBkuURL(attr.getAttributeValues().get(0).getDOM().getTextContent()); + + if (attr.getName().equals(PVPConstants.EID_AUTH_BLOCK_NAME)) { + try { + byte[] authBlock = Base64Utils.decode(attr.getAttributeValues().get(0).getDOM().getTextContent(), false); + authData.setAuthBlock(new String(authBlock, "UTF-8")); + + } catch (IOException e) { + Logger.error("Received AuthBlock is not valid", e); + + } + } + + if (attr.getName().equals(PVPConstants.EID_SIGNER_CERTIFICATE_NAME)) { + try { + authData.setSignerCertificate(Base64Utils.decode( + attr.getAttributeValues().get(0).getDOM().getTextContent(), false)); + + } catch (IOException e) { + Logger.error("Received SignerCertificate is not valid", e); + + } + } + + if (attr.getName().equals(PVPConstants.EID_SOURCE_PIN_NAME)) + authData.setIdentificationValue(attr.getAttributeValues().get(0).getDOM().getTextContent()); + + if (attr.getName().equals(PVPConstants.EID_SOURCE_PIN_TYPE_NAME)) + authData.setIdentificationType(attr.getAttributeValues().get(0).getDOM().getTextContent()); + + if (attr.getName().equals(PVPConstants.EID_IDENTITY_LINK_NAME)) { + try { + InputStream idlStream = Base64Utils.decodeToStream(attr.getAttributeValues().get(0).getDOM().getTextContent(), false); + IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink(); + authData.setIdentityLink(idl); + + } catch (ParseException e) { + Logger.error("Received IdentityLink is not valid", e); + + } catch (Exception e) { + Logger.error("Received IdentityLink is not valid", e); + + } + } + + if (attr.getName().equals(PVPConstants.MANDATE_REFERENCE_VALUE_NAME)) + authData.setMandateReferenceValue(attr.getAttributeValues().get(0).getDOM().getTextContent()); + + + if (attr.getName().equals(PVPConstants.MANDATE_FULL_MANDATE_NAME)) { + try { + byte[] mandate = Base64Utils.decode( + attr.getAttributeValues().get(0).getDOM().getTextContent(), false); + + if (authData.getMISMandate() == null) + authData.setMISMandate(new MISMandate()); + authData.getMISMandate().setMandate(mandate); + + authData.setUseMandate(true); + + } catch (Exception e) { + Logger.error("Received Mandate is not valid", e); + throw new AssertionAttributeExtractorExeption(PVPConstants.MANDATE_FULL_MANDATE_NAME); + + } + } + + if (attr.getName().equals(PVPConstants.MANDATE_PROF_REP_OID_NAME)) { + if (authData.getMISMandate() == null) + authData.setMISMandate(new MISMandate()); + authData.getMISMandate().setProfRep( + attr.getAttributeValues().get(0).getDOM().getTextContent()); + + } + + if (attr.getName().equals(PVPConstants.EID_STORK_TOKEN_NAME)) { + authData.setStorkAuthnResponse(attr.getAttributeValues().get(0).getDOM().getTextContent()); + authData.setForeigner(true); + } + + if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) { + + if (authData.getStorkAttributes() == null) + authData.setStorkAttributes(new PersonalAttributeList()); + + List<String> storkAttrValues = new ArrayList<String>(); + storkAttrValues.add(attr.getAttributeValues().get(0).getDOM().getTextContent()); + PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), + false, storkAttrValues , "Available"); + authData.getStorkAttributes().put(attr.getName(), storkAttr ); + authData.setForeigner(true); + } + + } + + authData.setSsoSession(true); + + //only for SAML1 + if (PVPConstants.STORK_QAA_1_4.equals(authData.getQAALevel())) + authData.setQualifiedCertificate(true); + else + authData.setQualifiedCertificate(false); + authData.setPublicAuthority(false); + } + + private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, + IOAAuthParameters oaParam) throws BuildException { + + String target = oaParam.getTarget(); + + IdentityLink identityLink = session.getIdentityLink(); + + VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); + + boolean businessService = oaParam.getBusinessService(); + + authData.setIssuer(session.getAuthURL()); + + //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO + authData.setIdentificationValue(identityLink.getIdentificationValue()); + authData.setIdentificationType(identityLink.getIdentificationType()); + + authData.setGivenName(identityLink.getGivenName()); + authData.setFamilyName(identityLink.getFamilyName()); + authData.setDateOfBirth(identityLink.getDateOfBirth()); + authData.setQualifiedCertificate(verifyXMLSigResp + .isQualifiedCertificate()); + authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); + authData.setPublicAuthorityCode(verifyXMLSigResp + .getPublicAuthorityCode()); + authData.setBkuURL(session.getBkuURL()); + + authData.setStorkAttributes(session.getStorkAttributes()); + authData.setStorkAuthnResponse(session.getStorkAuthnResponse()); + authData.setStorkRequest(session.getStorkAuthnRequest()); + + authData.setSignerCertificate(session.getEncodedSignerCertificate()); + authData.setAuthBlock(session.getAuthBlock()); + + authData.setForeigner(session.isForeigner()); + authData.setQAALevel(session.getQAALevel()); + + if (session.isForeigner()) { + if (authData.getStorkAuthnRequest() != null) { + authData.setCcc(authData.getStorkAuthnRequest() + .getCitizenCountryCode()); + + } else { + + try { + //TODO: replace with TSL lookup when TSL is ready! + X509Certificate certificate = new X509Certificate(authData.getSignerCertificate()); + + if (certificate != null) { + + LdapName ln = new LdapName(certificate.getIssuerDN() + .getName()); + for (Rdn rdn : ln.getRdns()) { + if (rdn.getType().equalsIgnoreCase("C")) { + Logger.info("C is: " + rdn.getValue()); + authData.setCcc(rdn.getValue().toString()); + break; + } + } + } + + } catch (Exception e) { + Logger.error("Failed to extract country code from certificate", e); + + } + } + + } else { + authData.setCcc("AT"); + + } + + try { + + authData.setSsoSession(AuthenticationSessionStoreage.isSSOSession(session.getSessionID())); + + + /* TODO: Support SSO Mandate MODE! + * Insert functionality to translate mandates in case of SSO + */ + + + MISMandate mandate = session.getMISMandate(); + authData.setMISMandate(mandate); + authData.setUseMandate(session.getUseMandate()); + authData.setMandateReferenceValue(session.getMandateReferenceValue()); + + if (session.getUseMandate() && session.isOW() + && mandate != null && MiscUtil.isNotEmpty(mandate.getOWbPK())) { + authData.setBPK(mandate.getOWbPK()); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); + + //TODO: check in case of mandates for business services + authData.setIdentityLink(identityLink); + Logger.trace("Authenticated User is OW: " + mandate.getOWbPK()); + + } else { + + if (businessService) { + //since we have foreigner, wbPK is not calculated in BKU + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + + String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); + + if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { + // If domainIdentifier starts with prefix + // "urn:publicid:gv.at:wbpk+"; remove this prefix + registerAndOrdNr = registerAndOrdNr + .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + + registerAndOrdNr); + } + + String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); + authData.setBPK(wbpkBase64); + authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); + + } else { + authData.setBPK(identityLink.getIdentificationValue()); + authData.setBPKType(identityLink.getIdentificationType()); + + } + + Logger.trace("Authenticate user with wbPK " + authData.getBPK()); + + Element idlassertion = session.getIdentityLink().getSamlAssertion(); + //set bpk/wpbk; + Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + prIdentification.getFirstChild().setNodeValue(authData.getBPK()); + //set bkp/wpbk type + Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); + prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); + + IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); + IdentityLink idl = idlparser.parseIdentityLink(); + + //resign IDL + IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); + Element resignedilAssertion; + resignedilAssertion = identitylinkresigner.resignIdentityLink(idl.getSamlAssertion()); + IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion); + IdentityLink resignedIDL = resignedIDLParser.parseIdentityLink(); + + authData.setIdentityLink(resignedIDL); + + } else { + + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); + authData.setBPK(bpkBase64); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); + } + + Logger.trace("Authenticate user with bPK " + authData.getBPK()); + + authData.setIdentityLink(identityLink); + } + } + + + } catch (Throwable ex) { + throw new BuildException("builder.00", new Object[]{ + "AuthenticationData", ex.toString()}, ex); + } + + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java new file mode 100644 index 000000000..132b6af01 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java @@ -0,0 +1,109 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.builder; + +import java.util.List; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +/** + * @author tlenz + * + */ +public class DynamicOAAuthParameterBuilder { + + public static IOAAuthParameters buildFromAttributeQuery(List<Attribute> reqAttributes, InterfederationSessionStore interfIDP) throws DynamicOABuildException { + + Logger.debug("Build dynamic OAConfiguration from AttributeQuery and interfederation information"); + + try { + DynamicOAAuthParameters dynamicOA = new DynamicOAAuthParameters(); + + for (Attribute attr : reqAttributes) { + //get Target or BusinessService from request + if (attr.getName().equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) { + String attrValue = attr.getAttributeValues().get(0).getDOM().getTextContent(); + if (attrValue.startsWith(Constants.URN_PREFIX_CDID)) { + dynamicOA.setBusinessService(false); + dynamicOA.setTarget(attrValue.substring((Constants.URN_PREFIX_CDID + "+").length())); + + } else if( attrValue.startsWith(Constants.URN_PREFIX_WBPK) || + attrValue.startsWith(Constants.URN_PREFIX_STORK) ) { + dynamicOA.setBusinessService(true); + dynamicOA.setTarget(attrValue); + + } else { + Logger.error("Sector identification " + attrValue + " is not a valid Target or BusinessServiceArea"); + throw new DynamicOABuildException("Sector identification " + attrValue + " is not a valid Target or BusinessServiceArea", null); + + } + + } + + } + + if (interfIDP != null) { + //load interfederated IDP informations + OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix()); + if (idp == null) { + Logger.warn("Interfederated IDP configuration is not loadable."); + throw new DynamicOABuildException("Interfederated IDP configuration is not loadable.", null); + + } + + dynamicOA.setApplicationID(idp.getPublicURLPrefix()); + dynamicOA.setInderfederatedIDP(idp.isInderfederationIDP()); + dynamicOA.setIDPQueryURL(idp.getIDPAttributQueryServiceURL()); + + //check if IDP service area policy. BusinessService IDPs can only request wbPKs + if (!dynamicOA.getBusinessService() && !idp.isIDPPublicService()) { + Logger.error("Interfederated IDP " + idp.getPublicURLPrefix() + + " has a BusinessService-IDP but requests PublicService attributes."); + throw new DynamicOABuildException("Interfederated IDP " + idp.getPublicURLPrefix() + + " has a BusinessService-IDP but requests PublicService attributes.", null); + + } + } + + return dynamicOA; + + } catch (ConfigurationException e) { + Logger.warn("Internel server errror. Basic configuration load failed.", e); + throw new DynamicOABuildException("Basic configuration load failed.", null); + } + + + + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index ab93f509c..dc981ba33 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -52,7 +52,7 @@ import java.io.StringWriter; import java.util.Map; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.util.MiscUtil; @@ -153,7 +153,7 @@ public class GetIdentityLinkFormBuilder extends Builder { String dataURL, String certInfoXMLRequest, String certInfoDataURL, - String pushInfobox, OAAuthParameter oaParam, + String pushInfobox, IOAAuthParameters oaParam, String appletheigth, String appletwidth) throws BuildException diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index 4d80be1e8..54196427e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -40,6 +40,7 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.id.util.FormBuildUtils; @@ -105,9 +106,9 @@ public class LoginFormBuilder { IOUtils.copy(input, writer); template = writer.toString(); template = template.replace(AUTH_URL, SERVLET); - template = template.replace(BKU_ONLINE, OAAuthParameter.ONLINEBKU); - template = template.replace(BKU_HANDY, OAAuthParameter.HANDYBKU); - template = template.replace(BKU_LOCAL, OAAuthParameter.LOCALBKU); + template = template.replace(BKU_ONLINE, IOAAuthParameters.ONLINEBKU); + template = template.replace(BKU_HANDY, IOAAuthParameters.HANDYBKU); + template = template.replace(BKU_LOCAL, IOAAuthParameters.LOCALBKU); } catch (Exception e) { Logger.error("Failed to read template", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 4bae0300b..58412b218 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -956,20 +956,7 @@ public class AuthenticationSession implements Serializable { public void setMISMandate(MISMandate mandate) { this.mandate = mandate; } - - public Element getMandate() { - try { - byte[] byteMandate = mandate.getMandate(); - String stringMandate = new String(byteMandate); - return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); - - } - catch (Throwable e) { - Logger.warn("Mandate content could not be generated from MISMandate."); - return null; - } - } - + /** * @return the ssoRequested */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java new file mode 100644 index 000000000..554cf7370 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java @@ -0,0 +1,40 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.exception; + +/** + * @author tlenz + * + */ +public class DynamicOABuildException extends MOAIDException { + + + private static final long serialVersionUID = 3756862942519706809L; + + + public DynamicOABuildException(String messageId, Object[] parameters) { + super(messageId, parameters); + // TODO Auto-generated constructor stub + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index fc4ec305d..9b300578a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -53,7 +53,6 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; @@ -62,7 +61,6 @@ import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -101,13 +99,13 @@ public class LogOutServlet extends AuthServlet { } - if (ssomanager.isValidSSOSession(ssoid, req)) { + if (ssomanager.isValidSSOSession(ssoid, null)) { //TODO: Single LogOut Implementation //delete SSO session and MOA session AuthenticationManager authmanager = AuthenticationManager.getInstance(); - String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid); + String moasessionid = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid); RequestStorage.removePendingRequest(AuthenticationSessionStoreage.getPendingRequestID(moasessionid)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index 00acdc540..57755ca9f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; @@ -53,8 +54,10 @@ public class RedirectServlet extends AuthServlet{ String url = req.getParameter(REDIRCT_PARAM_URL); String target = req.getParameter(PARAM_TARGET); String artifact = req.getParameter(PARAM_SAMLARTIFACT); + String interIDP = req.getParameter(INTERFEDERATION_IDP); - if (MiscUtil.isEmpty(artifact)) { + + if (MiscUtil.isEmpty(artifact) && MiscUtil.isEmpty(interIDP)) { resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); return; } @@ -68,14 +71,57 @@ public class RedirectServlet extends AuthServlet{ resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); return; - } else { - try { - String test = oa.getAuthComponentOA().getTemplates().getBKUSelectionCustomization().getAppletRedirectTarget(); - if (MiscUtil.isNotEmpty(test)) - redirectTarget = test; + } else { + //Redirect is a SAML1 send Artifact redirct + if (MiscUtil.isNotEmpty(artifact)) { + try { + String test = oa.getAuthComponentOA().getTemplates().getBKUSelectionCustomization().getAppletRedirectTarget(); + if (MiscUtil.isNotEmpty(test)) + redirectTarget = test; + + } catch (Exception e) { + Logger.debug("Use default redirectTarget."); + } + + Logger.info("Redirect to " + url); + + if (MiscUtil.isNotEmpty(target)) { +// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, +// URLEncoder.encode(session.getTarget(), "UTF-8")); + url = addURLParameter(url, PARAM_TARGET, + URLEncoder.encode(target, "UTF-8")); + + + } + url = addURLParameter(url, PARAM_SAMLARTIFACT, + URLEncoder.encode(artifact, "UTF-8")); + url = resp.encodeRedirectURL(url); + + String redirect_form = RedirectFormBuilder.buildLoginForm(url, redirectTarget); + + resp.setContentType("text/html;charset=UTF-8"); + resp.setStatus(HttpServletResponse.SC_OK); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.write(redirect_form); + out.flush(); + + } else if (MiscUtil.isNotEmpty(interIDP)) { + //store IDP identifier and redirect to generate AuthRequst service + Logger.info("Receive an interfederation redirect request for IDP " + interIDP); + SSOManager sso = SSOManager.getInstance(); + sso.setInterfederationIDPCookie(req, resp, interIDP); + + Logger.debug("Redirect to " + url); + url = resp.encodeRedirectURL(url); + resp.setContentType("text/html"); + resp.setStatus(HttpServletResponse.SC_FOUND); + resp.addHeader("Location", url); + + + } else { + resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); + return; - } catch (Exception e) { - Logger.debug("Use default redirectTarget."); } } @@ -88,29 +134,6 @@ public class RedirectServlet extends AuthServlet{ ConfigurationDBUtils.closeSession(); } - - Logger.info("Redirect to " + url); - - if (MiscUtil.isNotEmpty(target)) { -// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, -// URLEncoder.encode(session.getTarget(), "UTF-8")); - url = addURLParameter(url, PARAM_TARGET, - URLEncoder.encode(target, "UTF-8")); - - - } - url = addURLParameter(url, PARAM_SAMLARTIFACT, - URLEncoder.encode(artifact, "UTF-8")); - url = resp.encodeRedirectURL(url); - - String redirect_form = RedirectFormBuilder.buildLoginForm(url, redirectTarget); - - resp.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.write(redirect_form); - out.flush(); - - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java index 997241822..495c4ca5b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java @@ -108,7 +108,7 @@ public class SSOSendAssertionServlet extends AuthServlet{ } } - boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); + boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, null); String moaSessionID = null; @@ -124,7 +124,7 @@ public class SSOSendAssertionServlet extends AuthServlet{ } if (valueString.compareToIgnoreCase("true") == 0) { - moaSessionID = AuthenticationSessionStoreage.getMOASessionID(ssoId); + moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoId); AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID); AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java index dc5ec430e..88ed7885f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java @@ -135,23 +135,11 @@ public class ConfigurationProvider { return rootConfigFileDir; } - /** - * Return the chaining mode for a given trust anchor. - * - * @param trustAnchor The trust anchor for which the chaining mode should be - * returned. - * @return The chaining mode for the given trust anchor. If the trust anchor - * has not been configured separately, the system default will be returned. - */ - public String getChainingMode(X509Certificate trustAnchor) { - Principal issuer = trustAnchor.getIssuerDN(); - BigInteger serial = trustAnchor.getSerialNumber(); - IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial); - - String mode = (String) chainingModes.get(issuerAndSerial); - return mode != null ? mode : defaultChainingMode; + public String getDefaultChainingMode() { + return defaultChainingMode; } - + + /** * Returns the trustedCACertificates. * @return String diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index 31b88263b..b2bcd443f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -68,6 +68,7 @@ public class OAParameter { this.oAuth20Config = oa.getAuthComponentOA().getOAOAUTH20(); + this.isInderfederationIDP = oa.isIsInterfederationIDP(); } @@ -104,6 +105,8 @@ public class OAParameter { private boolean removePBKFromAuthblock; + private Boolean isInderfederationIDP; + /** * Contains the oAuth 2.0 configuration (client id, secret and redirect uri) */ @@ -141,4 +144,16 @@ public class OAParameter { return oAuth20Config; } + /** + * @return the isInderfederationIDP + */ + public boolean isInderfederationIDP() { + if (isInderfederationIDP == null) + return false; + + return isInderfederationIDP; + } + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 8b5c8d796..143a04dad 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -96,6 +96,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; @@ -339,6 +340,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { config.addAnnotatedClass(OASessionStore.class); config.addAnnotatedClass(OldSSOSessionIDStore.class); config.addAnnotatedClass(ExceptionStore.class); + config.addAnnotatedClass(InterfederationSessionStore.class); config.addProperties(moaSessionProp); MOASessionDBUtils.initHibernate(config, moaSessionProp); @@ -695,17 +697,17 @@ public class AuthConfigurationProvider extends ConfigurationProvider { Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found"); throw new ConfigurationException("config.02", null); } else { - SLRequestTemplates.put(OAAuthParameter.ONLINEBKU, templ.getOnlineBKU()); - SLRequestTemplates.put(OAAuthParameter.LOCALBKU, templ.getLocalBKU()); - SLRequestTemplates.put(OAAuthParameter.HANDYBKU, templ.getHandyBKU()); + SLRequestTemplates.put(IOAAuthParameters.ONLINEBKU, templ.getOnlineBKU()); + SLRequestTemplates.put(IOAAuthParameters.LOCALBKU, templ.getLocalBKU()); + SLRequestTemplates.put(IOAAuthParameters.HANDYBKU, templ.getHandyBKU()); } //set Default BKU URLS DefaultBKUs bkuuls = moaidconfig.getDefaultBKUs(); if (bkuuls != null) { - DefaultBKUURLs.put(OAAuthParameter.ONLINEBKU, bkuuls.getOnlineBKU()); - DefaultBKUURLs.put(OAAuthParameter.LOCALBKU, bkuuls.getLocalBKU()); - DefaultBKUURLs.put(OAAuthParameter.HANDYBKU, bkuuls.getHandyBKU()); + DefaultBKUURLs.put(IOAAuthParameters.ONLINEBKU, bkuuls.getOnlineBKU()); + DefaultBKUURLs.put(IOAAuthParameters.LOCALBKU, bkuuls.getLocalBKU()); + DefaultBKUURLs.put(IOAAuthParameters.HANDYBKU, bkuuls.getHandyBKU()); } //set SSO Config @@ -884,7 +886,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return el; else { Logger.warn("getSLRequestTemplates: BKU Type does not match: " - + OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU); + + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); return null; } } @@ -899,7 +901,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return el; else { Logger.warn("getSLRequestTemplates: BKU Type does not match: " - + OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU); + + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); return null; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java new file mode 100644 index 000000000..a59cc10e0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java @@ -0,0 +1,148 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.auth; + +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; + +/** + * @author tlenz + * + */ +public interface IOAAuthParameters { + + public static final String ONLINEBKU = "online"; + public static final String HANDYBKU = "handy"; + public static final String LOCALBKU = "local"; + public static final String INDERFEDERATEDIDP = "interfederated"; + + + public String getPublicURLPrefix(); + + public boolean getBusinessService(); + + public String getTarget(); + + public boolean isInderfederationIDP(); + + /** + * @return the identityLinkDomainIdentifier + */ + public String getIdentityLinkDomainIdentifier(); + + /** + * @return the keyBoxIdentifier + */ + public String getKeyBoxIdentifier(); + + /** + * @return the transformsInfos + */ + public List<String> getTransformsInfos(); + + public OASAML1 getSAML1Parameter(); + + public OAPVP2 getPVP2Parameter(); + + /** + * @return the templateURL + */ + public List<TemplateType> getTemplateURL(); + + public String getAditionalAuthBlockText(); + + public String getBKUURL(String bkutype); + + public List<String> getBKUURL(); + + public boolean useSSO(); + + public boolean useSSOQuestion(); + + public String getSingleLogOutURL(); + + /** + * @return the mandateProfiles + */ + public List<String> getMandateProfiles(); + + /** + * @return the identityLinkDomainIdentifierType + */ + public String getIdentityLinkDomainIdentifierType(); + + public boolean isShowMandateCheckBox(); + + public boolean isOnlyMandateAllowed(); + + /** + * Shall we show the stork login in the bku selection frontend? + * + * @return true, if is we should show stork login + */ + public boolean isShowStorkLogin(); + + public Map<String, String> getFormCustomizaten(); + + public Integer getQaaLevel(); + + /** + * @return the requestedAttributes + */ + public List<OAStorkAttribute> getRequestedAttributes(); + + public boolean isRequireConsentForStorkAttributes(); + + public List<AttributeProviderPlugin> getStorkAPs(); + + public byte[] getBKUSelectionTemplate(); + + public byte[] getSendAssertionTemplate(); + + public List<CPEPS> getPepsList(); + + public String getIDPAttributQueryServiceURL(); + + /** + * @return + */ + boolean isInboundSSOInterfederationAllowed(); + + /** + * @return + */ + boolean isInterfederationSSOStorageAllowed(); + + /** + * @return + */ + boolean isOutboundSSOInterfederationAllowed(); + +}
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 492770aad..7fc5746ee 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -57,6 +57,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationT import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationIDPType; import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; @@ -85,13 +86,11 @@ import at.gv.egovernment.moa.util.MiscUtil; * * @author Harald Bratko */ -public class OAAuthParameter extends OAParameter { +public class OAAuthParameter extends OAParameter implements IOAAuthParameters { - public static final String ONLINEBKU = "online"; - public static final String HANDYBKU = "handy"; - public static final String LOCALBKU = "local"; - private AuthComponentOA oa_auth; + private String keyBoxIdentifier; + private InterfederationIDPType inderfederatedIDP = null; public OAAuthParameter(OnlineApplication oa) { super(oa); @@ -99,13 +98,15 @@ public class OAAuthParameter extends OAParameter { this.oa_auth = oa.getAuthComponentOA(); this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value(); -} + + this.inderfederatedIDP = oa.getInterfederationIDP(); + } - private String keyBoxIdentifier; -/** - * @return the identityLinkDomainIdentifier +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier() */ +@Override public String getIdentityLinkDomainIdentifier() { IdentificationNumber idnumber = oa_auth.getIdentificationNumber(); @@ -115,34 +116,45 @@ public String getIdentityLinkDomainIdentifier() { return null; } -/** - * @return the keyBoxIdentifier +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier() */ +@Override public String getKeyBoxIdentifier() { return keyBoxIdentifier; } -/** - * @return the transformsInfos +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTransformsInfos() */ +@Override public List<String> getTransformsInfos() { List<TransformsInfoType> transformations = oa_auth.getTransformsInfo(); return ConfigurationUtils.getTransformInfos(transformations); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter() + */ + @Override public OASAML1 getSAML1Parameter() { return oa_auth.getOASAML1(); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPVP2Parameter() + */ + @Override public OAPVP2 getPVP2Parameter() { return oa_auth.getOAPVP2(); } - /** - * @return the templateURL + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL() */ + @Override public List<TemplateType> getTemplateURL() { TemplatesType templates = oa_auth.getTemplates(); @@ -154,6 +166,10 @@ public List<String> getTransformsInfos() { return null; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getAditionalAuthBlockText() + */ + @Override public String getAditionalAuthBlockText() { TemplatesType templates = oa_auth.getTemplates(); @@ -163,6 +179,10 @@ public List<String> getTransformsInfos() { return null; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL(java.lang.String) + */ + @Override public String getBKUURL(String bkutype) { BKUURLS bkuurls = oa_auth.getBKUURLS(); if (bkuurls != null) { @@ -179,6 +199,10 @@ public List<String> getTransformsInfos() { return null; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL() + */ + @Override public List<String> getBKUURL() { BKUURLS bkuurls = oa_auth.getBKUURLS(); @@ -196,6 +220,10 @@ public List<String> getTransformsInfos() { } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSO() + */ + @Override public boolean useSSO() { OASSO sso = oa_auth.getOASSO(); if (sso != null) @@ -204,6 +232,10 @@ public List<String> getTransformsInfos() { return false; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSOQuestion() + */ + @Override public boolean useSSOQuestion() { OASSO sso = oa_auth.getOASSO(); if (sso != null) @@ -213,6 +245,10 @@ public List<String> getTransformsInfos() { } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSingleLogOutURL() + */ + @Override public String getSingleLogOutURL() { OASSO sso = oa_auth.getOASSO(); if (sso != null) @@ -221,9 +257,10 @@ public List<String> getTransformsInfos() { return null; } -/** - * @return the mandateProfiles +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles() */ +@Override public List<String> getMandateProfiles() { Mandates mandates = oa_auth.getMandates(); @@ -253,9 +290,10 @@ public List<String> getMandateProfiles() { return null; } -/** - * @return the identityLinkDomainIdentifierType +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType() */ +@Override public String getIdentityLinkDomainIdentifierType() { IdentificationNumber idnumber = oa_auth.getIdentificationNumber(); if (idnumber != null) @@ -265,6 +303,10 @@ public String getIdentityLinkDomainIdentifierType() { } +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowMandateCheckBox() + */ +@Override public boolean isShowMandateCheckBox() { TemplatesType templates = oa_auth.getTemplates(); if (templates != null) { @@ -277,6 +319,10 @@ public boolean isShowMandateCheckBox() { return true; } +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOnlyMandateAllowed() + */ +@Override public boolean isOnlyMandateAllowed() { TemplatesType templates = oa_auth.getTemplates(); if (templates != null) { @@ -289,11 +335,10 @@ public boolean isOnlyMandateAllowed() { return false; } - /** - * Shall we show the stork login in the bku selection frontend? - * - * @return true, if is we should show stork login + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowStorkLogin() */ + @Override public boolean isShowStorkLogin() { try { return oa_auth.getOASTORK().isStorkLogonEnabled(); @@ -303,6 +348,10 @@ public boolean isOnlyMandateAllowed() { } } +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten() + */ +@Override public Map<String, String> getFormCustomizaten() { TemplatesType templates = oa_auth.getTemplates(); @@ -354,6 +403,10 @@ public Map<String, String> getFormCustomizaten() { return map; } +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel() + */ +@Override public Integer getQaaLevel() { if (oa_auth.getOASTORK() != null && oa_auth.getOASTORK().getQaa() != null) @@ -363,21 +416,34 @@ public Integer getQaaLevel() { return 4; } -/** - * @return the requestedAttributes +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedAttributes() */ +@Override public List<OAStorkAttribute> getRequestedAttributes() { return oa_auth.getOASTORK().getOAAttributes(); } +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRequireConsentForStorkAttributes() + */ +@Override public boolean isRequireConsentForStorkAttributes() { return oa_auth.getOASTORK().isRequireConsent(); } +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs() + */ +@Override public List<AttributeProviderPlugin> getStorkAPs() { return oa_auth.getOASTORK().getAttributeProviders(); } +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUSelectionTemplate() + */ +@Override public byte[] getBKUSelectionTemplate() { TemplatesType templates = oa_auth.getTemplates(); @@ -389,6 +455,10 @@ public byte[] getBKUSelectionTemplate() { return null; } +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSendAssertionTemplate() + */ +@Override public byte[] getSendAssertionTemplate() { TemplatesType templates = oa_auth.getTemplates(); @@ -400,8 +470,54 @@ public byte[] getSendAssertionTemplate() { return null; } +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList() + */ +@Override public List<CPEPS> getPepsList() { return new ArrayList<CPEPS>(oa_auth.getOASTORK().getCPEPS()); } + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL() + */ +@Override +public String getIDPAttributQueryServiceURL() { + if (inderfederatedIDP != null) + return inderfederatedIDP.getAttributeQueryURL(); + + else + return null; + +} + +@Override +public boolean isInboundSSOInterfederationAllowed() { + if (inderfederatedIDP != null) + return inderfederatedIDP.isInboundSSO(); + else + return false; +} + +@Override +public boolean isOutboundSSOInterfederationAllowed() { + if (inderfederatedIDP != null) + return inderfederatedIDP.isOutboundSSO(); + else + return false; +} + +@Override +public boolean isInterfederationSSOStorageAllowed() { + if (inderfederatedIDP != null) + return inderfederatedIDP.isStoreSSOSession(); + else + return false; +} + +public boolean isIDPPublicService() { + return !getBusinessService(); } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java new file mode 100644 index 000000000..02ac09d70 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -0,0 +1,386 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.auth.data; + +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; + +/** + * @author tlenz + * + */ +public class DynamicOAAuthParameters implements IOAAuthParameters { + + private String applicationID = null; + + private boolean isBusinessService; + private String target; + private String businessTarget; + + private boolean inderfederatedIDP; + private String IDPQueryURL; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBusinessService() + */ + @Override + public boolean getBusinessService() { + return this.isBusinessService; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget() + */ + @Override + public String getTarget() { + return this.target; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier() + */ + @Override + public String getIdentityLinkDomainIdentifier() { + return this.businessTarget; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInderfederationIDP() + */ + @Override + public boolean isInderfederationIDP() { + return this.inderfederatedIDP; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL() + */ + @Override + public String getIDPAttributQueryServiceURL() { + return this.IDPQueryURL; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier() + */ + @Override + public String getKeyBoxIdentifier() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTransformsInfos() + */ + @Override + public List<String> getTransformsInfos() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter() + */ + @Override + public OASAML1 getSAML1Parameter() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPVP2Parameter() + */ + @Override + public OAPVP2 getPVP2Parameter() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL() + */ + @Override + public List<TemplateType> getTemplateURL() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getAditionalAuthBlockText() + */ + @Override + public String getAditionalAuthBlockText() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL(java.lang.String) + */ + @Override + public String getBKUURL(String bkutype) { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL() + */ + @Override + public List<String> getBKUURL() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSO() + */ + @Override + public boolean useSSO() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSOQuestion() + */ + @Override + public boolean useSSOQuestion() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSingleLogOutURL() + */ + @Override + public String getSingleLogOutURL() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles() + */ + @Override + public List<String> getMandateProfiles() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType() + */ + @Override + public String getIdentityLinkDomainIdentifierType() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowMandateCheckBox() + */ + @Override + public boolean isShowMandateCheckBox() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOnlyMandateAllowed() + */ + @Override + public boolean isOnlyMandateAllowed() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowStorkLogin() + */ + @Override + public boolean isShowStorkLogin() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten() + */ + @Override + public Map<String, String> getFormCustomizaten() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel() + */ + @Override + public Integer getQaaLevel() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedAttributes() + */ + @Override + public List<OAStorkAttribute> getRequestedAttributes() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRequireConsentForStorkAttributes() + */ + @Override + public boolean isRequireConsentForStorkAttributes() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs() + */ + @Override + public List<AttributeProviderPlugin> getStorkAPs() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUSelectionTemplate() + */ + @Override + public byte[] getBKUSelectionTemplate() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSendAssertionTemplate() + */ + @Override + public byte[] getSendAssertionTemplate() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList() + */ + @Override + public List<CPEPS> getPepsList() { + // TODO Auto-generated method stub + return null; + } + + /** + * @param isBusinessService the isBusinessService to set + */ + public void setBusinessService(boolean isBusinessService) { + this.isBusinessService = isBusinessService; + } + + /** + * @param target the target to set + */ + public void setTarget(String target) { + this.target = target; + } + + /** + * @param businessTarget the businessTarget to set + */ + public void setBusinessTarget(String businessTarget) { + this.businessTarget = businessTarget; + } + + /** + * @param inderfederatedIDP the inderfederatedIDP to set + */ + public void setInderfederatedIDP(boolean inderfederatedIDP) { + this.inderfederatedIDP = inderfederatedIDP; + } + + /** + * @param iDPQueryURL the iDPQueryURL to set + */ + public void setIDPQueryURL(String iDPQueryURL) { + IDPQueryURL = iDPQueryURL; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPublicURLPrefix() + */ + @Override + public String getPublicURLPrefix() { + return this.applicationID; + } + + /** + * @param applicationID the applicationID to set + */ + public void setApplicationID(String applicationID) { + this.applicationID = applicationID; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInboundSSOInterfederationAllowed() + */ + @Override + public boolean isInboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInterfederationSSOStorageAllowed() + */ + @Override + public boolean isInterfederationSSOStorageAllowed() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOutboundSSOInterfederationAllowed() + */ + @Override + public boolean isOutboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index f9d3986d7..7a9d2cfc1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -1,27 +1,5 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ /* - * Copyright 2003 Federal Chancellery Austria + * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * @@ -42,455 +20,640 @@ * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ - - package at.gv.egovernment.moa.id.data; import java.io.Serializable; +import java.text.DateFormat; +import java.text.ParseException; +import java.text.SimpleDateFormat; import java.util.Date; +import org.w3c.dom.Element; + +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAuthnRequest; + import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.DateTimeUtils; +import at.gv.egovernment.moa.util.MiscUtil; /** - * Encapsulates authentication data contained in a <code><saml:Assertion></code>. + * @author tlenz * - * @author Paul Ivancsics - * @version $Id$ */ +public class AuthenticationData implements IAuthData, Serializable { -public class AuthenticationData implements Serializable { - /** - * - */ private static final long serialVersionUID = -1042697056735596866L; -/** - * major version number of the SAML assertion - */ - private int majorVersion; - /** - * minor version number of the SAML assertion - */ - private int minorVersion; - /** - * identifier for this assertion - */ - private String assertionID; - /** - * URL of the MOA-ID Auth component issueing this assertion - */ - private String issuer; - /** - * time instant of issue of this assertion - */ - private String issueInstant; - /** - * user identification value (Stammzahl); <code>null</code>, - * if the authentication module is configured not to return this data - */ - private String identificationValue; - /** - * user identification type - */ - private String identificationType; + public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; + /** + * URL of the MOA-ID Auth component issueing this assertion + */ + private String issuer; + /** + * time instant of issue of this assertion + */ + private Date issueInstant; + /** + * user identification value (Stammzahl); <code>null</code>, + * if the authentication module is configured not to return this data + */ + private String identificationValue; + /** + * user identification type + */ + private String identificationType; + + /** + * user identityLink specialized to OAParamter + */ + private IdentityLink identityLink; + + /** + * application specific user identifier (bPK/wbPK) + */ + private String bPK; + + /** + * application specific user identifier type + */ + private String bPKType; + + /** + * given name of the user + */ + private String givenName; + /** + * family name of the user + */ + private String familyName; + /** + * date of birth of the user + */ + private Date dateOfBirth; + /** + * says whether the certificate is a qualified certificate or not + */ + private boolean qualifiedCertificate; + /** + * says whether the certificate is a public authority or not + */ + private boolean publicAuthority; + /** + * public authority code (Behördenkennzeichen - BKZ) + */ + private String publicAuthorityCode; + + /** + * URL of the BKU + */ + private String bkuURL; + /** + * the corresponding <code>lt;saml:Assertion></code> + */ + + /** + * STORK attributes from response + */ + private String ccc = null; + private IPersonalAttributeList storkAttributes = null; + private String storkAuthnResponse; + private STORKAuthnRequest storkRequest = null; + + private byte[] signerCertificate = null; + + private String authBlock = null; + + private boolean useMandate = false; + private MISMandate mandate = null; + private String mandateReferenceValue = null; + + private boolean foreigner =false; + private String QAALevel = null; + + private boolean ssoSession = false; + + private boolean interfederatedSSOSession = false; + private String interfederatedIDP = null; + + private String sessionIndex = null; + private String nameID = null; + private String nameIDFormat = null; + + public AuthenticationData() { + issueInstant = new Date(); + } + + /** + * Returns the publicAuthority. + * @return boolean + */ + public boolean isPublicAuthority() { + return publicAuthority; + } + + /** + * Returns the publicAuthorityCode. + * @return String + */ + public String getPublicAuthorityCode() { + return publicAuthorityCode; + } + + /** + * Returns the qualifiedCertificate. + * @return boolean + */ + public boolean isQualifiedCertificate() { + return qualifiedCertificate; + } + + /** + * Returns the bPK. + * @return String + */ + public String getBPK() { + return bPK; + } + + /** + * Sets the publicAuthority. + * @param publicAuthority The publicAuthority to set + */ + public void setPublicAuthority(boolean publicAuthority) { + this.publicAuthority = publicAuthority; + } + + /** + * Sets the publicAuthorityCode. + * @param publicAuthorityIdentification The publicAuthorityCode to set + */ + public void setPublicAuthorityCode(String publicAuthorityIdentification) { + this.publicAuthorityCode = publicAuthorityIdentification; + } + + /** + * Sets the qualifiedCertificate. + * @param qualifiedCertificate The qualifiedCertificate to set + */ + public void setQualifiedCertificate(boolean qualifiedCertificate) { + this.qualifiedCertificate = qualifiedCertificate; + } + + /** + * Sets the bPK. + * @param bPK The bPK to set + */ + public void setBPK(String bPK) { + this.bPK = bPK; + } + + /** + * Returns the dateOfBirth. + * @return String + */ + public Date getDateOfBirth() { + return dateOfBirth; + } + + public String getFormatedDateOfBirth() { + DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); + return pvpDateFormat.format(getDateOfBirth()); + } + + /** + * Returns the familyName. + * @return String + */ + public String getFamilyName() { + return familyName; + } + + /** + * Returns the givenName. + * @return String + */ + public String getGivenName() { + return givenName; + } + + /** + * Returns the identificationValue. + * @return String + */ + public String getIdentificationValue() { + return identificationValue; + } + + /** + * Returns the identificationType + * @return String + */ + public String getIdentificationType() { + return identificationType; + } + + /** + * Returns the issueInstant. + * @return String + */ + public String getIssueInstantString() { + return DateTimeUtils.buildDateTimeUTC(issueInstant); + + } + + /** + * Returns the issueInstant. + * @return String + */ + public Date getIssueInstant() { + return issueInstant; + + } + + public void setIssueInstant(Date date) { + this.issueInstant = date; + } + + /** + * Returns the issuer. + * @return String + */ + public String getIssuer() { + return issuer; + } + + /** + * Returns the BKU URL. + * @return String + */ + public String getBkuURL() { + return bkuURL; + } + + /** + * Sets the dateOfBirth. + * @param dateOfBirth The dateOfBirth to set + */ + public void setDateOfBirth(Date dateOfBirth) { + this.dateOfBirth = dateOfBirth; + } + + public void setDateOfBirth(String dateOfBirth) { + try { + if (MiscUtil.isNotEmpty(dateOfBirth)) { + DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); + this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); + } + + } catch (ParseException e) { + Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e); + + } + } + + /** + * Sets the familyName. + * @param familyName The familyName to set + */ + public void setFamilyName(String familyName) { + this.familyName = familyName; + } + + /** + * Sets the givenName. + * @param givenName The givenName to set + */ + public void setGivenName(String givenName) { + this.givenName = givenName; + } + + /** + * Sets the identificationValue. + * @param identificationValue The identificationValue to set + */ + public void setIdentificationValue(String identificationValue) { + this.identificationValue = identificationValue; + } + + /** + * Sets the identificationType. + * @param identificationType The identificationType to set + */ + public void setIdentificationType(String identificationType) { + this.identificationType = identificationType; + } + + /** + * Sets the issuer. + * @param issuer The issuer to set + */ + public void setIssuer(String issuer) { + this.issuer = issuer; + } + + /** + * Sets the bkuURL + * @param url The BKU URL to set + */ + public void setBkuURL(String url) { + this.bkuURL = url; + } + + public String getBPKType() { + return bPKType; + } + + public void setBPKType(String bPKType) { + this.bPKType = bPKType; + } + + /** + * @return the identityLink + */ + public IdentityLink getIdentityLink() { + return identityLink; + } + + /** + * @param identityLink the identityLink to set + */ + public void setIdentityLink(IdentityLink identityLink) { + this.identityLink = identityLink; + } + + + /** + * @return the storkAttributes + */ + public IPersonalAttributeList getStorkAttributes() { + return storkAttributes; + } + + /** - * user identityLink specialized to OAParamter + * @param storkAttributes the storkAttributes to set */ - private IdentityLink identityLink; + public void setStorkAttributes(IPersonalAttributeList storkAttributes) { + this.storkAttributes = storkAttributes; + } + + + /** + * @return the signerCertificate + */ + public byte[] getSignerCertificate() { + return signerCertificate; + } + + + /** + * @param signerCertificate the signerCertificate to set + */ + public void setSignerCertificate(byte[] signerCertificate) { + this.signerCertificate = signerCertificate; + } + + + /** + * @return the authBlock + */ + public String getAuthBlock() { + return authBlock; + } + + + /** + * @param authBlock the authBlock to set + */ + public void setAuthBlock(String authBlock) { + this.authBlock = authBlock; + } + + + /** + * @return the mandate + */ + public MISMandate getMISMandate() { + return mandate; + } + + public Element getMandate() { + try { + byte[] byteMandate = mandate.getMandate(); + String stringMandate = new String(byteMandate); + return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); + + } + catch (Throwable e) { + Logger.warn("Mandate content could not be generated from MISMandate."); + return null; + } + } - /** - * application specific user identifier (bPK/wbPK) - */ - private String bPK; - - /** - * application specific user identifier type - */ - private String bPKType; - - /** - * given name of the user - */ - private String givenName; - /** - * family name of the user - */ - private String familyName; - /** - * date of birth of the user - */ - private String dateOfBirth; - /** - * says whether the certificate is a qualified certificate or not - */ - private boolean qualifiedCertificate; - /** - * says whether the certificate is a public authority or not - */ - private boolean publicAuthority; - /** - * public authority code (Behördenkennzeichen - BKZ) - */ - private String publicAuthorityCode; - /** - * The base64 encoded signer certificate. - */ - private String signerCertificate; - /** - * URL of the BKU - */ - private String bkuURL; - /** - * the corresponding <code>lt;saml:Assertion></code> - */ - private String samlAssertion; - - /** useUTC */ -// private boolean useUTC; - /** - * creation timestamp - */ - Date timestamp; - - - - //this method is only required for MOA-ID Proxy 2.0 Release. - //TODO: remove it, if MOA-ID Proxy is not supported anymore. - public String getWBPK() { - return bPK; - } - - - /** - * Constructor for AuthenticationData. - */ - public AuthenticationData() { - timestamp = new Date(); - } - - /** - * Returns the minorVersion. - * @return int - */ - public int getMinorVersion() { - return minorVersion; - } - - /** - * Returns the publicAuthority. - * @return boolean - */ - public boolean isPublicAuthority() { - return publicAuthority; - } - - /** - * Returns the publicAuthorityCode. - * @return String - */ - public String getPublicAuthorityCode() { - return publicAuthorityCode; - } - - /** - * Returns the qualifiedCertificate. - * @return boolean - */ - public boolean isQualifiedCertificate() { - return qualifiedCertificate; - } - - /** - * Returns the bPK. - * @return String - */ - public String getBPK() { - return bPK; - } - -// /** -// * Returns useUTC -// * @return useUTC -// */ -// public boolean getUseUTC() { -// return useUTC; -// } - - /** - * Sets the minorVersion. - * @param minorVersion The minorVersion to set - */ - public void setMinorVersion(int minorVersion) { - this.minorVersion = minorVersion; - } - - /** - * Sets the publicAuthority. - * @param publicAuthority The publicAuthority to set - */ - public void setPublicAuthority(boolean publicAuthority) { - this.publicAuthority = publicAuthority; - } - - /** - * Sets the publicAuthorityCode. - * @param publicAuthorityIdentification The publicAuthorityCode to set - */ - public void setPublicAuthorityCode(String publicAuthorityIdentification) { - this.publicAuthorityCode = publicAuthorityIdentification; - } - - /** - * Sets the qualifiedCertificate. - * @param qualifiedCertificate The qualifiedCertificate to set - */ - public void setQualifiedCertificate(boolean qualifiedCertificate) { - this.qualifiedCertificate = qualifiedCertificate; - } - - /** - * Sets the bPK. - * @param bPK The bPK to set - */ - public void setBPK(String bPK) { - this.bPK = bPK; - } - -// /** -// * Sets the wbPK. -// * @param wbPK The wbPK to set -// */ -// public void setWBPK(String wbPK) { -// this.wbPK = wbPK; -// } - -// public void setUseUTC(boolean useUTC) { -// this.useUTC = useUTC; -// } - - /** - * Returns the assertionID. - * @return String - */ - public String getAssertionID() { - return assertionID; - } - - /** - * Returns the dateOfBirth. - * @return String - */ - public String getDateOfBirth() { - return dateOfBirth; - } - - /** - * Returns the familyName. - * @return String - */ - public String getFamilyName() { - return familyName; - } - - /** - * Returns the givenName. - * @return String - */ - public String getGivenName() { - return givenName; - } - - /** - * Returns the identificationValue. - * @return String - */ - public String getIdentificationValue() { - return identificationValue; - } - - /** - * Returns the identificationType - * @return String - */ - public String getIdentificationType() { - return identificationType; - } - - /** - * Returns the issueInstant. - * @return String - */ - public String getIssueInstant() { - return issueInstant; - } - - /** - * Returns the issuer. - * @return String - */ - public String getIssuer() { - return issuer; - } - - /** - * Returns the majorVersion. - * @return int - */ - public int getMajorVersion() { - return majorVersion; - } - - /** - * Returns the BKU URL. - * @return String - */ - public String getBkuURL() { - return bkuURL; - } - - /** - * Returns the signer certificate. - * @return String - */ - public String getSignerCertificate() { - return signerCertificate; - } - - /** - * Sets the assertionID. - * @param assertionID The assertionID to set - */ - public void setAssertionID(String assertionID) { - this.assertionID = assertionID; - } - - /** - * Sets the dateOfBirth. - * @param dateOfBirth The dateOfBirth to set - */ - public void setDateOfBirth(String dateOfBirth) { - this.dateOfBirth = dateOfBirth; - } - - /** - * Sets the familyName. - * @param familyName The familyName to set - */ - public void setFamilyName(String familyName) { - this.familyName = familyName; - } - - /** - * Sets the givenName. - * @param givenName The givenName to set - */ - public void setGivenName(String givenName) { - this.givenName = givenName; - } - - /** - * Sets the identificationValue. - * @param identificationValue The identificationValue to set - */ - public void setIdentificationValue(String identificationValue) { - this.identificationValue = identificationValue; - } - - /** - * Sets the identificationType. - * @param identificationType The identificationType to set - */ - public void setIdentificationType(String identificationType) { - this.identificationType = identificationType; - } - - /** - * Sets the issueInstant. - * @param issueInstant The issueInstant to set - */ - public void setIssueInstant(String issueInstant) { - this.issueInstant = issueInstant; - } - - /** - * Sets the issuer. - * @param issuer The issuer to set - */ - public void setIssuer(String issuer) { - this.issuer = issuer; - } - - /** - * Sets the majorVersion. - * @param majorVersion The majorVersion to set - */ - public void setMajorVersion(int majorVersion) { - this.majorVersion = majorVersion; - } - - /** - * Sets the bkuURL - * @param url The BKU URL to set - */ - public void setBkuURL(String url) { - this.bkuURL = url; - } - - /** - * Sets the signer certificate - * @param signerCertificate The signer certificate - */ - public void setSignerCertificate(String signerCertificate) { - this.signerCertificate = signerCertificate; - } - - /** - * Returns the samlAssertion. - * @return String - */ - public String getSamlAssertion() { - return samlAssertion; - } - - /** - * Sets the samlAssertion. - * @param samlAssertion The samlAssertion to set - */ - public void setSamlAssertion(String samlAssertion) { - this.samlAssertion = samlAssertion; - } - - /** - * Returns the timestamp. - * @return Date - */ - public Date getTimestamp() { - return timestamp; - } - -public String getBPKType() { - return bPKType; -} -public void setBPKType(String bPKType) { - this.bPKType = bPKType; -} + /** + * @param mandate the mandate to set + */ + public void setMISMandate(MISMandate mandate) { + this.mandate = mandate; + } -/** - * @return the identityLink - */ -public IdentityLink getIdentityLink() { - return identityLink; -} -/** - * @param identityLink the identityLink to set - */ -public void setIdentityLink(IdentityLink identityLink) { - this.identityLink = identityLink; -} + /** + * @return the useMandate + */ + public boolean isUseMandate() { + return useMandate; + } + /** + * @param useMandate the useMandate to set + */ + public void setUseMandate(boolean useMandate) { + this.useMandate = useMandate; + } - + + /** + * @return + */ + public String getQAALevel() { + return this.QAALevel; + } + + + /** + * @return + */ + public boolean isForeigner() { + return this.foreigner; + } + + + /** + * @param foreigner the foreigner to set + */ + public void setForeigner(boolean foreigner) { + this.foreigner = foreigner; + } + + + /** + * @param qAALevel the qAALevel to set + */ + public void setQAALevel(String qAALevel) { + QAALevel = qAALevel; + } + + + /** + * @return the ssoSession + */ + public boolean isSsoSession() { + return ssoSession; + } + + + /** + * @param ssoSession the ssoSession to set + */ + public void setSsoSession(boolean ssoSession) { + this.ssoSession = ssoSession; + } + + /** + * @param storkRequest the storkRequest to set + */ + public void setStorkRequest(STORKAuthnRequest storkRequest) { + this.storkRequest = storkRequest; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getStorkAuthnRequest() + */ + @Override + public STORKAuthnRequest getStorkAuthnRequest() { + return this.storkRequest; + } + + /** + * @return the storkAuthnResponse + */ + public String getStorkAuthnResponse() { + return storkAuthnResponse; + } + + /** + * @param storkAuthnResponse the storkAuthnResponse to set + */ + public void setStorkAuthnResponse(String storkAuthnResponse) { + this.storkAuthnResponse = storkAuthnResponse; + } + + /** + * @return the mandateReferenceValue + */ + public String getMandateReferenceValue() { + return mandateReferenceValue; + } + + /** + * @param mandateReferenceValue the mandateReferenceValue to set + */ + public void setMandateReferenceValue(String mandateReferenceValue) { + this.mandateReferenceValue = mandateReferenceValue; + } + + /** + * @return the ccc + */ + public String getCcc() { + return ccc; + } + + /** + * @param ccc the ccc to set + */ + public void setCcc(String ccc) { + this.ccc = ccc; + } + + /** + * @return the sessionIndex + */ + public String getSessionIndex() { + return sessionIndex; + } + + /** + * @param sessionIndex the sessionIndex to set + */ + public void setSessionIndex(String sessionIndex) { + this.sessionIndex = sessionIndex; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID() + */ + @Override + public String getNameID() { + return this.nameID; + } + + /** + * @param nameID the nameID to set + */ + public void setNameID(String nameID) { + this.nameID = nameID; + } + + /** + * @return the nameIDFormat + */ + public String getNameIDFormat() { + return nameIDFormat; + } + + /** + * @param nameIDFormat the nameIDFormat to set + */ + public void setNameIDFormat(String nameIDFormat) { + this.nameIDFormat = nameIDFormat; + } + + /** + * @return the interfederatedSSOSession + */ + public boolean isInterfederatedSSOSession() { + return interfederatedSSOSession; + } + + /** + * @param interfederatedSSOSession the interfederatedSSOSession to set + */ + public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { + this.interfederatedSSOSession = interfederatedSSOSession; + } + + /** + * @return the interfederatedIDP + */ + public String getInterfederatedIDP() { + return interfederatedIDP; + } + + /** + * @param interfederatedIDP the interfederatedIDP to set + */ + public void setInterfederatedIDP(String interfederatedIDP) { + this.interfederatedIDP = interfederatedIDP; + } + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java new file mode 100644 index 000000000..4ea81f134 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java @@ -0,0 +1,86 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.util.Date; + +import org.w3c.dom.Element; + +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAuthnRequest; + +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; + +/** + * @author tlenz + * + */ +public interface IAuthData { + + Date getIssueInstant(); + String getIssuer(); + + boolean isSsoSession(); + boolean isInterfederatedSSOSession(); + boolean isUseMandate(); + + String getFamilyName(); + String getGivenName(); + Date getDateOfBirth(); + String getFormatedDateOfBirth(); + + String getBPK(); + String getBPKType(); + + String getInterfederatedIDP(); + + String getIdentificationValue(); + String getIdentificationType(); + + String getBkuURL(); + + IdentityLink getIdentityLink(); + byte[] getSignerCertificate(); + String getAuthBlock(); + + boolean isPublicAuthority(); + String getPublicAuthorityCode(); + boolean isQualifiedCertificate(); + + MISMandate getMISMandate(); + Element getMandate(); + String getMandateReferenceValue(); + + String getQAALevel(); + + String getSessionIndex(); + String getNameID(); + String getNameIDFormat(); + + boolean isForeigner(); + String getCcc(); + STORKAuthnRequest getStorkAuthnRequest(); + String getStorkAuthnResponse(); + IPersonalAttributeList getStorkAttributes(); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java new file mode 100644 index 000000000..a0f3dd309 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java @@ -0,0 +1,155 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.io.Serializable; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.LinkedHashMap; +import java.util.List; + +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.metadata.SingleLogoutService; + +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException; + +/** + * @author tlenz + * + */ +public class SLOInformationContainer implements Serializable { + + private static final long serialVersionUID = 7148730740582881862L; + + private PVPTargetConfiguration sloRequest = null; + private LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs = null; + private LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs = null; + private List<String> sloFailedOAs = null; + + + public void parseActiveOAs(List<OASessionStore> dbOAs, String removeOAID) { + activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationImpl>(); + activeBackChannelOAs = new LinkedHashMap<String, SLOInformationImpl>(); + + if (dbOAs != null) { + for (OASessionStore oa : dbOAs) { + //Actually only PVP 2.1 support Single LogOut + if (PVP2XProtocol.NAME.equals(oa.getProtocolType()) && + !oa.getOaurlprefix().equals(removeOAID)) { + SingleLogoutService sloDesc; + try { + sloDesc = SingleLogOutBuilder.getRequestSLODescriptor(oa.getOaurlprefix()); + + if (sloDesc.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) + activeBackChannelOAs.put(oa.getOaurlprefix(), + new SLOInformationImpl( + oa.getAssertionSessionID(), + oa.getUserNameID(), + oa.getUserNameIDFormat(), + oa.getProtocolType(), + sloDesc)); + + else + activeFrontChannalOAs.put(oa.getOaurlprefix(), + new SLOInformationImpl( + oa.getAssertionSessionID(), + oa.getUserNameID(), + oa.getUserNameIDFormat(), + oa.getProtocolType(), + sloDesc)); + + } catch (NOSLOServiceDescriptorException e) { + putFailedOA(oa.getOaurlprefix()); + + } + + } else + putFailedOA(oa.getOaurlprefix()); + } + } + } + + public String getNextFrontChannelOA() { + Iterator<String> interator = activeFrontChannalOAs.keySet().iterator(); + if (interator.hasNext()) + return interator.next(); + + else + return null; + } + + public SLOInformationImpl getFrontChannelOASessionDescripten(String oaID) { + return activeFrontChannalOAs.get(oaID); + } + + public void removeFrontChannelOA(String oaID) { + activeFrontChannalOAs.remove(oaID); + } + + public Iterator<String> getNextBackChannelOA() { + return activeBackChannelOAs.keySet().iterator(); + } + + public SLOInformationImpl getBackChannelOASessionDescripten(String oaID) { + return activeBackChannelOAs.get(oaID); + } + + public void removeBackChannelOA(String oaID) { + activeBackChannelOAs.remove(oaID); + } + + /** + * @return the sloRequest + */ + public PVPTargetConfiguration getSloRequest() { + return sloRequest; + } + + /** + * @param sloRequest the sloRequest to set + */ + public void setSloRequest(PVPTargetConfiguration sloRequest) { + this.sloRequest = sloRequest; + } + + /** + * @return the sloFailedOAs + */ + public List<String> getSloFailedOAs() { + return sloFailedOAs; + } + + public void putFailedOA(String oaID) { + if (sloFailedOAs == null) + sloFailedOAs = new ArrayList<String>(); + sloFailedOAs.add(oaID); + } + + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java index 971222b67..55b213702 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java @@ -22,22 +22,39 @@ */ package at.gv.egovernment.moa.id.data; +import java.io.Serializable; + +import org.opensaml.saml2.metadata.SingleLogoutService; + /** * @author tlenz * */ -public class SLOInformationImpl implements SLOInformationInterface { - +public class SLOInformationImpl implements SLOInformationInterface, Serializable { + private static final long serialVersionUID = 295577931870512387L; private String sessionIndex = null; private String nameID = null; private String protocolType = null; + private String nameIDFormat = null; + private String binding = null; + private String serviceURL = null; - public SLOInformationImpl(String sessionID, String nameID, String protocolType) { + public SLOInformationImpl(String sessionID, String nameID, String nameIDFormat, String protocolType) { + new SLOInformationImpl(sessionID, nameID, nameIDFormat, protocolType, null); + } + + public SLOInformationImpl(String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) { this.sessionIndex = sessionID; this.nameID = nameID; + this.nameIDFormat = nameIDFormat; this.protocolType = protocolType; - + + if (sloService != null) { + this.binding = sloService.getBinding(); + this.serviceURL = sloService.getLocation(); + + } } @@ -100,6 +117,39 @@ public class SLOInformationImpl implements SLOInformationInterface { public String getProtocolType() { return protocolType; } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIDFormat() + */ + @Override + public String getUserNameIDFormat() { + return this.nameIDFormat; + } + + + /** + * @param nameIDFormat the nameIDFormat to set + */ + public void setNameIDFormat(String nameIDFormat) { + this.nameIDFormat = nameIDFormat; + } + + /** + * @return the binding + */ + public String getBinding() { + return binding; + } + + /** + * @return the serviceURL + */ + public String getServiceURL() { + return serviceURL; + } + + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java index 7290665e9..b2241f8ed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java @@ -26,7 +26,7 @@ package at.gv.egovernment.moa.id.data; * @author tlenz * */ -public interface SLOInformationInterface { +public interface SLOInformationInterface{ /** @@ -53,6 +53,11 @@ public interface SLOInformationInterface { * return authentication protocol type */ public String getProtocolType(); + + /** + * @return + */ + public String getUserNameIDFormat(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 9fb2c7a69..30585c413 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -25,18 +25,15 @@ package at.gv.egovernment.moa.id.entrypoints; import java.io.IOException; import java.util.Iterator; -import java.util.Map; -import java.util.Set; -import java.util.concurrent.ConcurrentHashMap; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -46,6 +43,7 @@ import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.IAction; @@ -250,18 +248,45 @@ public class DispatcherServlet extends AuthServlet{ try { protocolRequest = info.preProcess(req, resp, action); - if (protocolRequest != null) { - + //request is a valid interfederation response + if (protocolRequest != null && + protocolRequest.getInterfederationResponse() != null ) { + Logger.debug("Create new interfederated MOA-Session and add to HTTPRequest"); + + //reload SP protocol implementation + info = ModulStorage.getModuleByPath(protocolRequest.requestedModule()); + moduleAction = info.getAction(protocolRequest.requestedAction()); + + //create interfederated mOASession + String sessionID = AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true); + req.getParameterMap().put(PARAM_SESSIONID, sessionID); + + Logger.info("PreProcessing of SSO interfederation response complete. "); + + //request is a not valid interfederation response -> Restart local authentication + } else if (protocolRequest != null && + MiscUtil.isNotEmpty(protocolRequest.getRequestID())) { + Logger.info("PreProcessing of SSO interfederation response FAILED. Starting local authentication ..."); + + //request is a new authentication request + } else if (protocolRequest != null && + MiscUtil.isEmpty(protocolRequest.getRequestID())) { //Start new Authentication - protocolRequest.setAction(action); protocolRequest.setModule(module); - protocolRequestID = Random.nextRandom(); - protocolRequest.setRequestID(protocolRequestID); - RequestStorage.setPendingRequest(protocolRequest); + //if preProcessing has not set a specific action from decoded request + // then set the default action + if (MiscUtil.isEmpty(protocolRequest.requestedAction())) + protocolRequest.setAction(action); + else + moduleAction = info.getAction(protocolRequest.requestedAction()); + protocolRequestID = Random.nextRandom(); + protocolRequest.setRequestID(protocolRequestID); + RequestStorage.setPendingRequest(protocolRequest); Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + "."); - + + } else { Logger.error("Failed to generate a valid protocol request!"); resp.setContentType("text/html;charset=UTF-8"); @@ -297,14 +322,18 @@ public class DispatcherServlet extends AuthServlet{ String moasessionID = null; String newSSOSessionId = null; AuthenticationSession moasession = null; + IAuthData authData = null; //get SSO Cookie for Request String ssoId = ssomanager.getSSOSessionID(req); - boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp); + boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp); if (needAuthentication) { - + + //check if interfederation IDP is requested + ssomanager.checkInterfederationIsRequested(req, resp, protocolRequest); + //check SSO session if (ssoId != null) { String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId); @@ -327,7 +356,7 @@ public class DispatcherServlet extends AuthServlet{ } - isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); + isValidSSOSession = ssomanager.isValidSSOSession(ssoId, protocolRequest); useSSOOA = oaParam.useSSO(); @@ -378,38 +407,36 @@ public class DispatcherServlet extends AuthServlet{ if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) { authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam); return; - } - } - else { + } - moasessionID = (String) req.getParameter(PARAM_SESSIONID); - + } else { + moasessionID = (String) req.getParameter(PARAM_SESSIONID); moasession = AuthenticationSessionStoreage.getSession(moasessionID); - } - + + } //save SSO session usage in Database newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); - if (newSSOSessionId != null) { + if (MiscUtil.isNotEmpty(newSSOSessionId)) { ssomanager.setSSOSessionID(req, resp, newSSOSessionId); } else { ssomanager.deleteSSOSessionID(req, resp); + } - } else { - - moasessionID = (String) req.getParameter(PARAM_SESSIONID); - + } else { + moasessionID = (String) req.getParameter(PARAM_SESSIONID); moasession = AuthenticationSessionStoreage.getSession(moasessionID); moasessionID = AuthenticationSessionStoreage.changeSessionID(moasession); + } - - + //build authenticationdata from session information and OA configuration + authData = AuthenticationDataBuilder.buildAuthenticationData(protocolRequest, moasession); } - - SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession); + + SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, authData); RequestStorage.removePendingRequest(protocolRequestID); @@ -437,7 +464,7 @@ public class DispatcherServlet extends AuthServlet{ //Advanced statistic logging StatisticLogger logger = StatisticLogger.getInstance(); - logger.logSuccessOperation(protocolRequest, moasession, isSSOSession); + logger.logSuccessOperation(protocolRequest, authData, isSSOSession); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 03a61d08f..7456b8387 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -24,12 +24,37 @@ package at.gv.egovernment.moa.id.moduls; import java.io.IOException; import java.io.PrintWriter; +import java.security.NoSuchAlgorithmException; import java.util.List; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.joda.time.DateTime; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.NameIDPolicy; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml2.core.Subject; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.IDPSSODescriptor; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.security.MetadataCredentialResolver; +import org.opensaml.security.MetadataCredentialResolverFactory; +import org.opensaml.security.MetadataCriteria; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.security.CriteriaSet; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.criteria.EntityIDCriteria; + import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder; import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; @@ -42,9 +67,17 @@ import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; public class AuthenticationManager extends AuthServlet { @@ -65,7 +98,6 @@ public class AuthenticationManager extends AuthServlet { return instance; } - /** * Checks if this request can authenticate a MOA Session * @@ -82,9 +114,7 @@ public class AuthenticationManager extends AuthServlet { AuthenticationSession authSession; try { authSession = AuthenticationSessionStoreage.getSession(sessionID); - - - + if (authSession != null) { Logger.info("MOASession found! A: " + authSession.isAuthenticated() + ", AU " @@ -148,16 +178,167 @@ public class AuthenticationManager extends AuthServlet { public void doAuthentication(HttpServletRequest request, HttpServletResponse response, IRequest target) throws ServletException, IOException, MOAIDException { + Logger.info("Starting authentication ..."); + + if (MiscUtil.isEmpty(target.getRequestedIDP())) { + perfomLocalAuthentication(request, response, target); + + } else { + Logger.info("Use IDP " + target.getRequestedIDP() + " for authentication ..."); + buildPVP21AuthenticationRequest(request, response, target); + + } + } + + public void sendTransmitAssertionQuestion(HttpServletRequest request, + HttpServletResponse response, IRequest target, OAAuthParameter oaParam) + throws ServletException, IOException, MOAIDException { + + String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), + target.requestedAction(), target.getRequestID(), oaParam, request.getContextPath()); + + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(form); + out.flush(); + } + + private void buildPVP21AuthenticationRequest(HttpServletRequest request, + HttpServletResponse response, IRequest target) + throws ServletException, IOException, MOAIDException { + + boolean requiredLocalAuthentication = true; + + Logger.debug("Build PVP 2.1 authentication request"); + + //get IDP metadata + try { + OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(target.getRequestedIDP()); + if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) { + Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation."); + Logger.info("Switch to local authentication on this IDP ... "); + perfomLocalAuthentication(request, response, target); + + } + + EntityDescriptor idpEntity = MOAMetadataProvider.getInstance(). + getEntityDescriptor(target.getRequestedIDP()); + + if (idpEntity != null ) { + + //fetch endpoint from IDP metadata + SingleSignOnService redirectEndpoint = null; + for (SingleSignOnService sss : + idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { + + // use POST binding as default if it exists + //TODO: maybe use RedirectBinding as default + if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { + redirectEndpoint = sss; + + } else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) && + redirectEndpoint == null ) + redirectEndpoint = sss; + } + + if (redirectEndpoint != null) { + + AuthnRequest authReq = SAML2Utils + .createSAMLObject(AuthnRequest.class); + SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + authReq.setID(gen.generateIdentifier()); + + //send passive AuthnRequest + authReq.setIsPassive(true); + + authReq.setAssertionConsumerServiceIndex(0); + authReq.setIssueInstant(new DateTime()); + Subject subject = SAML2Utils.createSAMLObject(Subject.class); + NameID name = SAML2Utils.createSAMLObject(NameID.class); + Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath(); + name.setValue(serviceURL); + issuer.setValue(serviceURL); -// if (!ParamValidatorUtils.isValidOA(target.getOAURL())) -// throw new WrongParametersException("StartAuthentication", PARAM_OA, -// "auth.12"); -// -// if (target.getOAURL() == null) { -// throw new WrongParametersException("StartAuthentication", PARAM_OA, -// "auth.12"); -// } + subject.setNameID(name); + authReq.setSubject(subject); + issuer.setFormat(NameIDType.ENTITY); + authReq.setIssuer(issuer); + NameIDPolicy policy = SAML2Utils + .createSAMLObject(NameIDPolicy.class); + policy.setAllowCreate(true); + policy.setFormat(NameID.TRANSIENT); + authReq.setNameIDPolicy(policy); + + authReq.setDestination(redirectEndpoint.getLocation()); + + RequestedAuthnContext reqAuthContext = + SAML2Utils.createSAMLObject(RequestedAuthnContext.class); + + AuthnContextClassRef authnClassRef = + SAML2Utils.createSAMLObject(AuthnContextClassRef.class); + authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); + reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); + reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); + authReq.setRequestedAuthnContext(reqAuthContext); + + + IEncoder binding = null; + if (redirectEndpoint.getBinding().equals( + SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + binding = new RedirectBinding(); + + } else if (redirectEndpoint.getBinding().equals( + SAMLConstants.SAML2_POST_BINDING_URI)) { + binding = new PostBinding(); + + } + + binding.encodeRequest(request, response, authReq, + redirectEndpoint.getLocation(), target.getRequestID()); + + //build and send request without an error + requiredLocalAuthentication = false; + + } else { + Logger.warn("Requested IDP " + target.getRequestedIDP() + + " does not support POST or Redirect Binding."); + + } + + } else { + Logger.warn("Requested IDP " + target.getRequestedIDP() + + " is not found in InterFederation configuration"); + + } + + } catch (MetadataProviderException e) { + Logger.error("IDP metadata error." , e); + + } catch (NoSuchAlgorithmException e) { + Logger.error("Build IDP authentication request FAILED.", e); + + } catch (MessageEncodingException e) { + Logger.error("Build IDP authentication request FAILED.", e); + + } catch (SecurityException e) { + Logger.error("Build IDP authentication request FAILED.", e); + + } + + if (requiredLocalAuthentication) { + Logger.info("Switch to local authentication on this IDP ... "); + perfomLocalAuthentication(request, response, target); + } + } + + + private void perfomLocalAuthentication(HttpServletRequest request, + HttpServletResponse response, IRequest target) + throws ServletException, IOException, MOAIDException { + Logger.debug("Starting authentication on this IDP ..."); setNoCachingHeadersInHttpRespone(request, response); @@ -183,17 +364,12 @@ public class AuthenticationManager extends AuthServlet { if (legacyallowed && legacyparamavail) { - //parse request parameter into MOASession - + //parse request parameter into MOASession StartAuthentificationParameterParser.parse(request, response, moasession, target); Logger.info("Start Authentication Module: " + moasession.getModul() + " Action: " + moasession.getAction()); - - //start authentication process -// session.getServletContext().getNamedDispatcher("StartAuthentication") -// .forward(request, response); - + StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance(); String getIdentityLinkForm = startauth.build(moasession, request, response); @@ -260,17 +436,4 @@ public class AuthenticationManager extends AuthServlet { out.flush(); } } - - public void sendTransmitAssertionQuestion(HttpServletRequest request, - HttpServletResponse response, IRequest target, OAAuthParameter oaParam) - throws ServletException, IOException, MOAIDException { - - String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), - target.requestedAction(), target.getRequestID(), oaParam, request.getContextPath()); - - response.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(response.getOutputStream()); - out.print(form); - out.flush(); - } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java index a2843d026..529e2ab81 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java @@ -26,12 +26,13 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; public interface IAction extends MOAIDAuthConstants { - public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException; public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java index 2ef24c084..aaeb84f92 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -22,6 +22,12 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.moduls; +import java.util.List; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; + public interface IRequest { public String getOAURL(); public boolean isPassiv(); @@ -33,7 +39,10 @@ public interface IRequest { public void setAction(String action); public String getTarget(); public void setRequestID(String id); - public String getRequestID(); + public String getRequestID(); + public String getRequestedIDP(); + public MOAResponse getInterfederationResponse(); + public List<Attribute> getRequestedAttributes(); //public void setTarget(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index b9b1742e4..4a54a516b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -23,8 +23,13 @@ package at.gv.egovernment.moa.id.moduls; import java.io.Serializable; +import java.util.List; -public class RequestImpl implements IRequest, Serializable{ +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; + +public abstract class RequestImpl implements IRequest, Serializable{ private static final long serialVersionUID = 1L; @@ -37,6 +42,16 @@ public class RequestImpl implements IRequest, Serializable{ private String target = null; private String requestID; + //MOA-ID interfederation + private String requestedIDP = null; + private MOAResponse response = null; + + /** + * This method map the protocol specific requested attributes to PVP 2.1 attributes. + * + * @return List of PVP 2.1 attributes with maps all protocol specific attributes + */ + public abstract List<Attribute> getRequestedAttributes(); public void setOAURL(String value) { oaURL = value; @@ -102,4 +117,36 @@ public class RequestImpl implements IRequest, Serializable{ public String getRequestID() { return requestID; } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedIDP() + */ + @Override + public String getRequestedIDP() { + return requestedIDP; + } + + /** + * @param requestedIDP the requestedIDP to set + */ + public void setRequestedIDP(String requestedIDP) { + this.requestedIDP = requestedIDP; + } + + /** + * @return the response + */ + public MOAResponse getInterfederationResponse() { + return response; + } + + /** + * @param response the response to set + */ + public void setInterfederationResponse(MOAResponse response) { + this.response = response; + } + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 684c6630a..c2b9bab52 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -31,11 +31,15 @@ import javax.servlet.http.HttpServletResponse; import org.hibernate.Query; import org.hibernate.Session; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; @@ -44,9 +48,12 @@ import at.gv.egovernment.moa.util.MiscUtil; public class SSOManager { private static final String SSOCOOKIE = "MOA_ID_SSO"; + private static final String SSOINTERFEDERATION = "MOA_INTERFEDERATION_SSO"; private static final int DEFAULTSSOTIMEOUT = 15 * 60; // sec + private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec + private static SSOManager instance = null; private static int sso_timeout; @@ -68,7 +75,46 @@ public class SSOManager { return instance; } - public boolean isValidSSOSession(String ssoSessionID, HttpServletRequest httpReq) { + public void checkInterfederationIsRequested(HttpServletRequest httpReq, HttpServletResponse httpResp, + IRequest protocolRequest) { + String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP); + + if (MiscUtil.isNotEmpty(protocolRequest.getRequestedIDP())) { + Logger.info("Protocolspecific preprocessing already set interfederation IDP " + protocolRequest.getRequestedIDP()); + + } + + if (protocolRequest instanceof RequestImpl) { + //check if IDP is requested + RequestImpl moaReq = (RequestImpl) protocolRequest; + if (MiscUtil.isNotEmpty(interIDP)) { + Logger.info("Receive SSO request for interfederation IDP " + interIDP); + moaReq.setRequestedIDP(interIDP); + + } else { + //check if IDP cookie is set + String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION); + if (MiscUtil.isNotEmpty(cookie)) { + Logger.info("Receive SSO request for interfederation IDP from Cookie " + cookie); + moaReq.setRequestedIDP(cookie); + + deleteCookie(httpReq, httpResp, SSOINTERFEDERATION); + } + } + + } else { + Logger.warn("Request is not of type RequestImpl"); + + } + } + + public void setInterfederationIDPCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String value) { + setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE); + + } + + + public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) { // search SSO Session if (ssoSessionID == null) { @@ -76,15 +122,42 @@ public class SSOManager { return false; } - // String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(), - // AuthenticationManager.MOA_SESSION, null); + AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null); - return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null); + if (storedSession == null) + return false; + + else { + if (protocolRequest != null && + protocolRequest instanceof RequestImpl && + storedSession.isInterfederatedSSOSession()) { + + if (MiscUtil.isEmpty(((RequestImpl) protocolRequest).getRequestedIDP())) { + InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid()); + + if (selectedIDP != null) { + //no local SSO session exist -> request interfederated IDP + ((RequestImpl) protocolRequest).setRequestedIDP(selectedIDP.getIdpurlprefix()); + + } else { + Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ..."); + MOASessionDBUtils.delete(storedSession); + + } + } + + return false; + + } + + return true; + } } public String getMOASession(String ssoSessionID) { - return AuthenticationSessionStoreage.getMOASessionID(ssoSessionID); + return AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID); + } public String existsOldSSOSession(String ssoId) { @@ -95,24 +168,10 @@ public class SSOManager { List<OldSSOSessionIDStore> result; synchronized (session) { - -// try { -// session.getTransaction().rollback(); -// } -// catch (Exception e) { -// e.printStackTrace(); -// } -// try { -// session.getSessionFactory().openSession(); -// } -// catch (Exception e) { -// e.printStackTrace(); -// } - // session.getTransaction().begin(); - + session.beginTransaction(); Query query = session.getNamedQuery("getSSOSessionWithOldSessionID"); - query.setString("sessionid", ssoId); + query.setParameter("sessionid", ssoId); result = query.list(); // send transaction @@ -156,22 +215,58 @@ public class SSOManager { return newSSOId; } - + public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) { - Cookie[] cookies = httpReq.getCookies(); + setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, sso_timeout); - if (cookies != null) { - deleteSSOSessionID(httpReq, httpResp); - } + } - Cookie cookie = new Cookie(SSOCOOKIE, ssoId); - cookie.setMaxAge(sso_timeout); - cookie.setSecure(true); - cookie.setPath(httpReq.getContextPath()); - httpResp.addCookie(cookie); + public String getSSOSessionID(HttpServletRequest httpReq) { + return getValueFromCookie(httpReq, SSOCOOKIE); + + } + + public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) { + deleteCookie(httpReq, httpResp, SSOCOOKIE); } - public String getSSOSessionID(HttpServletRequest httpReq) { + /** + * @param entityID + * @param request + */ + public boolean removeInterfederatedSSOIDP(String entityID, + HttpServletRequest request) { + + String ssoSessionID = getSSOSessionID(request); + + if (MiscUtil.isNotEmpty(ssoSessionID)) { + + AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null); + + if (storedSession == null) + return false; + + InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASessionIDPID(storedSession.getSessionid(), entityID); + + if (selectedIDP != null) { + //no local SSO session exist -> request interfederated IDP + Logger.info("Delete interfederated IDP " + selectedIDP.getIdpurlprefix() + + " from MOASession " + storedSession.getSessionid()); + MOASessionDBUtils.delete(selectedIDP); + + } else { + Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ..."); + + } + + return true; + + } else + return false; + + } + + private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { Cookie[] cookies = httpReq.getCookies(); if (cookies != null) { @@ -181,7 +276,7 @@ public class SSOManager { // (firefox) // if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) { - if (cookie.getName().equals(SSOCOOKIE)) { + if (cookie.getName().equals(cookieName)) { return cookie.getValue(); } } @@ -189,13 +284,21 @@ public class SSOManager { return null; } - public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) { - Cookie[] cookies = httpReq.getCookies(); + private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, + String cookieName, String cookieValue, int maxAge) { - if (cookies != null) { - for (Cookie cookie : cookies) { - if (!cookie.getName().equals(SSOCOOKIE)) httpResp.addCookie(cookie); - } - } + Cookie cookie = new Cookie(cookieName, cookieValue); + cookie.setMaxAge(maxAge); + cookie.setSecure(true); + + //TODO: could be a problem if the IDP is accessible from different contextPaths or Domains + cookie.setPath(httpReq.getContextPath()); + + httpResp.addCookie(cookie); + } + + private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { + setCookie(httpReq, httpResp, cookieName, "", 1); } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index 394fd1430..3b0d07ce1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -27,9 +27,8 @@ import java.util.List; import org.apache.commons.lang.StringUtils; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.oauth20.Pair; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDAuthBlock; @@ -173,10 +172,10 @@ public final class OAuth20AttributeBuilder { } private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject, - final AuthenticationSession authSession, final OAAuthParameter oaParam, final AuthenticationData authData) { + final OAAuthParameter oaParam, final IAuthData authData) { for (IAttributeBuilder b : builders) { try { - Pair<String, JsonPrimitive> attribute = b.build(authSession, oaParam, authData, generator); + Pair<String, JsonPrimitive> attribute = b.build(oaParam, authData, generator); if (attribute != null && !StringUtils.isEmpty(attribute.getSecond().getAsString())) { jsonObject.add(attribute.getFirst(), attribute.getSecond()); } @@ -187,33 +186,70 @@ public final class OAuth20AttributeBuilder { } } - public static void addScopeOpenId(final JsonObject jsonObject, final AuthenticationSession authSession, - final OAAuthParameter oaParam, final AuthenticationData authData) { - addAttibutes(buildersOpenId, jsonObject, authSession, oaParam, authData); + public static void addScopeOpenId(final JsonObject jsonObject, + final OAAuthParameter oaParam, final IAuthData authData) { + addAttibutes(buildersOpenId, jsonObject, oaParam, authData); } - public static void addScopeProfile(final JsonObject jsonObject, final AuthenticationSession authSession, - final OAAuthParameter oaParam, final AuthenticationData authData) { - addAttibutes(buildersProfile, jsonObject, authSession, oaParam, authData); + public static void addScopeProfile(final JsonObject jsonObject, + final OAAuthParameter oaParam, final IAuthData authData) { + addAttibutes(buildersProfile, jsonObject, oaParam, authData); } - public static void addScopeEID(final JsonObject jsonObject, final AuthenticationSession authSession, - final OAAuthParameter oaParam, final AuthenticationData authData) { - addAttibutes(buildersEID, jsonObject, authSession, oaParam, authData); + public static void addScopeEID(final JsonObject jsonObject, + final OAAuthParameter oaParam, final IAuthData authData) { + addAttibutes(buildersEID, jsonObject, oaParam, authData); } - public static void addScopeEIDGov(final JsonObject jsonObject, final AuthenticationSession authSession, - final OAAuthParameter oaParam, final AuthenticationData authData) { - addAttibutes(buildersEIDGov, jsonObject, authSession, oaParam, authData); + public static void addScopeEIDGov(final JsonObject jsonObject, + final OAAuthParameter oaParam, final IAuthData authData) { + addAttibutes(buildersEIDGov, jsonObject, oaParam, authData); } - public static void addScopeMandate(final JsonObject jsonObject, final AuthenticationSession authSession, - final OAAuthParameter oaParam, final AuthenticationData authData) { - addAttibutes(buildersMandate, jsonObject, authSession, oaParam, authData); + public static void addScopeMandate(final JsonObject jsonObject, + final OAAuthParameter oaParam, final IAuthData authData) { + addAttibutes(buildersMandate, jsonObject, oaParam, authData); } - public static void addScopeSTORK(final JsonObject jsonObject, final AuthenticationSession authSession, - final OAAuthParameter oaParam, final AuthenticationData authData) { - addAttibutes(buildersSTORK, jsonObject, authSession, oaParam, authData); + public static void addScopeSTORK(final JsonObject jsonObject, + final OAAuthParameter oaParam, final IAuthData authData) { + addAttibutes(buildersSTORK, jsonObject, oaParam, authData); } + + /** + * @return the buildersprofile + */ + public static List<IAttributeBuilder> getBuildersprofile() { + return buildersProfile; + } + + /** + * @return the builderseid + */ + public static List<IAttributeBuilder> getBuilderseid() { + return buildersEID; + } + + /** + * @return the builderseidgov + */ + public static List<IAttributeBuilder> getBuilderseidgov() { + return buildersEIDGov; + } + + /** + * @return the buildersmandate + */ + public static List<IAttributeBuilder> getBuildersmandate() { + return buildersMandate; + } + + /** + * @return the buildersstork + */ + public static List<IAttributeBuilder> getBuildersstork() { + return buildersSTORK; + } + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java index da1980896..121648499 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; @@ -35,9 +34,9 @@ public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder { return "auth_time"; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildLongAttribute(this.getName(), "", ((long) (authData.getTimestamp().getTime() / 1000))); + return g.buildLongAttribute(this.getName(), "", ((long) (authData.getIssueInstant().getTime() / 1000))); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java index e7a85705a..9230c0105 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java @@ -24,9 +24,8 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; @@ -39,7 +38,7 @@ public class OpenIdExpirationTimeAttribute implements IAttributeBuilder { return "exp"; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000 + expirationTime)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java index a75dfd029..3bdda5c2a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java @@ -24,9 +24,8 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; @@ -37,7 +36,7 @@ public class OpenIdIssueInstantAttribute implements IAttributeBuilder { return "iat"; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java index d21f1a5bb..85c46d5b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; @@ -35,7 +34,7 @@ public class OpenIdIssuerAttribute implements IAttributeBuilder { return "iss"; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(this.getName(), "", authData.getIssuer()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java index bc48ce915..d5bda0dba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; @@ -35,7 +34,7 @@ public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder { return "sub"; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(this.getName(), "", authData.getBPK()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java index a92b0c12d..dd84536ed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; @@ -35,9 +34,9 @@ public class ProfileDateOfBirthAttribute implements IAttributeBuilder { return "birthdate"; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildStringAttribute(this.getName(), "", authData.getDateOfBirth()); + return g.buildStringAttribute(this.getName(), "", authData.getFormatedDateOfBirth()); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java index 5ce22a6c6..02cc66e4b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; @@ -35,7 +34,7 @@ public class ProfileFamilyNameAttribute implements IAttributeBuilder { return "family_name"; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(this.getName(), "", authData.getFamilyName()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java index 047bfa9a9..302ce8105 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; @@ -35,7 +34,7 @@ public class ProfileGivenNameAttribute implements IAttributeBuilder { return "given_name"; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(this.getName(), "", authData.getGivenName()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index 3cc12ff98..4c70ce995 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -30,13 +30,10 @@ import java.util.UUID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; @@ -53,14 +50,13 @@ import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner; import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; class OAuth20AuthAction implements IAction { public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, - AuthenticationSession moasession) throws MOAIDException { + IAuthData authData) throws MOAIDException { OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req; String responseType = oAuthRequest.getResponseType(); @@ -78,7 +74,7 @@ class OAuth20AuthAction implements IAction { o.setCode(code); //generate idToken from MOASession - Map<String, Object> idToken = generateIDToken(o, oAuthRequest, moasession, accessToken); + Map<String, Object> idToken = generateIDToken(o, oAuthRequest, authData, accessToken); o.setAuthDataSession(idToken); } else if (responseType.equals(OAuth20Constants.RESPONSE_TOKEN)) { @@ -104,7 +100,7 @@ class OAuth20AuthAction implements IAction { //TODO: maybe add bPK / wbPK to SLO information - SLOInformationInterface sloInformation = new SLOInformationImpl(accessToken, null, req.requestedModule()); + SLOInformationInterface sloInformation = new SLOInformationImpl(accessToken, null, null, req.requestedModule()); return sloInformation; } @@ -124,7 +120,7 @@ class OAuth20AuthAction implements IAction { } private Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject, - OAuth20AuthRequest oAuthRequest, AuthenticationSession moasession, String accessToken) throws SignatureException, MOAIDException { + OAuth20AuthRequest oAuthRequest, IAuthData authData, String accessToken) throws SignatureException, MOAIDException { // create response Map<String, Object> params = new HashMap<String, Object>(); @@ -134,7 +130,7 @@ class OAuth20AuthAction implements IAction { // build id token and scope Pair<String, String> pair = buildIdToken(auth20SessionObject.getScope(), oAuthRequest, - moasession); + authData); Logger.debug("RESPONSE ID_TOKEN: " + pair.getFirst()); params.put(OAuth20Constants.RESPONSE_ID_TOKEN, pair.getFirst()); Logger.debug("RESPONSE SCOPE: " + pair.getSecond()); @@ -144,34 +140,33 @@ class OAuth20AuthAction implements IAction { } - private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, AuthenticationSession session) + private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData) throws MOAIDException, SignatureException { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL()); - AuthenticationData authData = AuthenticationServer.buildAuthenticationData(session, oaParam, oAuthRequest.getTarget()); OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer()); OAuthJsonToken token = new OAuthJsonToken(signer); StringBuilder resultScopes = new StringBuilder(); // always fill with open id - OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), session, oaParam, authData); + OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), oaParam, authData); resultScopes.append("openId"); for (String s : scope.split(" ")) { if (s.equalsIgnoreCase("profile")) { - OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), session, oaParam, authData); + OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), oaParam, authData); resultScopes.append(" profile"); } else if (s.equalsIgnoreCase("eID")) { - OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), session, oaParam, authData); + OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), oaParam, authData); resultScopes.append(" eID"); } else if (s.equalsIgnoreCase("eID_gov")) { - OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), session, oaParam, authData); + OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), oaParam, authData); resultScopes.append(" eID_gov"); } else if (s.equalsIgnoreCase("mandate")) { - OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), session, oaParam, authData); + OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), oaParam, authData); resultScopes.append(" mandate"); } else if (s.equalsIgnoreCase("stork")) { - OAuth20AttributeBuilder.addScopeSTORK(token.getPayloadAsJsonObject(), session, oaParam, authData); + OAuth20AttributeBuilder.addScopeSTORK(token.getPayloadAsJsonObject(), oaParam, authData); resultScopes.append(" stork"); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index dc3335631..c47e366a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -22,17 +22,29 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + import javax.servlet.http.HttpServletRequest; +import org.opensaml.saml2.core.Attribute; + import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; +import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.logging.Logger; class OAuth20AuthRequest extends OAuth20BaseRequest { @@ -153,4 +165,48 @@ class OAuth20AuthRequest extends OAuth20BaseRequest { } } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() + */ + @Override + public List<Attribute> getRequestedAttributes() { + Map<String, String> reqAttr = new HashMap<String, String>(); + for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) + reqAttr.put(el, ""); + + try { + OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); + + for (String s : scope.split(" ")) { + if (s.equalsIgnoreCase("profile")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile()) + reqAttr.put(el.getName(), ""); + + } else if (s.equalsIgnoreCase("eID")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid()) + reqAttr.put(el.getName(), ""); + + } else if (s.equalsIgnoreCase("eID_gov")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov()) + reqAttr.put(el.getName(), ""); + + } else if (s.equalsIgnoreCase("mandate")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate()) + reqAttr.put(el.getName(), ""); + + } else if (s.equalsIgnoreCase("stork")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork()) + reqAttr.put(el.getName(), ""); + + } + } + + return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator()); + + } catch (ConfigurationException e) { + Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e); + return null; + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 00b7a83f0..951960bc6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -2,6 +2,7 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; import java.net.URLEncoder; import java.util.HashMap; +import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; @@ -16,11 +17,14 @@ import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import com.google.gson.JsonObject; +import edu.emory.mathcs.backport.java.util.Arrays; + public class OAuth20Protocol implements IModulInfo { public static final String NAME = OAuth20Protocol.class.getName(); @@ -29,6 +33,13 @@ public class OAuth20Protocol implements IModulInfo { public static final String AUTH_ACTION = "AUTH"; public static final String TOKEN_ACTION = "TOKEN"; + @SuppressWarnings("unchecked") + public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList( + new String[] { + PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, + PVPConstants.BPK_NAME + }); + private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); static { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java index be320271a..944da38d0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -26,9 +26,9 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -44,7 +44,7 @@ import com.google.gson.JsonObject; class OAuth20TokenAction implements IAction { public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, - AuthenticationSession moasession) throws MOAIDException { + IAuthData authData) throws MOAIDException { OAuth20SessionObject auth20SessionObject = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index 0f1ba23b3..3c90a5773 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -22,8 +22,12 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; +import java.util.List; + import javax.servlet.http.HttpServletRequest; +import org.opensaml.saml2.core.Attribute; + import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -137,4 +141,12 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { this.allowedParameters.add(OAuth20Constants.PARAM_SCOPE); this.allowedParameters.add(OAuth20Constants.PARAM_REDIRECT_URI); } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() + */ + @Override + public List<Attribute> getRequestedAttributes() { + return null; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java new file mode 100644 index 000000000..71d1c26d4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -0,0 +1,178 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x; + + +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.joda.time.DateTime; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeQuery; +import org.opensaml.saml2.core.Response; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.security.SecurityException; + +import edu.emory.mathcs.backport.java.util.Arrays; + +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class AttributQueryAction implements IAction { + + @SuppressWarnings("unchecked") + private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList( + new String[]{PVPConstants.EID_STORK_TOKEN_NAME}); + + @SuppressWarnings("unchecked") + private final static List<String> DEFAULTMANDATEATTRIBUTES = Arrays.asList( + new String[]{ PVPConstants.MANDATE_FULL_MANDATE_NAME, + PVPConstants.MANDATE_PROF_REP_OID_NAME}); + + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData) + */ + @Override + public SLOInformationInterface processRequest(IRequest req, + HttpServletRequest httpReq, HttpServletResponse httpResp, + IAuthData authData) throws MOAIDException { + + if (req instanceof PVPTargetConfiguration && + ((PVPTargetConfiguration) req).getRequest() instanceof MOARequest && + ((MOARequest)((PVPTargetConfiguration) req).getRequest()).getSamlRequest() instanceof AttributeQuery) { + + AttributeQuery attrQuery = (AttributeQuery)((MOARequest)((PVPTargetConfiguration) req).getRequest()).getSamlRequest(); + + //load moaSession + String nameID = attrQuery.getSubject().getNameID().getValue(); + + AuthenticationSession session = AuthenticationSessionStoreage.getSessionWithUserNameID(nameID); + if (session == null) { + Logger.warn("AttributeQuery nameID does not match to an active single sign-on session."); + throw new AttributQueryException("AttributeQuery nameID does not match to an active single sign-on session.", null); + + } + + DateTime date = new DateTime(); + + //generate authData + authData = AuthenticationDataBuilder.buildAuthenticationData(req, session, attrQuery.getAttributes()); + + //add default attributes in case of mandates or STORK is in use + List<String> attrList = addDefaultAttributes(attrQuery, authData); + + //build PVP 2.1 assertion + Assertion assertion = PVP2AssertionBuilder.buildAssertion(attrQuery, attrList, authData, date, authData.getSessionIndex()); + + //build PVP 2.1 response + Response authResponse = AuthResponseBuilder.buildResponse(attrQuery, date, assertion); + + try { + SoapBinding decoder = new SoapBinding(); + decoder.encodeRespone(httpReq, httpResp, authResponse, null, null); + return null; + + } catch (MessageEncodingException e) { + Logger.error("Message Encoding exception", e); + throw new MOAIDException("pvp2.01", null, e); + + } catch (SecurityException e) { + Logger.error("Security exception", e); + throw new MOAIDException("pvp2.01", null, e); + + } + + } else { + Logger.error("Process AttributeQueryAction but request is NOT of type AttributQuery."); + throw new MOAIDException("pvp2.13", null); + + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName() + */ + @Override + public String getDefaultActionName() { + return PVP2XProtocol.ATTRIBUTEQUERY; + } + + private List<String> addDefaultAttributes(AttributeQuery query, IAuthData authData) { + + List<String> reqAttributs = new ArrayList<String>(); + + for (Attribute attr : query.getAttributes()) { + reqAttributs.add(attr.getName()); + + } + + //add default STORK attributes if it is a STORK authentication + if (authData.isForeigner() && !reqAttributs.containsAll(DEFAULTSTORKATTRIBUTES)) { + for (String el : DEFAULTSTORKATTRIBUTES) { + if (!reqAttributs.contains(el)) + reqAttributs.add(el); + } + } + + //add default mandate attributes if it is a authentication with mandates + if (authData.isUseMandate() && !reqAttributs.containsAll(DEFAULTMANDATEATTRIBUTES)) { + for (String el : DEFAULTMANDATEATTRIBUTES) { + if (!reqAttributs.contains(el)) + reqAttributs.add(el); + } + } + + return reqAttributs; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java index 1221e7234..70db9cc23 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java @@ -25,8 +25,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; @@ -36,10 +36,11 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager; public class AuthenticationAction implements IAction { public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req; - SLOInformationImpl sloInformation = (SLOInformationImpl) RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession); + + SLOInformationImpl sloInformation = (SLOInformationImpl) RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, authData); //set protocol type sloInformation.setProtocolType(req.requestedModule()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index a29728245..01f7e18ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -38,31 +38,42 @@ import org.joda.time.DateTime; import org.opensaml.Configuration; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.AttributeConsumingService; import org.opensaml.saml2.metadata.ContactPerson; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.KeyDescriptor; +import org.opensaml.saml2.metadata.LocalizedString; import org.opensaml.saml2.metadata.NameIDFormat; +import org.opensaml.saml2.metadata.RoleDescriptor; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.ServiceName; +import org.opensaml.saml2.metadata.SingleLogoutService; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.SecurityHelper; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; +import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.Signer; import org.w3c.dom.Document; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; @@ -71,7 +82,7 @@ public class MetadataAction implements IAction { private static final int VALIDUNTIL_IN_HOURS = 24; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { try { EntitiesDescriptor idpEntitiesDescriptor = @@ -111,6 +122,7 @@ public class MetadataAction implements IAction { //keyInfoFactory.setEmitPublicKeyValue(true); keyInfoFactory.setEmitEntityIDAsKeyName(true); keyInfoFactory.setEmitEntityCertificate(true); + KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); Credential metadataSigningCredential = CredentialProvider.getIDPMetaDataSigningCredential(); @@ -121,106 +133,12 @@ public class MetadataAction implements IAction { SecurityHelper.prepareSignatureParams(signature, metadataSigningCredential, null, null); idpEntitiesDescriptor.setSignature(signature); - -// //set SignatureMethode -// signature.setSignatureAlgorithm(PVPConstants.DEFAULT_SIGNING_METHODE); -// -// //set DigestMethode -// List<ContentReference> contentList = signature.getContentReferences(); -// for (ContentReference content : contentList) { -// -// if (content instanceof SAMLObjectContentReference) { -// -// SAMLObjectContentReference el = (SAMLObjectContentReference) content; -// el.setDigestAlgorithm(PVPConstants.DEFAULT_DIGESTMETHODE); -// -// } -// } - - -// KeyInfoBuilder metadataKeyInfoBuilder = new KeyInfoBuilder(); -// KeyInfo metadataKeyInfo = metadataKeyInfoBuilder.buildObject(); -// //KeyInfoHelper.addCertificate(metadataKeyInfo, metadataSigningCredential.); -// signature.setKeyInfo(metadataKeyInfo ); - - - - IDPSSODescriptor idpSSODescriptor = SAML2Utils - .createSAMLObject(IDPSSODescriptor.class); - idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); - - idpSSODescriptor.setWantAuthnRequestsSigned(true); - - if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) { - SingleSignOnService postSingleSignOnService = SAML2Utils - .createSAMLObject(SingleSignOnService.class); - - postSingleSignOnService.setLocation(PVPConfiguration - .getInstance().getIDPSSOPostService()); - postSingleSignOnService - .setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - - idpSSODescriptor.getSingleSignOnServices().add( - postSingleSignOnService); - } - - if (PVPConfiguration.getInstance().getIDPSSORedirectService() != null) { - SingleSignOnService redirectSingleSignOnService = SAML2Utils - .createSAMLObject(SingleSignOnService.class); - - redirectSingleSignOnService.setLocation(PVPConfiguration - .getInstance().getIDPSSORedirectService()); - redirectSingleSignOnService - .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - - idpSSODescriptor.getSingleSignOnServices().add( - redirectSingleSignOnService); - } - - /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) { - ArtifactResolutionService artifactResolutionService = SAML2Utils - .createSAMLObject(ArtifactResolutionService.class); - - artifactResolutionService - .setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); - artifactResolutionService.setLocation(PVPConfiguration - .getInstance().getIDPResolveSOAPService()); - - artifactResolutionService.setIndex(0); - - idpSSODescriptor.getArtifactResolutionServices().add( - artifactResolutionService); - }*/ - - //set assertion signing key - Credential assertionSigingCredential = CredentialProvider - .getIDPAssertionSigningCredential(); - - KeyDescriptor signKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - signKeyDescriptor.setUse(UsageType.SIGNING); - signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(assertionSigingCredential)); - idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); - - idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes()); - - NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - persistenNameIDFormat.setFormat(NameIDType.PERSISTENT); - - idpSSODescriptor.getNameIDFormats().add(persistenNameIDFormat); - - NameIDFormat transientNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - transientNameIDFormat.setFormat(NameIDType.TRANSIENT); + //set IDP metadata + idpEntityDescriptor.getRoleDescriptors().add(generateIDPMetadata(keyInfoGenerator)); - idpSSODescriptor.getNameIDFormats().add(transientNameIDFormat); - - NameIDFormat unspecifiedNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - unspecifiedNameIDFormat.setFormat(NameIDType.UNSPECIFIED); - - idpSSODescriptor.getNameIDFormats().add(unspecifiedNameIDFormat); - - idpEntityDescriptor.getRoleDescriptors().add(idpSSODescriptor); + //set SP metadata for interfederation + idpEntityDescriptor.getRoleDescriptors().add(generateSPMetadata(keyInfoGenerator)); DocumentBuilder builder; DocumentBuilderFactory factory = DocumentBuilderFactory @@ -244,9 +162,8 @@ public class MetadataAction implements IAction { sw.close(); String metadataXML = sw.toString(); - - System.out.println("METADATA: " + metadataXML); - + Logger.debug("METADATA: " + metadataXML); + httpResp.setContentType("text/xml"); httpResp.getOutputStream().write(metadataXML.getBytes()); @@ -269,4 +186,228 @@ public class MetadataAction implements IAction { return (PVP2XProtocol.METADATA); } + private RoleDescriptor generateSPMetadata(KeyInfoGenerator keyInfoGenerator) throws CredentialsNotAvailableException, SecurityException, ConfigurationException { + + Logger.debug("Set SP Metadata key information"); + + SPSSODescriptor spSSODescriptor = SAML2Utils + .createSAMLObject(SPSSODescriptor.class); + + spSSODescriptor.setAuthnRequestsSigned(true); + spSSODescriptor.setWantAssertionsSigned(true); + + + //Set AuthRequest Signing certificate + X509Credential authcredential = CredentialProvider.getIDPAssertionSigningCredential(); + + KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + signKeyDescriptor.setUse(UsageType.SIGNING); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); + spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + + //set AuthRequest encryption certificate + + X509Credential authEncCredential = CredentialProvider.getIDPAssertionEncryptionCredential(); + + if (authEncCredential != null) { + KeyDescriptor encryKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + encryKeyDescriptor.setUse(UsageType.ENCRYPTION); + encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); + spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); + + } else { + Logger.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); + + } + + NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + persistentnameIDFormat.setFormat(NameIDType.PERSISTENT); + + spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat); + + NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + transientnameIDFormat.setFormat(NameIDType.TRANSIENT); + + spSSODescriptor.getNameIDFormats().add(transientnameIDFormat); + + NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); + + spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); + + //add assertion consumer services + AssertionConsumerService postassertionConsumerService = + SAML2Utils.createSAMLObject(AssertionConsumerService.class); + postassertionConsumerService.setIndex(0); + postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + postassertionConsumerService.setLocation(PVPConfiguration + .getInstance().getIDPSSOPostService()); + postassertionConsumerService.setIsDefault(true); + spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); + + AssertionConsumerService redirectassertionConsumerService = + SAML2Utils.createSAMLObject(AssertionConsumerService.class); + redirectassertionConsumerService.setIndex(1); + redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + redirectassertionConsumerService.setLocation(PVPConfiguration + .getInstance().getIDPSSORedirectService()); + spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService); + + + //add SLO descriptor +// SingleLogoutService postSLOService = +// SAML2Utils.createSAMLObject(SingleLogoutService.class); +// postSLOService.setLocation(PVPConfiguration +// .getInstance().getIDPSSOPostService()); +// postSLOService +// .setBinding(SAMLConstants.SAML2_POST_BINDING_URI); +// spSSODescriptor.getSingleLogoutServices().add(postSLOService); +// +// SingleLogoutService redirectSLOService = +// SAML2Utils.createSAMLObject(SingleLogoutService.class); +// redirectSLOService.setLocation(PVPConfiguration +// .getInstance().getIDPSSOPostService()); +// redirectSLOService +// .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); +// spSSODescriptor.getSingleLogoutServices().add(redirectSLOService); + + + spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + + AttributeConsumingService attributeService = + SAML2Utils.createSAMLObject(AttributeConsumingService.class); + + attributeService.setIndex(0); + attributeService.setIsDefault(true); + ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); + serviceName.setName(new LocalizedString("Default Service", "de")); + attributeService.getNames().add(serviceName); + + return spSSODescriptor; + } + + private IDPSSODescriptor generateIDPMetadata(KeyInfoGenerator keyInfoGenerator) throws ConfigurationException, CredentialsNotAvailableException, SecurityException { + + +// //set SignatureMethode +// signature.setSignatureAlgorithm(PVPConstants.DEFAULT_SIGNING_METHODE); +// +// //set DigestMethode +// List<ContentReference> contentList = signature.getContentReferences(); +// for (ContentReference content : contentList) { +// +// if (content instanceof SAMLObjectContentReference) { +// +// SAMLObjectContentReference el = (SAMLObjectContentReference) content; +// el.setDigestAlgorithm(PVPConstants.DEFAULT_DIGESTMETHODE); +// +// } +// } + + +// KeyInfoBuilder metadataKeyInfoBuilder = new KeyInfoBuilder(); +// KeyInfo metadataKeyInfo = metadataKeyInfoBuilder.buildObject(); +// //KeyInfoHelper.addCertificate(metadataKeyInfo, metadataSigningCredential.); +// signature.setKeyInfo(metadataKeyInfo ); + + + IDPSSODescriptor idpSSODescriptor = SAML2Utils + .createSAMLObject(IDPSSODescriptor.class); + + idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + + idpSSODescriptor.setWantAuthnRequestsSigned(true); + + if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) { + //add SSO descriptor + SingleSignOnService postSingleSignOnService = SAML2Utils + .createSAMLObject(SingleSignOnService.class); + postSingleSignOnService.setLocation(PVPConfiguration + .getInstance().getIDPSSOPostService()); + postSingleSignOnService + .setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + idpSSODescriptor.getSingleSignOnServices().add( + postSingleSignOnService); + + //add SLO descriptor +// SingleLogoutService postSLOService = +// SAML2Utils.createSAMLObject(SingleLogoutService.class); +// postSLOService.setLocation(PVPConfiguration +// .getInstance().getIDPSSOPostService()); +// postSLOService +// .setBinding(SAMLConstants.SAML2_POST_BINDING_URI); +// idpSSODescriptor.getSingleLogoutServices().add(postSLOService); + + } + + if (PVPConfiguration.getInstance().getIDPSSORedirectService() != null) { + //add SSO descriptor + SingleSignOnService redirectSingleSignOnService = SAML2Utils + .createSAMLObject(SingleSignOnService.class); + redirectSingleSignOnService.setLocation(PVPConfiguration + .getInstance().getIDPSSORedirectService()); + redirectSingleSignOnService + .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + idpSSODescriptor.getSingleSignOnServices().add( + redirectSingleSignOnService); + + //add SLO descriptor +// SingleLogoutService redirectSLOService = +// SAML2Utils.createSAMLObject(SingleLogoutService.class); +// redirectSLOService.setLocation(PVPConfiguration +// .getInstance().getIDPSSOPostService()); +// redirectSLOService +// .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); +// idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService); + } + + /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) { + ArtifactResolutionService artifactResolutionService = SAML2Utils + .createSAMLObject(ArtifactResolutionService.class); + + artifactResolutionService + .setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); + artifactResolutionService.setLocation(PVPConfiguration + .getInstance().getIDPResolveSOAPService()); + + artifactResolutionService.setIndex(0); + + idpSSODescriptor.getArtifactResolutionServices().add( + artifactResolutionService); + }*/ + + //set assertion signing key + Credential assertionSigingCredential = CredentialProvider + .getIDPAssertionSigningCredential(); + + KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + signKeyDescriptor.setUse(UsageType.SIGNING); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(assertionSigingCredential)); + idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes()); + + NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + persistenNameIDFormat.setFormat(NameIDType.PERSISTENT); + + idpSSODescriptor.getNameIDFormats().add(persistenNameIDFormat); + + NameIDFormat transientNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + transientNameIDFormat.setFormat(NameIDType.TRANSIENT); + + idpSSODescriptor.getNameIDFormats().add(transientNameIDFormat); + + NameIDFormat unspecifiedNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + unspecifiedNameIDFormat.setFormat(NameIDType.UNSPECIFIED); + + idpSSODescriptor.getNameIDFormats().add(unspecifiedNameIDFormat); + + return idpSSODescriptor; + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index e81b23d41..6527f03b5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; import iaik.pkcs.pkcs11.objects.Object; +import java.io.IOException; import java.util.ArrayList; import java.util.HashMap; import java.util.Iterator; @@ -31,11 +32,17 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException; import org.apache.commons.lang.StringEscapeUtils; +import org.joda.time.DateTime; import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.AttributeQuery; import org.opensaml.saml2.core.AuthnRequest; -import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.LogoutRequest; +import org.opensaml.saml2.core.LogoutResponse; +import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.Status; import org.opensaml.saml2.core.StatusCode; @@ -45,30 +52,49 @@ import org.opensaml.saml2.metadata.AssertionConsumerService; import org.opensaml.saml2.metadata.AttributeConsumingService; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.SingleLogoutService; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.signature.SignableXMLObject; + +import edu.emory.mathcs.backport.java.util.Arrays; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; +import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.VelocityLogAdapter; import at.gv.egovernment.moa.logging.Logger; @@ -81,18 +107,29 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { public static final String POST = "Post"; public static final String SOAP = "Soap"; public static final String METADATA = "Metadata"; + public static final String ATTRIBUTEQUERY = "AttributeQuery"; + public static final String SINGLELOGOUT = "SingleLogOut"; private static List<IDecoder> decoder = new ArrayList<IDecoder>(); private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); + @SuppressWarnings("unchecked") + public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList( + new String[] { + PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME + }); + static { decoder.add(new PostBinding()); decoder.add(new RedirectBinding()); + decoder.add(new SoapBinding()); actions.put(REDIRECT, new AuthenticationAction()); actions.put(POST, new AuthenticationAction()); actions.put(METADATA, new MetadataAction()); + actions.put(ATTRIBUTEQUERY, new AttributQueryAction()); + actions.put(SINGLELOGOUT, new SingleLogOutAction()); //TODO: insert getArtifact action @@ -133,7 +170,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { public PVP2XProtocol() { super(); } - + public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { @@ -147,6 +184,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { if(METADATA.equals(action)) { return new PVPTargetConfiguration(); + } IDecoder decoder = findDecoder(action, request); @@ -154,100 +192,67 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { return null; } try { - PVPTargetConfiguration config = new PVPTargetConfiguration(); - - MOARequest moaRequest = decoder.decodeRequest(request, response); - - RequestAbstractType samlReq = moaRequest.getSamlRequest(); - - //String xml = PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(samlReq)); - //Logger.info("SAML : " + xml); + InboundMessage msg = (InboundMessage) decoder.decode(request, response); - if(!moaRequest.isVerified()) { + if(!msg.isVerified()) { SAMLVerificationEngine engine = new SAMLVerificationEngine(); - engine.verifyRequest(samlReq, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); - moaRequest.setVerified(true); - } - - if(!(samlReq instanceof AuthnRequest)) { - throw new MOAIDException("Unsupported request", new Object[] {}); - } - - EntityDescriptor metadata = moaRequest.getEntityMetadata(); - if(metadata == null) { - throw new NoMetadataInformationException(); - } - SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); - - AuthnRequest authnRequest = (AuthnRequest)samlReq; - - Integer aIdx = authnRequest.getAssertionConsumerServiceIndex(); - int assertionidx = 0; - - if(aIdx != null) { - assertionidx = aIdx.intValue(); + engine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + msg.setVerified(true); - } else { - assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor); } - aIdx = authnRequest.getAttributeConsumingServiceIndex(); - int attributeIdx = 0; - - if(aIdx != null) { - attributeIdx = aIdx.intValue(); - } + if (msg instanceof MOARequest && + ((MOARequest)msg).getSamlRequest() instanceof AuthnRequest) + return preProcessAuthRequest(request, response, (MOARequest) msg); - AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx); + else if (msg instanceof MOARequest && + ((MOARequest)msg).getSamlRequest() instanceof AttributeQuery) + return preProcessAttributQueryRequest(request, response, (MOARequest) msg); + + else if (msg instanceof MOARequest && + ((MOARequest)msg).getSamlRequest() instanceof LogoutRequest) + return preProcessLogOut(request, response, (MOARequest) msg); - AttributeConsumingService attributeConsumer = null; + else if (msg instanceof MOARequest && + ((MOARequest)msg).getSamlRequest() instanceof LogoutResponse) + return preProcessLogOut(request, response, (MOARequest) msg); - if (spSSODescriptor.getAttributeConsumingServices() != null && - spSSODescriptor.getAttributeConsumingServices().size() > 0) { - attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx); - } + else if (msg instanceof MOAResponse) { + //load service provider AuthRequest from session + + IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState()); + if (obj instanceof RequestImpl) { + RequestImpl iReqSP = (RequestImpl) obj; + + MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); + + if ( processedMsg != null ) { + iReqSP.setInterfederationResponse(processedMsg); + + } else { + Logger.info("Receive NO valid SSO session from " + msg.getEntityID() + +". Switch to local authentication process ..."); - String oaURL = moaRequest.getEntityMetadata().getEntityID(); - String binding = consumerService.getBinding(); -// String entityID = moaRequest.getEntityMetadata().getEntityID(); - - Logger.info("Dispatch PVP2 Request: OAURL=" + oaURL + " Binding=" + binding); - - oaURL = StringEscapeUtils.escapeHtml(oaURL); - - config.setOAURL(oaURL); - config.setBinding(binding); - config.setRequest(moaRequest); - config.setConsumerURL(consumerService.getLocation()); + SSOManager ssomanager = SSOManager.getInstance(); + ssomanager.removeInterfederatedSSOIDP(msg.getEntityID(), request); + + iReqSP.setRequestedIDP(null); - String useMandate = request.getParameter(PARAM_USEMANDATE); - if(useMandate != null) { - if(useMandate.equals("true") && attributeConsumer != null) { - if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) { - throw new MandateAttributesNotHandleAbleException(); } + + return iReqSP; + } - } - //validate AuthnRequest - try { - AuthnRequestValidator.validate((AuthnRequestImpl) samlReq); - - } catch (AuthnRequestValidatorException e) { - if (generateErrorMessage(e, request, response, config)) { - throw new AuthnRequestValidatorException(e.getMessage(), - new Object[] {}, config); - - } else { - throw new MOAIDException(e.getMessage(), new Object[] {}); - - } + Logger.error("Stored PVP21 authrequest from service provider has an unsuppored type."); + return null; + + } else { + Logger.error("Receive unsupported PVP21 message"); + throw new MOAIDException("Unsupported PVP21 message", new Object[] {}); } - - //request.getSession().setAttribute(PARAM_OA, oaURL); - return config; } catch (PVP2Exception e) { throw e; @@ -285,6 +290,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { } else if (e instanceof NameIDFormatNotSupportedException) { statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY_URI); statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); + + } else if (e instanceof SLOException) { + //SLOExecpetions only occurs if session information is lost + return false; } else if(e instanceof PVP2Exception) { PVP2Exception ex = (PVP2Exception) e; @@ -293,6 +302,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { if(statusMessageValue != null) { statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue)); } + } else { statusCode.setValue(StatusCode.RESPONDER_URI); @@ -306,16 +316,27 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { samlResponse.setStatus(status); String remoteSessionID = SAML2Utils.getSecureIdentifier(); samlResponse.setID(remoteSessionID); - + + samlResponse.setIssueInstant(new DateTime()); + Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); + nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + nissuer.setFormat(NameID.ENTITY); + samlResponse.setIssuer(nissuer); + IEncoder encoder = null; - if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { encoder = new RedirectBinding(); - } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) { + + } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) { // TODO: not supported YET!! //binding = new ArtifactBinding(); + } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { encoder = new PostBinding(); + + } else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) { + encoder = new SoapBinding(); } if(encoder == null) { @@ -340,8 +361,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { HttpServletResponse response) { if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("GET")) { return getAction(REDIRECT); + } else if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("POST")) { return getAction(POST); + } if(METADATA.equals(request.getParameter("action"))) { @@ -356,4 +379,235 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { return true; } + + /** + * PreProcess Single LogOut request + * @param request + * @param response + * @param msg + * @return + * @throws MOAIDException + */ + private IRequest preProcessLogOut(HttpServletRequest request, + HttpServletResponse response, MOARequest msg) throws MOAIDException { + + PVPTargetConfiguration config = new PVPTargetConfiguration(); + + if (((MOARequest)msg).getSamlRequest() instanceof LogoutRequest) { + //preProcess single logout request from service provider + + EntityDescriptor metadata = msg.getEntityMetadata(); + if(metadata == null) { + throw new NoMetadataInformationException(); + } + + + + String oaURL = metadata.getEntityID(); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + + Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding()); + + config.setOAURL(oaURL); + config.setBinding(msg.getRequestBinding()); + + + } else if (((MOARequest)msg).getSamlRequest() instanceof LogoutResponse) { + //preProcess single logour response from service provider + + LogoutResponse resp = (LogoutResponse) (((MOARequest)msg).getSamlRequest()); + + Logger.debug("PreProcess SLO Response from " + resp.getIssuer()); + + if (!resp.getDestination().startsWith( + PVPConfiguration.getInstance().getIDPPublicPath())) { + Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL"); + throw new AssertionValidationExeption("PVP 2.1 single logout response destination does not match to IDP URL", null); + + } + + //TODO: check if relayState exists + msg.getRelayState(); + + + } else + throw new MOAIDException("Unsupported request", new Object[] {}); + + + config.setRequest(msg); + config.setAction(SINGLELOGOUT); + return config; + } + + /** + * PreProcess AttributeQuery request + * @param request + * @param response + * @param moaRequest + * @return + * @throws Throwable + */ + private IRequest preProcessAttributQueryRequest(HttpServletRequest request, + HttpServletResponse response, MOARequest moaRequest) throws Throwable { + + AttributeQuery attrQuery = (AttributeQuery) moaRequest.getSamlRequest(); + moaRequest.setEntityID(attrQuery.getIssuer().getValue()); + + //validate destination + String destinaten = attrQuery.getDestination(); + if (!PVPConfiguration.getInstance().getIDPAttributeQueryService().equals(destinaten)) { + Logger.warn("AttributeQuery destination does not match IDP AttributeQueryService URL"); + throw new AttributQueryException("AttributeQuery destination does not match IDP AttributeQueryService URL", null); + + } + + //check if Issuer is an interfederation IDP + // check parameter + if (!ParamValidatorUtils.isValidOA(moaRequest.getEntityID())) + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.12"); + + OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaRequest.getEntityID()); + if (!oa.isInderfederationIDP()) { + Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs."); + throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null); + + } + + if (!oa.isOutboundSSOInterfederationAllowed()) { + Logger.warn("Interfederation IDP " + oa.getPublicURLPrefix() + " does not allow outgoing SSO interfederation."); + throw new AttributQueryException("Interfederation IDP does not allow outgoing SSO interfederation.", null); + + } + + PVPTargetConfiguration config = new PVPTargetConfiguration(); + config.setRequest(moaRequest); + config.setOAURL(moaRequest.getEntityID()); + config.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); + + return config; + } + + /** + * PreProcess Authn request + * @param request + * @param response + * @param moaRequest + * @return + * @throws Throwable + */ + private IRequest preProcessAuthRequest(HttpServletRequest request, + HttpServletResponse response, MOARequest moaRequest) throws Throwable { + + SignableXMLObject samlReq = moaRequest.getSamlRequest(); + + if(!(samlReq instanceof AuthnRequest)) { + throw new MOAIDException("Unsupported request", new Object[] {}); + } + + EntityDescriptor metadata = moaRequest.getEntityMetadata(); + if(metadata == null) { + throw new NoMetadataInformationException(); + } + SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); + + AuthnRequest authnRequest = (AuthnRequest)samlReq; + + Integer aIdx = authnRequest.getAssertionConsumerServiceIndex(); + int assertionidx = 0; + + if(aIdx != null) { + assertionidx = aIdx.intValue(); + + } else { + assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor); + } + + aIdx = authnRequest.getAttributeConsumingServiceIndex(); + int attributeIdx = 0; + + if(aIdx != null) { + attributeIdx = aIdx.intValue(); + } + + AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx); + + AttributeConsumingService attributeConsumer = null; + + if (spSSODescriptor.getAttributeConsumingServices() != null && + spSSODescriptor.getAttributeConsumingServices().size() > 0) { + attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx); + } + + PVPTargetConfiguration config = new PVPTargetConfiguration(); + + String oaURL = moaRequest.getEntityMetadata().getEntityID(); + String binding = consumerService.getBinding(); + + Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + binding); + + oaURL = StringEscapeUtils.escapeHtml(oaURL); + + config.setOAURL(oaURL); + config.setBinding(binding); + config.setRequest(moaRequest); + config.setConsumerURL(consumerService.getLocation()); + + //parse AuthRequest + AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq; + config.setPassiv(authReq.isPassive()); + config.setForce(authReq.isForceAuthn()); + + //validate AuthnRequest + AuthnRequestValidator.validate(authReq); + + String useMandate = request.getParameter(PARAM_USEMANDATE); + if(useMandate != null) { + if(useMandate.equals("true") && attributeConsumer != null) { + if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) { + throw new MandateAttributesNotHandleAbleException(); + } + } + } + + return config; + } + + /** + * PreProcess AuthResponse and Assertion + * @param msg + */ + private MOAResponse preProcessAuthResponse(MOAResponse msg) { + Logger.debug("Start PVP21 assertion processing... "); + Response samlResp = msg.getResponse(); + + try { + if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + + //validate PVP 2.1 assertion + SAMLVerificationEngine.validateAssertion(samlResp, true); + + msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement()); + return msg; + + } else if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.NO_PASSIVE_URI)) { + Logger.info("Interfederation IDP has no valid Single Sign-On session. Starting local authentication ..."); + + } + + } catch (IOException e) { + Logger.warn("Interfederation response marshaling FAILED.", e); + + } catch (MarshallingException e) { + Logger.warn("Interfederation response marshaling FAILED.", e); + + } catch (TransformerException e) { + Logger.warn("Interfederation response marshaling FAILED.", e); + + } catch (AssertionValidationExeption e) { + //error is already logged, to nothing + } + + return null; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java index 7946c7596..47c297914 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -27,6 +27,8 @@ import org.opensaml.xml.signature.SignatureConstants; public interface PVPConstants { + public static final String SSLSOCKETFACTORYNAME = "MOAMetaDataProvider"; + public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256; public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256; public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128; @@ -39,6 +41,8 @@ public interface PVPConstants { public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3"; public static final String STORK_QAA_1_4 = "http://www.stork.gov.eu/1.0/citizenQAALevel/4"; + public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/1.0/"; + public static final String URN_OID_PREFIX = "urn:oid:"; public static final String PVP_VERSION_OID = "1.2.40.0.10.2.1.1.261.10"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java index b3887a444..65da23565 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java @@ -22,22 +22,41 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.impl.AuthnRequestImpl; +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.saml2.metadata.SPSSODescriptor; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; +import at.gv.egovernment.moa.logging.Logger; public class PVPTargetConfiguration extends RequestImpl { private static final long serialVersionUID = 4889919265919638188L; - MOARequest request; + InboundMessage request; String binding; String consumerURL; - - public MOARequest getRequest() { + + public InboundMessage getRequest() { return request; } - public void setRequest(MOARequest request) { + public void setRequest(InboundMessage request) { this.request = request; } @@ -55,6 +74,67 @@ public class PVPTargetConfiguration extends RequestImpl { public void setConsumerURL(String consumerURL) { this.consumerURL = consumerURL; + } - + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() + */ + @Override + public List<Attribute> getRequestedAttributes() { + + Map<String, String> reqAttr = new HashMap<String, String>(); + for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) + reqAttr.put(el, ""); + + try { + OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); + + SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata().getSPSSODescriptor(SAMLConstants.SAML20P_NS); + if (spSSODescriptor.getAttributeConsumingServices() != null && + spSSODescriptor.getAttributeConsumingServices().size() > 0) { + + Integer aIdx = null; + if (getRequest() instanceof MOARequest && + ((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) { + AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest(); + aIdx = authnRequest.getAttributeConsumingServiceIndex(); + + } else { + Logger.error("MOARequest is NOT of type AuthnRequest"); + } + + int idx = 0; + + AttributeConsumingService attributeConsumingService = null; + + if (aIdx != null) { + idx = aIdx.intValue(); + attributeConsumingService = spSSODescriptor + .getAttributeConsumingServices().get(idx); + + } else { + List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices(); + for (AttributeConsumingService el : attrConsumingServiceList) { + if (el.isDefault()) + attributeConsumingService = el; + } + } + + for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes()) + reqAttr.put(attr.getName(), ""); + } + + return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator()); + + } catch (NoMetadataInformationException e) { + Logger.warn("NO metadata found for Entity " + getRequest().getEntityID()); + return null; + + } catch (ConfigurationException e) { + Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e); + return null; + } + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java new file mode 100644 index 000000000..c67d10ab7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -0,0 +1,361 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import java.util.Iterator; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.LogoutRequest; +import org.opensaml.saml2.core.LogoutResponse; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Status; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.metadata.SingleLogoutService; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.soap.common.SOAPException; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.security.SecurityException; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationContainer; +import at.gv.egovernment.moa.id.data.SLOInformationImpl; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class SingleLogOutAction implements IAction { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData) + */ + @Override + public SLOInformationInterface processRequest(IRequest req, + HttpServletRequest httpReq, HttpServletResponse httpResp, + IAuthData authData) throws MOAIDException { + + PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req; + + if (pvpReq.getRequest() instanceof MOARequest) { + MOARequest samlReq = (MOARequest) pvpReq.getRequest(); + if (samlReq.getSamlRequest() instanceof LogoutRequest) { + Logger.debug("Process Single LogOut request"); + LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); + + AuthenticationSession session = + AuthenticationSessionStoreage.searchMOASessionWithNameIDandOAID( + logOutReq.getIssuer().getValue(), + logOutReq.getNameID().getValue()); + + if (session == null) { + Logger.warn("Can not find active SSO session with nameID " + + logOutReq.getNameID().getValue() + " and OA " + + logOutReq.getIssuer().getValue()); + Logger.info("Search active SSO session with SSO session cookie"); + SSOManager ssomanager = SSOManager.getInstance(); + String ssoID = ssomanager.getSSOSessionID(httpReq); + if (MiscUtil.isEmpty(ssoID)) { + Logger.warn("Can not find active Session. Single LogOut not possible!"); + SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); + LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq); + sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); + return null; + + } else { + String moasession = ssomanager.getMOASession(ssoID); + try { + session = AuthenticationSessionStoreage.getSession(moasession); + + } catch (MOADatabaseException e) { + Logger.warn("Can not find active Session. Single LogOut not possible!"); + SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); + LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq); + sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); + return null; + + } + } + } + + //store active OAs to SLOContaine + List<OASessionStore> dbOAs = AuthenticationSessionStoreage.getAllActiveOAFromMOASession(session); + SLOInformationContainer sloContainer = new SLOInformationContainer(); + sloContainer.setSloRequest(pvpReq); + sloContainer.parseActiveOAs(dbOAs, logOutReq.getIssuer().getValue()); + + //terminate MOASession + try { + AuthenticationSessionStoreage.destroySession(session.getSessionID()); + + } catch (MOADatabaseException e) { + Logger.warn("Delete MOASession FAILED."); + sloContainer.putFailedOA(AuthConfigurationProvider.getInstance().getPublicURLPrefix()); + + } + + //start service provider back channel logout process + Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA(); + while (nextOAInterator.hasNext()) { + SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next()); + LogoutRequest sloReq = SingleLogOutBuilder.buildSLORequestMessage(sloDescr); + + try { + List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq); + + LogoutResponse sloResp = null; + for (XMLObject el : soapResp) { + if (el instanceof LogoutResponse) + sloResp = (LogoutResponse) el; + } + + if (sloResp == null) { + Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue() + + " FAILED. NO LogOut response received."); + sloContainer.putFailedOA(sloReq.getIssuer().getValue()); + + } + + checkStatusCode(sloContainer, sloResp); + + } catch (SOAPException e) { + Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue() + + " FAILED.", e); + sloContainer.putFailedOA(sloReq.getIssuer().getValue()); + + } catch (SecurityException e) { + Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue() + + " FAILED.", e); + sloContainer.putFailedOA(sloReq.getIssuer().getValue()); + + } + } + + //start service provider front channel logout process + try { + doFrontChannelLogOut(sloContainer, httpReq, httpResp); + + } catch (MOADatabaseException e) { + Logger.error("MOA AssertionDatabase ERROR", e); + SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); + LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq); + sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); + return null; + + } + + } else if (samlReq.getSamlRequest() instanceof LogoutResponse) { + Logger.debug("Process Single LogOut response"); + LogoutResponse logOutResp = (LogoutResponse) samlReq.getSamlRequest(); + + try { + if (MiscUtil.isEmpty(samlReq.getRelayState())) { + Logger.warn("SLO Response from " + logOutResp.getIssuer().getValue() + + " has no SAML2 RelayState."); + throw new SLOException("pvp2.19", null); + + } + + SLOInformationContainer sloContainer = + AssertionStorage.getInstance().get(samlReq.getRelayState(), SLOInformationContainer.class); + checkStatusCode(sloContainer, logOutResp); + sloContainer.removeFrontChannelOA(logOutResp.getIssuer().getValue()); + doFrontChannelLogOut(sloContainer, httpReq, httpResp); + + } catch (MOADatabaseException e) { + Logger.error("MOA AssertionDatabase ERROR", e); + throw new SLOException("pvp2.19", null); + + } + + } else { + Logger.error("Process SingleLogOutAction but request is NOT of type LogoutRequest or LogoutResponse."); + throw new MOAIDException("pvp2.13", null); + + } + + } else { + Logger.error("Process SingleLogOutAction but request is NOT of type MOARequest."); + throw new MOAIDException("pvp2.13", null); + + } + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName() + */ + @Override + public String getDefaultActionName() { + return PVP2XProtocol.SINGLELOGOUT; + } + + private void checkStatusCode(SLOInformationContainer sloContainer, LogoutResponse logOutResp) { + Status status = logOutResp.getStatus(); + if (!status.getStatusCode().equals(StatusCode.SUCCESS_URI)) { + Logger.warn("Single LogOut for OA " + logOutResp.getIssuer().getValue() + + " FAILED. (ResponseCode: " + status.getStatusCode().getValue() + + " Message: " + status.getStatusMessage().getMessage() + ")"); + sloContainer.putFailedOA(logOutResp.getIssuer().getValue()); + + } else + Logger.debug("Single LogOut for OA " + logOutResp.getIssuer().getValue() + " SUCCESS"); + + } + + private void doFrontChannelLogOut(SLOInformationContainer sloContainer, + HttpServletRequest httpReq, HttpServletResponse httpResp + ) throws MOAIDException, MOADatabaseException { + String nextOA = sloContainer.getNextFrontChannelOA(); + if (MiscUtil.isNotEmpty(nextOA)) { + SLOInformationImpl sloDescr = sloContainer.getFrontChannelOASessionDescripten(nextOA); + LogoutRequest sloReq = SingleLogOutBuilder.buildSLORequestMessage(sloDescr); + String relayState = Random.nextRandom(); + + AssertionStorage.getInstance().put(relayState, sloContainer); + + sendFrontChannelSLOMessage(sloDescr.getServiceURL(), sloDescr.getBinding(), + sloReq, httpReq, httpResp, relayState); + + } else { + //send SLO response to SLO request issuer + PVPTargetConfiguration pvpReq = sloContainer.getSloRequest(); + MOARequest samlReq = (MOARequest) pvpReq.getRequest(); + SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); + LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs()); + sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); + + } + } + + /** + * @param serviceURL + * @param binding + * @param sloReq + * @param httpReq + * @param httpResp + * @param relayState + */ + private void sendFrontChannelSLOMessage(String serviceURL, String bindingType, + RequestAbstractType sloReq, HttpServletRequest httpReq, + HttpServletResponse httpResp, String relayState) throws MOAIDException { + IEncoder binding = null; + if (bindingType.equals( + SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + binding = new RedirectBinding(); + + } else if (bindingType.equals( + SAMLConstants.SAML2_POST_BINDING_URI)) { + binding = new PostBinding(); + + } + + if (binding == null) { + throw new BindingNotSupportedException(bindingType); + } + + try { + binding.encodeRequest(httpReq, httpResp, sloReq, + serviceURL, relayState); + + } catch (MessageEncodingException e) { + Logger.error("Message Encoding exception", e); + throw new MOAIDException("pvp2.01", null, e); + + } catch (SecurityException e) { + Logger.error("Security exception", e); + throw new MOAIDException("pvp2.01", null, e); + + } + + } + + private void sendFrontChannelSLOMessage(SingleLogoutService consumerService, + LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp, + String relayState) throws MOAIDException { + IEncoder binding = null; + if (consumerService.getBinding().equals( + SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + binding = new RedirectBinding(); + + } else if (consumerService.getBinding().equals( + SAMLConstants.SAML2_POST_BINDING_URI)) { + binding = new PostBinding(); + + } + + if (binding == null) { + throw new BindingNotSupportedException(consumerService.getBinding()); + } + + try { + binding.encodeRespone(req, resp, sloResp, + consumerService.getLocation(), relayState); + + } catch (MessageEncodingException e) { + Logger.error("Message Encoding exception", e); + throw new MOAIDException("pvp2.01", null, e); + + } catch (SecurityException e) { + Logger.error("Security exception", e); + throw new MOAIDException("pvp2.01", null, e); + + } + + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java index 43a17af23..8691667f0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java @@ -43,13 +43,14 @@ import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.signature.Signature; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; public class ArtifactBinding implements IDecoder, IEncoder { public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation) + RequestAbstractType request, String targetLocation, String relayState) throws MessageEncodingException, SecurityException { } @@ -100,23 +101,21 @@ public class ArtifactBinding implements IDecoder, IEncoder { } } - public MOARequest decodeRequest(HttpServletRequest req, + public InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp) throws MessageDecodingException, SecurityException { return null; } - public MOAResponse decodeRespone(HttpServletRequest req, - HttpServletResponse resp) throws MessageDecodingException, - SecurityException { - - return null; - } public boolean handleDecode(String action, HttpServletRequest req) { return false; } + + public String getSAML2BindingName() { + return SAMLConstants.SAML2_ARTIFACT_BINDING_URI; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java index b64b28de8..fb17c02b8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java @@ -29,15 +29,14 @@ import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.xml.security.SecurityException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; public interface IDecoder { - public MOARequest decodeRequest(HttpServletRequest req, + public InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp) throws MessageDecodingException, SecurityException, PVP2Exception; - - public MOAResponse decodeRespone(HttpServletRequest req, - HttpServletResponse resp) - throws MessageDecodingException, SecurityException, PVP2Exception; - + public boolean handleDecode(String action, HttpServletRequest req); + + public String getSAML2BindingName(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java index f7dfd055c..de5548a44 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java @@ -34,7 +34,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; public interface IEncoder { public void encodeRequest(HttpServletRequest req, - HttpServletResponse resp, RequestAbstractType request, String targetLocation) + HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState) throws MessageEncodingException, SecurityException, PVP2Exception; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java index 1d6b227d6..3094abba8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java @@ -26,9 +26,23 @@ import org.opensaml.common.binding.decoding.URIComparator; public class MOAURICompare implements URIComparator { + /** + * @param idpssoPostService + */ + + private String serviceURL = ""; + + public MOAURICompare(String serviceURL) { + this.serviceURL = serviceURL; + } + public boolean compare(String uri1, String uri2) { - // TODO: implement proper equalizer for rewritten URLS - return true; + + if (this.serviceURL.equals(uri1)) + return true; + + else + return false; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index 11e280d8f..a2fe5c01b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -34,7 +34,9 @@ import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.SingleLogoutService; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; import org.opensaml.ws.message.decoder.MessageDecodingException; @@ -47,6 +49,14 @@ import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; import org.opensaml.xml.security.x509.X509Credential; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; @@ -56,10 +66,38 @@ import at.gv.egovernment.moa.logging.Logger; public class PostBinding implements IDecoder, IEncoder { public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation) + RequestAbstractType request, String targetLocation, String relayState) throws MessageEncodingException, SecurityException { - // TODO Auto-generated method stub + + try { + X509Credential credentials = CredentialProvider + .getIDPAssertionSigningCredential(); + + VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); + HTTPPostEncoder encoder = new HTTPPostEncoder(engine, + "resources/templates/pvp_postbinding_template.html"); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject(); + service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); + service.setLocation(targetLocation);; + + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(request); + context.setOutboundMessageTransport(responseAdapter); + context.setRelayState(relayState); + encoder.encode(context); + + } catch (CredentialsNotAvailableException e) { + e.printStackTrace(); + throw new SecurityException(e); + } catch (Exception e) { + e.printStackTrace(); + throw new SecurityException(e); + } } public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, @@ -100,63 +138,63 @@ public class PostBinding implements IDecoder, IEncoder { } } - public MOARequest decodeRequest(HttpServletRequest req, + public InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp) throws MessageDecodingException, SecurityException { HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); - BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>(); + BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); messageContext .setInboundMessageTransport(new HttpServletRequestAdapter(req)); - decode.setURIComparator(new MOAURICompare()); - messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - + try { + decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService())); + + } catch (ConfigurationException e) { + throw new SecurityException(e); + } + + decode.decode(messageContext); + messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); - - decode.decode(messageContext); - - RequestAbstractType inboundMessage = (RequestAbstractType) messageContext - .getInboundMessage(); - + InboundMessage msg = null; + + if (messageContext.getInboundMessage() instanceof RequestAbstractType) { + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + + RequestAbstractType inboundMessage = (RequestAbstractType) messageContext + .getInboundMessage(); + msg = new MOARequest(inboundMessage, getSAML2BindingName()); + + } else if (messageContext.getInboundMessage() instanceof Response){ + messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + + Response inboundMessage = (Response) messageContext.getInboundMessage(); + msg = new MOAResponse(inboundMessage); + + } else + //create empty container if request type is unknown + msg = new InboundMessage(); - MOARequest request = new MOARequest(inboundMessage); - request.setVerified(false); + msg.setVerified(false); + decode.decode(messageContext); if (messageContext.getPeerEntityMetadata() != null) - request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); + msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); else - Logger.info("No Metadata found for OA with EntityID " + inboundMessage.getIssuer().getValue()); + Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer()); - request.setRelayState(messageContext.getRelayState()); - return request; - - } - - public MOAResponse decodeRespone(HttpServletRequest req, - HttpServletResponse resp) throws MessageDecodingException, - SecurityException { - - HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); - BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter(req)); - - messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - - decode.decode(messageContext); - - Response inboundMessage = (Response) messageContext.getInboundMessage(); - - MOAResponse moaResponse = new MOAResponse(inboundMessage); - moaResponse.setVerified(false); - moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata()); - return moaResponse; - + msg.setRelayState(messageContext.getRelayState()); + + return msg; } public boolean handleDecode(String action, HttpServletRequest req) { - return (req.getMethod().equals("POST")); + return (req.getMethod().equals("POST") && action.equals(PVP2XProtocol.POST)); + } + + public String getSAML2BindingName() { + return SAMLConstants.SAML2_POST_BINDING_URI; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index dc6a1f637..f5dba014b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -35,6 +35,7 @@ import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; @@ -50,7 +51,13 @@ import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.x509.X509Credential; +import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; @@ -61,9 +68,34 @@ import at.gv.egovernment.moa.util.DOMUtils; public class RedirectBinding implements IDecoder, IEncoder { public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation) + RequestAbstractType request, String targetLocation, String relayState) throws MessageEncodingException, SecurityException { - // TODO: implement + + try { + X509Credential credentials = CredentialProvider + .getIDPAssertionSigningCredential(); + + Logger.debug("create SAML RedirectBinding response"); + + HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + service.setLocation(targetLocation); + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(request); + context.setOutboundMessageTransport(responseAdapter); + context.setRelayState(relayState); + + encoder.encode(context); + } catch (CredentialsNotAvailableException e) { + e.printStackTrace(); + throw new SecurityException(e); + } } public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, @@ -85,10 +117,10 @@ public class RedirectBinding implements IDecoder, IEncoder { service.setLocation(targetLocation); context.setOutboundSAMLMessageSigningCredential(credentials); context.setPeerEntityEndpoint(service); - // context.setOutboundMessage(authReq); context.setOutboundSAMLMessage(response); context.setOutboundMessageTransport(responseAdapter); - + context.setRelayState(relayState); + encoder.encode(context); } catch (CredentialsNotAvailableException e) { e.printStackTrace(); @@ -96,84 +128,80 @@ public class RedirectBinding implements IDecoder, IEncoder { } } - public MOARequest decodeRequest(HttpServletRequest req, + public InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp) throws MessageDecodingException, SecurityException { HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( new BasicParserPool()); - decode.setURIComparator(new MOAURICompare()); - BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter(req)); - - messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); - - SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( - TrustEngineFactory.getSignatureKnownKeysTrustEngine()); - - SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); + try { + decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService())); - BasicSecurityPolicy policy = new BasicSecurityPolicy(); - policy.getPolicyRules().add(signatureRule); - policy.getPolicyRules().add(signedRole); - - SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( - policy); - messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - messageContext.setSecurityPolicyResolver(resolver); + } catch (ConfigurationException e) { + throw new SecurityException(e); + + } - decode.decode(messageContext); - - signatureRule.evaluate(messageContext); - - RequestAbstractType inboundMessage = (RequestAbstractType) messageContext - .getInboundMessage(); - MOARequest request = new MOARequest(inboundMessage); - request.setVerified(true); - request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); - return request; - } - - public MOAResponse decodeRespone(HttpServletRequest req, - HttpServletResponse resp) throws MessageDecodingException, - SecurityException { - - HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( - new BasicParserPool()); - BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); + BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); messageContext .setInboundMessageTransport(new HttpServletRequestAdapter(req)); + decode.decode(messageContext); + + messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); + SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( TrustEngineFactory.getSignatureKnownKeysTrustEngine()); - - // signatureRule.evaluate(messageContext); + SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); BasicSecurityPolicy policy = new BasicSecurityPolicy(); policy.getPolicyRules().add(signatureRule); + policy.getPolicyRules().add(signedRole); SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( - policy); - messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + policy); messageContext.setSecurityPolicyResolver(resolver); - MOAMetadataProvider provider = null; - - provider = MOAMetadataProvider.getInstance(); + + InboundMessage msg = null; + + if (messageContext.getInboundMessage() instanceof RequestAbstractType) { + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + + RequestAbstractType inboundMessage = (RequestAbstractType) messageContext + .getInboundMessage(); + msg = new MOARequest(inboundMessage, getSAML2BindingName()); + + + } else if (messageContext.getInboundMessage() instanceof Response){ + messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + + Response inboundMessage = (Response) messageContext.getInboundMessage(); + msg = new MOAResponse(inboundMessage); + + } else + //create empty container if request type is unknown + msg = new InboundMessage(); - messageContext.setMetadataProvider(provider); + signatureRule.evaluate(messageContext); + msg.setVerified(true); decode.decode(messageContext); - - Response inboundMessage = (Response) messageContext.getInboundMessage(); - - MOAResponse moaResponse = new MOAResponse(inboundMessage); - moaResponse.setVerified(true); - moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata()); - return moaResponse; + if (messageContext.getPeerEntityMetadata() != null) + msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); + + else + Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer()); + + msg.setRelayState(messageContext.getRelayState()); + + return msg; } public boolean handleDecode(String action, HttpServletRequest req) { return (action.equals(PVP2XProtocol.REDIRECT) && req.getMethod() .equals("GET")); } + + public String getSAML2BindingName() { + return SAMLConstants.SAML2_REDIRECT_BINDING_URI; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java index 1d41654eb..048c7f14c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java @@ -22,6 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.binding; +import java.util.List; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,51 +35,68 @@ import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.soap.client.BasicSOAPMessageContext; +import org.opensaml.ws.soap.soap11.Envelope; import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder; import org.opensaml.ws.transport.http.HttpServletRequestAdapter; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.signature.SignableXMLObject; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.logging.Logger; public class SoapBinding implements IDecoder, IEncoder { - public MOARequest decodeRequest(HttpServletRequest req, + public InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp) throws MessageDecodingException, SecurityException, PVP2Exception { - HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(); - BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = - new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>(); + HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool()); + BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = + new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); messageContext .setInboundMessageTransport(new HttpServletRequestAdapter( req)); + soapDecoder.decode(messageContext); - - RequestAbstractType inboundMessage = (RequestAbstractType) messageContext + + Envelope inboundMessage = (Envelope) messageContext .getInboundMessage(); - MOARequest request = new MOARequest(inboundMessage); + if (inboundMessage.getBody() != null) { + List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects(); - return request; - } - - public MOAResponse decodeRespone(HttpServletRequest req, - HttpServletResponse resp) throws MessageDecodingException, - SecurityException, PVP2Exception { - throw new BindingNotSupportedException(SAMLConstants.SAML2_SOAP11_BINDING_URI + " response"); + if (!xmlElemList.isEmpty()) { + SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0); + MOARequest request = new MOARequest(attrReq, getSAML2BindingName()); + + request.setVerified(false); + return request; + + } + } + + Logger.error("Receive empty PVP 2.1 attributequery request."); + throw new AttributQueryException("Receive empty PVP 2.1 attributequery request.", null); } public boolean handleDecode(String action, HttpServletRequest req) { - return (action.equals(PVP2XProtocol.SOAP)); + return (req.getMethod().equals("POST") && + (action.equals(PVP2XProtocol.SOAP) || action.equals(PVP2XProtocol.ATTRIBUTEQUERY))); } public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation) + RequestAbstractType request, String targetLocation, String relayState) throws MessageEncodingException, SecurityException, PVP2Exception { } @@ -103,5 +122,9 @@ public class SoapBinding implements IDecoder, IEncoder { throw new SecurityException(e); } } + + public String getSAML2BindingName() { + return SAMLConstants.SAML2_SOAP11_BINDING_URI; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java new file mode 100644 index 000000000..6296d102f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java @@ -0,0 +1,185 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; +import java.util.Set; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +import org.joda.time.DateTime; +import org.opensaml.Configuration; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeQuery; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.Subject; +import org.opensaml.saml2.core.impl.AttributeQueryBuilder; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; +import org.opensaml.xml.signature.SignatureException; +import org.opensaml.xml.signature.Signer; +import org.w3c.dom.Document; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +/** + * @author tlenz + * + */ +public class AttributQueryBuilder { + + public static List<Attribute> buildSAML2AttributeList(OAAuthParameter oa, Iterator<String> iterator) { + + Logger.debug("Build OA specific Attributes for AttributQuery request"); + + List<Attribute> attrList = new ArrayList<Attribute>(); + + SamlAttributeGenerator generator = new SamlAttributeGenerator(); + + while(iterator.hasNext()) { + String rA = iterator.next(); + Attribute attr = PVPAttributeBuilder.buildEmptyAttribute(rA); + if (attr == null) { + Logger.warn("Attribut " + rA + " has no valid Name"); + + } else { + //add OA specific information + if (rA.equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) { + if (oa.getBusinessService()) + attr = generator.buildStringAttribute(attr.getFriendlyName(), + attr.getName(), oa.getIdentityLinkDomainIdentifier()); + else + attr = generator.buildStringAttribute(attr.getFriendlyName(), + attr.getName(), Constants.URN_PREFIX_CDID + "+" + oa.getTarget()); + } + + //TODO: add attribute values for SSO with mandates (ProfileList) + + + attrList.add(attr); + } + } + + return attrList; + } + + + public static AttributeQuery buildAttributQueryRequest(String nameID, + String endpoint, List<Attribute> requestedAttributes) throws AttributQueryException { + + + try { + + AttributeQuery query = new AttributeQueryBuilder().buildObject(); + + //set user nameID + Subject subject = SAML2Utils.createSAMLObject(Subject.class); + NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); + subjectNameID.setValue(nameID); + subjectNameID.setFormat(NameID.TRANSIENT); + subject.setNameID(subjectNameID); + query.setSubject(subject); + + //set attributes + query.getAttributes().addAll(requestedAttributes); + + //set general request parameters + DateTime now = new DateTime(); + query.setIssueInstant(now); + + Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); + nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + nissuer.setFormat(NameID.ENTITY); + query.setIssuer(nissuer); + + String sessionID = SAML2Utils.getSecureIdentifier(); + query.setID(sessionID); + + query.setDestination(endpoint); + + X509Credential idpSigningCredential = CredentialProvider.getIDPAssertionSigningCredential(); + + Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(idpSigningCredential); + query.setSignature(signer); + + DocumentBuilder builder; + DocumentBuilderFactory factory = DocumentBuilderFactory + .newInstance(); + + builder = factory.newDocumentBuilder(); + Document document = builder.newDocument(); + Marshaller out = Configuration.getMarshallerFactory() + .getMarshaller(query); + out.marshall(query, document); + + Signer.signObject(signer); + + return query; + + } catch (ConfigurationException e) { + Logger.error("Build AttributQuery Request FAILED.", e); + throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e); + + } catch (CredentialsNotAvailableException e) { + Logger.error("Build AttributQuery Request FAILED.", e); + throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e); + + } catch (ParserConfigurationException e) { + Logger.error("Build AttributQuery Request FAILED.", e); + throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e); + + } catch (MarshallingException e) { + Logger.error("Build AttributQuery Request FAILED.", e); + throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e); + + } catch (SignatureException e) { + Logger.error("Build AttributQuery Request FAILED.", e); + throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e); + + } + + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java new file mode 100644 index 000000000..4ef09184d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java @@ -0,0 +1,152 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder; + +import java.util.ArrayList; +import java.util.Date; +import java.util.List; + +import org.joda.time.DateTime; +import org.opensaml.Configuration; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.EncryptedAssertion; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.encryption.Encrypter; +import org.opensaml.saml2.encryption.Encrypter.KeyPlacement; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.security.MetadataCredentialResolver; +import org.opensaml.security.MetadataCriteria; +import org.opensaml.xml.encryption.EncryptionException; +import org.opensaml.xml.encryption.EncryptionParameters; +import org.opensaml.xml.encryption.KeyEncryptionParameters; +import org.opensaml.xml.security.CriteriaSet; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.criteria.EntityIDCriteria; +import org.opensaml.xml.security.criteria.UsageCriteria; +import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory; +import org.opensaml.xml.security.x509.X509Credential; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class AuthResponseBuilder { + + public static Response buildResponse(RequestAbstractType req, DateTime date, Assertion assertion) throws InvalidAssertionEncryptionException, ConfigurationException { + Response authResponse = SAML2Utils.createSAMLObject(Response.class); + + Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); + + //change to entity value from entity name to IDP EntityID (URL) + nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + nissuer.setFormat(NameID.ENTITY); + authResponse.setIssuer(nissuer); + authResponse.setInResponseTo(req.getID()); + + //set responseID + String remoteSessionID = SAML2Utils.getSecureIdentifier(); + authResponse.setID(remoteSessionID); + + + //SAML2 response required IssueInstant + authResponse.setIssueInstant(date); + + authResponse.setStatus(SAML2Utils.getSuccessStatus()); + + //check, if metadata includes an encryption key + MetadataCredentialResolver mdCredResolver = + new MetadataCredentialResolver(MOAMetadataProvider.getInstance()); + + CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add( new EntityIDCriteria(req.getIssuer().getValue()) ); + criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) ); + criteriaSet.add( new UsageCriteria(UsageType.ENCRYPTION) ); + + X509Credential encryptionCredentials = null; + try { + encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet); + + } catch (SecurityException e2) { + Logger.warn("Can not extract the Assertion Encryption-Key from metadata", e2); + throw new InvalidAssertionEncryptionException(); + + } + + boolean isEncryptionActive = AuthConfigurationProvider.getInstance().isPVP2AssertionEncryptionActive(); + if (encryptionCredentials != null && isEncryptionActive) { + //encrypt SAML2 assertion + + try { + + EncryptionParameters dataEncParams = new EncryptionParameters(); + dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE); + + List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>(); + KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters(); + + keyEncParam.setEncryptionCredential(encryptionCredentials); + keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE); + KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration() + .getKeyInfoGeneratorManager().getDefaultManager() + .getFactory(encryptionCredentials); + keyEncParam.setKeyInfoGenerator(kigf.newInstance()); + keyEncParamList.add(keyEncParam); + + Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); + //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE); + samlEncrypter.setKeyPlacement(KeyPlacement.PEER); + + EncryptedAssertion encryptAssertion = null; + + encryptAssertion = samlEncrypter.encrypt(assertion); + + authResponse.getEncryptedAssertions().add(encryptAssertion); + + } catch (EncryptionException e1) { + Logger.warn("Can not encrypt the PVP2 assertion", e1); + throw new InvalidAssertionEncryptionException(); + + } + + } else { + authResponse.getAssertions().add(assertion); + + } + + return authResponse; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java index 39e35120c..8b6e71e6b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java @@ -29,9 +29,8 @@ import java.util.List; import org.opensaml.saml2.core.Attribute; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BirthdateAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDAuthBlock; @@ -150,11 +149,11 @@ public class PVPAttributeBuilder { addBuilder(new STORKTitleAttributBuilder()); } - public static Attribute buildAttribute(String name, AuthenticationSession authSession, OAAuthParameter oaParam, - AuthenticationData authData) throws PVP2Exception { + public static Attribute buildAttribute(String name, OAAuthParameter oaParam, + IAuthData authData) throws PVP2Exception { if (builders.containsKey(name)) { try { - return builders.get(name).build(authSession, oaParam, authData, generator); + return builders.get(name).build(oaParam, authData, generator); } catch (AttributeException e) { if (e instanceof UnavailableAttributeException) { @@ -171,6 +170,22 @@ public class PVPAttributeBuilder { return null; } + public static Attribute buildEmptyAttribute(String name) { + if (builders.containsKey(name)) { + return builders.get(name).buildEmpty(generator); + } + return null; + } + + public static Attribute buildAttribute(String name, String value) { + if (builders.containsKey(name)) { + return builders.get(name).buildEmpty(generator); + } + return null; + } + + + public static List<Attribute> buildSupportedEmptyAttributes() { List<Attribute> attributes = new ArrayList<Attribute>(); Iterator<IAttributeBuilder> builderIt = builders.values().iterator(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java new file mode 100644 index 000000000..04d374e93 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java @@ -0,0 +1,186 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder; + +import java.util.List; + +import org.joda.time.DateTime; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.LogoutRequest; +import org.opensaml.saml2.core.LogoutResponse; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.Status; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.core.StatusMessage; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.SingleLogoutService; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.data.SLOInformationImpl; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class SingleLogOutBuilder { + + public static LogoutRequest buildSLORequestMessage(SLOInformationImpl sloInfo) throws ConfigurationException { + LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class); + + Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + issuer.setFormat(NameID.ENTITY); + sloReq.setIssuer(issuer); + sloReq.setIssueInstant(new DateTime()); + + sloReq.setDestination(sloInfo.getServiceURL()); + + NameID nameID = SAML2Utils.createSAMLObject(NameID.class); + nameID.setFormat(sloInfo.getUserNameIDFormat()); + nameID.setValue(sloInfo.getUserNameIdentifier()); + sloReq.setNameID(nameID ); + + return sloReq; + } + + public static LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException { + LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); + Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + issuer.setFormat(NameID.ENTITY); + sloResp.setIssuer(issuer); + sloResp.setIssueInstant(new DateTime()); + sloResp.setDestination(sloService.getLocation()); + Status status = SAML2Utils.createSAMLObject(Status.class); + StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); + StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class); + statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI); + statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null)); + status.setStatusCode(statusCode); + status.setStatusMessage(statusMessage); + sloResp.setStatus(status); + return sloResp; + } + + public static LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPTargetConfiguration spRequest, List<String> failedOAs) throws ConfigurationException { + LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); + Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + issuer.setFormat(NameID.ENTITY); + sloResp.setIssuer(issuer); + sloResp.setIssueInstant(new DateTime()); + sloResp.setDestination(sloService.getLocation()); + + Status status; + if (failedOAs == null || failedOAs.size() == 0) { + status = SAML2Utils.getSuccessStatus(); + + } else { + status = SAML2Utils.createSAMLObject(Status.class); + StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); + StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class); + statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI); + statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null)); + status.setStatusCode(statusCode); + status.setStatusMessage(statusMessage); + + } + sloResp.setStatus(status); + return sloResp; + + } + + public static SingleLogoutService getRequestSLODescriptor(String entityID) throws NOSLOServiceDescriptorException { + try { + EntityDescriptor entity = MOAMetadataProvider.getInstance().getEntityDescriptor(entityID); + SPSSODescriptor spsso = entity.getSPSSODescriptor(SAMLConstants.SAML20P_NS); + + SingleLogoutService sloService = null; + for (SingleLogoutService el : spsso.getSingleLogoutServices()) { + if (el.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) + sloService = el; + + else if (el.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) + && ( + (sloService != null && !sloService.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) + || sloService == null) + ) + sloService = el; + + else if (el.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) + && ( + (sloService != null + && !sloService.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI) + && !sloService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) + || sloService == null) + ) + sloService = el; + } + + if (sloService == null) { + Logger.error("Found no SLO ServiceDescriptor in Metadata"); + throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null); + + } + return sloService; + + } catch (MetadataProviderException e) { + Logger.error("Found no SLO ServiceDescriptor in Metadata"); + throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null); + } + + } + + public static SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException { + MOARequest moaReq = (MOARequest) spRequest.getRequest(); + EntityDescriptor metadata = moaReq.getEntityMetadata(); + SPSSODescriptor spsso = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); + + SingleLogoutService sloService = null; + for (SingleLogoutService el : spsso.getSingleLogoutServices()) { + if (el.getBinding().equals(spRequest.getBinding())) + sloService = el; + } + if (sloService == null && spsso.getSingleLogoutServices().size() != 0) + sloService = spsso.getSingleLogoutServices().get(0); + + else { + Logger.error("Found no SLO ServiceDescriptor in Metadata"); + throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null); + } + return sloService; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index def0d9b80..79a1c3e0f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion; import java.security.MessageDigest; +import java.util.ArrayList; import java.util.Iterator; import java.util.List; @@ -30,6 +31,7 @@ import org.joda.time.DateTime; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeQuery; import org.opensaml.saml2.core.AttributeStatement; import org.opensaml.saml2.core.Audience; import org.opensaml.saml2.core.AudienceRestriction; @@ -58,13 +60,13 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; @@ -80,13 +82,65 @@ import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.MiscUtil; public class PVP2AssertionBuilder implements PVPConstants { + + public static Assertion buildAssertion(AttributeQuery attrQuery, + List<String> reqAttributes, IAuthData authData, DateTime date, String sessionIndex) throws ConfigurationException { + + + AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class); + authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); + + List<Attribute> attrList = new ArrayList<Attribute>(); + if (reqAttributes != null) { + Iterator<String> it = reqAttributes.iterator(); + while (it.hasNext()) { + String reqAttributName = it.next(); + try { + Attribute attr = PVPAttributeBuilder.buildAttribute( + reqAttributName, null, authData); + if (attr == null) { + Logger.error( + "Attribute generation failed! for " + + reqAttributName); + + } else { + attrList.add(attr); + + } + + } catch (PVP2Exception e) { + Logger.error( + "Attribute generation failed! for " + + reqAttributName); + + } catch (Exception e) { + Logger.error( + "General Attribute generation failed! for " + + reqAttributName); + + } + } + } + + + NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); + subjectNameID.setFormat(attrQuery.getSubject().getNameID().getFormat()); + subjectNameID.setValue(attrQuery.getSubject().getNameID().getValue()); + + SubjectConfirmationData subjectConfirmationData = null; + + return buildGenericAssertion(attrQuery.getIssuer().getValue(), date, + authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex); + } + public static Assertion buildAssertion(AuthnRequest authnRequest, - AuthenticationSession authSession, EntityDescriptor peerEntity, DateTime date, + IAuthData authData, EntityDescriptor peerEntity, DateTime date, AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation) throws MOAIDException { - Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class); + RequestedAuthnContext reqAuthnContext = authnRequest .getRequestedAuthnContext(); @@ -99,7 +153,7 @@ public class PVP2AssertionBuilder implements PVPConstants { peerEntity.getEntityID()); if (reqAuthnContext == null) { - authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); + authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); } else { @@ -110,7 +164,7 @@ public class PVP2AssertionBuilder implements PVPConstants { if (reqAuthnContextClassRefIt.size() == 0) { - QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(), + QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), STORK_QAA_1_4); stork_qaa_1_4_found = true; @@ -124,20 +178,20 @@ public class PVP2AssertionBuilder implements PVPConstants { || qaa_uri.trim().equals(STORK_QAA_1_2) || qaa_uri.trim().equals(STORK_QAA_1_1)) { - if (authSession.isForeigner()) { - QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(), + if (authData.isForeigner()) { + QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), STORK_QAA_PREFIX + oaParam.getQaaLevel()); stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); + authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); } else { - QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(), + QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), qaa_uri.trim()); stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); + authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); } break; @@ -150,33 +204,13 @@ public class PVP2AssertionBuilder implements PVPConstants { } } - AuthnContext authnContext = SAML2Utils - .createSAMLObject(AuthnContext.class); - authnContext.setAuthnContextClassRef(authnContextClassRef); - AuthnStatement authnStatement = SAML2Utils - .createSAMLObject(AuthnStatement.class); - - String sessionIndex = SAML2Utils.getSecureIdentifier(); - authnStatement.setAuthnInstant(date); - authnStatement.setSessionIndex(sessionIndex); - authnStatement.setAuthnContext(authnContext); - - assertion.getAuthnStatements().add(authnStatement); SPSSODescriptor spSSODescriptor = peerEntity .getSPSSODescriptor(SAMLConstants.SAML20P_NS); - - AttributeStatement attributeStatement = SAML2Utils - .createSAMLObject(AttributeStatement.class); - - Subject subject = SAML2Utils.createSAMLObject(Subject.class); - - AuthenticationData authData = AuthenticationServer - .buildAuthenticationData(authSession, oaParam, - oaParam.getTarget()); - + //add Attributes to Assertion + List<Attribute> attrList = new ArrayList<Attribute>(); if (spSSODescriptor.getAttributeConsumingServices() != null && spSSODescriptor.getAttributeConsumingServices().size() > 0) { @@ -197,7 +231,7 @@ public class PVP2AssertionBuilder implements PVPConstants { attributeConsumingService = el; } } - + if (attributeConsumingService != null) { Iterator<RequestedAttribute> it = attributeConsumingService .getRequestAttributes().iterator(); @@ -205,14 +239,14 @@ public class PVP2AssertionBuilder implements PVPConstants { RequestedAttribute reqAttribut = it.next(); try { Attribute attr = PVPAttributeBuilder.buildAttribute( - reqAttribut.getName(), authSession, oaParam, authData); + reqAttribut.getName(), oaParam, authData); if (attr == null) { if (reqAttribut.isRequired()) { throw new UnprovideableAttributeException( reqAttribut.getName()); } } else { - attributeStatement.getAttributes().add(attr); + attrList.add(attr); } } catch (PVP2Exception e) { Logger.error( @@ -222,19 +256,26 @@ public class PVP2AssertionBuilder implements PVPConstants { throw new UnprovideableAttributeException( reqAttribut.getName()); } + + } catch (Exception e) { + Logger.error( + "General Attribute generation failed! for " + + reqAttribut.getFriendlyName(), e); + if (reqAttribut.isRequired()) { + throw new UnprovideableAttributeException( + reqAttribut.getName()); + } + } } } } - if (attributeStatement.getAttributes().size() > 0) { - assertion.getAttributeStatements().add(attributeStatement); - } NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); - //TLenz: set correct bPK Type and Value from AuthData - if (authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + //build nameID and nameID Format from moasession + if (authData.isUseMandate()) { + Element mandate = authData.getMandate(); if(mandate == null) { throw new NoMandateDataAvailableException(); } @@ -263,7 +304,7 @@ public class PVP2AssertionBuilder implements PVPConstants { if (bpktype.equals(Constants.URN_PREFIX_BASEID)) { - if (authSession.getBusinessService()) { + if (oaParam.getBusinessService()) { subjectNameID.setValue(new BPKBuilder().buildWBPK(bpk, oaParam.getIdentityLinkDomainIdentifier())); if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) subjectNameID.setNameQualifier(oaParam.getIdentityLinkDomainIdentifier()); @@ -332,21 +373,68 @@ public class PVP2AssertionBuilder implements PVPConstants { } } else - subjectNameID.setFormat(nameIDFormat); - - - subject.setNameID(subjectNameID); - - SubjectConfirmation subjectConfirmation = SAML2Utils - .createSAMLObject(SubjectConfirmation.class); - subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER); + subjectNameID.setFormat(nameIDFormat); + + + String sessionIndex = null; + + //if request is a reauthentication and NameIDFormat match reuse old session information + if (MiscUtil.isNotEmpty(authData.getNameID()) && + MiscUtil.isNotEmpty(authData.getNameIDFormat()) && + nameIDFormat.equals(authData.getNameIDFormat())) { + subjectNameID.setValue(authData.getNameID()); + sessionIndex = authData.getSessionIndex(); + + } else + sessionIndex = SAML2Utils.getSecureIdentifier(); + SubjectConfirmationData subjectConfirmationData = SAML2Utils .createSAMLObject(SubjectConfirmationData.class); subjectConfirmationData.setInResponseTo(authnRequest.getID()); subjectConfirmationData.setNotOnOrAfter(date.plusMinutes(5)); subjectConfirmationData.setRecipient(assertionConsumerService.getLocation()); + + //set SLO information + sloInformation.setUserNameIdentifier(subjectNameID.getValue()); + sloInformation.setNameIDFormat(subjectNameID.getFormat()); + sloInformation.setSessionIndex(sessionIndex); + + return buildGenericAssertion(peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex); + } + + private static Assertion buildGenericAssertion(String entityID, DateTime date, + AuthnContextClassRef authnContextClassRef, List<Attribute> attrList, + NameID subjectNameID, SubjectConfirmationData subjectConfirmationData, + String sessionIndex) throws ConfigurationException { + Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class); + + AuthnContext authnContext = SAML2Utils + .createSAMLObject(AuthnContext.class); + authnContext.setAuthnContextClassRef(authnContextClassRef); + AuthnStatement authnStatement = SAML2Utils + .createSAMLObject(AuthnStatement.class); + + authnStatement.setAuthnInstant(date); + authnStatement.setSessionIndex(sessionIndex); + authnStatement.setAuthnContext(authnContext); + + assertion.getAuthnStatements().add(authnStatement); + + AttributeStatement attributeStatement = SAML2Utils + .createSAMLObject(AttributeStatement.class); + attributeStatement.getAttributes().addAll(attrList); + if (attributeStatement.getAttributes().size() > 0) { + assertion.getAttributeStatements().add(attributeStatement); + } + + Subject subject = SAML2Utils.createSAMLObject(Subject.class); + subject.setNameID(subjectNameID); + + SubjectConfirmation subjectConfirmation = SAML2Utils + .createSAMLObject(SubjectConfirmation.class); + subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER); subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData); subject.getSubjectConfirmations().add(subjectConfirmation); @@ -356,7 +444,7 @@ public class PVP2AssertionBuilder implements PVPConstants { .createSAMLObject(AudienceRestriction.class); Audience audience = SAML2Utils.createSAMLObject(Audience.class); - audience.setAudienceURI(peerEntity.getEntityID()); + audience.setAudienceURI(entityID); audienceRestriction.getAudiences().add(audience); conditions.setNotBefore(date); @@ -375,11 +463,7 @@ public class PVP2AssertionBuilder implements PVPConstants { assertion.setSubject(subject); assertion.setID(SAML2Utils.getSecureIdentifier()); assertion.setIssueInstant(date); - - //set SLO information - sloInformation.setUserNameIdentifier(subjectNameID.getValue()); - sloInformation.setSessionIndex(sessionIndex); - return assertion; + return assertion; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java index 648651350..3dd1dd064 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -35,7 +34,7 @@ public class BPKAttributeBuilder implements IPVPAttributeBuilder { return BPK_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { String bpk = authData.getBPK(); String type = authData.getBPKType(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java index f3d815e7d..89ec383ce 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java @@ -23,47 +23,31 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; import java.text.DateFormat; -import java.text.ParseException; import java.text.SimpleDateFormat; -import java.util.Date; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.util.MiscUtil; public class BirthdateAttributeBuilder implements IPVPAttributeBuilder { - - public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; - + public String getName() { return BIRTHDATE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - try { - DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); + + if (authData.getDateOfBirth() != null) { + DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN); + String dateString = pvpDateFormat.format(authData.getDateOfBirth()); + + return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); - if (MiscUtil.isNotEmpty(authSession.getIdentityLink().getDateOfBirth())) { - Date date = identityLinkFormat.parse(authSession.getIdentityLink().getDateOfBirth()); - DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN); - String dateString = pvpDateFormat.format(date); + } else { + //build empty attribute if no Birthday date is found (STORK2) + return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME); - return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); - - } else { - //build empty attribute if no Birthday date is found (STORK2) - return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME); - - } - - //return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); - } - catch (ParseException e) { - e.printStackTrace(); - return null; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java index 56972248b..ded9e7166 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java @@ -26,9 +26,8 @@ import iaik.util.logging.Log; import java.io.IOException; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.util.Base64Utils; @@ -40,11 +39,11 @@ public class EIDAuthBlock implements IPVPAttributeBuilder { return EID_AUTH_BLOCK_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { try { - String authblock = authSession.getAuthBlock(); + String authblock = authData.getAuthBlock(); if (MiscUtil.isNotEmpty(authblock)) { return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME, Base64Utils.encode(authblock.getBytes())); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java index 7179dd090..2df5ec22e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.util.MiscUtil; @@ -35,10 +34,10 @@ public class EIDCcsURL implements IPVPAttributeBuilder { return EID_CCS_URL_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - String bkuurl = authSession.getBkuURL(); + String bkuurl = authData.getBkuURL(); if (MiscUtil.isNotEmpty(bkuurl)) return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl); else diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java index 02088eea1..365f36594 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder { @@ -33,10 +32,17 @@ public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder return EID_CITIZEN_QAA_LEVEL_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { + + String qaaLevel = null; + if (authData.getQAALevel().startsWith(STORK_QAA_PREFIX)) + qaaLevel = authData.getQAALevel().substring(STORK_QAA_PREFIX.length()); + else + qaaLevel = authData.getQAALevel(); + return g.buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, - EID_CITIZEN_QAA_LEVEL_NAME, 4); + EID_CITIZEN_QAA_LEVEL_NAME, Integer.valueOf(qaaLevel)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java index 2d86586d2..531369e9a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java @@ -24,19 +24,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; import java.io.IOException; -import javax.xml.transform.TransformerException; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.DOMUtils; public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder { @@ -44,36 +36,15 @@ public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder { return EID_IDENTITY_LINK_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { try { String ilAssertion = null; - if (oaParam.getBusinessService()) { + ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion(); - IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); - - Element resignedilAssertion; - - resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink() - .getSamlAssertion()); - - ilAssertion = DOMUtils.serializeNode(resignedilAssertion); - - } else - ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion(); - - return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, EID_IDENTITY_LINK_NAME, Base64Utils.encode(ilAssertion.getBytes())); - } catch (MOAIDException e) { - Logger.warn("IdentityLink serialization error.", e); - return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, - EID_IDENTITY_LINK_NAME); - } catch (TransformerException e) { - Logger.warn("IdentityLink serialization error.", e); - return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, - EID_IDENTITY_LINK_NAME); } catch (IOException e) { Logger.warn("IdentityLink serialization error.", e); return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java index 39d4d29e7..9b85af9f8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java @@ -22,16 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import iaik.x509.X509Certificate; - -import javax.naming.ldap.LdapName; -import javax.naming.ldap.Rdn; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.logging.Logger; public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder { @@ -39,35 +32,9 @@ public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder { return EID_ISSUING_NATION_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - String countryCode = "AT"; - - - if (authSession.getStorkAuthnRequest() != null) { - countryCode = authSession.getStorkAuthnRequest() - .getCitizenCountryCode(); - } else { - - //TODO: replace with TSL lookup when TSL is ready! - X509Certificate certificate = authSession.getSignerCertificate(); - - if (certificate != null) { - try { - LdapName ln = new LdapName(certificate.getIssuerDN() - .getName()); - for (Rdn rdn : ln.getRdns()) { - if (rdn.getType().equalsIgnoreCase("C")) { - Logger.info("C is: " + rdn.getValue()); - countryCode = rdn.getValue().toString(); - break; - } - } - } catch (Exception e) { - Logger.error("Failed to extract country code from certificate", e); - } - } - } + String countryCode = authData.getCcc(); return g.buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, EID_ISSUING_NATION_NAME, countryCode); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java index e8fba6af2..04cc59b10 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java @@ -22,11 +22,14 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import java.io.IOException; + import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; public class EIDSTORKTOKEN implements IPVPAttributeBuilder { @@ -35,21 +38,28 @@ public class EIDSTORKTOKEN implements IPVPAttributeBuilder { return EID_STORK_TOKEN_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (!authSession.isForeigner()) { + if (!authData.isForeigner()) { throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME); } else { - String storkResponse = authSession.getStorkAuthnResponse(); + String storkResponse = authData.getStorkAuthnResponse(); if ( MiscUtil.isEmpty(storkResponse) ) { throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME); } else { - return g.buildStringAttribute(EID_STORK_TOKEN_FRIENDLY_NAME, EID_STORK_TOKEN_NAME, storkResponse); + try { + return g.buildStringAttribute(EID_STORK_TOKEN_FRIENDLY_NAME, EID_STORK_TOKEN_NAME, + Base64Utils.encode(storkResponse.getBytes())); + + } catch (IOException e) { + Logger.warn("Encode AuthBlock BASE64 failed.", e); + throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME); + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java index 807d59050..7f52e1d47 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder { @@ -33,7 +32,7 @@ public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder { return EID_SECTOR_FOR_IDENTIFIER_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { String bpktype = authData.getBPKType(); return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java index 7cd415ada..df1bc1860 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java @@ -26,9 +26,8 @@ import iaik.util.logging.Log; import java.io.IOException; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.util.Base64Utils; @@ -39,11 +38,11 @@ public class EIDSignerCertificate implements IPVPAttributeBuilder { return EID_SIGNER_CERTIFICATE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { try { - byte[] signerCertificate = authSession.getEncodedSignerCertificate(); + byte[] signerCertificate = authData.getSignerCertificate(); if (signerCertificate != null) { return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, Base64Utils .encode(signerCertificate)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java index 5bf65da04..a8b703fc2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java @@ -22,10 +22,10 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributePolicyException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; public class EIDSourcePIN implements IPVPAttributeBuilder { @@ -34,11 +34,11 @@ public class EIDSourcePIN implements IPVPAttributeBuilder { return EID_SOURCE_PIN_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { if (oaParam.getBusinessService()) - throw new UnavailableAttributeException(EID_SOURCE_PIN_NAME); + throw new AttributePolicyException(EID_SOURCE_PIN_NAME); else { return g.buildStringAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME, authData.getIdentificationValue()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java index ec509f74b..0681419fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; @@ -34,7 +33,7 @@ public class EIDSourcePINType implements IPVPAttributeBuilder { return EID_SOURCE_PIN_TYPE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { if (oaParam.getBusinessService()) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java index 7bd5e2db5..fcde1e9bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class GivenNameAttributeBuilder implements IPVPAttributeBuilder { @@ -33,9 +32,9 @@ public class GivenNameAttributeBuilder implements IPVPAttributeBuilder { return GIVEN_NAME_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authSession.getIdentityLink().getGivenName()); + return g.buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authData.getGivenName()); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java index 55b16edfb..d66b0ab02 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java @@ -22,15 +22,14 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public interface IAttributeBuilder { public String getName(); - public <ATT> ATT build(final AuthenticationSession authSession, final OAAuthParameter oaParam, final AuthenticationData authData, + public <ATT> ATT build(final OAAuthParameter oaParam, final IAuthData authData, final IAttributeGenerator<ATT> g) throws AttributeException; public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java index 4528aa1fe..670398ff6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -29,6 +29,7 @@ import javax.xml.transform.TransformerException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -40,13 +41,13 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder return MANDATE_FULL_MANDATE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authSession.getUseMandate()) { - if (authSession.getMandate() != null) { + if (authData.isUseMandate()) { + if (authData.getMandate() != null) { String fullMandate; try { - fullMandate = DOMUtils.serializeNode(authSession + fullMandate = DOMUtils.serializeNode(authData .getMandate()); return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, MANDATE_FULL_MANDATE_NAME, Base64Utils.encode(fullMandate.getBytes())); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java index 9ab1de50d..9230e47fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java @@ -26,9 +26,8 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -40,10 +39,10 @@ public class MandateLegalPersonFullNameAttributeBuilder implements IPVPAttribute return MANDATE_LEG_PER_FULL_NAME_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if (authData.isUseMandate()) { + Element mandate = authData.getMandate(); if (mandate == null) { throw new NoMandateDataAttributeException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java index ca68704c9..04103f28a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java @@ -27,9 +27,8 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -41,10 +40,10 @@ public class MandateLegalPersonSourcePinAttributeBuilder implements IPVPAttribu return MANDATE_LEG_PER_SOURCE_PIN_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if(authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if(authData.isUseMandate()) { + Element mandate = authData.getMandate(); if(mandate == null) { throw new NoMandateDataAttributeException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java index 5656d1769..02e1d7ce0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java @@ -27,9 +27,8 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -41,10 +40,10 @@ public class MandateLegalPersonSourcePinTypeAttributeBuilder implements IPVPAttr return MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if (authData.isUseMandate()) { + Element mandate = authData.getMandate(); if (mandate == null) { throw new NoMandateDataAttributeException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java index 039fc8af8..38456302c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -28,10 +28,9 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -44,10 +43,10 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui return MANDATE_NAT_PER_BPK_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if (authData.isUseMandate()) { + Element mandate = authData.getMandate(); if (mandate == null) { throw new NoMandateDataAttributeException(); } @@ -62,11 +61,6 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui } IdentificationType id = null; id = physicalPerson.getIdentification().get(0); - // if(authSession.getBusinessService()) { - // id = MandateBuilder.getWBPKIdentification(physicalPerson); - // } else { - // id = MandateBuilder.getBPKIdentification(physicalPerson); - // } if (id == null) { Logger.error("Failed to generate IdentificationType"); throw new NoMandateDataAttributeException(); @@ -76,7 +70,7 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui try { if (id.getType().equals(Constants.URN_PREFIX_BASEID)) { - if (authSession.getBusinessService()) { + if (oaParam.getBusinessService()) { bpk = new BPKBuilder().buildWBPK(id.getValue().getValue(), oaParam.getIdentityLinkDomainIdentifier()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java index f5dc277bd..4fcfd4650 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java @@ -31,9 +31,8 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.InvalidDateFormatAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; @@ -46,10 +45,10 @@ public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttrib return MANDATE_NAT_PER_BIRTHDATE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if (authData.isUseMandate()) { + Element mandate = authData.getMandate(); if (mandate == null) { throw new NoMandateDataAttributeException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java index 2a7bafdbc..3452d7ed0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java @@ -29,9 +29,8 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -43,10 +42,10 @@ public class MandateNaturalPersonFamilyNameAttributeBuilder implements IPVPAttr return MANDATE_NAT_PER_FAMILY_NAME_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if(authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if(authData.isUseMandate()) { + Element mandate = authData.getMandate(); if(mandate == null) { throw new NoMandateDataAttributeException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java index 4707c385a..59d5c65fe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java @@ -28,9 +28,8 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -42,10 +41,10 @@ public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttrib return MANDATE_NAT_PER_GIVEN_NAME_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if (authData.isUseMandate()) { + Element mandate = authData.getMandate(); if (mandate == null) { throw new NoMandateDataAttributeException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java index 7fbbce9bc..444312759 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java @@ -30,7 +30,9 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributePolicyException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; @@ -41,10 +43,10 @@ public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttri return MANDATE_NAT_PER_SOURCE_PIN_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if(authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if(authData.isUseMandate()) { + Element mandate = authData.getMandate(); if(mandate == null) { throw new NoMandateDataAttributeException(); } @@ -61,12 +63,10 @@ public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttri IdentificationType id = null; id = physicalPerson.getIdentification().get(0); - if(authSession.getBusinessService()) { - id = MandateBuilder.getWBPKIdentification(physicalPerson); - -// } else { -// id = MandateBuilder.getBPKIdentification(physicalPerson); + if(oaParam.getBusinessService()) { + throw new AttributePolicyException(this.getName()); } + if(id == null) { Logger.error("Failed to generate IdentificationType"); throw new NoMandateDataAttributeException(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java index 538cee048..6adc9b532 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java @@ -27,9 +27,8 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -41,10 +40,10 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAt return MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if(authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if(authData.isUseMandate()) { + Element mandate = authData.getMandate(); if(mandate == null) { throw new NoMandateDataAttributeException(); } @@ -60,11 +59,6 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAt } IdentificationType id = null; id = physicalPerson.getIdentification().get(0); - /*if(authSession.getBusinessService()) { - id = MandateBuilder.getWBPKIdentification(physicalPerson); - } else { - id = MandateBuilder.getBPKIdentification(physicalPerson); - }*/ if(id == null) { Logger.error("Failed to generate IdentificationType"); throw new NoMandateDataAttributeException(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java index 814211b24..4c981cb24 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java @@ -22,14 +22,12 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; +import at.gv.egovernment.moa.util.MiscUtil; public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder { @@ -37,24 +35,24 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder return MANDATE_PROF_REP_DESC_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if(authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if(authData.isUseMandate()) { + MISMandate mandate = authData.getMISMandate(); + + if(mandate == null) { throw new NoMandateDataAttributeException(); } - String text = AttributeExtractor.extractSAMLAttributeOA( - EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, - authSession); + String text = mandate.getTextualDescriptionOfOID(); - if(text == null) { + if(MiscUtil.isEmpty(text)) { return null; - } - - return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, - MANDATE_PROF_REP_DESC_NAME, text); + + } else + return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, + MANDATE_PROF_REP_DESC_NAME, text); } return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java index b040072a6..1a3311c8a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java @@ -22,14 +22,12 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; +import at.gv.egovernment.moa.util.MiscUtil; public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder { @@ -37,21 +35,21 @@ public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder { return MANDATE_PROF_REP_OID_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if (authData.isUseMandate()) { + + MISMandate mandate = authData.getMISMandate(); if (mandate == null) { throw new NoMandateDataAttributeException(); } - String oid = AttributeExtractor.extractSAMLAttributeOA(EXT_SAML_MANDATE_OID, authSession); - - if (oid == null) { - return null; - } - - return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, oid); + String oid = mandate.getProfRep(); + + if(MiscUtil.isEmpty(oid)) + return null; + else + return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, oid); } return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java index 7e7b57e4f..7b41e9bb6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder { @@ -33,12 +32,12 @@ public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuild return MANDATE_REFERENCE_VALUE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authSession.getUseMandate()) { + if (authData.isUseMandate()) { return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME, - authSession.getMandateReferenceValue()); + authData.getMandateReferenceValue()); } return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java index 4842141fc..63165f52a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java @@ -25,9 +25,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -38,10 +37,10 @@ public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder { return MANDATE_TYPE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if (authData.isUseMandate()) { + Element mandate = authData.getMandate(); if (mandate == null) { throw new NoMandateDataAttributeException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java index e8c410555..674efa0d1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class PVPVersionAttributeBuilder implements IPVPAttributeBuilder { @@ -33,7 +32,7 @@ public class PVPVersionAttributeBuilder implements IPVPAttributeBuilder { return PVP_VERSION_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME, PVP_VERSION_2_1); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java index c687b2bff..11fdeb232 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class PrincipalNameAttributeBuilder implements IPVPAttributeBuilder { @@ -33,9 +32,9 @@ public class PrincipalNameAttributeBuilder implements IPVPAttributeBuilder { return PRINCIPAL_NAME_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authSession.getIdentityLink().getFamilyName()); + return g.buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authData.getFamilyName()); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java index b81b30e5b..aff0fc0ef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKAdoptedFamilyNameAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKAdoptedFamilyNameAttributBuilder implements IPVPAttributeBuild return STORKConstants.ADOPTEDFAMILYNAME_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.ADOPTEDFAMILYNAME_FRIENDLYNAME, STORKConstants.ADOPTEDFAMILYNAME_NAME, - STORKAttributHelper.getAttribut(STORKConstants.ADOPTEDFAMILYNAME_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.ADOPTEDFAMILYNAME_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java index 98fe853ff..fb7c60a95 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKAgeAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKAgeAttributBuilder implements IPVPAttributeBuilder { return STORKConstants.AGE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.AGE_FRIENDLYNAME, STORKConstants.AGE_NAME, - STORKAttributHelper.getAttribut(STORKConstants.AGE_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.AGE_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java index 6d2b031a5..387e49d25 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java @@ -26,6 +26,7 @@ import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.logging.Logger; @@ -36,7 +37,7 @@ import at.gv.egovernment.moa.logging.Logger; public class STORKAttributHelper { public static String getAttribut(String attributName, - AuthenticationSession authSession) throws UnavailableAttributeException { + IAuthData authSession) throws UnavailableAttributeException { if (!authSession.isForeigner()) { throw new UnavailableAttributeException(attributName); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java index c3d6f070d..ddfa63b51 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKCanonicalResidenceAddressAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKCanonicalResidenceAddressAttributBuilder implements IPVPAttrib return STORKConstants.CANONICALRESIDENCEADDRESS_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.CANONICALRESIDENCEADDRESS_FRIENDLYNAME, STORKConstants.CANONICALRESIDENCEADDRESS_NAME, - STORKAttributHelper.getAttribut(STORKConstants.CANONICALRESIDENCEADDRESS_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.CANONICALRESIDENCEADDRESS_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java index c873a86ea..08cd65a6d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKCountryCodeOfBirthAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKCountryCodeOfBirthAttributBuilder implements IPVPAttributeBuil return STORKConstants.CONTRYCODEOFBIRTH_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.CONTRYCODEOFBIRTH_FRIENDLYNAME, STORKConstants.CONTRYCODEOFBIRTH_NAME, - STORKAttributHelper.getAttribut(STORKConstants.CONTRYCODEOFBIRTH_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.CONTRYCODEOFBIRTH_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java index 394bffa31..f3a77708b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKFiscalNumberAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKFiscalNumberAttributBuilder implements IPVPAttributeBuilder { return STORKConstants.FISCALNUMBER_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.FISCALNUMBER_FRIENDLYNAME, STORKConstants.FISCALNUMBER_NAME, - STORKAttributHelper.getAttribut(STORKConstants.FISCALNUMBER_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.FISCALNUMBER_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java index 9209e73c4..6f62dbf89 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKGenderAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKGenderAttributBuilder implements IPVPAttributeBuilder { return STORKConstants.GENDER_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.GENDER_FRIENDLYNAME, STORKConstants.GENDER_NAME, - STORKAttributHelper.getAttribut(STORKConstants.GENDER_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.GENDER_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java index 59f345bd3..65bf9ff6e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKInhertedFamilyNameAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKInhertedFamilyNameAttributBuilder implements IPVPAttributeBuil return STORKConstants.INHERITEDFAMILYNAME_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.INHERITEDFAMILYNAME_FRIENDLYNAME, STORKConstants.INHERITEDFAMILYNAME_NAME, - STORKAttributHelper.getAttribut(STORKConstants.INHERITEDFAMILYNAME_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.INHERITEDFAMILYNAME_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java index d99833f13..a7a77d7b4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKIsAgeOverAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKIsAgeOverAttributBuilder implements IPVPAttributeBuilder { return STORKConstants.ISAGEOVER_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.ISAGEOVER_FRIENDLYNAME, STORKConstants.ISAGEOVER_NAME, - STORKAttributHelper.getAttribut(STORKConstants.ISAGEOVER_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.ISAGEOVER_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java index 1e627e723..c6ce4e32a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKMaritalStatusAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKMaritalStatusAttributBuilder implements IPVPAttributeBuilder return STORKConstants.MARITALSTATUS_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.MARITALSTATUS_FRIENDLYNAME, STORKConstants.MARITALSTATUS_NAME, - STORKAttributHelper.getAttribut(STORKConstants.MARITALSTATUS_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.MARITALSTATUS_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java index d46219996..8db5ceeb8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKNationalityCodeAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKNationalityCodeAttributBuilder implements IPVPAttributeBuilder return STORKConstants.NATIONALITYCODE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.NATIONALITYCODE_FRIENDLYNAME, STORKConstants.NATIONALITYCODE_NAME, - STORKAttributHelper.getAttribut(STORKConstants.NATIONALITYCODE_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.NATIONALITYCODE_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java index 7bf6716ec..421f8c28d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKPseudonymAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKPseudonymAttributBuilder implements IPVPAttributeBuilder { return STORKConstants.PSEUDONYM_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.PSEUDONYM_FRIENDLYNAME, STORKConstants.PSEUDONYM_NAME, - STORKAttributHelper.getAttribut(STORKConstants.PSEUDONYM_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.PSEUDONYM_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java index d47de1ff9..ceff4cf4f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKResidencePermitAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKResidencePermitAttributBuilder implements IPVPAttributeBuilder return STORKConstants.RESIDENCEPERMIT_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.RESIDENCEPERMIT_FRIENDLYNAME, STORKConstants.RESIDENCEPERMIT_NAME, - STORKAttributHelper.getAttribut(STORKConstants.RESIDENCEPERMIT_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.RESIDENCEPERMIT_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java index c75d6b0fb..1344883bf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKTextResidenceAddressAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKTextResidenceAddressAttributBuilder implements IPVPAttributeBu return STORKConstants.TEXTRESIDENCEADDRESS_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.TEXTRESIDENCEADDRESS_FRIENDLYNAME, STORKConstants.TEXTRESIDENCEADDRESS_NAME, - STORKAttributHelper.getAttribut(STORKConstants.TEXTRESIDENCEADDRESS_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.TEXTRESIDENCEADDRESS_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java index 357b2fe0d..5209697d6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKTitleAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKTitleAttributBuilder implements IPVPAttributeBuilder { return STORKConstants.TITLE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.TITLE_FRIENDLYNAME, STORKConstants.TITLE_NAME, - STORKAttributHelper.getAttribut(STORKConstants.TITLE_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.TITLE_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java index 3d21d95c4..1e0e2ee51 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java @@ -20,41 +20,21 @@ * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.binding; +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions; -import org.opensaml.saml2.core.Response; -import org.opensaml.saml2.metadata.EntityDescriptor; - -public class MOAResponse { - private Response samlResponse; - private EntityDescriptor entityMetadata; - private boolean verified = false; - - public MOAResponse(Response response) { - samlResponse = response; - } - - public Response getSamlResponse() { - return samlResponse; - } - - public void setSamlResponse(Response samlResponse) { - this.samlResponse = samlResponse; - } - - public boolean isVerified() { - return verified; - } - - public void setVerified(boolean verified) { - this.verified = verified; - } +public class AttributePolicyException extends AttributeException { + + private static final long serialVersionUID = 1L; - public EntityDescriptor getEntityMetadata() { - return entityMetadata; + private String attributeName; + + public AttributePolicyException(String attributeName) { + super("Attribute " + attributeName + " is restricted by IDP policy."); + this.attributeName = attributeName; } - - public void setEntityMetadata(EntityDescriptor entityMetadata) { - this.entityMetadata = entityMetadata; + + public String getAttributeName() { + return attributeName; } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index 9f2ad2e1b..255fba093 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -52,6 +52,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; @@ -69,9 +70,11 @@ public class PVPConfiguration { return instance; } - public static final String PVP2_METADATA = "/pvp2/metadata"; - public static final String PVP2_REDIRECT = "/pvp2/redirect"; - public static final String PVP2_POST = "/pvp2/post"; + public static final String PVP2_METADATA = "/pvp2/metadata"; + public static final String PVP2_REDIRECT = "/pvp2/redirect"; + public static final String PVP2_POST = "/pvp2/post"; + public static final String PVP2_SOAP = "/pvp2/soap"; + public static final String PVP2_ATTRIBUTEQUERY = "/pvp2/attributequery"; public static final String PVP_CONFIG_FILE = "pvp2config.properties"; @@ -84,6 +87,9 @@ public class PVPConfiguration { public static final String IDP_KEYALIASASSERTION = "idp.ks.assertion.sign.alias"; public static final String IDP_KEY_PASSASSERTION = "idp.ks.assertion.sign.keypassword"; + public static final String IDP_KEYALIASENCRYTPION = "sp.ks.assertion.encryption.alias"; + public static final String IDP_KEY_PASSENCRYTPION = "sp.ks.assertion.encryption.keypassword"; + public static final String IDP_ISSUER_NAME = "idp.issuer.name"; public static final String METADATA_FILE = "md.dir"; @@ -141,6 +147,14 @@ public class PVPConfiguration { return getIDPPublicPath() + PVP2_POST; } + public String getIDPSSOSOAPService() throws ConfigurationException { + return getIDPPublicPath() + PVP2_SOAP; + } + + public String getIDPAttributeQueryService() throws ConfigurationException { + return getIDPPublicPath() + PVP2_ATTRIBUTEQUERY; + } + public String getIDPSSORedirectService() throws ConfigurationException { return getIDPPublicPath() + PVP2_REDIRECT; } @@ -173,6 +187,14 @@ public class PVPConfiguration { return props.getProperty(IDP_KEY_PASSASSERTION); } + public String getIDPKeyAliasAssertionEncryption() { + return props.getProperty(IDP_KEYALIASASSERTION); + } + + public String getIDPKeyPasswordAssertionEncryption() { + return props.getProperty(IDP_KEY_PASSASSERTION); + } + public String getIDPIssuerName() throws ConfigurationException { if (moaIDVersion == null) { @@ -226,7 +248,7 @@ public class PVPConfiguration { public iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) { try { - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(entityID); + IOAAuthParameters oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(entityID); if (oaParam == null) { Logger.warn("Online Application with ID " + entityID + " not found!"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java new file mode 100644 index 000000000..69ca4e8f5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java @@ -0,0 +1,50 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +/** + * @author tlenz + * + */ +public class AssertionAttributeExtractorExeption extends PVP2Exception { + + /** + * + */ + private static final long serialVersionUID = -6459000942830951492L; + + public AssertionAttributeExtractorExeption(String attributeName) { + super("Parse PVP2.1 assertion FAILED: Attribute " + attributeName + + " can not extract.", null); + } + + public AssertionAttributeExtractorExeption(String messageId, + Object[] parameters) { + super(messageId, parameters); + } + + public AssertionAttributeExtractorExeption() { + super("Parse PVP2.1 assertion FAILED. Interfederation not possible", null); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java new file mode 100644 index 000000000..fcd8472b1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java @@ -0,0 +1,49 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import at.gv.egovernment.moa.id.config.ConfigurationException; + +/** + * @author tlenz + * + */ +public class AssertionValidationExeption extends PVP2Exception { + + private static final long serialVersionUID = -3987805399122286259L; + + public AssertionValidationExeption(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * @param string + * @param object + * @param e + */ + public AssertionValidationExeption(String string, Object[] parameters, + Throwable e) { + super(string, parameters, e); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java new file mode 100644 index 000000000..9008a7183 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java @@ -0,0 +1,44 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +/** + * @author tlenz + * + */ +public class AttributQueryException extends PVP2Exception { + + /** + * + */ + private static final long serialVersionUID = -4302422507173728748L; + + public AttributQueryException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + public AttributQueryException(String messageId, Object[] parameters, Throwable e) { + super(messageId, parameters, e); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java new file mode 100644 index 000000000..204e1c2a5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java @@ -0,0 +1,44 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +/** + * @author tlenz + * + */ +public class NOSLOServiceDescriptorException extends PVP2Exception { + + /** + * + */ + private static final long serialVersionUID = -3073730570511152661L; + + /** + * @param messageId + * @param parameters + */ + public NOSLOServiceDescriptorException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java index b5facde34..87e443930 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java @@ -22,10 +22,14 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; +import org.opensaml.saml2.core.StatusCode; + public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException { public NameIDFormatNotSupportedException(String nameIDFormat) { super("pvp2.12", new Object[] {nameIDFormat}); + statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI; + } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java new file mode 100644 index 000000000..9f1b6168e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java @@ -0,0 +1,41 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +/** + * @author tlenz + * + */ +public class SLOException extends PVP2Exception { + private static final long serialVersionUID = -5284624715788385022L; + + /** + * @param messageId + * @param parameters + */ + public SLOException(String messageId, Object[] parameters) { + super(messageId, parameters); + // TODO Auto-generated constructor stub + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java index 11054fd57..332caf967 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java @@ -1,4 +1,4 @@ -/******************************************************************************* +/* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. @@ -19,106 +19,96 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.messages; import java.io.Serializable; -import org.opensaml.Configuration; -import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.impl.RequestAbstractTypeMarshaller; -import org.opensaml.saml2.core.impl.RequestAbstractTypeUnmarshaller; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.provider.MetadataProviderException; -import org.opensaml.xml.XMLObject; -import org.opensaml.xml.io.Unmarshaller; -import org.opensaml.xml.io.UnmarshallerFactory; -import org.opensaml.xml.io.UnmarshallingException; import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.logging.Logger; -public class MOARequest implements Serializable{ +/** + * @author tlenz + * + */ +public class InboundMessage implements InboundMessageInterface, Serializable{ private static final long serialVersionUID = 2395131650841669663L; - private Element samlRequest; + private Element samlMessage = null; private boolean verified = false; private String entityID = null; private String relayState = null; - public MOARequest(RequestAbstractType request) { - samlRequest = request.getDOM(); - } - - public RequestAbstractType getSamlRequest() { - UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); - Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(samlRequest); + + public EntityDescriptor getEntityMetadata() throws NoMetadataInformationException { try { - return (RequestAbstractType) unmashaller.unmarshall(samlRequest); + return MOAMetadataProvider.getInstance().getEntityDescriptor(this.entityID); - } catch (UnmarshallingException e) { - Logger.warn("AuthnRequest Unmarshaller error", e); - return null; - } - + } catch (MetadataProviderException e) { + Logger.warn("No Metadata for EntitiyID " + entityID); + throw new NoMetadataInformationException(); + } } - - /** - * @return the relayState + * @param entitiyID the entitiyID to set */ - public String getRelayState() { - return relayState; + public void setEntityID(String entitiyID) { + this.entityID = entitiyID; } - + + public void setVerified(boolean verified) { + this.verified = verified; + } + /** * @param relayState the relayState to set */ public void setRelayState(String relayState) { this.relayState = relayState; } - - public void setSamlRequest(RequestAbstractType request) { - this.samlRequest = request.getDOM(); - } - - public boolean isVerified() { - return verified; - } - - public void setVerified(boolean verified) { - this.verified = verified; + + public void setSAMLMessage(Element msg) { + this.samlMessage = msg; } - - public EntityDescriptor getEntityMetadata() throws NoMetadataInformationException { - - try { - return MOAMetadataProvider.getInstance().getEntityDescriptor(this.entityID); - - } catch (MetadataProviderException e) { - Logger.warn("No Metadata for EntitiyID " + entityID); - throw new NoMetadataInformationException(); - } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getRelayState() + */ + @Override + public String getRelayState() { + return relayState; } - /** - * @return the entitiyID + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getEntityID() */ + @Override public String getEntityID() { return entityID; } - /** - * @param entitiyID the entitiyID to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#isVerified() */ - public void setEntityID(String entitiyID) { - this.entityID = entitiyID; + @Override + public boolean isVerified() { + return verified; } - + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getInboundMessage() + */ + @Override + public Element getInboundMessage() { + return samlMessage; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java new file mode 100644 index 000000000..60a6f069a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java @@ -0,0 +1,38 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.messages; + +import org.w3c.dom.Element; + +/** + * @author tlenz + * + */ +public interface InboundMessageInterface { + + public String getRelayState(); + public String getEntityID(); + public boolean isVerified(); + public Element getInboundMessage(); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java new file mode 100644 index 000000000..7679e74a6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java @@ -0,0 +1,66 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.protocols.pvp2x.messages; + + +import org.opensaml.Configuration; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; +import org.opensaml.xml.io.UnmarshallingException; +import org.opensaml.xml.signature.SignableXMLObject; + +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.logging.Logger; + +public class MOARequest extends InboundMessage{ + + private static final long serialVersionUID = 8613921176727607896L; + + private String binding = null; + + public MOARequest(SignableXMLObject inboundMessage, String binding) { + setSAMLMessage(inboundMessage.getDOM()); + this.binding = binding; + + } + + public String getRequestBinding() { + return binding; + } + + public SignableXMLObject getSamlRequest() { + UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); + Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage()); + + try { + return (SignableXMLObject) unmashaller.unmarshall(getInboundMessage()); + + } catch (UnmarshallingException e) { + Logger.warn("AuthnRequest Unmarshaller error", e); + return null; + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java new file mode 100644 index 000000000..870273cf3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java @@ -0,0 +1,56 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.protocols.pvp2x.messages; + +import org.opensaml.Configuration; +import org.opensaml.saml2.core.Response; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; +import org.opensaml.xml.io.UnmarshallingException; + +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.logging.Logger; + +public class MOAResponse extends InboundMessage { + + private static final long serialVersionUID = -1133012928130138501L; + + public MOAResponse(Response response) { + setSAMLMessage(response.getDOM()); + } + + public Response getResponse() { + UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); + Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage()); + + try { + return (Response) unmashaller.unmarshall(getInboundMessage()); + + } catch (UnmarshallingException e) { + Logger.warn("AuthnResponse Unmarshaller error", e); + return null; + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index f2e3e7cb1..f29c0eaef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -22,6 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.metadata; +import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Collection; import java.util.Date; @@ -33,7 +34,7 @@ import java.util.Timer; import javax.xml.namespace.QName; -import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; @@ -46,9 +47,15 @@ import org.opensaml.xml.XMLObject; import org.opensaml.xml.parse.BasicParserPool; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.MetadataSignatureFilter; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -118,15 +125,15 @@ public class MOAMetadataProvider implements MetadataProvider { } } - //load all PVP2 OAs form ConfigurationDatabase and - //compare actually loaded Providers with configured PVP2 OAs - List<OnlineApplication> oaList = ConfigurationDBRead - .getAllActiveOnlineApplications(); - //set Timestamp Date oldTimeStamp = timestamp; timestamp = new Date(); + //load all PVP2 OAs form ConfigurationDatabase and + //compare actually loaded Providers with configured PVP2 OAs + List<OnlineApplication> oaList = ConfigurationDBRead + .getAllActiveOnlineApplications(); + Iterator<OnlineApplication> oaIt = oaList.iterator(); while (oaIt.hasNext()) { HTTPMetadataProvider httpProvider = null; @@ -156,11 +163,14 @@ public class MOAMetadataProvider implements MetadataProvider { } else if ( MiscUtil.isNotEmpty(metadataurl) && !providersinuse.containsKey(metadataurl) ) { //PVP2 OA is new, add it to MOAMetadataProvider + Logger.info("Loading metadata for: " + oa.getFriendlyName()); httpProvider = createNewHTTPMetaDataProvider( pvp2Config.getMetadataURL(), pvp2Config.getCertificate(), - oa.getFriendlyName()); + oa.getFriendlyName(), + buildMetadataFilterChain(oa, pvp2Config.getMetadataURL(), + pvp2Config.getCertificate())); if (httpProvider != null) providersinuse.put(metadataurl, httpProvider); @@ -266,7 +276,9 @@ public class MOAMetadataProvider implements MetadataProvider { httpProvider = createNewHTTPMetaDataProvider( metadataURL, pvp2Config.getCertificate(), - oa.getFriendlyName()); + oa.getFriendlyName(), + buildMetadataFilterChain(oa, metadataURL, + pvp2Config.getCertificate())); if (httpProvider != null) providersinuse.put(metadataURL, httpProvider); @@ -305,13 +317,45 @@ public class MOAMetadataProvider implements MetadataProvider { timestamp = new Date(); } - private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName) { + private MetadataFilterChain buildMetadataFilterChain(OnlineApplication oa, String metadataURL, byte[] certificate) throws CertificateException { + MetadataFilterChain filterChain = new MetadataFilterChain(metadataURL, certificate); + + if (oa.isIsInterfederationIDP() != null && oa.isIsInterfederationIDP()) { + Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies"); + filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oa.getType())); + + } + + return filterChain; + } + + private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName, MetadataFilterChain filter) { HTTPMetadataProvider httpProvider = null; Timer timer= null; - - try { + MOAHttpClient httpClient = null; + try { + httpClient = new MOAHttpClient(); + + if (metadataURL.startsWith("https:")) { + try { + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + AuthConfigurationProvider.getInstance().getCertstoreDirectory(), + AuthConfigurationProvider.getInstance().getTrustedCACertificates(), + null, + ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()), + AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking()); + + httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); + + } + } + timer = new Timer(); - httpProvider = new HTTPMetadataProvider(timer, new HttpClient(), + httpProvider = new HTTPMetadataProvider(timer, httpClient, metadataURL); httpProvider.setParserPool(new BasicParserPool()); httpProvider.setRequireValidMetadata(true); @@ -319,10 +363,9 @@ public class MOAMetadataProvider implements MetadataProvider { httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours //httpProvider.setRefreshDelayFactor(0.1F); - // TODO: use proper SSL checking - - MetadataFilter filter = new MetadataSignatureFilter( - metadataURL, certificate); + if (filter == null) { + filter = new MetadataFilterChain(metadataURL, certificate); + } httpProvider.setMetadataFilter(filter); httpProvider.initialize(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java index f5fc01b2c..303fc2924 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java @@ -30,11 +30,12 @@ import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry import org.opensaml.saml2.core.ArtifactResolve; import org.opensaml.saml2.core.ArtifactResponse; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.RequestDeniedException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; @@ -42,18 +43,18 @@ import at.gv.egovernment.moa.logging.Logger; public class ArtifactResolution implements IRequestHandler { - public boolean handleObject(MOARequest obj) { - return (obj.getSamlRequest() instanceof ArtifactResolve); + public boolean handleObject(InboundMessage obj) { + return (obj instanceof MOARequest && + ((MOARequest)obj).getSamlRequest() instanceof ArtifactResolve); } - public SLOInformationInterface process(MOARequest obj, HttpServletRequest req, - HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException { + public SLOInformationInterface process(InboundMessage obj, HttpServletRequest req, + HttpServletResponse resp, IAuthData authData) throws MOAIDException { if (!handleObject(obj)) { throw new MOAIDException("pvp2.13", null); } - - ArtifactResolve artifactResolve = (ArtifactResolve) obj - .getSamlRequest(); + + ArtifactResolve artifactResolve = (ArtifactResolve) ((MOARequest)obj).getSamlRequest(); String artifactID = artifactResolve.getArtifact().getArtifact(); PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 0e4cd679b..ca5210d21 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -22,74 +22,55 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; -import java.util.ArrayList; -import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.joda.time.DateTime; -import org.opensaml.Configuration; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.AuthnRequest; -import org.opensaml.saml2.core.EncryptedAssertion; -import org.opensaml.saml2.core.Issuer; -import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.Response; -import org.opensaml.saml2.encryption.Encrypter; -import org.opensaml.saml2.encryption.Encrypter.KeyPlacement; import org.opensaml.saml2.metadata.AssertionConsumerService; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; -import org.opensaml.security.MetadataCredentialResolver; -import org.opensaml.security.MetadataCriteria; import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.opensaml.xml.encryption.EncryptionException; -import org.opensaml.xml.encryption.EncryptionParameters; -import org.opensaml.xml.encryption.KeyEncryptionParameters; -import org.opensaml.xml.security.CriteriaSet; import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.UsageType; -import org.opensaml.xml.security.criteria.EntityIDCriteria; -import org.opensaml.xml.security.criteria.UsageCriteria; -import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory; -import org.opensaml.xml.security.x509.X509Credential; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; public class AuthnRequestHandler implements IRequestHandler, PVPConstants { - public boolean handleObject(MOARequest obj) { - return (obj.getSamlRequest() instanceof AuthnRequest); + public boolean handleObject(InboundMessage obj) { + + return (obj instanceof MOARequest && + ((MOARequest)obj).getSamlRequest() instanceof AuthnRequest); } - public SLOInformationInterface process(MOARequest obj, HttpServletRequest req, - HttpServletResponse resp, AuthenticationSession authSession) throws MOAIDException { + public SLOInformationInterface process(InboundMessage obj, HttpServletRequest req, + HttpServletResponse resp, IAuthData authData) throws MOAIDException { if (!handleObject(obj)) { throw new MOAIDException("pvp2.13", null); } - + //get basic information - AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest(); + MOARequest moaRequest = (MOARequest) obj; + AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest(); EntityDescriptor peerEntity = obj.getEntityMetadata(); SPSSODescriptor spSSODescriptor = peerEntity .getSPSSODescriptor(SAMLConstants.SAML20P_NS); @@ -118,91 +99,11 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { SLOInformationImpl sloInformation = new SLOInformationImpl(); //build Assertion - Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, + Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authData, peerEntity, date, consumerService, sloInformation); - Response authResponse = SAML2Utils.createSAMLObject(Response.class); - - Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); - - //change to entity value from entity name to IDP EntityID (URL) - nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); - nissuer.setFormat(NameID.ENTITY); - authResponse.setIssuer(nissuer); - authResponse.setInResponseTo(authnRequest.getID()); - - //set responseID - String remoteSessionID = SAML2Utils.getSecureIdentifier(); - authResponse.setID(remoteSessionID); - - - //SAML2 response required IssueInstant - authResponse.setIssueInstant(date); - - authResponse.setStatus(SAML2Utils.getSuccessStatus()); - - String oaURL = consumerService.getLocation(); - - //check, if metadata includes an encryption key - MetadataCredentialResolver mdCredResolver = - new MetadataCredentialResolver(MOAMetadataProvider.getInstance()); - - CriteriaSet criteriaSet = new CriteriaSet(); - criteriaSet.add( new EntityIDCriteria(obj.getSamlRequest().getIssuer().getValue()) ); - criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) ); - criteriaSet.add( new UsageCriteria(UsageType.ENCRYPTION) ); - - X509Credential encryptionCredentials = null; - try { - encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet); - - } catch (SecurityException e2) { - Logger.warn("Can not extract the Assertion Encryption-Key from metadata", e2); - throw new InvalidAssertionEncryptionException(); - - } - - boolean isEncryptionActive = AuthConfigurationProvider.getInstance().isPVP2AssertionEncryptionActive(); - if (encryptionCredentials != null && isEncryptionActive) { - //encrypt SAML2 assertion - - try { - - EncryptionParameters dataEncParams = new EncryptionParameters(); - dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE); - - List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>(); - KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters(); - - keyEncParam.setEncryptionCredential(encryptionCredentials); - keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE); - KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration() - .getKeyInfoGeneratorManager().getDefaultManager() - .getFactory(encryptionCredentials); - keyEncParam.setKeyInfoGenerator(kigf.newInstance()); - keyEncParamList.add(keyEncParam); - - Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); - //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE); - samlEncrypter.setKeyPlacement(KeyPlacement.PEER); - - EncryptedAssertion encryptAssertion = null; - - encryptAssertion = samlEncrypter.encrypt(assertion); - - authResponse.getEncryptedAssertions().add(encryptAssertion); - - } catch (EncryptionException e1) { - Logger.warn("Can not encrypt the PVP2 assertion", e1); - throw new InvalidAssertionEncryptionException(); - - } - - } else { - authResponse.getAssertions().add(assertion); - - } - + Response authResponse = AuthResponseBuilder.buildResponse(authnRequest, date, assertion); + IEncoder binding = null; if (consumerService.getBinding().equals( @@ -223,32 +124,21 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { if (binding == null) { throw new BindingNotSupportedException(consumerService.getBinding()); } - + try { - binding.encodeRespone(req, resp, authResponse, oaURL, obj.getRelayState()); - // TODO add remoteSessionID to AuthSession ExternalPVPSessionStore - -// Logger logger = new Logger(); -// logger.debug("Redirect Binding Request = " + PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(authResponse))); - - + binding.encodeRespone(req, resp, authResponse, + consumerService.getLocation(), obj.getRelayState()); + return sloInformation; } catch (MessageEncodingException e) { Logger.error("Message Encoding exception", e); throw new MOAIDException("pvp2.01", null, e); + } catch (SecurityException e) { Logger.error("Security exception", e); throw new MOAIDException("pvp2.01", null, e); -// } catch (TransformerException e) { -// Logger.error("Security exception", e); -// throw new MOAIDException("pvp2.01", null, e); -// } catch (IOException e) { -// Logger.error("Security exception", e); -// throw new MOAIDException("pvp2.01", null, e); -// } catch (MarshallingException e) { -// Logger.error("Security exception", e); -// throw new MOAIDException("pvp2.01", null, e); + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java index 6c4f460f1..d1ae0b202 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java @@ -25,14 +25,15 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; public interface IRequestHandler { - public boolean handleObject(MOARequest obj); + public boolean handleObject(InboundMessage obj); - public SLOInformationInterface process(MOARequest obj, HttpServletRequest req, - HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException; + public SLOInformationInterface process(InboundMessage obj, HttpServletRequest req, + HttpServletResponse resp, IAuthData authData) throws MOAIDException; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java index 264802f09..5b9bf940d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java @@ -29,10 +29,12 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported; public class RequestManager { @@ -54,13 +56,13 @@ public class RequestManager { handler.add(new ArtifactResolution()); } - public SLOInformationInterface handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession) + public SLOInformationInterface handle(InboundMessage obj, HttpServletRequest req, HttpServletResponse resp, IAuthData authData) throws SAMLRequestNotSupported, MOAIDException { Iterator<IRequestHandler> it = handler.iterator(); while(it.hasNext()) { IRequestHandler handler = it.next(); if(handler.handleObject(obj)) { - return handler.process(obj, req, resp, moasession); + return handler.process(obj, req, resp, authData); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java index d95e21a0e..48e435777 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java @@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.KeyStoreUtils; +import at.gv.egovernment.moa.util.MiscUtil; public class CredentialProvider { @@ -86,7 +87,32 @@ public class CredentialProvider { throw new CredentialsNotAvailableException(e.getMessage(), null); } } - + + public static X509Credential getIDPAssertionEncryptionCredential() + throws CredentialsNotAvailableException { + PVPConfiguration config = PVPConfiguration.getInstance(); + try { + if (keyStore == null) + keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(), + config.getIDPKeyStorePassword()); + + //if no encryption key is configured return null + if (MiscUtil.isEmpty(config.getIDPKeyAliasAssertionEncryption())) + return null; + + MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter( + keyStore, config.getIDPKeyAliasAssertionEncryption(), config + .getIDPKeyPasswordAssertionEncryption().toCharArray()); + + credentials.setUsageType(UsageType.ENCRYPTION); + return (X509Credential) credentials; + } catch (Exception e) { + Logger.error("Failed to generate IDP Assertion Encryption credentials"); + e.printStackTrace(); + throw new CredentialsNotAvailableException(e.getMessage(), null); + } + } + public static Signature getIDPSignature(Credential credentials) { PrivateKey privatekey = credentials.getPrivateKey(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java new file mode 100644 index 000000000..61b481447 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java @@ -0,0 +1,111 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import java.util.List; + +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml2.core.AuthnStatement; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.Subject; + +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class AssertionAttributeExtractor { + + private Assertion assertion = null; + + public AssertionAttributeExtractor(Response samlResponse) throws AssertionAttributeExtractorExeption { + if (samlResponse != null) { + if (samlResponse.getAssertions().size() == 0) + throw new AssertionAttributeExtractorExeption("Assertion"); + + else if (samlResponse.getAssertions().size() > 1) + Logger.warn("Found more then ONE PVP2.1 assertions. Only the First is used."); + + assertion = samlResponse.getAssertions().get(0); + + } else + throw new AssertionAttributeExtractorExeption(); + } + + public String getNameID() throws AssertionAttributeExtractorExeption { + if (assertion.getSubject() != null) { + Subject subject = assertion.getSubject(); + + if (subject.getNameID() != null) { + if (MiscUtil.isNotEmpty(subject.getNameID().getValue())) + return subject.getNameID().getValue(); + + else + Logger.error("SAML2 NameID Element is empty."); + } + } + + throw new AssertionAttributeExtractorExeption("nameID"); + } + + public String getSessionIndex() throws AssertionAttributeExtractorExeption { + AuthnStatement authn = getAuthnStatement(); + + if (MiscUtil.isNotEmpty(authn.getSessionIndex())) + return authn.getSessionIndex(); + + else + throw new AssertionAttributeExtractorExeption("SessionIndex"); + } + + /** + * @return + * @throws AssertionAttributeExtractorExeption + */ + public String getQAALevel() throws AssertionAttributeExtractorExeption { + AuthnStatement authn = getAuthnStatement(); + if (authn.getAuthnContext() != null && authn.getAuthnContext().getAuthnContextClassRef() != null) { + AuthnContextClassRef qaaClass = authn.getAuthnContext().getAuthnContextClassRef(); + + if (MiscUtil.isNotEmpty(qaaClass.getAuthnContextClassRef())) + return qaaClass.getAuthnContextClassRef(); + + else + throw new AssertionAttributeExtractorExeption("AuthnContextClassRef (QAALevel)"); + } + + throw new AssertionAttributeExtractorExeption("AuthnContextClassRef"); + } + + private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption { + List<AuthnStatement> authnList = assertion.getAuthnStatements(); + if (authnList.size() == 0) + throw new AssertionAttributeExtractorExeption("AuthnStatement"); + + else if (authnList.size() > 1) + Logger.warn("Found more then ONE AuthnStatements in PVP2.1 assertions. Only the First is used."); + + return authnList.get(0); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java deleted file mode 100644 index 666bfab3c..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java +++ /dev/null @@ -1,85 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.utils; - -import java.util.Iterator; -import java.util.List; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; - -public class AttributeExtractor { - - public static String extractSAMLAttributeOA(String name, - AuthenticationSession authSession) { - List<ExtendedSAMLAttribute> extAttributes = authSession.getExtendedSAMLAttributesOA(); - if(extAttributes == null) { - return null; - } - Iterator<ExtendedSAMLAttribute> extAttributesIt = extAttributes.iterator(); - while(extAttributesIt.hasNext()) { - Object attr = extAttributesIt.next(); - if(attr instanceof ExtendedSAMLAttribute) { - ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr; - if(extAttribute.getName().equals(name)) { - if(extAttribute.getValue() instanceof String) { - return extAttribute.getValue().toString(); - } - break; - } - } - } - return null; - } - - public static String extractSAMLAttributeAUTH(String name, - AuthenticationSession authSession) { - List<ExtendedSAMLAttribute> extAttributes = authSession.getExtendedSAMLAttributesAUTH(); - if(extAttributes == null) { - return null; - } - Iterator<ExtendedSAMLAttribute> extAttributesIt = extAttributes.iterator(); - while(extAttributesIt.hasNext()) { - Object attr = extAttributesIt.next(); - if(attr instanceof ExtendedSAMLAttribute) { - ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr; - if(extAttribute.getName().equals(name)) { - if(extAttribute.getValue() instanceof String) { - return extAttribute.getValue().toString(); - } - break; - } - } - } - return null; - } - - public static String extractSAMLAttributeBOTH(String name, - AuthenticationSession authSession) { - String value = extractSAMLAttributeOA(name, authSession); - if(value == null) { - value = extractSAMLAttributeAUTH(name, authSession); - } - return value; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java new file mode 100644 index 000000000..12de97a3f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java @@ -0,0 +1,93 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import java.util.List; + +import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; +import org.opensaml.ws.soap.client.BasicSOAPMessageContext; +import org.opensaml.ws.soap.client.http.HttpClientBuilder; +import org.opensaml.ws.soap.client.http.HttpSOAPClient; +import org.opensaml.ws.soap.common.SOAPException; +import org.opensaml.ws.soap.soap11.Body; +import org.opensaml.ws.soap.soap11.Envelope; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.SecurityException; + +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class MOASAMLSOAPClient { + + public static List<XMLObject> send(String destination, XMLObject payLoad) throws ConfigurationException, SOAPException, SecurityException { + //build SOAP request + BasicParserPool parserPool = new BasicParserPool(); + parserPool.setNamespaceAware(true); + + Envelope soapRequest = SAML2Utils.buildSOAP11Envelope(payLoad); + + BasicSOAPMessageContext soapContext = new BasicSOAPMessageContext(); + soapContext.setOutboundMessage(soapRequest); + + HttpClientBuilder clientBuilder = new HttpClientBuilder(); + if (destination.startsWith("https")) { + try { + SecureProtocolSocketFactory sslprotocolsocketfactory = + new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + AuthConfigurationProvider.getInstance().getCertstoreDirectory(), + AuthConfigurationProvider.getInstance().getTrustedCACertificates(), + null, + ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()), + AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking()); + clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory ); + + } catch (MOAHttpProtocolSocketFactoryException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); + + } + } + + HttpSOAPClient soapClient = new HttpSOAPClient(clientBuilder.buildClient(), parserPool); + + //send request to IDP + soapClient.send(destination, soapContext); + + //parse response + Envelope soapResponse = (Envelope) soapContext.getInboundMessage(); + Body soapBody = soapResponse.getBody(); + + return soapBody.getUnknownXMLObjects(); + + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java index b52e37e06..9d57c2bae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java @@ -38,6 +38,8 @@ import org.opensaml.saml2.core.Status; import org.opensaml.saml2.core.StatusCode; import org.opensaml.saml2.metadata.AssertionConsumerService; import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.ws.soap.soap11.Body; +import org.opensaml.ws.soap.soap11.Envelope; import org.opensaml.xml.XMLObject; import org.opensaml.xml.XMLObjectBuilderFactory; import org.opensaml.xml.io.Marshaller; @@ -115,4 +117,15 @@ public class SAML2Utils { return 0; } + + public static Envelope buildSOAP11Envelope(XMLObject payload) { + XMLObjectBuilderFactory bf = Configuration.getBuilderFactory(); + Envelope envelope = (Envelope) bf.getBuilder(Envelope.DEFAULT_ELEMENT_NAME).buildObject(Envelope.DEFAULT_ELEMENT_NAME); + Body body = (Body) bf.getBuilder(Body.DEFAULT_ELEMENT_NAME).buildObject(Body.DEFAULT_ELEMENT_NAME); + + body.getUnknownXMLObjects().add(payload); + envelope.setBody(body); + + return envelope; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java index ac222ee54..fde453920 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java @@ -22,21 +22,59 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.verification; +import java.util.ArrayList; +import java.util.List; + +import org.joda.time.DateTime; import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Conditions; +import org.opensaml.saml2.core.EncryptedAssertion; import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.encryption.Decrypter; +import org.opensaml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver; +import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.security.MetadataCriteria; import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.xml.encryption.ChainingEncryptedKeyResolver; +import org.opensaml.xml.encryption.DecryptionException; +import org.opensaml.xml.encryption.InlineEncryptedKeyResolver; +import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver; import org.opensaml.xml.security.CriteriaSet; import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.criteria.EntityIDCriteria; import org.opensaml.xml.security.criteria.UsageCriteria; +import org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver; +import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.signature.SignatureTrustEngine; import org.opensaml.xml.validation.ValidationException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.logging.Logger; + public class SAMLVerificationEngine { + + public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { + if (msg instanceof MOARequest && + ((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType) + verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine); + + else + verifyResponse(((MOAResponse)msg).getResponse(), sigTrustEngine); + + } + + public void verifyResponse(Response samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); try { @@ -48,7 +86,7 @@ public class SAMLVerificationEngine { CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) ); - criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) ); + criteriaSet.add( new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) ); criteriaSet.add( new UsageCriteria(UsageType.SIGNING) ); try { @@ -86,4 +124,88 @@ public class SAMLVerificationEngine { } } + public static void validateAssertion(Response samlResp, boolean validateDestination) throws AssertionValidationExeption { + try { + if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>(); + + if (validateDestination && !samlResp.getDestination().startsWith( + PVPConfiguration.getInstance().getIDPPublicPath())) { + Logger.warn("PVP 2.1 assertion destination does not match to IDP URL"); + throw new AssertionValidationExeption("PVP 2.1 assertion destination does not match to IDP URL", null); + + } + + //check encrypted Assertion + List<EncryptedAssertion> encryAssertionList = samlResp.getEncryptedAssertions(); + if (encryAssertionList != null && encryAssertionList.size() > 0) { + //decrypt assertions + + Logger.debug("Found encryped assertion. Start decryption ..."); + + X509Credential authDecCredential = CredentialProvider.getIDPAssertionEncryptionCredential(); + + StaticKeyInfoCredentialResolver skicr = + new StaticKeyInfoCredentialResolver(authDecCredential); + + ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); + encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() ); + encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() ); + encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() ); + + Decrypter samlDecrypter = + new Decrypter(null, skicr, encryptedKeyResolver); + + for (EncryptedAssertion encAssertion : encryAssertionList) { + saml2assertions.add(samlDecrypter.decrypt(encAssertion)); + + } + + Logger.debug("Assertion decryption finished. "); + + } else { + saml2assertions.addAll(samlResp.getAssertions()); + + } + + for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { + + Conditions conditions = saml2assertion.getConditions(); + DateTime notbefore = conditions.getNotBefore(); + DateTime notafter = conditions.getNotOnOrAfter(); + if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) { + Logger.warn("PVP2 Assertion is out of Date"); + saml2assertions.remove(saml2assertion); + + } + } + + if (saml2assertions.isEmpty()) { + Logger.info("No valid PVP 2.1 assertion received."); + throw new AssertionValidationExeption("No valid PVP 2.1 assertion received.", null); + } + + samlResp.getAssertions().clear(); + samlResp.getEncryptedAssertions().clear(); + samlResp.getAssertions().addAll(saml2assertions); + + } else { + Logger.info("PVP 2.1 assertion includes an error. Receive errorcode " + + samlResp.getStatus().getStatusCode().getValue()); + throw new AssertionValidationExeption("PVP 2.1 assertion includes an error. Receive errorcode " + + samlResp.getStatus().getStatusCode().getValue(), null); + } + + } catch (CredentialsNotAvailableException e) { + Logger.warn("Assertion decrypt FAILED - No Credentials", e); + throw new AssertionValidationExeption("Assertion decrypt FAILED - No Credentials", null, e); + + } catch (DecryptionException e) { + Logger.warn("Assertion decrypt FAILED.", e); + throw new AssertionValidationExeption("Assertion decrypt FAILED.", null, e); + + } catch (ConfigurationException e) { + throw new AssertionValidationExeption("pvp.12", null, e); + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java new file mode 100644 index 000000000..3d608fd6d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java @@ -0,0 +1,76 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; + +import org.opensaml.saml2.metadata.provider.FilterException; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.xml.XMLObject; + +import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationIDPType; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class InterfederatedIDPPublicServiceFilter implements MetadataFilter { + + private String metadataURL; + private boolean isPublicService = false; + + /** + * + */ + public InterfederatedIDPPublicServiceFilter(String metadataURL, String oaType) { + Logger.debug("Add " + this.getClass().getName() + " to metadata policy"); + this.metadataURL = metadataURL; + + if (oaType.equals("businessService")) + this.isPublicService = false; + else + this.isPublicService = true; + } + + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) + */ + @Override + public void doFilter(XMLObject arg0) throws FilterException { + + boolean metadatacheck = ValidationHelper.isPublicServiceAllowed(this.metadataURL); + + if (isPublicService && isPublicService != metadatacheck) { + Logger.warn("Interfederated IDP " + metadataURL + " is configured " + + "as Public-Servic IDP but PublicService policy check FAILED."); + throw new FilterException("Interfederated IDP " + metadataURL + " is configured " + + "as Public-Servic IDP but PublicService policy check FAILED."); + + } + + Logger.info("Metadata PublicService policy check done OK"); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java new file mode 100644 index 000000000..4e1d939ff --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java @@ -0,0 +1,82 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; + +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.List; + +import org.opensaml.saml2.metadata.provider.FilterException; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.xml.XMLObject; + +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class MetadataFilterChain implements MetadataFilter { + + private List<MetadataFilter> filters = new ArrayList<MetadataFilter>(); + + /** + * @throws CertificateException + * + */ + public MetadataFilterChain(String url, byte[] certificate) throws CertificateException { + addDefaultFilters(url, certificate); + } + + public void addDefaultFilters(String url, byte[] certificate) throws CertificateException { + filters.add(new MetadataSignatureFilter(url, certificate)); + + } + + /** + * @return the filter + */ + public List<MetadataFilter> getFilters() { + return filters; + } + + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) + */ + @Override + public void doFilter(XMLObject arg0) throws FilterException { + for (MetadataFilter filter : filters) { + Logger.trace("Use MOAMetadatafilter " + filter.getClass().getName()); + filter.doFilter(arg0); + } + + } + + + + + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java index ed0cf9c62..0405fa114 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java @@ -20,7 +20,7 @@ * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.verification; +package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; import iaik.x509.X509Certificate; @@ -39,6 +39,7 @@ import org.opensaml.xml.security.x509.BasicX509Credential; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier; import at.gv.egovernment.moa.logging.Logger; public class MetadataSignatureFilter implements MetadataFilter { @@ -151,9 +152,9 @@ public class MetadataSignatureFilter implements MetadataFilter { ConfigurationDBUtils.closeSession(); - Logger.info("Metadata Filter done OK"); + Logger.info("Metadata signature policy check done OK"); } catch (MOAIDException e) { - e.printStackTrace(); + Logger.warn("Metadata signature policy check FAILED.", e); throw new FilterException(e); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 587ca04e7..67f780b3a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -27,32 +27,26 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.URLEncoder; public class GetArtifactAction implements IAction { public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException { + HttpServletResponse httpResp, IAuthData obj) throws AuthenticationException { String oaURL = (String) req.getOAURL(); - String target = (String) req.getTarget(); String sourceID = null; if (req instanceof SAML1RequestImpl) { @@ -61,42 +55,32 @@ public class GetArtifactAction implements IAction { } - try { - + SAML1AuthenticationData authData; + if (obj instanceof SAML1AuthenticationData) { + authData = (SAML1AuthenticationData) obj; - if (oaURL == null) { - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.12"); - } - - // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.12"); - - // TODO: Support Mandate MODE! + } else { + Logger.error("AuthDate is NOT of type SAML1AuthenticationData."); + throw new AuthenticationException("AuthDate is NOT of type SAML1AuthenticationData.", new Object[]{}); + } + + try { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(oaURL); - - SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); - - AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session, - oaParam, - target); + .getOnlineApplicationParameter(oaURL); + SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); + // add other stork attributes to MOA assertion if available - if(null != session.getStorkAttributes()) { - List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(session.getStorkAttributes()); - session.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes); - //produce MOA-Assertion and artifact - AuthenticationServer.getInstance().getForeignAuthenticationData(session); + if(null != authData.getStorkAttributes()) { + List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(authData.getStorkAttributes()); + authData.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes); Logger.info("MOA assertion assembled and SAML Artifact generated."); } - String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData, sourceID); + String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID); - if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) { - String url = "RedirectServlet"; + if (authData.isSsoSession()) { + String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8")); if (!oaParam.getBusinessService()) url = addURLParameter(url, PARAM_TARGET, URLEncoder.encode(oaParam.getTarget(), "UTF-8")); @@ -125,7 +109,7 @@ public class GetArtifactAction implements IAction { } SLOInformationInterface sloInformation = - new SLOInformationImpl(authData.getAssertionID(), null, req.requestedModule()); + new SLOInformationImpl(authData.getAssertionID(), null, null, req.requestedModule()); return sloInformation; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index f622f4b94..66861afa3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -56,7 +56,6 @@ import org.w3c.dom.NodeList; import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.Constants; @@ -138,12 +137,9 @@ public class GetAuthenticationDataService implements Constants { try { - AuthenticationData authData = saml1server.getSaml1AuthenticationData(samlArtifact); + samlAssertion = saml1server.getSaml1AuthenticationData(samlArtifact); -// useUTC = authData.getUseUTC(); - // success - samlAssertion = authData.getSamlAssertion(); statusCode = "samlp:Success"; statusMessageCode = "1200"; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java new file mode 100644 index 000000000..d48c0a9bb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java @@ -0,0 +1,177 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.protocols.saml1; + +import java.text.ParseException; +import java.util.List; + +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DateTimeUtils; + +/** + * Encapsulates authentication data contained in a <code><saml:Assertion></code>. + * + * @author Paul Ivancsics + * @version $Id$ + */ + +public class SAML1AuthenticationData extends AuthenticationData { + /** + * + */ + private static final long serialVersionUID = -1042697056735596866L; +/** + * major version number of the SAML assertion + */ + private int majorVersion; + /** + * minor version number of the SAML assertion + */ + private int minorVersion; + /** + * identifier for this assertion + */ + private String assertionID; +/** + * @return the majorVersion + */ + + private String samlAssertion = null; + + private List<ExtendedSAMLAttribute> extendedSAMLAttributesOA; + + + public SAML1AuthenticationData() { + this.setMajorVersion(1); + this.setMinorVersion(0); + this.setAssertionID(Random.nextRandom()); + } + + + //this method is only required for MOA-ID Proxy 2.0 Release. + //TODO: remove it, if MOA-ID Proxy is not supported anymore. + public String getWBPK() { + return getBPK(); + } + +public int getMajorVersion() { + return majorVersion; +} +/** + * @param majorVersion the majorVersion to set + */ +public void setMajorVersion(int majorVersion) { + this.majorVersion = majorVersion; +} +/** + * @return the minorVersion + */ +public int getMinorVersion() { + return minorVersion; +} +/** + * @param minorVersion the minorVersion to set + */ +public void setMinorVersion(int minorVersion) { + this.minorVersion = minorVersion; +} +/** + * @return the assertionID + */ +public String getAssertionID() { + return assertionID; +} +/** + * @param assertionID the assertionID to set + */ +public void setAssertionID(String assertionID) { + this.assertionID = assertionID; +} + +public void setIssueInstant(String date) { + try { + setIssueInstant(DateTimeUtils.parseDateTime(date)); + + } catch (ParseException e) { + Logger.error("Parse IssueInstant element FAILED.", e); + + } +} + +/** + * @return the samlAssertion + */ +public String getSamlAssertion() { + return samlAssertion; +} + +/** + * @param samlAssertion the samlAssertion to set + */ +public void setSamlAssertion(String samlAssertion) { + this.samlAssertion = samlAssertion; +} + +/** + * @return the extendedSAMLAttributesOA + */ +public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesOA() { + return extendedSAMLAttributesOA; +} + +/** + * @param extendedSAMLAttributesOA the extendedSAMLAttributesOA to set + */ +public void setExtendedSAMLAttributesOA( + List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) { + this.extendedSAMLAttributesOA = extendedSAMLAttributesOA; +} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 6391860ff..52b9b40ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -23,7 +23,6 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.io.IOException; -import java.util.Date; import java.util.List; import javax.xml.parsers.ParserConfigurationException; @@ -116,7 +115,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { * * @return <code>AuthenticationData</code> */ - public AuthenticationData getSaml1AuthenticationData(String samlArtifact) + public String getSaml1AuthenticationData(String samlArtifact) throws AuthenticationException { try { new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); @@ -125,13 +124,13 @@ public class SAML1AuthenticationServer extends AuthenticationServer { throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString() }); } - AuthenticationData authData = null; + String authData = null; synchronized (authenticationDataStore) { // System.out.println("assertionHandle: " + assertionHandle); try { authData = authenticationDataStore - .get(samlArtifact, AuthenticationData.class); + .get(samlArtifact, String.class, authDataTimeOut); } catch (MOADatabaseException e) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); @@ -140,12 +139,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } authenticationDataStore.remove(samlArtifact); - - long now = new Date().getTime(); - - if (now - authData.getTimestamp().getTime() > authDataTimeOut) - throw new AuthenticationException("1207", new Object[] { samlArtifact }); - + Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); return authData; @@ -163,9 +157,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer { return samlArtifact; } - public String BuildSAMLArtifact(AuthenticationSession session, - OAAuthParameter oaParam, - AuthenticationData authData, String sourceID) + public String BuildSAMLArtifact(OAAuthParameter oaParam, + SAML1AuthenticationData authData, String sourceID) throws ConfigurationException, BuildException, AuthenticationException { //Load SAML1 Parameter from OA config @@ -179,7 +172,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { //set BASE64 encoded signer certificate String signerCertificateBase64 = ""; if (saml1parameter.isProvideCertificate()) { - byte[] signerCertificate = session.getEncodedSignerCertificate(); + byte[] signerCertificate = authData.getSignerCertificate(); if (signerCertificate != null) { signerCertificateBase64 = Base64Utils @@ -195,41 +188,31 @@ public class SAML1AuthenticationServer extends AuthenticationServer { provideStammzahl); //set Authblock - String authBlock = saml1parameter.isProvideAUTHBlock() ? session + String authBlock = saml1parameter.isProvideAUTHBlock() ? authData .getAuthBlock() : ""; //set IdentityLink for assortion String ilAssertion = ""; if (saml1parameter.isProvideIdentityLink()) { - if (oaParam.getBusinessService()) { - //IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); - -// Element resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink() -// .getSamlAssertion()); -// -// ilAssertion = DOMUtils.serializeNode(resignedilAssertion); + ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion(); - } else { - ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion(); - - if (!saml1parameter.isProvideStammzahl()) - ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink() - .getIdentificationValue(), ""); - - } + if (!saml1parameter.isProvideStammzahl()) + ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink() + .getIdentificationValue(), ""); } + String samlAssertion; - if (session.getUseMandate()) { - List<ExtendedSAMLAttribute> oaAttributes = session.getExtendedSAMLAttributesOA(); + if (authData.isUseMandate()) { + List<ExtendedSAMLAttribute> oaAttributes = authData.getExtendedSAMLAttributesOA(); if (saml1parameter.isProvideFullMandatorData()) { try { ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( - session.getMISMandate(), oaParam.getBusinessService(), + authData.getMISMandate(), oaParam.getBusinessService(), saml1parameter.isProvideStammzahl()); if (extendedSAMLAttributes != null) { @@ -293,7 +276,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } } - String mandateDate = generateMandateDate(session, oaParam, authData); + String mandateDate = generateMandateDate(oaParam, authData); samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate( authData, @@ -301,7 +284,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { mandateDate, authBlock, ilAssertion, - session.getBkuURL(), + authData.getBkuURL(), signerCertificateBase64, oaParam.getBusinessService(), oaAttributes, @@ -314,24 +297,23 @@ public class SAML1AuthenticationServer extends AuthenticationServer { prPerson, authBlock, ilAssertion, - session.getBkuURL(), + authData.getBkuURL(), signerCertificateBase64, oaParam.getBusinessService(), - session.getExtendedSAMLAttributesOA(), + authData.getExtendedSAMLAttributesOA(), useCondition, conditionLength); } - authData.setSamlAssertion(samlAssertion); + //authData.setSamlAssertion(samlAssertion); String samlArtifact = new SAMLArtifactBuilder().build( - session.getAuthURL(), Random.nextRandom(), + authData.getIssuer(), Random.nextRandom(), sourceID); - storeAuthenticationData(samlArtifact, authData); + storeAuthenticationData(samlArtifact, samlAssertion); - Logger.info("Anmeldedaten zu MOASession " + session.getSessionID() - + " angelegt, SAML Artifakt " + samlArtifact); + Logger.info("Anmeldedaten angelegt, SAML Artifakt " + samlArtifact); return samlArtifact; } catch (Throwable ex) { @@ -341,21 +323,20 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } - private String generateMandateDate(AuthenticationSession session, - OAAuthParameter oaParam, AuthenticationData authData + private String generateMandateDate(OAAuthParameter oaParam, AuthenticationData authData ) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { - if (session == null) + if (authData == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); IdentityLink tempIdentityLink = null; - Element mandate = session.getMandate(); + Element mandate = authData.getMandate(); - if (session.getUseMandate()) { + if (authData.isUseMandate()) { tempIdentityLink = new IdentityLink(); Element mandator = ParepUtils.extractMandator(mandate); String dateOfBirth = ""; @@ -432,7 +413,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer { String oatargetType; if(oaParam.getBusinessService()) { - oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) + oatargetType = oaParam.getIdentityLinkDomainIdentifier(); + else + oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+oaParam.getIdentityLinkDomainIdentifier(); } else { oatargetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); @@ -509,7 +493,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { * when SAML artifact is invalid */ private void storeAuthenticationData(String samlArtifact, - AuthenticationData authData) throws AuthenticationException { + String samlAssertion) throws AuthenticationException { try { SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact); @@ -523,7 +507,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { synchronized (authenticationDataStore) { Logger.debug("Assertion stored for SAML Artifact: " + samlArtifact); - authenticationDataStore.put(samlArtifact, authData); + authenticationDataStore.put(samlArtifact, samlAssertion); } } catch (AuthenticationException ex) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index b6a2ac0b6..dafcb9987 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -23,12 +23,15 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.util.HashMap; +import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import edu.emory.mathcs.backport.java.util.Arrays; + import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -41,7 +44,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -54,8 +57,23 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { public static final String GETARTIFACT = "GetArtifact"; - private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); + @SuppressWarnings("unchecked") + public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList( + new String[] { + PVPConstants.BPK_NAME, + PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, + PVPConstants.GIVEN_NAME_NAME, + PVPConstants.PRINCIPAL_NAME_NAME, + PVPConstants.BIRTHDATE_NAME, + PVPConstants.EID_CCS_URL_NAME, + PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, + PVPConstants.EID_IDENTITY_LINK_NAME, + PVPConstants.EID_SOURCE_PIN_NAME, + PVPConstants.EID_SOURCE_PIN_TYPE_NAME + }); + private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); + static { actions.put(GETARTIFACT, new GetArtifactAction()); @@ -139,12 +157,9 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { new Object[] { oaURL }); } - config.setSourceID(sourceID); - + config.setSourceID(sourceID); config.setTarget(oaParam.getTarget()); - -// request.getSession().setAttribute(PARAM_OA, oaURL); -// request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget()); + return config; } @@ -157,7 +172,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest); - String url = "RedirectServlet"; + String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = response.encodeRedirectURL(url); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java index 72adfe0e7..9bf88534f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java @@ -22,7 +22,19 @@ */ package at.gv.egovernment.moa.id.protocols.saml1; +import java.util.ArrayList; +import java.util.List; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; +import at.gv.egovernment.moa.logging.Logger; /** * @author tlenz @@ -48,4 +60,37 @@ public class SAML1RequestImpl extends RequestImpl { this.sourceID = sourceID; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() + */ + @Override + public List<Attribute> getRequestedAttributes() { + + List<String> reqAttr = new ArrayList<String>(); + reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION); + + try { + OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); + OASAML1 saml1 = oa.getSAML1Parameter(); + if (saml1 != null) { + if (saml1.isProvideAUTHBlock()) + reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME); + + if (saml1.isProvideCertificate()) + reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME); + + if (saml1.isProvideFullMandatorData()) + reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME); + } + + return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.iterator()); + + } catch (ConfigurationException e) { + Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e); + return null; + } + + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 68a891fcd..b9f01ca9f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -9,6 +9,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; @@ -42,7 +43,7 @@ public class AttributeCollector implements IAction { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession) */ - public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { // - fetch the container String artifactId = (String) httpReq.getParameter(ARTIFACT_ID); @@ -103,7 +104,7 @@ public class AttributeCollector implements IAction { // read configuration parameters of OA OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(container.getRequest().getAssertionConsumerServiceURL()); if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + throw new AuthenticationException("stork.12", new Object[]{container.getRequest().getAssertionConsumerServiceURL()}); // find the attribute provider plugin that can handle the response IPersonalAttributeList newAttributes = null; @@ -129,10 +130,10 @@ public class AttributeCollector implements IAction { addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes); // see if we need some more attributes - SLOInformationImpl sloInfo = (SLOInformationImpl) processRequest(container, httpReq, httpResp, moasession, oaParam); + SLOInformationImpl sloInfo = (SLOInformationImpl) processRequest(container, httpReq, httpResp, authData, oaParam); if (sloInfo == null) { - sloInfo = new SLOInformationImpl(null, null, req.requestedModule()); + sloInfo = new SLOInformationImpl(null, null, null, req.requestedModule()); } return sloInfo; @@ -147,7 +148,7 @@ public class AttributeCollector implements IAction { * @return the string * @throws MOAIDException */ - public SLOInformationInterface processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException { + public SLOInformationInterface processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, IAuthData authData, OAAuthParameter oaParam) throws MOAIDException { // check if there are attributes we need to fetch IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); @@ -179,7 +180,7 @@ public class AttributeCollector implements IAction { try { // - hand over control to the suitable plugin Logger.info(currentProvider.getClass().getSimpleName() + " called to handle attribute '" + currentAttribute.getName() + "'"); - aquiredAttributes = currentProvider.acquire(currentAttribute, container.getRequest().getSpCountry(), moasession); + aquiredAttributes = currentProvider.acquire(currentAttribute, container.getRequest().getSpCountry(), authData); Logger.info(currentProvider.getClass().getSimpleName() + " can handle attribute '" + currentAttribute.getName() + "'"); break; } catch (UnsupportedAttributeException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index 2914d8f7d..b1eb3a021 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -6,6 +6,7 @@ import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -23,13 +24,13 @@ public interface AttributeProvider { * * @param attributes the list of attributes to be acquired * @param spCountyCode the sp county code - * @param moasession the moasession + * @param authData the moasession * @return the personal attribute * @throws UnsupportedAttributeException the unsupported attribute exception * @throws ExternalAttributeRequestRequiredException an attribute request to an external service has to be done * @throws MOAIDException the mOAID exception */ - public IPersonalAttributeList acquire(PersonalAttribute attributes, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException; + public IPersonalAttributeList acquire(PersonalAttribute attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException; /** * Perform redirect. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 110ef327f..0312f776b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -5,7 +5,9 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; @@ -43,13 +45,13 @@ public class AuthenticationRequest implements IAction { private VelocityEngine velocityEngine; - private AuthenticationSession moaSession = null; + private IAuthData authData = null; private MOASTORKRequest moaStorkRequest = null; - public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - this.moaSession = moasession; + this.authData = authData; if ((req instanceof MOASTORKRequest) && ((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("AT")) { @@ -58,9 +60,10 @@ public class AuthenticationRequest implements IAction { Logger.debug("Entering MOASTORKRequest"); httpResp.reset(); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + //TODO: CHECK: req.getOAURL() should return the unique OA identifier + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL()); if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()}); MOASTORKResponse moaStorkResponse = new MOASTORKResponse(); @@ -86,7 +89,7 @@ public class AuthenticationRequest implements IAction { // } // Get personal attributtes from MOA/IdentityLink - moaStorkResponse.setPersonalAttributeList(populateAttributes()); + moaStorkResponse.setPersonalAttributeList(populateAttributes(oaParam)); } //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); @@ -107,7 +110,7 @@ public class AuthenticationRequest implements IAction { Logger.debug("Data container prepared"); - return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); + return (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam); } // check if we are getting request for citizen of some other country else if (req instanceof MOASTORKRequest) { @@ -398,16 +401,16 @@ public class AuthenticationRequest implements IAction { // does nothing - public void mandate(AuthenticationSession moasession) { + public void mandate(IAuthData authData) { - if (moasession.getUseMandate()) { + if (authData.isUseMandate()) { try { - MISMandate mandate = moasession.getMISMandate(); + MISMandate mandate = authData.getMISMandate(); String owbpk = mandate.getOWbPK(); byte[] mand = mandate.getMandate(); String profprep = mandate.getProfRep(); //String textdesc = mandate.getTextualDescriptionOfOID(); - Element mndt = moasession.getMandate(); + Element mndt = authData.getMandate(); iterate(mndt.getAttributes()); Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); @@ -419,14 +422,14 @@ public class AuthenticationRequest implements IAction { } - public PersonalAttributeList populateAttributes() { + public PersonalAttributeList populateAttributes(IOAAuthParameters oaParam) { IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList(); Logger.info("Found " + attrLst.size() + " personal attributes in the request."); // Define attribute list to be populated PersonalAttributeList attributeList = new PersonalAttributeList(); - MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkRequest); + MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData.getIdentityLink(), moaStorkRequest); try { for (PersonalAttribute personalAttribute : attrLst) { @@ -437,10 +440,8 @@ public class AuthenticationRequest implements IAction { Logger.error("Exception, attributes: " + e.getMessage()); } - Logger.debug("AUTHBLOCK " + moaSession.getAuthBlock()); - Logger.debug("TARGET " + moaSession.getTarget() + " " + moaSession.getTargetFriendlyName()); - Logger.debug("SESSION IDENTIFIER " + moaSession.getCcc() + " " + moaSession.getDomainIdentifier()); - Logger.debug("AUTHBLOCKTOKKEN" + moaSession.getAuthBlockTokken()); + Logger.debug("AUTHBLOCK " + authData.getAuthBlock()); + Logger.debug("SESSION IDENTIFIER " + authData.getCcc() + " " + oaParam.getIdentityLinkDomainIdentifier()); return attributeList; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index a08872029..d827e73cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -7,7 +7,8 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -41,7 +42,7 @@ public class ConsentEvaluator implements IAction { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession) */ - public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { // - fetch the container String artifactId = (String) httpReq.getParameter(ARTIFACT_ID); @@ -77,7 +78,7 @@ public class ConsentEvaluator implements IAction { * @return the string * @throws MOAIDException the mOAID exception */ - public String requestConsent(DataContainer container, HttpServletResponse response, OAAuthParameter oaParam) throws MOAIDException { + public String requestConsent(DataContainer container, HttpServletResponse response, IOAAuthParameters oaParam) throws MOAIDException { // prepare redirect String newArtifactId; try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index 370182e71..e7b5ebae4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -22,6 +22,7 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -54,7 +55,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute) */ - public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, AuthenticationSession moasession) + public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { @@ -97,7 +98,9 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { requestBodyElem.addAttribute(envelope.createName("xmlns"), "http://gesundheit.gv.at/BAGDAD/DataAccessService"); SOAPElement requestBodyElem1 = requestBodyElem.addChildElement("bPK"); - requestBodyElem1.addTextNode(new BPKBuilder().buildBPK(moasession.getIdentityLink().getIdentificationValue(), "GH")); + + //TODO: CHECK: IdentificationValue containts wbPK if MOA-ID is used as VIDP + requestBodyElem1.addTextNode(new BPKBuilder().buildBPK(authData.getIdentificationValue(), "GH")); requestMessage.saveChanges(); @@ -193,7 +196,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { // add stork id for verification ArrayList<String> value = new ArrayList<String>(); - value.add(new BPKBuilder().buildStorkeIdentifier(moasession.getIdentityLink(), spCountryCode)); + value.add(new BPKBuilder().buildStorkeIdentifier(authData.getIdentityLink(), spCountryCode)); result.add(new PersonalAttribute("eIdentifier", false, value, "Available")); return result; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index a5a91fa55..d7927a917 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -1,8 +1,11 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import java.io.Serializable; +import java.util.List; -import at.gv.egovernment.moa.id.moduls.IRequest; +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.STORKAttrQueryRequest; @@ -14,7 +17,7 @@ import eu.stork.peps.auth.commons.STORKAuthnResponse; * * @author bsuzic */ -public class MOASTORKRequest implements IRequest, Serializable { +public class MOASTORKRequest extends RequestImpl { /** The Constant serialVersionUID. */ private static final long serialVersionUID = 4581953368724501376L; @@ -22,15 +25,6 @@ public class MOASTORKRequest implements IRequest, Serializable { /** The request id. */ private String requestID; - /** The target. */ - private String target = null; - - /** The module. */ - String module = null; - - /** The action. */ - String action = null; - /** The stork authn request. */ private STORKAuthnRequest storkAuthnRequest; @@ -128,41 +122,6 @@ public class MOASTORKRequest implements IRequest, Serializable { } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule() - */ - public String requestedModule() { - return this.module; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedAction() - */ - public String requestedAction() { - return action; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#setModule(java.lang.String) - */ - public void setModule(String module) { - this.module = module; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#setAction(java.lang.String) - */ - public void setAction(String action) { - this.action = action; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getTarget() - */ - public String getTarget() { - return this.target; - } - - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IRequest#setRequestID(java.lang.String) */ public void setRequestID(String id) { @@ -211,4 +170,31 @@ public class MOASTORKRequest implements IRequest, Serializable { else return this.storkAuthnRequest.getAssertionConsumerServiceURL(); } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedIDP() + */ + @Override + public String getRequestedIDP() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getInterfederationResponse() + */ + @Override + public MOAResponse getInterfederationResponse() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() + */ + @Override + public List<Attribute> getRequestedAttributes() { + // TODO Auto-generated method stub + return null; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java index 7d9e20cd0..2cd0e1d57 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttributeList; @@ -8,13 +9,16 @@ import eu.stork.peps.auth.commons.STORKAttrQueryResponse; import eu.stork.peps.auth.commons.STORKAuthnResponse; import java.io.Serializable; +import java.util.List; + +import org.opensaml.saml2.core.Attribute; /** * Implements MOA request and stores StorkAuthn/Attr-Request related data. * * @author bsuzic */ -public class MOASTORKResponse implements IRequest, Serializable { +public class MOASTORKResponse extends RequestImpl { /** * The Constant serialVersionUID. @@ -257,5 +261,14 @@ public class MOASTORKResponse implements IRequest, Serializable { this.action = action; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() + */ + @Override + public List<Attribute> getRequestedAttributes() { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java index cae5e698b..8616b0430 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; @@ -45,7 +46,7 @@ public class MandateAttributeRequestProvider implements AttributeProvider { return "MandateAttributeRequestProvider"; } - public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { Logger.info("Acquiring attribute: " + attribute.getName() + ", by: " + getAttrProviderName()); this.spCountryCode = spCountryCode; requestedAttributes = new PersonalAttributeList(1); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java index 0d0391e3c..a4257c387 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -29,28 +30,26 @@ import javax.xml.namespace.QName; import java.io.StringWriter; import java.math.BigInteger; import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; /** * */ public class MandateRetrievalRequest implements IAction { - private AuthenticationSession moaSession; + private IAuthData authData; private MOASTORKRequest moaStorkRequest; - public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { Logger.debug("Entering AttributeRequest for MandateProvider"); httpResp.reset(); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL()); if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()}); MOASTORKResponse moaStorkResponse = new MOASTORKResponse(); STORKAttrQueryResponse attrResponse = new STORKAttrQueryResponse(); - this.moaSession = moasession; + this.authData = authData; if ((req instanceof MOASTORKRequest)) { this.moaStorkRequest = (MOASTORKRequest) req; @@ -64,10 +63,10 @@ public class MandateRetrievalRequest implements IAction { MandateContainer mandateContainer = null; try { - mandateContainer = new CorporateBodyMandateContainer(new String(moaSession.getMISMandate().getMandate(), "UTF-8")); + mandateContainer = new CorporateBodyMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8")); } catch (Exception ex) { try { - mandateContainer = new PhyPersonMandateContainer(new String(moaSession.getMISMandate().getMandate(), "UTF-8")); + mandateContainer = new PhyPersonMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8")); } catch (Exception ex2) { Logger.error("Could not extract data and create mandate container."); throw new MOAIDException("stork.16", new Object[] {}); // TODO @@ -213,11 +212,11 @@ public class MandateRetrievalRequest implements IAction { MandateContainer mc = null; try { - mc = new CorporateBodyMandateContainer(new String(moaSession.getMISMandate().getMandate(), "UTF-8")); + mc = new CorporateBodyMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8")); } catch (Exception ex) { Logger.error("CORPORATE ERROR"); try { - mc = new PhyPersonMandateContainer(new String(moaSession.getMISMandate().getMandate(), "UTF-8")); + mc = new PhyPersonMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8")); } catch (Exception ex2) { Logger.error("PERSON ERROR"); } @@ -351,6 +350,4 @@ public class MandateRetrievalRequest implements IAction { public String getDefaultActionName() { return STORKProtocol.MANDATERETRIEVALREQUEST; } - - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index e93a7ec87..ed9c45126 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -147,6 +147,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { STORK2Request.setSTORKAuthnRequest(authnRequest); STORK2Request.setSTORKAttrRequest(attrRequest); + return STORK2Request; } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java index 89eb07815..e522627be 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java @@ -16,6 +16,7 @@ import org.apache.velocity.app.VelocityEngine; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; @@ -56,7 +57,7 @@ public class SignedDocAttributeRequestProvider implements AttributeProvider { * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java * .lang.String) */ - public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, + public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { if(!attributes.contains(attribute.getName())) { throw new UnsupportedAttributeException(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index c0e613b82..3999451cc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -11,6 +11,7 @@ import org.apache.velocity.app.VelocityEngine; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; @@ -55,7 +56,7 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ - public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession) + public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { if (!attributes.contains(attribute.getName())) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java index 34add9895..f094dfabf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java @@ -54,6 +54,7 @@ import java.util.Map; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.URLEncoder; @@ -78,7 +79,7 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver { */ public Map getAuthenticationHeaders( OAConfiguration oaConf, - AuthenticationData authData, + SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) { @@ -116,7 +117,7 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver { */ public Map getAuthenticationParameters( OAConfiguration oaConf, - AuthenticationData authData, + SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) { @@ -149,13 +150,13 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver { * @param clientIPAddress client IP address * @return header or parameter value resolved; <code>null</code> if unknown name is given */ - private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) { + private static String resolveValue(String predicate, SAML1AuthenticationData authData, String clientIPAddress) { if (predicate.equals(MOAGivenName)) return authData.getGivenName(); if (predicate.equals(MOAFamilyName)) return authData.getFamilyName(); if (predicate.equals(MOADateOfBirth)) - return authData.getDateOfBirth(); + return authData.getFormatedDateOfBirth(); if (predicate.equals(MOABPK)) return authData.getBPK(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java index cd751b7ee..d432f8c41 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java @@ -50,6 +50,7 @@ import java.util.Map; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; /** * Determines authentication parameters and headers to be added to a {@link java.net.URLConnection} @@ -102,7 +103,7 @@ public interface LoginParameterResolver { */ public Map getAuthenticationHeaders( OAConfiguration oaConf, - AuthenticationData authData, + SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException; @@ -122,7 +123,7 @@ public interface LoginParameterResolver { */ public Map getAuthenticationParameters( OAConfiguration oaConf, - AuthenticationData authData, + SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java index 9f3de08aa..a5c632077 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java @@ -77,6 +77,7 @@ import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; @@ -373,7 +374,7 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes */ public Map getAuthenticationHeaders( OAConfiguration oaConf, - AuthenticationData authData, + SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException { @@ -447,7 +448,7 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes */ public Map getAuthenticationParameters( OAConfiguration oaConf, - AuthenticationData authData, + SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException { @@ -511,14 +512,14 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes */ private static String resolveValue( String predicate, - AuthenticationData authData, + SAML1AuthenticationData authData, String clientIPAddress) { if (predicate.equals("MOAGivenName")) return authData.getGivenName(); if (predicate.equals("MOAFamilyName")) return authData.getFamilyName(); if (predicate.equals("MOADateOfBirth")) - return authData.getDateOfBirth(); + return authData.getFormatedDateOfBirth(); if (predicate.equals("MOABPK")) return authData.getBPK(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java index 2760a736b..740421024 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java @@ -48,10 +48,12 @@ package at.gv.egovernment.moa.id.proxy; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import java.io.IOException; import java.util.*; + import org.apache.xerces.parsers.DOMParser; import org.w3c.dom.*; @@ -196,7 +198,7 @@ public class XMLLoginParameterResolverPlainData } //TODO document - public Map getAuthenticationHeaders(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws NotAllowedException + public Map getAuthenticationHeaders(OAConfiguration oaConf, SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws NotAllowedException { Map result = new HashMap(); if(oaConf.getAuthType().equals("basic")) @@ -318,7 +320,7 @@ public class XMLLoginParameterResolverPlainData return result; } - public Map getAuthenticationParameters(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) + public Map getAuthenticationParameters(OAConfiguration oaConf, SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) { Map result = new HashMap(); if(oaConf.getAuthType().equals("param")) @@ -336,14 +338,14 @@ public class XMLLoginParameterResolverPlainData return result; } - private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) + private static String resolveValue(String predicate, SAML1AuthenticationData authData, String clientIPAddress) { if(predicate.equals(MOAGivenName)) return authData.getGivenName(); if(predicate.equals(MOAFamilyName)) return authData.getFamilyName(); if(predicate.equals(MOADateOfBirth)) - return authData.getDateOfBirth(); + return authData.getFormatedDateOfBirth(); if(predicate.equals(MOABPK)) return authData.getBPK(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java index 0ef2077a3..26da33e34 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java @@ -68,6 +68,7 @@ import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.SAMLStatus; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder; import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; import at.gv.egovernment.moa.id.proxy.servlet.ProxyException; @@ -107,7 +108,7 @@ public class GetAuthenticationDataInvoker { * @return AuthenticationData * @throws MOAIDException */ - public AuthenticationData getAuthenticationData(String samlArtifact) + public SAML1AuthenticationData getAuthenticationData(String samlArtifact) throws MOAIDException { ConnectionParameter authConnParam = diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java index 35f72d36d..ebda8dae0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java @@ -50,6 +50,7 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; @@ -147,11 +148,11 @@ public class AuthenticationDataAssertionParser implements Constants { * @return <code>AuthenticationData</code> object * @throws ParseException on any error */ - public AuthenticationData parseAuthenticationData() + public SAML1AuthenticationData parseAuthenticationData() throws ParseException { try { - AuthenticationData authData = new AuthenticationData(); + SAML1AuthenticationData authData = new SAML1AuthenticationData(); //ÄNDERN: NUR der Identification-Teil authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion)); authData.setMajorVersion(new Integer( diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java index 9835c554d..cec8dbe6c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java @@ -51,6 +51,7 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.SAMLStatus; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.XPathUtils; @@ -130,7 +131,7 @@ public class SAMLResponseParser implements Constants { * @return <code>AuthenticationData</code> object * @throws ParseException on any parsing error */ - public AuthenticationData parseAuthenticationData() + public SAML1AuthenticationData parseAuthenticationData() throws ParseException { Element samlAssertion; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 52f72f577..9447f2e35 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -84,6 +84,7 @@ import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.id.proxy.ConnectionBuilder; import at.gv.egovernment.moa.id.proxy.ConnectionBuilderFactory; import at.gv.egovernment.moa.id.proxy.LoginParameterResolver; @@ -232,7 +233,7 @@ public class ProxyServlet extends HttpServlet { // boolean targetprovided = req.getParameter(PARAM_TARGET) != null; // get authentication data from the MOA-ID Auth component - AuthenticationData authData; + SAML1AuthenticationData authData; try { authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java index 6d8979da3..890ec9f0d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java @@ -31,9 +31,11 @@ import org.hibernate.HibernateException; import org.hibernate.Query; import org.hibernate.Session; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -82,10 +84,41 @@ public class AssertionStorage { } - public <T> T get(String artifact, final Class<T> clazz) throws MOADatabaseException { + + /** + * @param samlArtifact + * @param class1 + * @param authdatatimeout + * @return + * @throws MOADatabaseException + * @throws AuthenticationException + */ + public <T> T get(String samlArtifact, + final Class<T> clazz) throws MOADatabaseException { + + try { + return get(samlArtifact, clazz, -1); + + } catch (AuthenticationException e) { + //this execption only occurs if an additional timeOut is used + Logger.error("This exeption should not occur!!!!", e); + return null; + } + } + + public <T> T get(String artifact, final Class<T> clazz, long authdatatimeout) throws MOADatabaseException, AuthenticationException { AssertionStore element = searchInDatabase(artifact); + if (authdatatimeout > -1) { + //check timeout + long now = new Date().getTime(); + + if (now - element.getDatatime().getTime() > authdatatimeout) + throw new AuthenticationException("1207", new Object[] { artifact }); + } + + //Deserialize Assertion Object data = SerializationUtils.deserialize(element.getAssertion()); @@ -118,7 +151,7 @@ public class AssertionStorage { if (results.size() != 0) { for(AssertionStore result : results) { try { - MOASessionDBUtils.delete(result); + cleanDelete(result); Logger.info("Remove sessioninformation with ID=" + result.getArtifact() + " after timeout."); @@ -135,7 +168,7 @@ public class AssertionStorage { try { AssertionStore element = searchInDatabase(artifact); - MOASessionDBUtils.delete(element); + cleanDelete(element); Logger.info("Remove sessioninformation with ID" + artifact); @@ -148,6 +181,23 @@ public class AssertionStorage { } } + private void cleanDelete(AssertionStore element) { + try { + element.setAssertion(new byte[]{}); + MOASessionDBUtils.saveOrUpdate(element); + + } catch (MOADatabaseException e) { + Logger.warn("Blank shortTime session with artifact=" + element.getArtifact() + " FAILED.", e); + + } finally { + if (!MOASessionDBUtils.delete(element)) + Logger.error("ShortTime session with artifact=" + element.getArtifact() + + " not removed! (Error during Database communication)"); + + } + + } + @SuppressWarnings("rawtypes") private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException { MiscUtil.assertNotNull(artifact, "artifact"); @@ -158,7 +208,7 @@ public class AssertionStorage { synchronized (session) { session.beginTransaction(); Query query = session.getNamedQuery("getAssertionWithArtifact"); - query.setString("artifact", artifact); + query.setParameter("artifact", artifact); result = query.list(); //send transaction diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index 27f219452..74a5e01ad 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -22,10 +22,12 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.storage; +import java.util.ArrayList; import java.util.Date; import java.util.List; import org.apache.commons.lang.SerializationUtils; +import org.apache.commons.lang.StringEscapeUtils; import org.hibernate.HibernateException; import org.hibernate.Query; import org.hibernate.Session; @@ -36,11 +38,15 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.data.EncryptedData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.SessionEncrytionUtil; import at.gv.egovernment.moa.logging.Logger; @@ -63,21 +69,6 @@ public class AuthenticationSessionStoreage { } } - public static void setAuthenticated(String moaSessionID, boolean value) { - - AuthenticatedSessionStore session; - - try { - session = searchInDatabase(moaSessionID); - session.setAuthenticated(value); - MOASessionDBUtils.saveOrUpdate(session); - - - } catch (MOADatabaseException e) { - Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e); - } - } - public static AuthenticationSession createSession() throws MOADatabaseException { String id = Random.nextRandom(); AuthenticationSession session = new AuthenticationSession(id); @@ -104,44 +95,39 @@ public class AuthenticationSessionStoreage { return session; } - - public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException { + + public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException { try { - AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); - dbsession.setAuthenticated(session.isAuthenticated()); - byte[] serialized = SerializationUtils.serialize(session); - - EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized); - dbsession.setSession(encdata.getEncData()); - dbsession.setIv(encdata.getIv()); - - //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 - dbsession.setUpdated(new Date()); - - MOASessionDBUtils.saveOrUpdate(dbsession); - Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); - + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + return decryptSession(dbsession); + } catch (MOADatabaseException e) { - Logger.warn("MOASession could not be stored."); - throw new MOADatabaseException(e); - } + Logger.info("No MOA Session with id: " + sessionID); + throw new MOADatabaseException("No MOA Session with id: " + sessionID); + + } catch (Throwable e) { + Logger.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID, e); + throw new MOADatabaseException("MOASession deserialization-exception"); + } + } + + public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException { + storeSession(session, null); } public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException { try { AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); - dbsession.setPendingRequestID(pendingRequestID); - - dbsession.setAuthenticated(session.isAuthenticated()); - byte[] serialized = SerializationUtils.serialize(session); - EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized); - dbsession.setSession(encdata.getEncData()); - dbsession.setIv(encdata.getIv()); + if (MiscUtil.isNotEmpty(pendingRequestID)) + dbsession.setPendingRequestID(pendingRequestID); + + encryptSession(session, dbsession); //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setAuthenticated(session.isAuthenticated()); dbsession.setUpdated(new Date()); MOASessionDBUtils.saveOrUpdate(dbsession); @@ -153,10 +139,9 @@ public class AuthenticationSessionStoreage { } } - public static void destroySession(String moaSessionID) throws MOADatabaseException { - Session session = MOASessionDBUtils.getCurrentSession(); + Session session = MOASessionDBUtils.getCurrentSession(); List<AuthenticatedSessionStore> result; @@ -164,7 +149,7 @@ public class AuthenticationSessionStoreage { session.beginTransaction(); Query query = session.getNamedQuery("getSessionWithID"); - query.setString("sessionid", moaSessionID); + query.setParameter("sessionid", moaSessionID); result = query.list(); @@ -176,11 +161,9 @@ public class AuthenticationSessionStoreage { throw new MOADatabaseException("No session found with this sessionID"); } - AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0); - - //delete MOA Session - session.delete(dbsession); - session.getTransaction().commit(); + AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0); + session.getTransaction().commit(); + cleanDelete(dbsession); } } @@ -197,16 +180,11 @@ public class AuthenticationSessionStoreage { + "to " + id); session.setSessionID(id); + encryptSession(session, dbsession); dbsession.setSessionid(id); dbsession.setAuthenticated(session.isAuthenticated()); - - byte[] serialized = SerializationUtils.serialize(session); - - EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized); - dbsession.setSession(encdata.getEncData()); - dbsession.setIv(encdata.getIv()); - + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 dbsession.setUpdated(new Date()); @@ -220,7 +198,92 @@ public class AuthenticationSessionStoreage { throw new AuthenticationException("TODO!", null); } } + + public static void setAuthenticated(String moaSessionID, boolean value) { + + AuthenticatedSessionStore session; + + try { + session = searchInDatabase(moaSessionID); + session.setAuthenticated(value); + MOASessionDBUtils.saveOrUpdate(session); + + } catch (MOADatabaseException e) { + Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e); + } + } + + public static String getMOASessionSSOID(String SSOSessionID) { + MiscUtil.assertNotNull(SSOSessionID, "moasessionID"); + Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithSSOID"); + query.setParameter("sessionid", SSOSessionID); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return null; + + } else { + return result.get(0).getSessionid(); + + } + } + + public static boolean isSSOSession(String sessionID) throws MOADatabaseException { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + return dbsession.isSSOSession(); + + } catch (MOADatabaseException e) { + Logger.info("No MOA Session with id: " + sessionID); + throw new MOADatabaseException("No MOA Session with id: " + sessionID); + } + } + + public static AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId, String moaSessionId) { + MiscUtil.assertNotNull(SSOId, "SSOSessionID"); + Logger.trace("Get authenticated session with SSOID " + SSOId + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithSSOID"); + query.setParameter("sessionid", SSOId); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return null; + + } else { + return result.get(0); + } + } + public static void addSSOInformation(String moaSessionID, String SSOSessionID, SLOInformationInterface SLOInfo, String OAUrl) throws AuthenticationException { @@ -238,7 +301,7 @@ public class AuthenticationSessionStoreage { tx = session.beginTransaction(); Query query = session.getNamedQuery("getSessionWithID"); - query.setString("sessionid", moaSessionID); + query.setParameter("sessionid", moaSessionID); result = query.list(); @@ -274,7 +337,10 @@ public class AuthenticationSessionStoreage { if (SLOInfo != null) { activeOA.setAssertionSessionID(SLOInfo.getSessionIndex()); activeOA.setUserNameID(SLOInfo.getUserNameIdentifier()); + activeOA.setUserNameIDFormat(SLOInfo.getUserNameIDFormat()); activeOA.setProtocolType(SLOInfo.getProtocolType()); + activeOA.setAttributeQueryUsed(false); + } @@ -317,56 +383,75 @@ public class AuthenticationSessionStoreage { throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null); } } - - - public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException { + + public static List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession) { + MiscUtil.assertNotNull(moaSession, "MOASession"); try { - AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID()); + return dbsession.getActiveOAsessions(); - //decrypt Session - EncryptedData encdata = new EncryptedData(dbsession.getSession(), - dbsession.getIv()); - byte[] decrypted = SessionEncrytionUtil.decrypt(encdata); - - AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(decrypted); - - return session; - } catch (MOADatabaseException e) { - Logger.info("No MOA Session with id: " + sessionID); - throw new MOADatabaseException("No MOA Session with id: " + sessionID); + Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e); - } catch (Throwable e) { - Logger.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID, e); - throw new MOADatabaseException("MOASession deserialization-exception"); } + + return null; } - public static boolean isSSOSession(String sessionID) throws MOADatabaseException { - try { - AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); - return dbsession.isSSOSession(); + public static AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) { + MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier"); + MiscUtil.assertNotNull(userNameID, "userNameID"); + Logger.trace("Get moaSession for userNameID " + userNameID + " and OA " + + oaID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getMOASessionWithNameIDandOAID"); + query.setParameter("oaID", oaID); + query.setParameter("nameID", userNameID); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No unique entry found."); + return null; + + } + try { + return decryptSession(result.get(0)); - } catch (MOADatabaseException e) { - Logger.info("No MOA Session with id: " + sessionID); - throw new MOADatabaseException("No MOA Session with id: " + sessionID); + } catch (BuildException e) { + Logger.warn("MOASession deserialization-exception by using MOASessionID=" + result.get(0).getSessionid(), e); + return null; } - - } - public static String getMOASessionID(String SSOSessionID) { - MiscUtil.assertNotNull(SSOSessionID, "moasessionID"); - Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database."); + public static OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) { + MiscUtil.assertNotNull(moaSession, "MOASession"); + MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier"); + MiscUtil.assertNotNull(protocolType, "usedProtocol"); + Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID " + + oaID + " from database."); Session session = MOASessionDBUtils.getCurrentSession(); List<AuthenticatedSessionStore> result; synchronized (session) { session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithSSOID"); - query.setString("sessionid", SSOSessionID); + Query query = session.getNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol"); + query.setParameter("sessionID", moaSession.getSessionID()); + query.setParameter("oaID", oaID); + query.setParameter("protocol", protocolType); result = query.list(); //send transaction @@ -376,29 +461,71 @@ public class AuthenticationSessionStoreage { Logger.trace("Found entries: " + result.size()); //Assertion requires an unique artifact - if (result.size() != 1) { + if (result.size() == 0) { Logger.trace("No entries found."); - return null; - - } else { - return result.get(0).getSessionid(); - + return null; + } + return result.get(0).getActiveOAsessions().get(0); } - public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) { - - MiscUtil.assertNotNull(SSOId, "SSOSessionID"); - Logger.trace("Get authenticated session with SSOID " + SSOId + " from database."); + public static String getPendingRequestID(String sessionID) { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + return dbsession.getPendingRequestID(); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession with ID " + sessionID + " not found"); + return ""; + } + } + + public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) { + try { + MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID"); + Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithPendingRequestID"); + query.setParameter("sessionid", pedingRequestID); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return null; + } + + return decryptSession(result.get(0)); + + } catch (Throwable e) { + Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID); + return null; + } + } + + public static boolean deleteSessionWithPendingRequestID(String id) { + MiscUtil.assertNotNull(id, "PendingRequestID"); + Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database."); Session session = MOASessionDBUtils.getCurrentSession(); List<AuthenticatedSessionStore> result; synchronized (session) { session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithSSOID"); - query.setString("sessionid", SSOId); + Query query = session.getNamedQuery("getSessionWithPendingRequestID"); + query.setParameter("sessionid", id); result = query.list(); //send transaction @@ -413,22 +540,91 @@ public class AuthenticationSessionStoreage { return false; } else { + cleanDelete(result.get(0)); return true; } + + } + + public static AuthenticationSession getSessionWithUserNameID(String nameID) { + + try { + MiscUtil.assertNotNull(nameID, "nameID"); + Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getMOAISessionWithUserNameID"); + query.setParameter("usernameid", StringEscapeUtils.escapeHtml(nameID)); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + + return decryptSession(result.get(0)); + + } catch (Throwable e) { + Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID); + return null; + } + + } + + public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) { + MiscUtil.assertNotNull(sessionID, "MOASession"); + Logger.trace("Get interfederated IDP for SSO with sessionID " + sessionID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionID"); + query.setParameter("sessionID", sessionID); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + + } + + return result.get(0).getInderfederation().get(0); } - public static boolean deleteSessionWithPendingRequestID(String id) { - MiscUtil.assertNotNull(id, "PendingRequestID"); - Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database."); + public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID) { + MiscUtil.assertNotNull(sessionID, "MOASession"); + MiscUtil.assertNotNull(idpID, "Interfederated IDP ID"); + Logger.trace("Get interfederated IDP "+ idpID + " for SSO with sessionID " + sessionID + " from database."); Session session = MOASessionDBUtils.getCurrentSession(); List<AuthenticatedSessionStore> result; synchronized (session) { session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithPendingRequestID"); - query.setString("sessionid", id); + Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionIDIDPID"); + query.setParameter("sessionID", sessionID); + query.setParameter("idpID", idpID); result = query.list(); //send transaction @@ -438,33 +634,118 @@ public class AuthenticationSessionStoreage { Logger.trace("Found entries: " + result.size()); //Assertion requires an unique artifact - if (result.size() != 1) { + if (result.size() == 0) { Logger.trace("No entries found."); - return false; - - } else { - MOASessionDBUtils.delete(result.get(0)); - return true; + return null; + } - - + + return result.get(0).getInderfederation().get(0); } - public static String getPendingRequestID(String sessionID) { + public static String createInterfederatedSession(IRequest req, boolean isAuthenticated) throws MOADatabaseException, AssertionAttributeExtractorExeption { + String id = Random.nextRandom(); + AuthenticationSession session = new AuthenticationSession(id); + session.setAuthenticated(true); + session.setAuthenticatedUsed(false); + + AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); + dbsession.setSessionid(id); + dbsession.setAuthenticated(isAuthenticated); + dbsession.setInterfederatedSSOSession(true); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + Date now = new Date(); + dbsession.setCreated(now); + dbsession.setUpdated(now); + + dbsession.setSession(SerializationUtils.serialize(session)); + + //add interfederation information + List<InterfederationSessionStore> idpList = dbsession.getInderfederation(); + InterfederationSessionStore idp = null; + if (idpList == null) { + idpList = new ArrayList<InterfederationSessionStore>(); + dbsession.setInderfederation(idpList); + + } else { + for (InterfederationSessionStore el : idpList) { + //resue old entry if interfederation IDP is reused for authentication + if (el.getIdpurlprefix().equals(req.getInterfederationResponse().getEntityID())) + idp = el; + + } + } + + //create new interfederation IDP entry + if (idp == null) { + idp = new InterfederationSessionStore(); + idp.setCreated(now); + idp.setIdpurlprefix(req.getInterfederationResponse().getEntityID()); + + } + + AssertionAttributeExtractor extract = new AssertionAttributeExtractor(req.getInterfederationResponse().getResponse()); + idp.setSessionIndex(extract.getSessionIndex()); + idp.setUserNameID(extract.getNameID()); + idp.setAttributesRequested(false); + idp.setQAALevel(extract.getQAALevel()); + idp.setMoasession(dbsession); + idpList.add(idp); + + + //store AssertionStore element to Database try { - AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); - return dbsession.getPendingRequestID(); + MOASessionDBUtils.saveOrUpdate(dbsession); + Logger.info("MOASession with sessionID=" + id + " is stored in Database"); } catch (MOADatabaseException e) { - Logger.warn("MOASession with ID " + sessionID + " not found"); - return ""; + Logger.warn("MOASession could not be created."); + throw new MOADatabaseException(e); } + return id; } - public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) { + public static InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(AuthenticationSession moaSession) { + MiscUtil.assertNotNull(moaSession, "MOASession"); + Logger.trace("Get interfederated IDP for AttributeQuery with sessionID " + moaSession.getSessionID() + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getInterfederatedIDPForAttributeQueryWithSessionID"); + query.setParameter("sessionID", moaSession.getSessionID()); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + + } + + return result.get(0).getInderfederation().get(0); + } + + /** + * @param entityID + * @param requestID + */ + public static boolean removeInterfederetedSession(String entityID, + String pedingRequestID) { try { + Logger.debug("Remove interfederated IDP from local SSO session ..."); + MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID"); Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database."); Session session = MOASessionDBUtils.getCurrentSession(); @@ -474,7 +755,7 @@ public class AuthenticationSessionStoreage { synchronized (session) { session.beginTransaction(); Query query = session.getNamedQuery("getSessionWithPendingRequestID"); - query.setString("sessionid", pedingRequestID); + query.setParameter("sessionid", pedingRequestID); result = query.list(); //send transaction @@ -486,20 +767,27 @@ public class AuthenticationSessionStoreage { //Assertion requires an unique artifact if (result.size() != 1) { Logger.trace("No entries found."); - return null; + return false; } - //decrypt Session - EncryptedData encdata = new EncryptedData(result.get(0).getSession(), - result.get(0).getIv()); - byte[] decrypted = SessionEncrytionUtil.decrypt(encdata); - return (AuthenticationSession) SerializationUtils.deserialize(decrypted); - + AuthenticatedSessionStore authsession = result.get(0); + + List<InterfederationSessionStore> idpSessions = authsession.getInderfederation(); + if (idpSessions != null) { + for (InterfederationSessionStore idp : idpSessions) { + if (idp.getIdpurlprefix().equals(entityID)) + idpSessions.remove(idp); + + } + } + + MOASessionDBUtils.saveOrUpdate(authsession); + return true; } catch (Throwable e) { Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID); - return null; - } + return false; + } } public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) { @@ -521,7 +809,7 @@ public class AuthenticationSessionStoreage { if (results.size() != 0) { for(AuthenticatedSessionStore result : results) { try { - MOASessionDBUtils.delete(result); + cleanDelete(result); Logger.info("Authenticated session with sessionID=" + result.getSessionid() + " after session timeout."); @@ -529,11 +817,43 @@ public class AuthenticationSessionStoreage { Logger.warn("Authenticated session with sessionID=" + result.getSessionid() + " not removed after timeout! (Error during Database communication)", e); } - } } } + private static void encryptSession(AuthenticationSession session, AuthenticatedSessionStore dbsession) throws BuildException { + byte[] serialized = SerializationUtils.serialize(session); + + EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized); + dbsession.setSession(encdata.getEncData()); + dbsession.setIv(encdata.getIv()); + } + + private static AuthenticationSession decryptSession(AuthenticatedSessionStore dbsession) throws BuildException { + EncryptedData encdata = new EncryptedData(dbsession.getSession(), + dbsession.getIv()); + byte[] decrypted = SessionEncrytionUtil.decrypt(encdata); + + return (AuthenticationSession) SerializationUtils.deserialize(decrypted); + + } + + private static void cleanDelete(AuthenticatedSessionStore result) { + try { + result.setSession(new byte[] {}); + MOASessionDBUtils.saveOrUpdate(result); + + } catch (MOADatabaseException e) { + Logger.warn("Blank authenticated session with sessionID=" + result.getSessionid() + " FAILED.", e); + + } finally { + if (!MOASessionDBUtils.delete(result)) + Logger.error("Authenticated session with sessionID=" + result.getSessionid() + + " not removed! (Error during Database communication)"); + + } + } + @SuppressWarnings("rawtypes") private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException { MiscUtil.assertNotNull(sessionID, "moasessionID"); @@ -545,7 +865,7 @@ public class AuthenticationSessionStoreage { synchronized (session) { session.beginTransaction(); Query query = session.getNamedQuery("getSessionWithID"); - query.setString("sessionid", sessionID); + query.setParameter("sessionid", sessionID); result = query.list(); //send transaction diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java index ae8e5ee27..054ad1014 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java @@ -154,7 +154,7 @@ public class DBExceptionStoreImpl implements IExceptionStore { synchronized (session) { session.beginTransaction(); Query query = session.getNamedQuery("getExceptionWithID"); - query.setString("id", id); + query.setParameter("id", id); result = query.list(); //send transaction diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index ed3f297c7..81abe3f5a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -46,11 +46,7 @@ package at.gv.egovernment.moa.id.util; -import iaik.pki.PKIConfiguration; import iaik.pki.PKIException; -import iaik.pki.PKIFactory; -import iaik.pki.PKIProfile; -import iaik.pki.jsse.IAIKX509TrustManager; import iaik.security.provider.IAIK; import java.io.BufferedInputStream; @@ -62,26 +58,19 @@ import java.io.Reader; import java.net.URL; import java.security.GeneralSecurityException; import java.security.Security; -import java.util.HashMap; -import java.util.Map; import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.KeyManager; -import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; import org.apache.regexp.RE; import org.apache.regexp.RESyntaxException; +import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.ConnectionParameterInterface; -import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl; -import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl; -import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager; -import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; /** @@ -94,14 +83,7 @@ import at.gv.egovernment.moa.logging.Logger; */ public class SSLUtils { - /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/ - private static Map<String, SSLSocketFactory> sslSocketFactories = new HashMap<String, SSLSocketFactory>(); - - /** - * Initializes the SSLSocketFactory store. - */ public static void initialize() { - sslSocketFactories = new HashMap<String, SSLSocketFactory>(); // JSSE Abhängigkeit //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); Security.addProvider(new IAIK()); @@ -132,61 +114,38 @@ public class SSLUtils { ConnectionParameterInterface connParam) throws IOException, GeneralSecurityException, ConfigurationException, PKIException { - Logger.debug("Get SSLSocketFactory for " + connParam.getUrl()); - // retrieve SSLSocketFactory if already created - SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl()); - if (ssf != null) - return ssf; - - // else create new SSLSocketFactory - String trustStoreURL = conf.getTrustedCACertificates(); - - if (trustStoreURL == null) - throw new ConfigurationException( - "config.08", new Object[] {"TrustedCACertificates"}); - String acceptedServerCertURL = connParam.getAcceptedServerCertificates(); - - TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL); - - KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers( - "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword()); - SSLContext ctx = SSLContext.getInstance("TLS"); - ctx.init(kms, tms, null); ssf = ctx.getSocketFactory(); - // store SSLSocketFactory - sslSocketFactories.put(connParam.getUrl(), ssf); - return ssf; + // else create new SSLSocketFactory + String trustStoreURL = conf.getTrustedCACertificates(); + + if (trustStoreURL == null) + throw new ConfigurationException( + "config.08", new Object[] {"TrustedCACertificates"}); + + String acceptedServerCertURL = connParam.getAcceptedServerCertificates(); + + //INFO: MOA-ID 2.x always use defaultChainingMode + + try { + SSLSocketFactory ssf = + at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( + connParam.getUrl(), + conf.getCertstoreDirectory(), + trustStoreURL, + acceptedServerCertURL, + AuthConfigurationProvider.getInstance().getDefaultChainingMode(), + AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking(), + connParam.getClientKeyStore(), + connParam.getClientKeyStorePassword(), + "pkcs12"); + + return ssf; + + } catch (SSLConfigurationException e) { + throw new ConfigurationException(e.getErrorID(), e.getParameters(), e.getE()); + + } } - - /** - * Initializes an <code>IAIKX509TrustManager</code> for a given trust store, - * using configuration data. - * - * @param conf MOA-ID configuration provider - * @param trustStoreURL trust store URL - * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates - * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code> - * @throws ConfigurationException on invalid configuration data - * @throws IOException on data-reading problems - * @throws PKIException while initializing the <code>IAIKX509TrustManager</code> - */ - public static TrustManager[] getTrustManagers( - ConfigurationProvider conf, String trustStoreURL, String acceptedServerCertURL) - throws ConfigurationException, PKIException, IOException, GeneralSecurityException { - - PKIConfiguration cfg = null; - if (! PKIFactory.getInstance().isAlreadyConfigured()) - cfg = new PKIConfigurationImpl(conf); - boolean checkRevocation = conf.isTrustmanagerrevoationchecking(); - PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation); - // This call fixes a bug occuring when PKIConfiguration is - // initialized by the MOA-SP initialization code, in case - // MOA-SP is called by API - MOAIDTrustManager.initializeLoggingContext(); - IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL); - tm.init(cfg, profile); - return new TrustManager[] {tm}; - } /** * Reads a file, given by URL, into a byte array, * securing the connection by IAIKX509TrustManager. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java index 385dd753c..f7785d2c2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java @@ -48,6 +48,8 @@ package at.gv.egovernment.moa.id.util.client.mis.simple; import java.io.Serializable;
+import at.gv.egovernment.moa.util.MiscUtil;
+
public class MISMandate implements Serializable{
private static final long serialVersionUID = 1L;
@@ -90,16 +92,21 @@ public class MISMandate implements Serializable{ }
public String getTextualDescriptionOfOID() {
- if (this.oid.equalsIgnoreCase(OID_NOTAR))
- return TEXT_NOTAR;
- if (this.oid.equalsIgnoreCase(OID_RECHTSANWALT))
- return TEXT_RECHTSANWALT;
- if (this.oid.equalsIgnoreCase(OID_ZIVILTECHNIKER))
- return TEXT_ZIVILTECHNIKER;
- if (this.oid.equalsIgnoreCase(OID_ORGANWALTER))
- return TEXT_ORGANWALTER;
+ if (MiscUtil.isNotEmpty(this.oid)) {
+ if (this.oid.equalsIgnoreCase(OID_NOTAR))
+ return TEXT_NOTAR;
+ if (this.oid.equalsIgnoreCase(OID_RECHTSANWALT))
+ return TEXT_RECHTSANWALT;
+ if (this.oid.equalsIgnoreCase(OID_ZIVILTECHNIKER))
+ return TEXT_ZIVILTECHNIKER;
+ if (this.oid.equalsIgnoreCase(OID_ORGANWALTER))
+ return TEXT_ORGANWALTER;
- return "Keine textuelle Beschreibung für OID " + oid;
+ return "Keine textuelle Beschreibung für OID " + oid;
+
+ } else {
+ return null;
+ }
}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 55b6e8b32..5b2e7ce3d 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -87,6 +87,7 @@ builder.02=Fehler beim Ausblenden von Stammzahlen builder.03=Fehler beim Aufbau des HTML Codes f\u00FCr Vollmachten
builder.04=Die Personenbindung konnte nicht neu signiert werden und wird aus diesem Grund nicht ausgeliefert. MOA-SS lieferte folgenden Fehlercode {0} und Fehler {1} zur\u00FCck.
builder.05=Beim resignieren der Personenbindung ist ein allgemeiner Fehler aufgetreten und wird aus diesem Grund nicht ausgeliefert.
+builder.06=Fehler beim generieren der Anmeldedaten aus SSO IDP Interfederation Informationen.
service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
@@ -232,6 +233,8 @@ pvp2.14=SAML Anfrage verweigert pvp2.15=Keine Metadateninformation gefunden
pvp2.16=Fehler beim verschl\u00FCsseln der PVP2 Assertion
pvp2.17=Der QAA Level {0} entspricht nicht dem angeforderten QAA Level {1}
+pvp2.18=Es konnten nicht alle Single Sign-On Sessions beendet werden.
+pvp2.19=Der Single LogOut Vorgang wurde wegen eines unkorregierbaren Fehler abgebrochen.
oauth20.01=Fehlerhafte redirect url
oauth20.02=Fehlender Parameter "{0}"
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java index e5bde81fd..3acf20a41 100644 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java +++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java @@ -52,6 +52,7 @@ import test.at.gv.egovernment.moa.id.UnitTestCase; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.SAMLStatus; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; @@ -209,7 +210,7 @@ public class SAMLResponseParserTest extends UnitTestCase { assertEquals("samlp:Success", status.getStatusCode()); assertEquals("samlp:Success", status.getSubStatusCode()); assertEquals("Ollas leiwand", status.getStatusMessage()); - AuthenticationData authData = parser.parseAuthenticationData(); + SAML1AuthenticationData authData = parser.parseAuthenticationData(); assertEquals(1, authData.getMajorVersion()); assertEquals(0, authData.getMinorVersion()); assertEquals("-4633313027464114584", authData.getAssertionID()); diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 6c2e12c65..1831d0e1c 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -4,11 +4,12 @@ <parent> <groupId>MOA.id</groupId> <artifactId>moa-id</artifactId> - <version>2.0.1</version> + <version>2.0.x</version> </parent> <artifactId>moa-id-commons</artifactId> <name>moa-id-commons</name> <groupId>MOA.id.server</groupId> + <version>${moa-id-version}</version> <profiles> <profile> @@ -64,11 +65,20 @@ <version>3.3.1</version> </dependency> <dependency> + <groupId>commons-httpclient</groupId> + <artifactId>commons-httpclient</artifactId> + </dependency> + <dependency> <groupId>MOA</groupId> <artifactId>moa-common</artifactId> <type>jar</type> </dependency> + <dependency> + <groupId>iaik.prod</groupId> + <artifactId>iaik_X509TrustManager</artifactId> + </dependency> + <!-- dependency> <groupId>com.sun.xml.bind</groupId> <artifactId>jaxb-xjc</artifactId> @@ -127,6 +137,7 @@ </resources> <plugins> + <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> @@ -227,9 +238,9 @@ </execution> </executions> </plugin> - </plugins> - <pluginManagement> - <plugins> + </plugins> + <pluginManagement> + <plugins> <!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.--> <plugin> <groupId>org.eclipse.m2e</groupId> @@ -261,6 +272,24 @@ </lifecycleMappingMetadata> </configuration> </plugin> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>properties-maven-plugin</artifactId> + <version>1.0-alpha-2</version> + <executions> + <execution> + <phase>initialize</phase> + <goals> + <goal>read-project-properties</goal> + </goals> + <configuration> + <files> + <file>${basedir}/moa-id.properties</file> + </files> + </configuration> + </execution> + </executions> + </plugin> </plugins> </pluginManagement> </build> diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java index 730a328ab..2a65366b8 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java @@ -53,7 +53,13 @@ import org.hibernate.annotations.DynamicUpdate; @NamedQuery(name="getSessionWithID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.sessionid = :sessionid"), @NamedQuery(name="getSessionWithSSOID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.SSOsessionid = :sessionid"), @NamedQuery(name="getSessionWithPendingRequestID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.pendingRequestID = :sessionid"), - @NamedQuery(name="getMOAISessionsWithTimeOut", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.created < :timeoutcreate or authenticatedsessionstore.updated < :timeoutupdate") + @NamedQuery(name="getMOAISessionsWithTimeOut", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.created < :timeoutcreate or authenticatedsessionstore.updated < :timeoutupdate"), + @NamedQuery(name="getMOAISessionWithUserNameID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.userNameID = :usernameid and activeOAsessions.attributeQueryUsed is false"), + @NamedQuery(name="getActiveOAWithSessionIDandOAIDandProtocol", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.oaurlprefix = :oaID and activeOAsessions.protocolType = :protocol and authenticatedsessionstore.sessionid = :sessionID"), + @NamedQuery(name="getMOASessionWithNameIDandOAID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.oaurlprefix = :oaID and activeOAsessions.userNameID = :nameID"), + @NamedQuery(name="getInterfederatedIDPForAttributeQueryWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is false and authenticatedsessionstore.sessionid = :sessionID"), + @NamedQuery(name="getInterfederatedIDPForSSOWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID order by inderfederations.QAALevel DESC"), + @NamedQuery(name="getInterfederatedIDPForSSOWithSessionIDIDPID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID and inderfederations.idpurlprefix = :idpID") }) public class AuthenticatedSessionStore implements Serializable{ @@ -82,6 +88,9 @@ public class AuthenticatedSessionStore implements Serializable{ @Column(name = "isSSOSession", nullable=false) private boolean isSSOSession = false; + + @Column(name = "isInterfederatedSSOSession", nullable=false) + private boolean isInterfederatedSSOSession = false; @Column(name = "pendingRequestID", nullable=false) private String pendingRequestID = ""; @@ -100,6 +109,9 @@ public class AuthenticatedSessionStore implements Serializable{ @OneToMany(mappedBy="moasession", cascade=CascadeType.ALL) private List<OldSSOSessionIDStore> oldssosessionids = null; + @OneToMany(mappedBy="moasession", cascade=CascadeType.ALL) + private List<InterfederationSessionStore> inderfederation = null; + @PrePersist protected void created() { this.updated = this.created = new Date(); @@ -193,6 +205,20 @@ public class AuthenticatedSessionStore implements Serializable{ public void setOldssosessionids(List<OldSSOSessionIDStore> oldssosessionids) { this.oldssosessionids = oldssosessionids; } + + /** + * @return the inderfederation + */ + public List<InterfederationSessionStore> getInderfederation() { + return inderfederation; + } + + /** + * @param inderfederation the inderfederation to set + */ + public void setInderfederation(List<InterfederationSessionStore> inderfederation) { + this.inderfederation = inderfederation; + } /** * @return the pendingRequestID @@ -221,8 +247,21 @@ public class AuthenticatedSessionStore implements Serializable{ public void setIv(byte[] iv) { this.iv = iv; } + + /** + * @return the isInterfederatedSSOSession + */ + public boolean isInterfederatedSSOSession() { + return isInterfederatedSSOSession; + } + + /** + * @param isInterfederatedSSOSession the isInterfederatedSSOSession to set + */ + public void setInterfederatedSSOSession(boolean isInterfederatedSSOSession) { + this.isInterfederatedSSOSession = isInterfederatedSSOSession; + } - } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java new file mode 100644 index 000000000..1fcdd9b9b --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java @@ -0,0 +1,195 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.commons.db.dao.session; + +import java.io.Serializable; +import java.util.Date; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.FetchType; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.JoinColumn; +import javax.persistence.ManyToOne; +import javax.persistence.Table; + +import org.hibernate.annotations.DynamicUpdate; + +@Entity +@DynamicUpdate(value=true) +@Table(name = "interfederation") + +public class InterfederationSessionStore implements Serializable{ + + private static final long serialVersionUID = 1L; + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "id", unique=true, nullable=false) + private long id; + + @Column(name = "idpurlprefix", unique=false, nullable=false) + private String idpurlprefix; + + @Column(name = "sessionIndex", unique=false, nullable=false) + private String sessionIndex; + + @Column(name = "nameID", unique=false, nullable=false) + private String userNameID; + + @Column(name = "QAALevel", unique=false, nullable=false) + private String QAALevel; + + @Column(name = "attributesRequested", unique=false, nullable=true) + private boolean attributesRequested; + + @Column(name = "created", updatable=false, nullable=false) +// @Temporal(TemporalType.TIMESTAMP) + private Date created; + +// @PrePersist +// protected void created() { +// this.created = new Date(); +// } + + @ManyToOne(fetch=FetchType.LAZY) + @JoinColumn(name = "moasession") + private AuthenticatedSessionStore moasession; + + /** + * @return the id + */ + public long getId() { + return id; + } + + /** + * @param id the id to set + */ + public void setId(long id) { + this.id = id; + } + + /** + * @return the idpurlprefix + */ + public String getIdpurlprefix() { + return idpurlprefix; + } + + /** + * @param idpurlprefix the idpurlprefix to set + */ + public void setIdpurlprefix(String idpurlprefix) { + this.idpurlprefix = idpurlprefix; + } + + /** + * @return the sessionIndex + */ + public String getSessionIndex() { + return sessionIndex; + } + + /** + * @param sessionIndex the sessionIndex to set + */ + public void setSessionIndex(String sessionIndex) { + this.sessionIndex = sessionIndex; + } + + /** + * @return the userNameID + */ + public String getUserNameID() { + return userNameID; + } + + /** + * @param userNameID the userNameID to set + */ + public void setUserNameID(String userNameID) { + this.userNameID = userNameID; + } + + /** + * @return the attributesRequested + */ + public boolean isAttributesRequested() { + return attributesRequested; + } + + /** + * @param attributesRequested the attributesRequested to set + */ + public void setAttributesRequested(boolean attributesRequested) { + this.attributesRequested = attributesRequested; + } + + /** + * @return the created + */ + public Date getCreated() { + return created; + } + + /** + * @param created the created to set + */ + public void setCreated(Date created) { + this.created = created; + } + + /** + * @return the moasession + */ + public AuthenticatedSessionStore getMoasession() { + return moasession; + } + + /** + * @param moasession the moasession to set + */ + public void setMoasession(AuthenticatedSessionStore moasession) { + this.moasession = moasession; + } + + /** + * @return the qAALevel + */ + public String getQAALevel() { + return QAALevel; + } + + /** + * @param qAALevel the qAALevel to set + */ + public void setQAALevel(String qAALevel) { + QAALevel = qAALevel; + } + + +} + diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java index 25b48310e..539de990f 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java @@ -59,9 +59,15 @@ public class OASessionStore implements Serializable{ @Column(name = "userNameID", unique=false, nullable=true) private String userNameID; + @Column(name = "userNameIDFormat", unique=false, nullable=true) + private String userNameIDFormat; + @Column(name = "protocolType", unique=false, nullable=true) private String protocolType; + @Column(name = "attributequeryused", unique=false, nullable=false) + private boolean attributeQueryUsed = false; + @Column(name = "created", updatable=false, nullable=false) // @Temporal(TemporalType.TIMESTAMP) private Date created; @@ -149,6 +155,36 @@ public class OASessionStore implements Serializable{ this.protocolType = protocolType; } + /** + * @return the attributeQueryUsed + */ + public boolean isAttributeQueryUsed() { + return attributeQueryUsed; + } + + /** + * @param attributeQueryUsed the attributeQueryUsed to set + */ + public void setAttributeQueryUsed(boolean attributeQueryUsed) { + this.attributeQueryUsed = attributeQueryUsed; + } + + /** + * @return the userNameIDFormat + */ + public String getUserNameIDFormat() { + return userNameIDFormat; + } + + /** + * @param userNameIDFormat the userNameIDFormat to set + */ + public void setUserNameIDFormat(String userNameIDFormat) { + this.userNameIDFormat = userNameIDFormat; + } + + + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java index 65c9003e3..b557d2dc9 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java @@ -78,6 +78,9 @@ public class StatisticLog implements Serializable{ @Column(name = "isSSOLogin", unique=false) private boolean ssosession; + @Column(name = "isInterfederatedSSOLogin", unique=false) + private boolean interfederatedSSOSession; + @Column(name = "isBusinessService", unique=false) private boolean businessservice; @@ -390,6 +393,21 @@ public class StatisticLog implements Serializable{ public void setErrortype(String errortype) { this.errortype = errortype; } + + /** + * @return the interfederatedSSOSession + */ + public boolean isInterfederatedSSOSession() { + return interfederatedSSOSession; + } + + /** + * @param interfederatedSSOSession the interfederatedSSOSession to set + */ + public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { + this.interfederatedSSOSession = interfederatedSSOSession; + } + diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java new file mode 100644 index 000000000..c6d8b1d79 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java @@ -0,0 +1,42 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.ex; + +/** + * @author tlenz + * + */ +public class MOAHttpProtocolSocketFactoryException extends Exception { + + private static final long serialVersionUID = 4934502074731319897L; + + + public MOAHttpProtocolSocketFactoryException(String message) { + super(message); + } + + public MOAHttpProtocolSocketFactoryException(String message, Throwable e) { + super(message, e ); + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java new file mode 100644 index 000000000..3b6fc34ea --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java @@ -0,0 +1,129 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.utils; + +import iaik.pki.PKIException; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; +import java.security.GeneralSecurityException; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; + +import org.apache.commons.httpclient.ConnectTimeoutException; +import org.apache.commons.httpclient.params.HttpConnectionParams; +import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; + +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException; +import at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils; + +/** + * @author tlenz + * + */ +public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory { + + + + private SSLSocketFactory sslfactory = null; + + public MOAHttpProtocolSocketFactory ( + String url, + String certStoreRootDirParam, + String trustStoreURL, + String acceptedServerCertURL, + ChainingModeType chainingMode, + boolean checkRevocation + ) throws MOAHttpProtocolSocketFactoryException { + super(); + + try { + this.sslfactory = SSLUtils.getSSLSocketFactory( + url, + certStoreRootDirParam, + trustStoreURL, + acceptedServerCertURL, + chainingMode.value(), + checkRevocation, + null, + null, + null); + + } catch (IOException e) { + throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e); + + } catch (GeneralSecurityException e) { + throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e); + + } catch (SSLConfigurationException e) { + throw new MOAHttpProtocolSocketFactoryException("SSL Configuration loading FAILED.", e); + + } catch (PKIException e) { + throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e); + + } + + } + + /* (non-Javadoc) + * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int) + */ + public Socket createSocket(String host, int port, InetAddress localAddress, + int localPort) throws IOException, UnknownHostException { + return this.sslfactory.createSocket(host, port, + localAddress, localPort); + } + + /* (non-Javadoc) + * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int, org.apache.commons.httpclient.params.HttpConnectionParams) + */ + public Socket createSocket(String host, int port, InetAddress localAddress, + int localPort, HttpConnectionParams params) throws IOException, + UnknownHostException, ConnectTimeoutException { + return this.sslfactory.createSocket(host, port, + localAddress, localPort); + } + + /* (non-Javadoc) + * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int) + */ + public Socket createSocket(String host, int port) throws IOException, + UnknownHostException { + return this.sslfactory.createSocket(host, port); + } + + /* (non-Javadoc) + * @see org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory#createSocket(java.net.Socket, java.lang.String, int, boolean) + */ + public Socket createSocket(Socket socket, String host, int port, + boolean autoClose) throws IOException, UnknownHostException { + return this.sslfactory.createSocket(socket, host, + port, autoClose); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java index b6fe20a61..00e750f58 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java @@ -44,11 +44,8 @@ */ -package at.gv.egovernment.moa.id.iaik.config; +package at.gv.egovernment.moa.id.commons.utils.ssl; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; import at.gv.egovernment.moa.logging.Logger; import iaik.pki.store.certstore.CertStoreConfiguration; import iaik.pki.store.certstore.CertStoreParameters; @@ -69,10 +66,7 @@ public class CertStoreConfigurationImpl extends ObservableImpl * identifies the rootDirectory */ private String rootDirectory; - /** - * ConfigurationProvider - */ - private ConfigurationProvider conf; + /** * Array for storing all CertStoreParameters */ @@ -85,13 +79,10 @@ public class CertStoreConfigurationImpl extends ObservableImpl * @throws ConfigurationException an any config-error * being read. */ - public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { - this.conf = conf; - - String certStoreRootDirParam = conf.getCertstoreDirectory(); + public CertStoreConfigurationImpl(String certStoreRootDirParam) throws SSLConfigurationException { if (certStoreRootDirParam == null) - throw new ConfigurationException( + throw new SSLConfigurationException( "config.08", new Object[]{"CertStoreDirectory"}); //rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir()); @@ -105,13 +96,13 @@ public class CertStoreConfigurationImpl extends ObservableImpl if (!f.exists()) { Logger.error("File does not exists: " + f.getAbsolutePath()); - throw new ConfigurationException( + throw new SSLConfigurationException( "config.05", new Object[]{"CertStoreDirectory"}); } if (!f.isDirectory()) { Logger.error("File is not a directory: " + f.getAbsolutePath()); - throw new ConfigurationException( + throw new SSLConfigurationException( "config.05", new Object[]{"CertStoreDirectory"}); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java index 202be882e..eaef3f1d4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java @@ -44,7 +44,7 @@ */ -package at.gv.egovernment.moa.id.iaik.pki.jsse; +package at.gv.egovernment.moa.id.commons.utils.ssl; import java.io.File; import java.io.FileInputStream; @@ -56,7 +56,6 @@ import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.logging.LoggingContext; import at.gv.egovernment.moa.logging.LoggingContextManager; @@ -150,7 +149,7 @@ public class MOAIDTrustManager extends IAIKX509TrustManager { if (serverCert.equals(acceptedServerCert)) return true; } - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("ssl.01", null)); + Logger.warn("SSL certificate validation FAILED."); return false; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ObservableImpl.java index 16184502d..fa9cd879d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ObservableImpl.java @@ -44,7 +44,7 @@ */ -package at.gv.egovernment.moa.id.iaik.servertools.observer; +package at.gv.egovernment.moa.id.commons.utils.ssl; import iaik.pki.store.observer.NotificationData; import iaik.pki.store.observer.Observable; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java index 064d8a835..5d8c7a54e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java @@ -44,10 +44,8 @@ */ -package at.gv.egovernment.moa.id.iaik.config; +package at.gv.egovernment.moa.id.commons.utils.ssl; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; import iaik.pki.PKIConfiguration; import iaik.pki.pathvalidation.ValidationConfiguration; import iaik.pki.revocation.RevocationConfiguration; @@ -74,11 +72,11 @@ public class PKIConfigurationImpl implements PKIConfiguration { * @param conf the Configuration for the PKIConfig * @throws ConfigurationException for any config error */ - public PKIConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { + public PKIConfigurationImpl(String certStoreRootDirParam, String chainingMode) throws SSLConfigurationException { - certStoreConfiguration = new CertStoreConfigurationImpl(conf); + certStoreConfiguration = new CertStoreConfigurationImpl(certStoreRootDirParam); revocationConfiguration = new RevocationConfigurationImpl(); - validationConfiguration = new ValidationConfigurationImpl(conf); + validationConfiguration = new ValidationConfigurationImpl(chainingMode); } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java index 8afba2a12..59994a257 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java @@ -44,7 +44,7 @@ */ -package at.gv.egovernment.moa.id.iaik.pki; +package at.gv.egovernment.moa.id.commons.utils.ssl; import java.security.cert.X509Certificate; import java.util.Collections; @@ -57,8 +57,6 @@ import iaik.pki.revocation.RevocationSourceTypes; import iaik.pki.store.truststore.TrustStoreProfile; import iaik.pki.store.truststore.TrustStoreTypes; -import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; - /** * Implementation of the <code>PKIProfile</code> interface and subinterfaces * providing information needed for certificate path validation. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java index 2c24161f6..b5e0543db 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java @@ -44,7 +44,7 @@ */ -package at.gv.egovernment.moa.id.iaik.config; +package at.gv.egovernment.moa.id.commons.utils.ssl; import iaik.pki.revocation.RevocationConfiguration; @@ -53,8 +53,6 @@ import java.util.Collections; import java.util.Date; import java.util.Set; -import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; - /** * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code> * @author Paul Ivancsics diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java new file mode 100644 index 000000000..b1334ad67 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java @@ -0,0 +1,71 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.utils.ssl; + +/** + * @author tlenz + * + */ +public class SSLConfigurationException extends Exception { + + private static final long serialVersionUID = -3705679559648920151L; + + private String errorID = null; + private Object[] parameters = null; + private Throwable e = null; + + public SSLConfigurationException(String errorID, Object[] parameters) { + this.errorID = errorID; + this.parameters = parameters; + } + + public SSLConfigurationException(String errorID, Object[] parameters, Throwable e) { + this.errorID = errorID; + this.parameters = parameters; + this.e = e; + } + + /** + * @return the errorID + */ + public String getErrorID() { + return errorID; + } + + /** + * @return the parameters + */ + public Object[] getParameters() { + return parameters; + } + + /** + * @return the e + */ + public Throwable getE() { + return e; + } + + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java new file mode 100644 index 000000000..68437a04d --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java @@ -0,0 +1,186 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.commons.utils.ssl; + +import iaik.pki.PKIConfiguration; +import iaik.pki.PKIException; +import iaik.pki.PKIFactory; +import iaik.pki.PKIProfile; +import iaik.pki.jsse.IAIKX509TrustManager; +import iaik.security.provider.IAIK; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.Security; +import java.util.HashMap; +import java.util.Map; + +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; + +import at.gv.egovernment.moa.logging.Logger; + + +/** + * Utility for a obtaining a secure socket factory using <code>IAIKX509TrustManager</code>. + * This <code>TrustManager</code> implementation features CRL checking.<br/> + * <code>SSLUtils</code> caches secure socket factories for given <code>ConnectionParameter</code>s. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class SSLUtils { + + /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/ + private static Map<String, SSLSocketFactory> sslSocketFactories = new HashMap<String, SSLSocketFactory>(); + + /** + * Initializes the SSLSocketFactory store. + */ + public static void initialize() { + sslSocketFactories = new HashMap<String, SSLSocketFactory>(); + // JSSE Abhängigkeit + //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); + Security.addProvider(new IAIK()); + //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); + + + } + + /** + * Creates an <code>SSLSocketFactory</code> which utilizes an + * <code>IAIKX509TrustManager</code> for the given trust store, + * and the given key store. + * + * @param conf configuration provider providing a generic properties pointing + * to trusted CA store and certificate store root + * @param connParam connection parameter containing the client key store settings + * to be used in case of client authentication; + * if <code>connParam.getClientKeyStore() == null</code>, client authentication + * is assumed to be disabled + * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code> + * @throws IOException thrown while reading key store file + * @throws GeneralSecurityException thrown while creating the socket factory + * @throws ConfigurationException on invalid configuration data + * @throws PKIException while initializing the <code>IAIKX509TrustManager</code> + */ + public static SSLSocketFactory getSSLSocketFactory( + String url, + String certStoreRootDirParam, + String trustStoreURL, + String acceptedServerCertURL, + String chainingMode, + boolean checkRevocation, + String clientKeyStoreURL, + String clientKeyStorePassword, + String clientKeyStoreType + ) + throws IOException, GeneralSecurityException, SSLConfigurationException, PKIException { + + Logger.debug("Get SSLSocketFactory for " + url); + // retrieve SSLSocketFactory if already created + SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(url); + if (ssf != null) + return ssf; + + TrustManager[] tms = getTrustManagers( + certStoreRootDirParam, + chainingMode, + trustStoreURL, + acceptedServerCertURL, + checkRevocation); + + KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers( + clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); + SSLContext ctx = SSLContext.getInstance("TLS"); + ctx.init(kms, tms, null); + ssf = ctx.getSocketFactory(); + // store SSLSocketFactory + sslSocketFactories.put(url, ssf); + return ssf; + } + + public static void removeSSLSocketFactory(String url) { + Logger.info("Remove SSLSocketFactory for URL " + url); + if (sslSocketFactories.containsKey(url)) + sslSocketFactories.remove(url); + + } + + /** + * Initializes an <code>IAIKX509TrustManager</code> for a given trust store, + * using configuration data. + * + * @param conf MOA-ID configuration provider + * @param trustStoreURL trust store URL + * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates + * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code> + * @throws ConfigurationException on invalid configuration data + * @throws IOException on data-reading problems + * @throws PKIException while initializing the <code>IAIKX509TrustManager</code> + */ + private static TrustManager[] getTrustManagers(String certStoreRootDirParam, + String chainingMode, String trustStoreURL, String acceptedServerCertURL, + boolean checkRevocation) + throws SSLConfigurationException, PKIException, IOException, GeneralSecurityException { + + PKIConfiguration cfg = null; + if (! PKIFactory.getInstance().isAlreadyConfigured()) + cfg = new PKIConfigurationImpl(certStoreRootDirParam, chainingMode); + PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation); + // This call fixes a bug occuring when PKIConfiguration is + // initialized by the MOA-SP initialization code, in case + // MOA-SP is called by API + MOAIDTrustManager.initializeLoggingContext(); + IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL); + tm.init(cfg, profile); + return new TrustManager[] {tm}; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ValidationConfigurationImpl.java index d230eef26..275aed4c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ValidationConfigurationImpl.java @@ -44,15 +44,13 @@ */ -package at.gv.egovernment.moa.id.iaik.config; +package at.gv.egovernment.moa.id.commons.utils.ssl; import iaik.pki.pathvalidation.ValidationConfiguration; import java.security.cert.X509Certificate; import java.security.spec.AlgorithmParameterSpec; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; /** * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code> @@ -62,21 +60,23 @@ import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; public class ValidationConfigurationImpl extends ObservableImpl implements ValidationConfiguration { /** The ConfigurationProvider for the validation*/ - private ConfigurationProvider conf; + private String chainingMode; /** * Constructor * @param conf with the configuration */ - public ValidationConfigurationImpl(ConfigurationProvider conf) { - this.conf = conf; + public ValidationConfigurationImpl(String chainingMode) { + this.chainingMode = chainingMode; } /** * @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate) */ public String getChainingMode(X509Certificate trustAnchor) { - String chainingMode = conf.getChainingMode(trustAnchor); + + //INFO: MOA-ID 2.x always use defaultChainingMode + return chainingMode; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/TargetValidator.java index 6d7032f9d..2ad50568a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/TargetValidator.java @@ -20,7 +20,7 @@ * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ -package at.gv.egovernment.moa.id.configuration.validation; +package at.gv.egovernment.moa.id.commons.validation; import java.util.ArrayList; import java.util.Collections; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java index 3749975df..be6d7d01e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java @@ -20,7 +20,7 @@ * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ -package at.gv.egovernment.moa.id.configuration.validation; +package at.gv.egovernment.moa.id.commons.validation; import iaik.asn1.ObjectID; import iaik.utils.Util; @@ -46,12 +46,15 @@ import javax.net.ssl.SSLSocketFactory; import org.apache.log4j.Logger; + public class ValidationHelper { - private static final Logger log = Logger.getLogger(ValidationHelper.class); + public static final String PUBLICSERVICE_URL_POSTFIX = ".gv.at"; + private static final Logger log = Logger.getLogger(ValidationHelper.class); private static final String TEMPLATE_DATEFORMAT = "dd.MM.yyyy"; + public static boolean isPublicServiceAllowed(String identifier) { @@ -64,7 +67,7 @@ public class ValidationHelper { if (host.endsWith("/")) host = host.substring(0, host.length()-1); - if (url.getHost().endsWith(at.gv.egovernment.moa.id.configuration.Constants.PUBLICSERVICE_URL_POSTFIX)) { + if (url.getHost().endsWith(PUBLICSERVICE_URL_POSTFIX)) { log.debug("PublicURLPrefix with .gv.at Domain found."); return true; diff --git a/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java new file mode 100644 index 000000000..e4aa6a284 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java @@ -0,0 +1,100 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package org.apache.commons.httpclient; + +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URL; + +import org.apache.commons.httpclient.HostConfiguration; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.HttpException; +import org.apache.commons.httpclient.HttpMethod; +import org.apache.commons.httpclient.HttpMethodDirector; +import org.apache.commons.httpclient.HttpState; +import org.apache.commons.httpclient.URI; +import org.apache.commons.httpclient.protocol.Protocol; +import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; + +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; + +/** + * @author tlenz + * + *HTTP client which can be used with MOA SSL TrustStore implementation + * + */ +public class MOAHttpClient extends HttpClient { + + + public void setCustomSSLTrustStore(String metadataURL, SecureProtocolSocketFactory protoSocketFactory) throws MOAHttpProtocolSocketFactoryException, MalformedURLException { + ; + + URL url = new URL(metadataURL); + int port = -1; + if (url.getPort() < 0) + port = url.getDefaultPort(); + else + port = url.getPort(); + + Protocol authhttps = new Protocol("https", protoSocketFactory, port); + getHostConfiguration().setHost(url.getHost(), port, authhttps); + + } + + public int executeMethod(HostConfiguration hostconfig, + final HttpMethod method, final HttpState state) + throws IOException, HttpException { + + if (method == null) { + throw new IllegalArgumentException("HttpMethod parameter may not be null"); + } + HostConfiguration defaulthostconfig = getHostConfiguration(); + if (hostconfig == null) { + hostconfig = defaulthostconfig; + } + URI uri = method.getURI(); + if (hostconfig == defaulthostconfig || uri.isAbsoluteURI()) { + // make a deep copy of the host defaults + hostconfig = (HostConfiguration) hostconfig.clone(); + + /** + * Only build default host with default protocol if protocol is empty + * + * In case of https, the methode setCustomSSLTrustStore can be used to set a + * the MOA TrustStore for SSL connection validation + */ + if (uri.isAbsoluteURI() && hostconfig.getProtocol() == null) { + hostconfig.setHost(uri); + } + } + + HttpMethodDirector methodDirector = new HttpMethodDirector( + getHttpConnectionManager(), + hostconfig, + getParams(), + (state == null ? getState() : state)); + methodDirector.executeMethod(method); + return method.getStatusCode(); + } +} diff --git a/id/server/moa-id-commons/src/main/resources/config/bindings.xjb b/id/server/moa-id-commons/src/main/resources/config/bindings.xjb index f2701bec4..cf04319c8 100644 --- a/id/server/moa-id-commons/src/main/resources/config/bindings.xjb +++ b/id/server/moa-id-commons/src/main/resources/config/bindings.xjb @@ -1,7 +1,8 @@ -<jaxb:bindings version="1.0" +<jaxb:bindings version="2.1" xmlns:jaxb="http://java.sun.com/xml/ns/jaxb" xmlns:xsd="http://www.w3.org/2001/XMLSchema" - xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc"> + xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc" + jaxb:extensionBindingPrefixes="hj"> <jaxb:bindings schemaLocation="moaid_config_2.0.xsd" node="/xsd:schema"> <jaxb:globalBindings localScoping="toplevel"> diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index e8562a57b..3a2914cb4 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Mit XMLSpy v2013 sp1 (http://www.altova.com) von Thomas Lenz (Graz University of Technology IAIK) bearbeitet --> -<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.0.0"> +<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:jaxb="http://java.sun.com/xml/ns/jaxb" xmlns:hj="http://hyperjaxb3.jvnet.org/ejb/schemas/customizations" xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.0.0" jaxb:extensionBindingPrefixes="xjc hj" jaxb:version="2.0"> <xsd:complexType name="OnlineApplication"> <xsd:complexContent> <xsd:extension base="OnlineApplicationType"> @@ -481,10 +481,27 @@ </xsd:element> </xsd:sequence> </xsd:complexType> + <xsd:complexType name="InterfederationIDPType"> + <xsd:sequence> + <xsd:element name="attributeQueryURL" type="xsd:string" minOccurs="0" maxOccurs="1"/> + <xsd:element name="storeSSOSession" type="xsd:boolean" minOccurs="1" maxOccurs="1" default="true"/> + </xsd:sequence> + <xsd:attribute name="inboundSSO" type="xsd:boolean" default="true"/> + <xsd:attribute name="outboundSSO" type="xsd:boolean" default="true"/> + </xsd:complexType> <xsd:complexType name="OnlineApplicationType"> <xsd:sequence> + <xsd:element name="isNew" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1"> + <xsd:annotation> + <xsd:appinfo> + <hj:ignored/> + </xsd:appinfo> + </xsd:annotation> + </xsd:element> <xsd:element name="isActive" type="xsd:boolean" default="false" minOccurs="1" maxOccurs="1"/> <xsd:element name="isAdminRequired" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1"/> + <xsd:element name="isInterfederationIDP" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1"/> + <xsd:element name="InterfederationIDP" type="InterfederationIDPType" minOccurs="0" maxOccurs="1"/> <xsd:element name="AuthComponent_OA" minOccurs="0"> <xsd:annotation> <xsd:documentation>enthält Parameter über die OA, die die @@ -938,6 +955,20 @@ <xsd:element name="isPVP2Generated" type="xsd:boolean" minOccurs="0" maxOccurs="1"/> <xsd:element name="lastLogin" type="xsd:string" minOccurs="1" maxOccurs="1"/> <xsd:element name="OnlineApplication" type="OnlineApplication" minOccurs="0" maxOccurs="unbounded"/> + <xsd:element name="onlyBusinessService" type="xsd:boolean" default="false" minOccurs="1" maxOccurs="1"> + <xsd:annotation> + <xsd:appinfo> + <hj:ignored/> + </xsd:appinfo> + </xsd:annotation> + </xsd:element> + <xsd:element name="businessServiceType" type="xsd:string" minOccurs="0" maxOccurs="1"> + <xsd:annotation> + <xsd:appinfo> + <hj:ignored/> + </xsd:appinfo> + </xsd:annotation> + </xsd:element> </xsd:sequence> </xsd:complexType> <xsd:complexType name="BKUSelectionCustomizationType"> diff --git a/id/server/pom.xml b/id/server/pom.xml index d748c01eb..bbaac8e5e 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -4,7 +4,7 @@ <parent>
<groupId>MOA</groupId>
<artifactId>id</artifactId>
- <version>2.0.1</version>
+ <version>2.0.x</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml index e47b31144..ff6608451 100644 --- a/id/server/proxy/pom.xml +++ b/id/server/proxy/pom.xml @@ -2,7 +2,7 @@ <parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>2.0.1</version>
+ <version>2.0.x</version>
</parent>
<properties>
@@ -4,12 +4,18 @@ <groupId>MOA</groupId>
<artifactId>MOA</artifactId>
<packaging>pom</packaging>
- <version>2.0.1</version>
+ <version>${moa-idspss-version}</version>
<name>MOA</name>
<properties>
<repositoryPath>${basedir}/repository</repositoryPath>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+
+ <moa-idspss-version>2.0.2</moa-idspss-version>
+ <moa-id-version>2.0.2-Snapshot</moa-id-version>
+ <moa-spss-version>2.0.1</moa-spss-version>
+ <configtool-version>1.0.2-Snapshot</configtool-version>
+ <demo-oa-version>2.0.1</demo-oa-version>
</properties>
<profiles>
@@ -51,15 +57,33 @@ </profiles>
<build>
+ <pluginManagement>
<plugins>
- <plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
-
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
@@ -100,7 +124,7 @@ </configuration>
</plugin>
</plugins>
-
+ </pluginManagement>
</build>
<reporting>
@@ -216,38 +240,38 @@ <dependency>
<groupId>MOA</groupId>
<artifactId>moa-common</artifactId>
- <version>2.0.1</version>
+ <version>${moa-idspss-version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
- <version>2.0.1</version>
+ <version>${moa-id-version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-commons</artifactId>
- <version>2.0.1</version>
+ <version>${moa-id-version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>MOA.spss.server</groupId>
<artifactId>moa-spss-lib</artifactId>
- <version>2.0.1</version>
+ <version>${moa-spss-version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>MOA</groupId>
<artifactId>moa-common</artifactId>
- <version>2.0.1</version>
+ <version>${moa-idspss-version}</version>
<type>test-jar</type>
<scope>test</scope>
</dependency>
<dependency>
<groupId>MOA.spss.server</groupId>
<artifactId>moa-spss-tools</artifactId>
- <version>2.0.1</version>
+ <version>${moa-spss-version}</version>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/spss/pom.xml b/spss/pom.xml index 165a09dba..abc8de527 100644 --- a/spss/pom.xml +++ b/spss/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA</groupId> <artifactId>MOA</artifactId> - <version>2.0.1</version> + <version>2.0.2</version> </parent> <modelVersion>4.0.0</modelVersion> |