diff options
Diffstat (limited to 'id.server/src/at/gv')
26 files changed, 1160 insertions, 335 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index e9d9c7175..bc3e075be 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -54,6 +54,7 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.FileUtils; @@ -67,21 +68,21 @@ import at.gv.egovernment.moa.util.FileUtils; * @version $Id$ */ public class AuthenticationServer implements MOAIDAuthConstants { - - /** single instance */ - private static AuthenticationServer instance; - /** session data store (session ID -> AuthenticationSession) */ - private static Map sessionStore = new HashMap(); - /** authentication data store (assertion handle -> AuthenticationData) */ - private static Map authenticationDataStore = new HashMap(); - /** - * time out in milliseconds used by {@link cleanup} for session store - */ - private long sessionTimeOut = 10*60*1000; // default 10 minutes - /** - * time out in milliseconds used by {@link cleanup} for authentication data store - */ - private long authDataTimeOut = 2*60*1000; // default 2 minutes + + /** single instance */ + private static AuthenticationServer instance; + /** session data store (session ID -> AuthenticationSession) */ + private static Map sessionStore = new HashMap(); + /** authentication data store (assertion handle -> AuthenticationData) */ + private static Map authenticationDataStore = new HashMap(); + /** + * time out in milliseconds used by {@link cleanup} for session store + */ + private long sessionTimeOut = 10 * 60 * 1000; // default 10 minutes + /** + * time out in milliseconds used by {@link cleanup} for authentication data store + */ + private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes /** * Returns the single instance of <code>AuthenticationServer</code>. @@ -122,24 +123,35 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws BuildException while building the HTML form */ public String selectBKU( - String authURL, String target, String oaURL, String bkuSelectionTemplateURL, String templateURL) + String authURL, + String target, + String oaURL, + String bkuSelectionTemplateURL, + String templateURL) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { - + + //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) + String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter( + AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) + throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); if (isEmpty(authURL)) throw new WrongParametersException("StartAuthentication", "AuthURL"); if (isEmpty(target)) throw new WrongParametersException("StartAuthentication", PARAM_TARGET); if (isEmpty(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA); - if (! authURL.startsWith("https:")) - throw new AuthenticationException("auth.07", null); - ConnectionParameter bkuConnParam = AuthConfigurationProvider.getInstance().getBKUConnectionParameter(); + + ConnectionParameter bkuConnParam = + AuthConfigurationProvider.getInstance().getBKUConnectionParameter(); if (bkuConnParam == null) - throw new ConfigurationException("config.08", new Object[] {"BKUSelection/ConnectionParameter"}); - OAAuthParameter oaParam = + throw new ConfigurationException( + "config.08", + new Object[] { "BKUSelection/ConnectionParameter" }); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] {oaURL}); + throw new AuthenticationException("auth.00", new Object[] { oaURL }); AuthenticationSession session = newSession(); Logger.info("MOASession " + session.getSessionID() + " angelegt"); session.setTarget(target); @@ -147,32 +159,37 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); session.setAuthURL(authURL); session.setTemplateURL(templateURL); - String returnURL = new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID()); + String returnURL = + new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID()); String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { // bkuSelectionType==HTMLComplete String redirectURL = bkuConnParam.getUrl() + "?" + AuthServlet.PARAM_RETURN + "=" + returnURL; return redirectURL; - } - else { + } else { // bkuSelectionType==HTMLSelect String bkuSelectTag; try { bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam); - } - catch (Throwable ex) { - throw new AuthenticationException("auth.03", new Object[] {bkuConnParam.getUrl(), ex.toString()}, ex); + } catch (Throwable ex) { + throw new AuthenticationException( + "auth.03", + new Object[] { bkuConnParam.getUrl(), ex.toString()}, + ex); } String bkuSelectionTemplate = null; if (bkuSelectionTemplateURL != null) { try { bkuSelectionTemplate = new String(FileUtils.readURL(bkuSelectionTemplateURL)); - } - catch (IOException ex) { - throw new AuthenticationException("auth.03", new Object[] {bkuSelectionTemplateURL, ex.toString()}, ex); + } catch (IOException ex) { + throw new AuthenticationException( + "auth.03", + new Object[] { bkuSelectionTemplateURL, ex.toString()}, + ex); } } - String htmlForm = new SelectBKUFormBuilder().build(bkuSelectionTemplate, returnURL, bkuSelectTag); + String htmlForm = + new SelectBKUFormBuilder().build(bkuSelectionTemplate, returnURL, bkuSelectTag); return htmlForm; } } @@ -186,47 +203,57 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws IOException on any data error * @throws GeneralSecurityException on security errors */ - private String readBKUSelectTag(ConfigurationProvider conf, ConnectionParameter connParam) + private String readBKUSelectTag(ConfigurationProvider conf, ConnectionParameter connParam) throws ConfigurationException, PKIException, IOException, GeneralSecurityException { - + if (connParam.isHTTPSURL()) return new String(SSLUtils.readHttpsURL(conf, connParam)); else return new String(FileUtils.readURL(connParam.getUrl())); } /** - * Processes the beginning of an authentication session. - * <ul> - * <li>Starts an authentication session</li> - * <li>Creates an <code><InfoboxReadRequest></code></li> - * <li>Creates an HTML form for querying the identity link from the - * security layer implementation. - * <br>Form parameters include - * <ul> - * <li>the <code><InfoboxReadRequest></code></li> - * <li>the data URL where the security layer implementation sends it response to</li> - * </ul> - * </ul> + * Processes the beginning of an authentication session. + * <ul> + * <li>Starts an authentication session</li> + * <li>Creates an <code><InfoboxReadRequest></code></li> + * <li>Creates an HTML form for querying the identity link from the + * security layer implementation. + * <br>Form parameters include + * <ul> + * <li>the <code><InfoboxReadRequest></code></li> + * <li>the data URL where the security layer implementation sends it response to</li> + * </ul> + * </ul> * @param authURL URL of the servlet to be used as data URL * @param target "Geschäftsbereich" of the online application requested * @param oaURL online application URL requested * @param bkuURL URL of the "Bürgerkartenumgebung" to be used; * may be <code>null</code>; in this case, the default location will be used * @param templateURL URL providing an HTML template for the HTML form generated - * @return HTML form + * @return HTML form * @throws AuthenticationException * @see GetIdentityLinkFormBuilder * @see InfoboxReadRequestBuilder - */ - public String startAuthentication( - String authURL, String target, String oaURL, String templateURL, String bkuURL, String sessionID) - throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { + */ + public String startAuthentication( + String authURL, + String target, + String oaURL, + String templateURL, + String bkuURL, + String sessionID) + throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { if (isEmpty(sessionID)) { if (isEmpty(authURL)) throw new WrongParametersException("StartAuthentication", "AuthURL"); - if (! authURL.startsWith("https:")) - throw new AuthenticationException("auth.07", null); + + //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) + String boolStr = + AuthConfigurationProvider.getInstance().getGenericConfigurationParameter( + AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) + throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); if (isEmpty(target)) throw new WrongParametersException("StartAuthentication", PARAM_TARGET); if (isEmpty(oaURL)) @@ -234,105 +261,128 @@ public class AuthenticationServer implements MOAIDAuthConstants { } AuthenticationSession session; if (sessionID != null) - session = getSession(sessionID); - else { - OAAuthParameter oaParam = + session = getSession(sessionID); + else { + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] {oaURL}); + throw new AuthenticationException("auth.00", new Object[] { oaURL }); session = newSession(); - Logger.info("MOASession " + session.getSessionID() + " angelegt"); - session.setTarget(target); - session.setOAURLRequested(oaURL); - session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - session.setAuthURL(authURL); + Logger.info("MOASession " + session.getSessionID() + " angelegt"); + session.setTarget(target); + session.setOAURLRequested(oaURL); + session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); + session.setAuthURL(authURL); session.setTemplateURL(templateURL); } - String infoboxReadRequest = new InfoboxReadRequestBuilder().build(); - String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session.getSessionID()); + String infoboxReadRequest = new InfoboxReadRequestBuilder().build(); + String dataURL = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_VERIFY_IDENTITY_LINK, + session.getSessionID()); String template = null; if (session.getTemplateURL() != null) { - try { - template = new String(FileUtils.readURL(session.getTemplateURL())); - } - catch (IOException ex) { - throw new AuthenticationException("auth.03", new Object[] {session.getTemplateURL(), ex.toString()}, ex); + try { + template = new String(FileUtils.readURL(session.getTemplateURL())); + } catch (IOException ex) { + throw new AuthenticationException( + "auth.03", + new Object[] { session.getTemplateURL(), ex.toString()}, + ex); } } String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(); - String certInfoDataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), REQ_START_AUTHENTICATION, session.getSessionID()); - String htmlForm = new GetIdentityLinkFormBuilder().build( - template, bkuURL, infoboxReadRequest, dataURL, certInfoRequest, certInfoDataURL); - return htmlForm; - } - /** - * Processes an <code><InfoboxReadResponse></code> sent by the - * security layer implementation.<br> - * <ul> - * <li>Validates given <code><InfoboxReadResponse></code></li> - * <li>Parses identity link enclosed in <code><InfoboxReadResponse></code></li> - * <li>Verifies identity link by calling the MOA SP component</li> - * <li>Checks certificate authority of identity link</li> - * <li>Stores identity link in the session</li> - * <li>Creates an authentication block to be signed by the user</li> - * <li>Creates and returns a <code><CreateXMLSignatureRequest></code> - * containg the authentication block, meant to be returned to the - * security layer implementation</li> - * </ul> - * - * @param sessionID ID of associated authentication session data - * @param xmlInfoboxReadResponse String representation of the - * <code><InfoboxReadResponse></code> - * @return String representation of the <code><CreateXMLSignatureRequest></code> - */ - public String verifyIdentityLink (String sessionID, String xmlInfoboxReadResponse) - throws AuthenticationException, ParseException, ConfigurationException, ValidateException, ServiceException, WrongParametersException { - + String certInfoDataURL = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_START_AUTHENTICATION, + session.getSessionID()); + String htmlForm = + new GetIdentityLinkFormBuilder().build( + template, + bkuURL, + infoboxReadRequest, + dataURL, + certInfoRequest, + certInfoDataURL); + return htmlForm; + } + /** + * Processes an <code><InfoboxReadResponse></code> sent by the + * security layer implementation.<br> + * <ul> + * <li>Validates given <code><InfoboxReadResponse></code></li> + * <li>Parses identity link enclosed in <code><InfoboxReadResponse></code></li> + * <li>Verifies identity link by calling the MOA SP component</li> + * <li>Checks certificate authority of identity link</li> + * <li>Stores identity link in the session</li> + * <li>Creates an authentication block to be signed by the user</li> + * <li>Creates and returns a <code><CreateXMLSignatureRequest></code> + * containg the authentication block, meant to be returned to the + * security layer implementation</li> + * </ul> + * + * @param sessionID ID of associated authentication session data + * @param xmlInfoboxReadResponse String representation of the + * <code><InfoboxReadResponse></code> + * @return String representation of the <code><CreateXMLSignatureRequest></code> + */ + public String verifyIdentityLink(String sessionID, String xmlInfoboxReadResponse) + throws + AuthenticationException, + ParseException, + ConfigurationException, + ValidateException, + ServiceException { + if (isEmpty(sessionID)) - throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID); + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID}); if (isEmpty(xmlInfoboxReadResponse)) - throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE); - AuthenticationSession session = getSession(sessionID); + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE}); + AuthenticationSession session = getSession(sessionID); if (session.getTimestampIdentityLink() != null) - throw new AuthenticationException("auth.01", new Object[] {sessionID}); - session.setTimestampIdentityLink(); + throw new AuthenticationException("auth.01", new Object[] { sessionID }); + session.setTimestampIdentityLink(); AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); // parses the <InfoboxReadResponse> - IdentityLink identityLink = new InfoboxReadResponseParser(xmlInfoboxReadResponse). - parseIdentityLink(); + IdentityLink identityLink = + new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink(); // validates the identity link - IdentityLinkValidator.getInstance().validate(identityLink); + IdentityLinkValidator.getInstance().validate(identityLink); // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build( - identityLink, authConf.getMoaSpIdentityLinkTrustProfileID()); + Element domVerifyXMLSignatureRequest = + new VerifyXMLSignatureRequestBuilder().build( + identityLink, + authConf.getMoaSpIdentityLinkTrustProfileID()); // debug output - debugOutputXMLFile("VerifyIdentityLinkRequest.xml", domVerifyXMLSignatureRequest); + if(null != domVerifyXMLSignatureRequest) + debugOutputXMLFile("VerifyIdentityLinkRequest.xml", domVerifyXMLSignatureRequest); // invokes the call - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker(). - verifyXMLSignature(domVerifyXMLSignatureRequest); + Element domVerifyXMLSignatureResponse = + new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); // parses the <VerifyXMLSignatureResponse> - VerifyXMLSignatureResponse verifyXMLSignatureResponse = - new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData(); + VerifyXMLSignatureResponse verifyXMLSignatureResponse = + new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData(); // debug output - debugOutputXMLFile("VerifyIdentityLinkResponse.xml", domVerifyXMLSignatureResponse); + if(null != domVerifyXMLSignatureResponse) + debugOutputXMLFile("VerifyIdentityLinkResponse.xml", domVerifyXMLSignatureResponse); // validates the <VerifyXMLSignatureResponse> - VerifyXMLSignatureResponseValidator.getInstance().validate( - verifyXMLSignatureResponse, + VerifyXMLSignatureResponseValidator.getInstance().validate( + verifyXMLSignatureResponse, authConf.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK); - - session.setIdentityLink(identityLink); + + session.setIdentityLink(identityLink); // builds the AUTH-block String authBlock = buildAuthenticationBlock(session); - session.setAuthBlock(authBlock); + session.setAuthBlock(authBlock); // builds the <CreateXMLSignatureRequest> - String[] transformInfos = authConf.getTransformsInfos(); - String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder(). - build(authBlock, transformInfos); - return createXMLSignatureRequest; - } + String[] transformInfos = authConf.getTransformsInfos(); + String createXMLSignatureRequest = + new CreateXMLSignatureRequestBuilder().build(authBlock, transformInfos); + return createXMLSignatureRequest; + } /** * Builds an authentication block <code><saml:Assertion></code> from given session data. * @param session authentication session @@ -345,74 +395,92 @@ public class AuthenticationServer implements MOAIDAuthConstants { String authURL = session.getAuthURL(); String target = session.getTarget(); String oaURL = session.getPublicOAURLPrefix(); - String authBlock = new AuthenticationBlockAssertionBuilder(). - build(issuer, issueInstant, authURL, target, oaURL); + String authBlock = + new AuthenticationBlockAssertionBuilder().build(issuer, issueInstant, authURL, target, oaURL); return authBlock; } - /** - * Processes a <code><CreateXMLSignatureResponse></code> sent by the - * security layer implementation.<br> - * <ul> - * <li>Validates given <code><CreateXMLSignatureResponse></code></li> - * <li>Parses <code><CreateXMLSignatureResponse></code> for error codes</li> - * <li>Parses authentication block enclosed in - * <code><CreateXMLSignatureResponse></code></li> - * <li>Verifies authentication block by calling the MOA SP component</li> - * <li>Creates authentication data</li> - * <li>Creates a corresponding SAML artifact</li> - * <li>Stores authentication data in the authentication data store - * indexed by the SAML artifact</li> - * <li>Deletes authentication session</li> - * <li>Returns the SAML artifact, encoded BASE64</li> - * </ul> - * - * @param sessionID session ID of the running authentication session - * @param xmlCreateXMLSignatureReadResponse String representation of the - * <code><CreateXMLSignatureResponse></code> - * @return SAML artifact needed for retrieving authentication data, encoded BASE64 - */ - public String verifyAuthenticationBlock( - String sessionID, String xmlCreateXMLSignatureReadResponse) - throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException, WrongParametersException { + /** + * Processes a <code><CreateXMLSignatureResponse></code> sent by the + * security layer implementation.<br> + * <ul> + * <li>Validates given <code><CreateXMLSignatureResponse></code></li> + * <li>Parses <code><CreateXMLSignatureResponse></code> for error codes</li> + * <li>Parses authentication block enclosed in + * <code><CreateXMLSignatureResponse></code></li> + * <li>Verifies authentication block by calling the MOA SP component</li> + * <li>Creates authentication data</li> + * <li>Creates a corresponding SAML artifact</li> + * <li>Stores authentication data in the authentication data store + * indexed by the SAML artifact</li> + * <li>Deletes authentication session</li> + * <li>Returns the SAML artifact, encoded BASE64</li> + * </ul> + * + * @param sessionID session ID of the running authentication session + * @param xmlCreateXMLSignatureReadResponse String representation of the + * <code><CreateXMLSignatureResponse></code> + * @return SAML artifact needed for retrieving authentication data, encoded BASE64 + */ + public String verifyAuthenticationBlock( + String sessionID, + String xmlCreateXMLSignatureReadResponse) + throws + AuthenticationException, + BuildException, + ParseException, + ConfigurationException, + ServiceException, + ValidateException { if (isEmpty(sessionID)) - throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID); + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); if (isEmpty(xmlCreateXMLSignatureReadResponse)) - throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE); - AuthenticationSession session = getSession(sessionID); + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + AuthenticationSession session = getSession(sessionID); AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); // parses <CreateXMLSignatureResponse> - CreateXMLSignatureResponse csresp = - new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); + CreateXMLSignatureResponse csresp = + new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); // validates <CreateXMLSignatureResponse> - new CreateXMLSignatureResponseValidator().validate(csresp, session.getTarget(), session.getPublicOAURLPrefix()); + new CreateXMLSignatureResponseValidator().validate( + csresp, + session.getTarget(), + session.getPublicOAURLPrefix()); // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); // debug output - AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockRequest.xml", domVsreq); + if(null != domVsreq) + AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockRequest.xml", domVsreq); // invokes the call Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq); // parses the <VerifyXMLSignatureResponse> VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData(); // debug output - AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockResponse.xml", domVsresp); + if(null != domVsresp) + AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockResponse.xml", domVsresp); // validates the <VerifyXMLSignatureResponse> VerifyXMLSignatureResponseValidator.getInstance().validate( - vsresp, null,VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK); + vsresp, + null, + VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK); // compares the public keys from the identityLink with the AuthBlock - VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(vsresp, session.getIdentityLink()); - + VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( + vsresp, + session.getIdentityLink()); + // builds authentication data and stores it together with a SAML artifact - AuthenticationData authData = buildAuthenticationData(session, vsresp); - String samlArtifact = new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); - storeAuthenticationData(samlArtifact, authData); + AuthenticationData authData = buildAuthenticationData(session, vsresp); + String samlArtifact = + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + storeAuthenticationData(samlArtifact, authData); // invalidates the authentication session - sessionStore.remove(sessionID); - Logger.info("Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); + sessionStore.remove(sessionID); + Logger.info( + "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); return samlArtifact; - } + } /** * Builds the AuthenticationData object together with the * corresponding <code><saml:Assertion></code> @@ -422,20 +490,23 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws ConfigurationException while accessing configuration data * @throws BuildException while building the <code><saml:Assertion></code> */ - private AuthenticationData buildAuthenticationData( - AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp) - throws ConfigurationException, BuildException { - + private AuthenticationData buildAuthenticationData( + AuthenticationSession session, + VerifyXMLSignatureResponse verifyXMLSigResp) + throws ConfigurationException, BuildException { + IdentityLink identityLink = session.getIdentityLink(); - AuthenticationData authData = new AuthenticationData(); + AuthenticationData authData = new AuthenticationData(); authData.setMajorVersion(1); authData.setMinorVersion(0); authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); - String vpkBase64 = new VPKBuilder().buildVPK( - identityLink.getIdentificationValue(), identityLink.getDateOfBirth(), session.getTarget()); + String vpkBase64 = + new VPKBuilder().buildVPK( + identityLink.getIdentificationValue(), + identityLink.getDateOfBirth(), + session.getTarget()); authData.setVPK(vpkBase64); authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); @@ -443,57 +514,57 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setQualifiedCertificate(verifyXMLSigResp.isQualifiedCertificate()); authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode()); - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - String prPerson = new PersonDataBuilder().build( - identityLink, oaParam.getProvideZMRZahl()); - - try { - String ilAssertion = - oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : ""; + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + String prPerson = new PersonDataBuilder().build(identityLink, oaParam.getProvideZMRZahl()); + + try { + String ilAssertion = + oaParam.getProvideIdentityLink() + ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) + : ""; String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : ""; - String samlAssertion = new AuthenticationDataAssertionBuilder().build( - authData, prPerson, authBlock, ilAssertion); + String samlAssertion = + new AuthenticationDataAssertionBuilder().build(authData, prPerson, authBlock, ilAssertion); authData.setSamlAssertion(samlAssertion); - return authData; - } - catch (Throwable ex) { - throw new BuildException( - "builder.00", - new Object[] { "AuthenticationData", ex.toString() }, - ex); - } - } - /** - * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact. - * The <code>AuthenticationData</code> is deleted from the store upon end of this call. - * - * @return <code>AuthenticationData</code> - */ - public AuthenticationData getAuthenticationData(String samlArtifact) throws AuthenticationException { + return authData; + } catch (Throwable ex) { + throw new BuildException( + "builder.00", + new Object[] { "AuthenticationData", ex.toString()}, + ex); + } + } + /** + * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact. + * The <code>AuthenticationData</code> is deleted from the store upon end of this call. + * + * @return <code>AuthenticationData</code> + */ + public AuthenticationData getAuthenticationData(String samlArtifact) + throws AuthenticationException { String assertionHandle; try { assertionHandle = new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); - } - catch (ParseException ex) { - throw new AuthenticationException("1205", new Object[] {samlArtifact, ex.toString()}); + } catch (ParseException ex) { + throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString()}); } AuthenticationData authData = null; synchronized (authenticationDataStore) { - authData = (AuthenticationData)authenticationDataStore.get(assertionHandle); - if (authData == null) { + authData = (AuthenticationData) authenticationDataStore.get(assertionHandle); + if (authData == null) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); - throw new AuthenticationException("1206", new Object[] {samlArtifact}); + throw new AuthenticationException("1206", new Object[] { samlArtifact }); } authenticationDataStore.remove(assertionHandle); - } + } long now = new Date().getTime(); if (now - authData.getTimestamp().getTime() > authDataTimeOut) - throw new AuthenticationException("1207", new Object[] {samlArtifact}); + throw new AuthenticationException("1207", new Object[] { samlArtifact }); Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); - return authData; - } + return authData; + } /** * Stores authentication data indexed by the assertion handle contained in the * given saml artifact. @@ -501,26 +572,24 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @param authData authentication data * @throws AuthenticationException when SAML artifact is invalid */ - private void storeAuthenticationData(String samlArtifact, AuthenticationData authData) + private void storeAuthenticationData(String samlArtifact, AuthenticationData authData) throws AuthenticationException { - - try { + + try { SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact); // check type code 0x0001 byte[] typeCode = parser.parseTypeCode(); if (typeCode[0] != 0 || typeCode[1] != 1) - throw new AuthenticationException("auth.06", new Object[] {samlArtifact}); + throw new AuthenticationException("auth.06", new Object[] { samlArtifact }); String assertionHandle = parser.parseAssertionHandle(); - synchronized(authenticationDataStore) { + synchronized (authenticationDataStore) { Logger.debug("Assertion stored for SAML Artifact: " + samlArtifact); authenticationDataStore.put(assertionHandle, authData); } - } - catch (AuthenticationException ex) { + } catch (AuthenticationException ex) { throw ex; - } - catch (Throwable ex) { - throw new AuthenticationException("auth.06", new Object[] {samlArtifact}); + } catch (Throwable ex) { + throw new AuthenticationException("auth.06", new Object[] { samlArtifact }); } } /** @@ -533,13 +602,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { * already for the given session ID */ private static AuthenticationSession newSession() throws AuthenticationException { - String sessionID = Random.nextRandom(); + String sessionID = Random.nextRandom(); AuthenticationSession newSession = new AuthenticationSession(sessionID); synchronized (sessionStore) { - AuthenticationSession session = (AuthenticationSession)sessionStore.get(sessionID); - if (session != null) - throw new AuthenticationException("auth.01", new Object[] { sessionID }); - sessionStore.put(sessionID, newSession); + AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID); + if (session != null) + throw new AuthenticationException("auth.01", new Object[] { sessionID }); + sessionStore.put(sessionID, newSession); } return newSession; } @@ -551,38 +620,45 @@ public class AuthenticationServer implements MOAIDAuthConstants { * <code>null</code> if session ID unknown */ public static AuthenticationSession getSession(String id) throws AuthenticationException { - AuthenticationSession session = (AuthenticationSession)sessionStore.get(id); + AuthenticationSession session = (AuthenticationSession) sessionStore.get(id); if (session == null) - throw new AuthenticationException("auth.02", new Object[] { id }); + throw new AuthenticationException("auth.02", new Object[] { id }); return session; } /** * Cleans up expired session and authentication data stores. */ public void cleanup() { - long now = new Date().getTime(); - synchronized(sessionStore) { - Set keys = new HashSet(sessionStore.keySet()); - for (Iterator iter = keys.iterator(); iter.hasNext(); ) { - String sessionID = (String) iter.next(); - AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID); - if (now - session.getTimestampStart().getTime() > sessionTimeOut) { - Logger.info(MOAIDMessageProvider.getInstance().getMessage("cleaner.02", new Object[] {sessionID})); - sessionStore.remove(sessionID); - } - } - } - synchronized(authenticationDataStore) { - Set keys = new HashSet(authenticationDataStore.keySet()); - for (Iterator iter = keys.iterator(); iter.hasNext(); ) { - String samlArtifact = (String) iter.next(); - AuthenticationData authData = (AuthenticationData) authenticationDataStore.get(samlArtifact); - if (now - authData.getTimestamp().getTime() > authDataTimeOut) { - Logger.info(MOAIDMessageProvider.getInstance().getMessage("cleaner.03", new Object[] {samlArtifact})); - authenticationDataStore.remove(samlArtifact); - } - } - } + long now = new Date().getTime(); + synchronized (sessionStore) { + Set keys = new HashSet(sessionStore.keySet()); + for (Iterator iter = keys.iterator(); iter.hasNext();) { + String sessionID = (String) iter.next(); + AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID); + if (now - session.getTimestampStart().getTime() > sessionTimeOut) { + Logger.info( + MOAIDMessageProvider.getInstance().getMessage( + "cleaner.02", + new Object[] { sessionID })); + sessionStore.remove(sessionID); + } + } + } + synchronized (authenticationDataStore) { + Set keys = new HashSet(authenticationDataStore.keySet()); + for (Iterator iter = keys.iterator(); iter.hasNext();) { + String samlArtifact = (String) iter.next(); + AuthenticationData authData = + (AuthenticationData) authenticationDataStore.get(samlArtifact); + if (now - authData.getTimestamp().getTime() > authDataTimeOut) { + Logger.info( + MOAIDMessageProvider.getInstance().getMessage( + "cleaner.03", + new Object[] { samlArtifact })); + authenticationDataStore.remove(samlArtifact); + } + } + } } /** @@ -599,7 +675,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { public void setSecondsAuthDataTimeOut(long seconds) { authDataTimeOut = 1000 * seconds; } - + /** * Checks a parameter. * @param param parameter @@ -620,8 +696,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { try { String xmlString = new String(DOMUtils.serializeNode(rootElem)); debugOutputXMLFile(filename, xmlString); - } - catch (Exception ex) { + } catch (Exception ex) { ex.printStackTrace(); } } @@ -639,8 +714,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { byte[] xmlData = xmlString.getBytes("UTF-8"); fout.write(xmlData); fout.close(); - } - catch (Exception ex) { + } catch (Exception ex) { ex.printStackTrace(); } } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 8693c71a9..f8c287cb6 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -22,6 +22,8 @@ public class CreateXMLSignatureRequestBuilder implements Constants { "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + nl + "<sl11:CreateXMLSignatureRequest xmlns:dsig=''" + DSIG_NS_URI + "'' xmlns:sl10=''" + SL10_NS_URI + "'' xmlns:sl11=''" + SL11_NS_URI + "''>" + nl + " <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier>" + nl + + //TODO RS Lsg Switch SecureSignatureKeypair / CertifiedKeyPair + //" <sl11:KeyboxIdentifier>CertifiedKeypair</sl11:KeyboxIdentifier>" + nl + " <sl11:DataObjectInfo Structure=''detached''>" + nl + " <sl10:DataObject Reference=''''/>" + nl + "{1}" + diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java index 575149d9e..30cc1df5a 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -1,6 +1,10 @@ package at.gv.egovernment.moa.id.auth.builder; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; /** * Builds a DataURL parameter meant for the security layer implementation @@ -29,7 +33,31 @@ public class DataURLBuilder { * @return String */ public String buildDataURL(String authBaseURL, String authServletName, String sessionID) { - String dataURL = authBaseURL + authServletName; + + String individualDataURLPrefix = null; + String dataURL; + try { + //check if an individual prefix is configured + individualDataURLPrefix = AuthConfigurationProvider.getInstance(). + getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX); + + if (null != individualDataURLPrefix) { + + //check individualDataURLPrefix + if(!individualDataURLPrefix.startsWith("http")) + throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix})); + + //when ok then use it + dataURL = individualDataURLPrefix + authServletName; + } else + dataURL = authBaseURL + authServletName; + + } catch (ConfigurationException e) { + Logger.warn(e); + Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", new Object[] { authBaseURL } )); + dataURL = authBaseURL + authServletName; + } + dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID); return dataURL; } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 3a1cab4be..6ff52bc4a 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -7,6 +7,10 @@ import java.util.Enumeration; import java.util.HashMap; import java.util.Map; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletConfig; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -43,13 +47,29 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { protected void handleError( String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) { - if (exceptionThrown != null) - Logger.error(errorMessage, exceptionThrown); - else + + if(null != errorMessage) { Logger.error(errorMessage); - req.setAttribute("ErrorMessage", errorMessage); - req.setAttribute("ExceptionThrown", exceptionThrown); - resp.setStatus(500); + req.setAttribute("ErrorMessage", errorMessage ); + } + + if (null != exceptionThrown) { + if(null == errorMessage) errorMessage = exceptionThrown.getMessage(); + Logger.error(errorMessage, exceptionThrown); + req.setAttribute("ExceptionThrown", exceptionThrown); + } + + //forward this to errorpage.jsp wher the HTML error page is generated + ServletContext context = getServletContext(); + RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage.jsp"); + try { + dispatcher.forward(req, resp); + } catch (ServletException e) { + Logger.error(e); + } catch (IOException e) { + Logger.error(e); + } + } /** * Handles a <code>WrongParametersException</code>. @@ -58,8 +78,18 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { */ protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) { Logger.error(ex.toString()); - req.setAttribute("WrongParameters", "true"); - resp.setStatus(500); + req.setAttribute("WrongParameters", ex.getMessage()); + + // forward this to errorpage.jsp where the HTML error page is generated + ServletContext context = getServletContext(); + RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage.jsp"); + try { + dispatcher.forward(req, resp); + } catch (ServletException e) { + Logger.error(e); + } catch (IOException e) { + Logger.error(e); + } } /** @@ -114,4 +144,13 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { } return bout.toString(); } + + /** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ + public void init(ServletConfig servletConfig) throws ServletException { + super.init(servletConfig); + } } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java index 554819f73..1dc1897b2 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java @@ -2,6 +2,9 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; import java.io.PrintWriter; +import java.text.DateFormat; +import java.util.Date; +import java.util.Locale; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; @@ -43,8 +46,11 @@ public class ConfigurationServlet extends HttpServlet { try { MOAIDAuthInitializer.initialized=false; MOAIDAuthInitializer.initialize(); - String message = msg.getMessage("config.00", null); + String message = msg.getMessage("config.00", new Object[] + { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} ); + Logger.info(message); + //TODO low-priority: change to ErrorPage out.println("<p><b>"); out.println(message); out.println("</b></p>"); diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index 50ca21c69..422ddf0a3 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -35,6 +35,7 @@ public class SelectBKUServlet extends AuthServlet { */ public void init(ServletConfig servletConfig) throws ServletException { try { + super.init(servletConfig); MOAIDAuthInitializer.initialize(); Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); } @@ -71,9 +72,9 @@ public class SelectBKUServlet extends AuthServlet { String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { // bkuSelectionType==HTMLComplete - String redirectURL = returnValue; + String redirectURL = returnValue; resp.sendRedirect(redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); + Logger.info("REDIRECT TO: " + redirectURL); } else { // bkuSelectionType==HTMLSelect diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 2ea43935b..6308742bf 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -90,6 +90,7 @@ public class StartAuthenticationServlet extends AuthServlet { */ public void init(ServletConfig servletConfig) throws ServletException { try { + super.init(servletConfig); MOAIDAuthInitializer.initialize(); Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); } @@ -97,6 +98,6 @@ public class StartAuthenticationServlet extends AuthServlet { Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); throw new ServletException(ex); } - } + } } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 8d16f73dd..eda0c6726 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -10,7 +10,6 @@ import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.logging.Logger; @@ -70,8 +69,10 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { Map parameters = getParameters(req); String sessionID = req.getParameter(PARAM_SESSIONID); String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); - // debug output - AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureResponse.xml", createXMLSignatureResponse); + + // debug XMLSignatureResponse from BKU + if(null != createXMLSignatureResponse) + AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureResponse.xml", createXMLSignatureResponse); try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); String samlArtifactBase64 = @@ -84,9 +85,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { resp.addHeader("Location", redirectURL); Logger.debug("REDIRECT TO: " + redirectURL); } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } + catch (MOAIDException ex) { handleError(null, ex, req, resp); } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index d3a28c7d4..55bce7af3 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -10,7 +10,6 @@ import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.logging.Logger; @@ -68,7 +67,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet { String sessionID = req.getParameter(PARAM_SESSIONID); String infoboxReadResponse = (String)parameters.get(PARAM_XMLRESPONSE); // debug output - AuthenticationServer.debugOutputXMLFile("InfoboxReadResponse.xml", infoboxReadResponse); + if(null != infoboxReadResponse) + AuthenticationServer.debugOutputXMLFile("InfoboxReadResponse.xml", infoboxReadResponse); try { String createXMLSignatureRequest = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, infoboxReadResponse); @@ -79,16 +79,14 @@ public class VerifyIdentityLinkServlet extends AuthServlet { resp.addHeader("Location", dataURL); resp.setContentType("text/xml"); // debug output - AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureRequest.xml", createXMLSignatureRequest); + if(null != createXMLSignatureRequest) + AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureRequest.xml", createXMLSignatureRequest); OutputStream out = resp.getOutputStream(); out.write(createXMLSignatureRequest.getBytes("UTF-8")); out.flush(); out.close(); Logger.debug("Finished POST VerifyIdentityLink"); } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } catch (MOAIDException ex) { handleError(null, ex, req, resp); } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index a238d28cb..8de475f95 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -53,6 +53,7 @@ public class VerifyXMLSignatureResponseValidator { if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) throw new ValidateException("validator.06", null); + //TODO enhance error messages (reason why check failed) if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) if (whatToCheck.equals(CHECK_IDENTITY_LINK)) throw new ValidateException("validator.07", null); diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index f91222ac3..6d3e05c29 100644 --- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -111,7 +111,9 @@ public class ConfigurationBuilder { private static final String OA_PROXY_SESSION_TIMEOUT_XPATH = CONF + "ProxyComponent/@sessionTimeOut"; /** an XPATH-Expression */ private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl"; - /** an XPATH-Expression */ + /** an XPATH-Expression */ + private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration"; + /** an XPATH-Expression */ private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl"; /** an XPATH-Expression */ private static final String CONNECTION_PARAMETER_URL_XPATH = @@ -160,6 +162,12 @@ public class ConfigurationBuilder { private static final String TRUSTED_CA_CERTIFICATES_XPATH = ROOT + CONF + "TrustedCACertificates"; + + /** + * main configuration file directory name used to configure MOA-ID + */ + private String rootConfigFileDir; + /** The root element of the MOA-ID configuration */ private Element configElem; @@ -168,8 +176,9 @@ public class ConfigurationBuilder { * * @param configElem The root element of the MOA-ID configuration. */ - public ConfigurationBuilder(Element configElem) { + public ConfigurationBuilder(Element configElem, String rootConfigDir) { this.configElem = configElem; + this.rootConfigFileDir = rootConfigDir; } /** @@ -386,10 +395,18 @@ public class ConfigurationBuilder { ConnectionParameter result = new ConnectionParameter(); result.setAcceptedServerCertificates( XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null)); + + result.setAcceptedServerCertificates(FileUtils.makeAbsoluteURL( + result.getAcceptedServerCertificates(), rootConfigFileDir)); + result.setUrl( XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, "")); result.setClientKeyStore( XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null)); + + result.setClientKeyStore(FileUtils.makeAbsoluteURL( + result.getClientKeyStore(), rootConfigFileDir)); + result.setClientKeyStorePassword( XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,"")); @@ -422,9 +439,11 @@ public class ConfigurationBuilder { Element proxyComponentElem = (Element) XPathUtils.selectSingleNode(oAElem,OA_PROXY_COMPONENT_XPATH); if (proxyComponentElem != null) { oap.setConfigFileURL(XPathUtils.getAttributeValue(oAElem, OA_PROXY_URL_XPATH, null)); + oap.setConfigFileURL(FileUtils.makeAbsoluteURL(oap.getConfigFileURL(), rootConfigFileDir)); // default session time out: 3600 sec = 1 h oap.setSessionTimeOut(new Integer(XPathUtils.getAttributeValue(oAElem,OA_PROXY_SESSION_TIMEOUT_XPATH,"3600")).intValue()); oap.setLoginParameterResolverImpl(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_XPATH, null)); + oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null)); oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null)); ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem); diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java index 5d523ba62..48e82011d 100644 --- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java @@ -34,7 +34,14 @@ public class ConfigurationProvider { * The name of the generic configuration property giving the certstore directory path. */ public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY = - "DirectoryCertStoreParameters.RootDir"; + "DirectoryCertStoreParameters.RootDir"; + + /** + * The name of the generic configuration property switching the ssl revocation checking on/off + */ + public static final String TRUST_MANAGER_REVOCATION_CHECKING = + "TrustManager.RevocationChecking"; + /** * A <code>Map</code> which contains generic configuration information. Maps a @@ -100,6 +107,8 @@ public class ConfigurationProvider { * @return String */ public String getTrustedCACertificates() { + return trustedCACertificates; } + } diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index e3c869d53..2e133130c 100644 --- a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -1,10 +1,11 @@ package at.gv.egovernment.moa.id.config.auth; import java.io.BufferedInputStream; +import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; - +import java.net.MalformedURLException; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.config.ConfigurationBuilder; @@ -59,6 +60,20 @@ public class AuthConfigurationProvider extends ConfigurationProvider { */ public static final String BKU_SELECTION_TYPE_HTMLSELECT = "HTMLSelect"; + + /** + * The name of the generic configuration property allowing https connection to + * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets) + */ + public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY = + "FrontendServlets.EnableHTTPConnection"; + + /** + * The name of the generic configuration property allowing to set a individual + * DATA URL used to communicate with the BKU (SecurityLayer) + */ + public static final String INDIVIDUAL_DATA_URL_PREFIX = + "FrontendServlets.DataURLPrefix"; /** Singleton instance. <code>null</code>, if none has been created. */ private static AuthConfigurationProvider instance; @@ -67,6 +82,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { // configuration data // + /** + * main configuration file directory name used to configure MOA-ID + */ + private String rootConfigFileDir; + /** * configuration files containing transformations for rendering in the * secure viewer of the security layer implementation; @@ -172,7 +192,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { InputStream stream = null; Element configElem; ConfigurationBuilder builder; - + try { // load the main config file stream = new BufferedInputStream(new FileInputStream(fileName)); @@ -189,8 +209,16 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } } try { + // determine the directory of the root config file + rootConfigFileDir = new File(fileName).getParent(); + try { + rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); + } catch (MalformedURLException t) { + throw new ConfigurationException("config.03", null, t); + } + // build the internal datastructures - builder = new ConfigurationBuilder(configElem); + builder = new ConfigurationBuilder(configElem, rootConfigFileDir); bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); bKUSelectable = (bKUConnectionParameter!=null); bKUSelectionType = builder.buildAuthBKUSelectionType(); @@ -205,7 +233,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider { identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); defaultChainingMode = builder.getDefaultChainingMode(); chainingModes = builder.buildChainingModes(); - trustedCACertificates = builder.getTrustedCACertificates(); } + trustedCACertificates = builder.getTrustedCACertificates(); + trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); } + catch (Throwable t) { throw new ConfigurationException("config.02", null, t); } @@ -216,9 +246,13 @@ public class AuthConfigurationProvider extends ConfigurationProvider { * @throws Exception on any exception thrown */ private void loadTransformsInfos() throws Exception { + transformsInfos = new String[transformsInfoFileNames.length]; for (int i = 0; i < transformsInfoFileNames.length; i++) { String fileURL = transformsInfoFileNames[i]; + + //if fileURL is relative to rootConfigFileDir make it absolute + fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir); String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); transformsInfos[i] = transformsInfo; } diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java index f08c60736..a16dcfa26 100644 --- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java +++ b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java @@ -26,6 +26,12 @@ public class OAProxyParameter { * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver} */ private String loginParameterResolverImpl; + + /** + * Configuration Parameter of LoginParameterResolver + */ + private String loginParameterResolverConfiguration; + /** * implementation of {@link at.gv.egovernment.moa.id.proxy.ConnectionBuilder} interface * to be used for connecting to the online application; @@ -44,6 +50,7 @@ public class OAProxyParameter { * parameters for logging into the online application */ private OAConfiguration oaConfiguration; + /** * Returns the configFileURL. @@ -126,6 +133,14 @@ public class OAProxyParameter { } /** + * Returns the loginParameterResolverConfiguration. + * @return String + */ + public String getLoginParameterResolverConfiguration() { + return loginParameterResolverConfiguration; + } + + /** * Sets the connectionBuilderImpl. * @param connectionBuilderImpl The connectionBuilderImpl to set */ @@ -142,6 +157,14 @@ public class OAProxyParameter { } /** + * Sets the loginParameterResolverConfiguration. + * @param loginParameterResolverImpl The loginParameterResolverImpl to set + */ + public void setLoginParameterResolverConfiguration(String loginParameterResolverConfiguration) { + this.loginParameterResolverConfiguration = loginParameterResolverConfiguration; + } + + /** * Returns the oaConfiguration. * @return OAConfiguration */ diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java index 897d14da9..622ae6f82 100644 --- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java +++ b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java @@ -1,7 +1,9 @@ package at.gv.egovernment.moa.id.config.proxy; +import java.io.File; import java.io.FileInputStream; import java.io.IOException; +import java.net.MalformedURLException; import org.w3c.dom.Element; @@ -11,6 +13,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.FileUtils; /** * A class providing access to the Proxy Part of the MOA-ID configuration data. @@ -32,6 +35,11 @@ public class ProxyConfigurationProvider extends ConfigurationProvider { /** Singleton instance. <code>null</code>, if none has been created. */ private static ProxyConfigurationProvider instance; + /** + * main configuration file directory name used to configure MOA-ID + */ + private String rootConfigFileDir; + // // configuration data // @@ -117,14 +125,29 @@ public class ProxyConfigurationProvider extends ConfigurationProvider { } } try { + // determine the directory of the root config file + rootConfigFileDir = new File(fileName).getParent(); + try { + rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); + } catch (MalformedURLException t) { + throw new ConfigurationException("config.03", null, t); + } + // build the internal datastructures - builder = new ConfigurationBuilder(configElem); + builder = new ConfigurationBuilder(configElem, rootConfigFileDir); authComponentConnectionParameter = builder.buildAuthComponentConnectionParameter(); - onlineApplicationProxyParameter = builder.buildOnlineApplicationProxyParameters(); + + onlineApplicationProxyParameter = builder.buildOnlineApplicationProxyParameters(); + for(int i = 0; i < onlineApplicationProxyParameter.length; i++) { + onlineApplicationProxyParameter[i].setConfigFileURL(FileUtils.makeAbsoluteURL(onlineApplicationProxyParameter[i].getConfigFileURL(), rootConfigFileDir)); + } + genericConfiguration = builder.buildGenericConfiguration(); defaultChainingMode = builder.getDefaultChainingMode(); chainingModes = builder.buildChainingModes(); trustedCACertificates = builder.getTrustedCACertificates(); + trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); + } catch (Throwable t) { throw new ConfigurationException("config.02", null, t); @@ -166,5 +189,5 @@ public class ProxyConfigurationProvider extends ConfigurationProvider { } return null; } - + }
\ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java index 882a9c255..4d309c18c 100644 --- a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java +++ b/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java @@ -28,13 +28,20 @@ public class PKIProfileImpl extends ObservableImpl */ private String trustStoreURI; + /** + * revocation checking; + */ + private boolean revocationChecking; + + /** * Create a new <code>PKIProfileImpl</code>. * * @param trustStoreURI trust store URI */ - public PKIProfileImpl(String trustStoreURI) { + public PKIProfileImpl(String trustStoreURI, boolean revocationChecking) { this.trustStoreURI = trustStoreURI; + this.revocationChecking = revocationChecking; } /** @@ -153,7 +160,7 @@ public class PKIProfileImpl extends ObservableImpl * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking() */ public boolean getRevocationChecking() { - return true; + return this.revocationChecking; } } diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java b/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java index 7a6c3e575..ff7787839 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java @@ -4,8 +4,8 @@ import java.util.HashMap; import java.util.Map; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; /** * Factory delivering a {@link ConnectionBuilder} implementation for diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java index 48e21f673..2ac8fe28e 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java @@ -36,6 +36,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { disableHostnameVerification = BoolUtils.valueOf( ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( "ProxyComponent.DisableHostnameVerification")); + //TODO undocumented feature if (disableHostnameVerification) Logger.warn("ProxyComponent.DisableHostnameVerification: " + disableHostnameVerification); } diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java index db3c452bc..033a74934 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java @@ -21,6 +21,13 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver { */ public DefaultLoginParameterResolver() { } + + /** + * Configuration mehtod (not used) + */ + public void configure(String configuration) throws LoginParameterResolverException { + } + /** * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.auth.data.AuthenticationData, java.lang.String) diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java index 497176a96..434a4f674 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java @@ -14,33 +14,34 @@ import at.gv.egovernment.moa.id.data.AuthenticationData; * @version $Id$ */ public interface LoginParameterResolver { - - /** Constants used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code>, - * naming predicates used by the <code>LoginParameterResolver</code>. */ - public static final String MOAGivenName = "MOAGivenName"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAFamilyName = "MOAFamilyName"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOADateOfBirth = "MOADateOfBirth"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAVPK = "MOAVPK"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAPublicAuthority = "MOAPublicAuthority"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOABKZ = "MOABKZ"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAQualifiedCertificate = "MOAQualifiedCertificate"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAZMRZahl = "MOAZMRZahl"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAIPAddress = "MOAIPAddress"; - + + /** Constants used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code>, + * naming predicates used by the <code>LoginParameterResolver</code>. */ + public static final String MOAGivenName = "MOAGivenName"; + /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + public static final String MOAFamilyName = "MOAFamilyName"; + /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + public static final String MOADateOfBirth = "MOADateOfBirth"; + /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + public static final String MOAVPK = "MOAVPK"; + /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + public static final String MOAPublicAuthority = "MOAPublicAuthority"; + /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + public static final String MOABKZ = "MOABKZ"; + /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + public static final String MOAQualifiedCertificate = + "MOAQualifiedCertificate"; + /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + public static final String MOAZMRZahl = "MOAZMRZahl"; + /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + public static final String MOAIPAddress = "MOAIPAddress"; + /** * Returns authentication headers to be added to a URLConnection. * * @param oaConf configuration data * @param authData authentication data - * @param clientIPAddress client IP address + * @param clientIPAddress client IP address * @return A map, the keys being header names and values being corresponding header values. * <br>In case of authentication type <code>"basic-auth"</code>, header fields * <code>username</code> and <code>password</code>. @@ -48,25 +49,27 @@ public interface LoginParameterResolver { * derived from parameter mapping and authentication data provided. * <br>Otherwise, an empty map. */ - public Map getAuthenticationHeaders ( + public Map getAuthenticationHeaders( OAConfiguration oaConf, AuthenticationData authData, - String clientIPAddress); - + String clientIPAddress) throws LoginParameterResolverException; + /** * Returns request parameters to be added to a URLConnection. * * @param oaConf configuration data * @param authData authentication data - * @param clientIPAddress client IP address + * @param clientIPAddress client IP address * @return A map, the keys being parameter names and values being corresponding parameter values. * <br>In case of authentication type <code>"param-auth"</code>, parameters * derived from parameter mapping and authentication data provided. * <br>Otherwise, an empty map. */ - public Map getAuthenticationParameters ( - OAConfiguration oaConf, - AuthenticationData authData, - String clientIPAddress); + public Map getAuthenticationParameters( + OAConfiguration oaConf, + AuthenticationData authData, + String clientIPAddress) throws LoginParameterResolverException; + + public void configure(String configuration) throws LoginParameterResolverException; } diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java new file mode 100644 index 000000000..3aa2368bf --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.proxy; + +import at.gv.egovernment.moa.id.MOAIDException; + +/** + * Exception thrown while proxying a request to the online application + * + * @author Rudolf Schamberger + * @version $Id$ + */ +public class LoginParameterResolverException extends MOAIDException { + + /** + * Constructor for LoginParameterResolverException. + * @param messageId + * @param parameters + */ + public LoginParameterResolverException( + String messageId, + Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for LoginParameterResolverException. + * @param messageId + * @param parameters + * @param wrapped + */ + public LoginParameterResolverException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java index 2ab245923..0db7f66fe 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java @@ -1,11 +1,12 @@ package at.gv.egovernment.moa.id.proxy; +import java.lang.reflect.Method; import java.util.HashMap; import java.util.Map; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; /** * Factory delivering a {@link LoginParameterResolver} implementation for @@ -39,11 +40,25 @@ public class LoginParameterResolverFactory { OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i]; String publicURLPrefix = oaParam.getPublicURLPrefix(); String className = oaParam.getLoginParameterResolverImpl(); + String configuration = oaParam.getLoginParameterResolverConfiguration(); + if (className != null) { try { + Class lprClass = Class.forName(className); LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance(); + + Class[] argumentTypes = { String.class }; + Method confMethod = lprClass.getMethod( "configure", argumentTypes ); + + Object[] arguments = { new String(configuration) }; + confMethod.invoke( lpr, arguments ); + + lpr.configure(configuration); loginParameterResolverMap.put(publicURLPrefix, lpr); } + catch (LoginParameterResolverException lpex) { + throw new ConfigurationException("config.11", new Object[] {className}, lpex); + } catch (Throwable ex) { throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex); } diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java new file mode 100644 index 000000000..3f7a6872c --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java @@ -0,0 +1,481 @@ +package at.gv.egovernment.moa.id.proxy; + +import java.io.File; +import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import java.io.IOException; +import java.util.*; +//import org.apache.xerces.parsers.AbstractDOMParser; +import org.apache.xerces.parsers.DOMParser; +import org.w3c.dom.*; + +/** + * XMLLoginParameterResolver an implementation of implementation of interface + * <code>LoginParameterResolver</code> + * This implementation used to map identities stored in an XML file to parameters + * which are given to OAs. + * + * @author Rudolf Schamberger + * @version $Id$ + */ +public class XMLLoginParameterResolver implements LoginParameterResolver { + + //file which is parsed and interpreted for paremeter resolving. + private String identityFile; + + /** + * inner class used to store mapped parameters + */ + class LPRParams { + + /** + * getter method for parameter Enabled. + * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver + */ + public boolean getEnabled() { + return enabled.booleanValue(); + } + + /** + * getter method for parameter UN (username) + * @return Parameter UN or <code>null</code> not set. + */ + public String getUN() { + return UN; + } + + /** + * getter method for parameter PW (password) + * @return Parameter PW or <code>null</code> not set. + */ + public String getPW() { + return PW; + } + + /** + * getter method for parameter Param1 + * @return Parameter Param1 or <code>null</code> not set. + */ + public String getParam1() { + return Param1; + } + + /** + * getter method for parameter Param2 + * @return Parameter Param2 or <code>null</code> not set. + */ + public String getParam2() { + return Param2; + } + + /** + * getter method for parameter Param3 + * @return Parameter Param3 or <code>null</code> not set. + */ + public String getParam3() { + return Param3; + } + + /** + * Returns a string representation of LPRParams + * + * @return a <code>String</code> representation of this object. + * @see XMLLoginParameterResolver.LPRParams + */ + public String toString() { + return "Enabled: " + + enabled.toString() + + "UN: '" + + UN + + "' PW: '" + + PW + + "' Param1: '" + + Param1 + + "' Param2: '" + + Param2 + + "' Param3: '" + + Param3 + + "'\n"; + } + + //private member variables used + private Boolean enabled = null; + private String UN = null; + private String PW = null; + private String Param1 = null; + private String Param2 = null; + private String Param3 = null; + + /** + * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object. + * + * @param enabled enable user mapping to parameter set for the parameter set. + * @param UN username used in HTTP 401 - BasicAuthentication + * @param PW password used in HTTP 401 - BasicAuthentication + * @param Param1 parameter1 used in HeaderAuthentication and ParameterAuthentication + * @param Param2 parameter2 used in HeaderAuthentication and ParameterAuthentication + * @param Param3 parameter3 used in HeaderAuthentication and ParameterAuthentication + **/ + LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) { + this.enabled = new Boolean(enabled); + this.UN = UN; + this.PW = PW; + this.Param1 = Param1; + this.Param1 = Param2; + this.Param1 = Param3; + } + + /** + * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object. + * + * @param enabled enable user mapping to parameter set for the parameter set. + * @param UN username used in HTTP 401 - BasicAuthentication + * @param PW password used in HTTP 401 - BasicAuthentication + **/ + LPRParams(boolean enabled, String UN, String PW) { + this(enabled, UN, PW, null, null, null); + } + } + + /** + * Constructs a newly allocated <code>XMLLoginParameterResolver</code> object. + **/ + public XMLLoginParameterResolver() { + bPKMap = new HashMap(); + namedMap = new HashMap(); + } + + /** + * configuration method + * @param configuration enabled enable user mapping to parameter set for the parameter set. + */ + public void configure(String configuration) throws LoginParameterResolverException { + File idFile; + this.identityFile = configuration; + + try { + if (null == identityFile || false == (idFile = new File(identityFile)).canRead()) { + Logger.error("XMLLoginParameterResolver could not read '" + + identityFile + + "' " ); + return; + } + Document doc = readXMLFile(identityFile); + buildInfo(doc); + } catch (Throwable ex) { + throw new LoginParameterResolverException("config.11", new Object[] {identityFile}, ex); + } + isConfigured = true; + } + + public Map getAuthenticationHeaders( + OAConfiguration oaConf, + AuthenticationData authData, + String clientIPAddress) throws LoginParameterResolverException { + Map result = new HashMap(); + + if (!isConfigured) { + throw new LoginParameterResolverException("XMLLoginParameterResolver with configuration '" + + identityFile + "' is not configured!", null); + } + + String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); + String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); + String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); + String bPK = resolveValue("MOAVPK", authData, clientIPAddress); + String userid = ""; + String password = ""; + LPRParams params = null; + boolean userFound = false; + + //try bPK and named search + userFound = bPKIdentitySearch(bPK, params); + + if(false == userFound) + namedIdentitySearch(famName, givenName, dateOfBirth, params); + + if(false == userFound) + return result; + + //HTTP 401 - Basic Authentication + if (oaConf.getAuthType().equals("basic")) { + userid = params.getUN(); + password = params.getPW(); + + try { + String userIDPassword = userid + ":" + password; + String credentials = Base64Utils.encode(userIDPassword.getBytes()); + Logger.debug("XMLLoginParameterResolver: calculated credentials: " + credentials); + result.put("Authorization", "Basic " + credentials); + } catch (IOException ignore) { + } + return result; + } + if (oaConf.getAuthType().equals("header")) { + String key; + String resolvedValue; + result.put("Param1", params.getParam1()); + result.put("Param2", params.getParam2()); + result.put("Param3", params.getParam3()); + return result; + /* for (Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); + iter.hasNext(); + result.put(key, resolvedValue)) { + key = (String) iter.next(); + String predicate = (String) oaConf.getHeaderAuthMapping().get(key); + resolvedValue = resolveValue(predicate, authData, clientIPAddress); + } + */ + } + return result; + } + + public Map getAuthenticationParameters( + OAConfiguration oaConf, + AuthenticationData authData, + String clientIPAddress) { + + Map result = new HashMap(); + + if (!isConfigured) { + Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured"); + return result; + } + + String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); + String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); + String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); + String bPK = resolveValue("MOAVPK", authData, clientIPAddress); + String userid = ""; + String password = ""; + LPRParams params = null; + boolean userFound = false; + + //try bPK and named search + userFound = bPKIdentitySearch(bPK, params); + + if (false == userFound) + namedIdentitySearch(famName, givenName, dateOfBirth, params); + + if (false == userFound) + return result; + + if (oaConf.getAuthType().equals("param")) { + result.put("Param1", params.getParam1()); + result.put("Param2", params.getParam2()); + result.put("Param3", params.getParam3()); + return result; + /* + String key; + String resolvedValue; + for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); + iter.hasNext(); + result.put(key, resolvedValue)) { + key = (String) iter.next(); + String predicate = (String) oaConf.getParamAuthMapping().get(key); + resolvedValue = resolveValue(predicate, authData, clientIPAddress); + } + */ + + } + return result; + } + + private static String resolveValue( + String predicate, + AuthenticationData authData, + String clientIPAddress) { + if (predicate.equals("MOAGivenName")) + return authData.getGivenName(); + if (predicate.equals("MOAFamilyName")) + return authData.getFamilyName(); + if (predicate.equals("MOADateOfBirth")) + return authData.getDateOfBirth(); + if (predicate.equals("MOAVPK")) + return authData.getVPK(); + if (predicate.equals("MOAPublicAuthority")) + if (authData.isPublicAuthority()) + return "true"; + else + return "false"; + if (predicate.equals("MOABKZ")) + return authData.getPublicAuthorityCode(); + if (predicate.equals("MOAQualifiedCertificate")) + if (authData.isQualifiedCertificate()) + return "true"; + else + return "false"; + if (predicate.equals("MOAZMRZahl")) + return authData.getIdentificationValue(); + if (predicate.equals("MOAIPAddress")) + return clientIPAddress; + else + return null; + } + + private Document readXMLFile(String fileName) { + Logger.info("XMLLoginParameterResolver: Loading MOA-OA configuration " + fileName); + DOMParser parser = new DOMParser(); + try { + parser.setFeature("http://xml.org/sax/features/validation", true); + parser.setFeature("http://apache.org/xml/features/validation/schema", true); + parser.parse(fileName); + return parser.getDocument(); + } catch (Exception e) { + String msg = e.toString(); + Logger.error("XMLLoginParameterResolver: Error parsing file" + fileName + "\n" + msg); + return null; + } + } + + private void buildInfo(Document doc) { + Element root = doc.getDocumentElement(); + NodeList idList = root.getElementsByTagName(XSD_IDELEM); + NodeList paramList = root.getElementsByTagName("Parameters"); + for (int i = 0; i < idList.getLength(); i++) + Logger.debug("XMLLoginParameterResolver: LocalName idList: " + idList.item(i).getLocalName()); + + for (int i = 0; i < paramList.getLength(); i++) + Logger.debug( + "XMLLoginParameterResolver: LocalName paramList: " + paramList.item(i).getLocalName()); + + for (int i = 0; i < idList.getLength(); i++) { + Element tmpElem = (Element) idList.item(i); + NodeList tmpList = tmpElem.getElementsByTagName("NamedIdentity"); + for (int j = 0; j < tmpList.getLength(); j++) + Logger.debug("XMLLoginParameterResolver: LocalName tmp: " + tmpList.item(j).getLocalName()); + + if (1 == tmpList.getLength()) { + tmpElem = (Element) tmpList.item(0); + String tmpStr = tmpElem.getAttribute("SurName") + "," + tmpElem.getAttribute("GivenName"); + boolean tmpBool = false; + if (tmpElem.getFirstChild() != null + && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) + tmpBool = true; + Logger.debug( + "XMLLoginParameterResolver: tmpStr: " + + tmpStr + + " value: " + + (new Boolean(tmpBool)).toString()); + tmpElem = (Element) paramList.item(i); + Logger.debug( + "XMLLoginParameterResolver: attribute UN: " + + tmpElem.getAttribute("UN") + + " attribute PW: " + + tmpElem.getAttribute("PW")); + namedMap.put( + tmpStr, + new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); + } else { + tmpList = tmpElem.getElementsByTagName("bPKIdentity"); + if (1 == tmpList.getLength()) { + tmpElem = (Element) tmpList.item(0); + String tmpStr = tmpElem.getAttribute("bPK"); + boolean tmpBool = false; + if (tmpElem.getFirstChild() != null + && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) + tmpBool = true; + Logger.debug( + "XMLLoginParameterResolver: tmpStr: " + + tmpStr + + " value: " + + (new Boolean(tmpBool)).toString()); + tmpElem = (Element) paramList.item(i); + Logger.debug( + "XMLLoginParameterResolver: attribute UN: " + + tmpElem.getAttribute("UN") + + " attribute PW: " + + tmpElem.getAttribute("PW") + + " attribute Param1: " + + tmpElem.getAttribute("Param1")); + bPKMap.put( + tmpStr, + new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); + } else { + Logger.warn( + "XMLLoginParameterResolver: wrong format no NamedIdentity or bPKIdentity found"); + } + } + } + + Logger.debug("namedMap:" + namedMap.toString()); + Logger.debug("bPKMap:" + bPKMap.toString()); + } + + private void buildIdentityInfo(Document doc) { + + } + + + boolean bPKIdentitySearch(String bPK, LPRParams params) { + //search for mapping with bPK of the user + Logger.info("XMLLoginParameterResolver: search for login data mapped to bPK:" + bPK); + params = (LPRParams) bPKMap.get(bPK); + if (null == params) { + Logger.info("XMLLoginParameterResolver: params for bPK: " + bPK + " not found!"); + return false; + } else if (params.getEnabled()) { + Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); + return true; + } + Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list but user is NOT enabled"); + return false; + } + + boolean namedIdentitySearch( + String famName, + String givenName, + String dateOfBirth, + LPRParams params) { + Logger.info( + "XMLLoginParameterResolver: search for login data for SurName:" + + famName + + " GivenName: " + + givenName); + + params = (LPRParams) namedMap.get(famName + "," + givenName); + if (null == params) { + + Logger.info( + "XMLLoginParameterResolver: params for Surname: " + + famName + + " GivenName: " + + givenName + + " not found!"); + return false; + } + + if (params.getEnabled()) { + Logger.info( + "XMLLoginParameterResolver: SurName:" + + famName + + " GivenName: " + + givenName + + "found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); + return true; + } + Logger.info( + "XMLLoginParameterResolver: SurName:" + + famName + + " GivenName: " + + givenName + + "found in list; user is NOT enabled"); + return false; + } + + public static final String XSD_MAPPING = "Mapping"; + + public static final String XSD_DOCELEM = "MOAIdentities"; + public static final String XSD_IDELEM = "Identity"; + public static final String XSD_NAMEDIDELEM = "NamedIdentity"; + public static final String XSD_BPKIDELEM = "bPKIdentity"; + public static final String XSD_PARAMELEM = "Parameters"; + public static final String XML_LPR_CONFIG_PROPERTY_NAME = "moa.id.xmllpr.configuration"; + private Map bPKMap; + private Map namedMap; + private boolean isConfigured = false; +}
\ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java index a00c48387..d6ec4951b 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java @@ -2,6 +2,9 @@ package at.gv.egovernment.moa.id.proxy.servlet; import java.io.IOException; import java.io.PrintWriter; +import java.text.DateFormat; +import java.util.Date; +import java.util.Locale; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; @@ -42,8 +45,12 @@ public class ConfigurationServlet extends HttpServlet { out.println("<body bgcolor=\"#FFFFFF\">"); try { MOAIDProxyInitializer.initialize(); - String message = msg.getMessage("config.00", null); + + String message = msg.getMessage("config.00", new Object[] + { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} ); Logger.info(message); + + //TODO low-priority: change to ErrorPage out.println("<p><b>"); out.println(message); out.println("</b></p>"); diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index c52de2ba8..362849fb1 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -36,6 +36,7 @@ import at.gv.egovernment.moa.id.data.CookieManager; import at.gv.egovernment.moa.id.proxy.ConnectionBuilder; import at.gv.egovernment.moa.id.proxy.ConnectionBuilderFactory; import at.gv.egovernment.moa.id.proxy.LoginParameterResolver; +import at.gv.egovernment.moa.id.proxy.LoginParameterResolverException; import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory; import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer; import at.gv.egovernment.moa.id.proxy.invoke.GetAuthenticationDataInvoker; @@ -133,10 +134,15 @@ public class ProxyServlet extends HttpServlet { String clientIPAddress = req.getRemoteAddr(); Map loginHeaders = null; Map loginParameters = null; - if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) - loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress); - else - loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress); + try { + if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) + loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress); + else + loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress); + + } catch (LoginParameterResolverException ex) { + throw new ProxyException("proxy.13", new Object[] { publicURLPrefix }); + } // setup SSLSocketFactory for communication with the online application SSLSocketFactory ssf = null; diff --git a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java b/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java index f21b0880e..e0739d941 100644 --- a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -116,7 +116,11 @@ public class SSLUtils { PKIConfiguration cfg = null; if (! PKIFactory.getInstance().isAlreadyConfigured()) cfg = new PKIConfigurationImpl(conf); - PKIProfile profile = new PKIProfileImpl(trustStoreURL); + String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING); + //not using BoolUtils because default value hast to be true! + boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString)); + //TODO RS verify SSL Revocation handling + PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation); // This call fixes a bug occuring when PKIConfiguration is // initialized by the MOA-SP initialization code, in case // MOA-SP is called by API |