aboutsummaryrefslogtreecommitdiff
path: root/id.server/src/at/gv
diff options
context:
space:
mode:
Diffstat (limited to 'id.server/src/at/gv')
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java594
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java2
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java30
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java55
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java8
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java5
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java3
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java11
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java10
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java1
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java23
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java11
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java42
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java23
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java29
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java11
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java2
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java1
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java7
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java63
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java37
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java17
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java481
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java9
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java14
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java6
26 files changed, 1160 insertions, 335 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index e9d9c7175..bc3e075be 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -54,6 +54,7 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.FileUtils;
@@ -67,21 +68,21 @@ import at.gv.egovernment.moa.util.FileUtils;
* @version $Id$
*/
public class AuthenticationServer implements MOAIDAuthConstants {
-
- /** single instance */
- private static AuthenticationServer instance;
- /** session data store (session ID -> AuthenticationSession) */
- private static Map sessionStore = new HashMap();
- /** authentication data store (assertion handle -> AuthenticationData) */
- private static Map authenticationDataStore = new HashMap();
- /**
- * time out in milliseconds used by {@link cleanup} for session store
- */
- private long sessionTimeOut = 10*60*1000; // default 10 minutes
- /**
- * time out in milliseconds used by {@link cleanup} for authentication data store
- */
- private long authDataTimeOut = 2*60*1000; // default 2 minutes
+
+ /** single instance */
+ private static AuthenticationServer instance;
+ /** session data store (session ID -> AuthenticationSession) */
+ private static Map sessionStore = new HashMap();
+ /** authentication data store (assertion handle -> AuthenticationData) */
+ private static Map authenticationDataStore = new HashMap();
+ /**
+ * time out in milliseconds used by {@link cleanup} for session store
+ */
+ private long sessionTimeOut = 10 * 60 * 1000; // default 10 minutes
+ /**
+ * time out in milliseconds used by {@link cleanup} for authentication data store
+ */
+ private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
/**
* Returns the single instance of <code>AuthenticationServer</code>.
@@ -122,24 +123,35 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws BuildException while building the HTML form
*/
public String selectBKU(
- String authURL, String target, String oaURL, String bkuSelectionTemplateURL, String templateURL)
+ String authURL,
+ String target,
+ String oaURL,
+ String bkuSelectionTemplateURL,
+ String templateURL)
throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
-
+
+ //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+ String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(
+ AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+ if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr)))
+ throw new AuthenticationException("auth.07", new Object[] { authURL + "*" });
if (isEmpty(authURL))
throw new WrongParametersException("StartAuthentication", "AuthURL");
if (isEmpty(target))
throw new WrongParametersException("StartAuthentication", PARAM_TARGET);
if (isEmpty(oaURL))
throw new WrongParametersException("StartAuthentication", PARAM_OA);
- if (! authURL.startsWith("https:"))
- throw new AuthenticationException("auth.07", null);
- ConnectionParameter bkuConnParam = AuthConfigurationProvider.getInstance().getBKUConnectionParameter();
+
+ ConnectionParameter bkuConnParam =
+ AuthConfigurationProvider.getInstance().getBKUConnectionParameter();
if (bkuConnParam == null)
- throw new ConfigurationException("config.08", new Object[] {"BKUSelection/ConnectionParameter"});
- OAAuthParameter oaParam =
+ throw new ConfigurationException(
+ "config.08",
+ new Object[] { "BKUSelection/ConnectionParameter" });
+ OAAuthParameter oaParam =
AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] {oaURL});
+ throw new AuthenticationException("auth.00", new Object[] { oaURL });
AuthenticationSession session = newSession();
Logger.info("MOASession " + session.getSessionID() + " angelegt");
session.setTarget(target);
@@ -147,32 +159,37 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
session.setAuthURL(authURL);
session.setTemplateURL(templateURL);
- String returnURL = new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID());
+ String returnURL =
+ new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID());
String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
// bkuSelectionType==HTMLComplete
String redirectURL = bkuConnParam.getUrl() + "?" + AuthServlet.PARAM_RETURN + "=" + returnURL;
return redirectURL;
- }
- else {
+ } else {
// bkuSelectionType==HTMLSelect
String bkuSelectTag;
try {
bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam);
- }
- catch (Throwable ex) {
- throw new AuthenticationException("auth.03", new Object[] {bkuConnParam.getUrl(), ex.toString()}, ex);
+ } catch (Throwable ex) {
+ throw new AuthenticationException(
+ "auth.03",
+ new Object[] { bkuConnParam.getUrl(), ex.toString()},
+ ex);
}
String bkuSelectionTemplate = null;
if (bkuSelectionTemplateURL != null) {
try {
bkuSelectionTemplate = new String(FileUtils.readURL(bkuSelectionTemplateURL));
- }
- catch (IOException ex) {
- throw new AuthenticationException("auth.03", new Object[] {bkuSelectionTemplateURL, ex.toString()}, ex);
+ } catch (IOException ex) {
+ throw new AuthenticationException(
+ "auth.03",
+ new Object[] { bkuSelectionTemplateURL, ex.toString()},
+ ex);
}
}
- String htmlForm = new SelectBKUFormBuilder().build(bkuSelectionTemplate, returnURL, bkuSelectTag);
+ String htmlForm =
+ new SelectBKUFormBuilder().build(bkuSelectionTemplate, returnURL, bkuSelectTag);
return htmlForm;
}
}
@@ -186,47 +203,57 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws IOException on any data error
* @throws GeneralSecurityException on security errors
*/
- private String readBKUSelectTag(ConfigurationProvider conf, ConnectionParameter connParam)
+ private String readBKUSelectTag(ConfigurationProvider conf, ConnectionParameter connParam)
throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
-
+
if (connParam.isHTTPSURL())
return new String(SSLUtils.readHttpsURL(conf, connParam));
else
return new String(FileUtils.readURL(connParam.getUrl()));
}
/**
- * Processes the beginning of an authentication session.
- * <ul>
- * <li>Starts an authentication session</li>
- * <li>Creates an <code>&lt;InfoboxReadRequest&gt;</code></li>
- * <li>Creates an HTML form for querying the identity link from the
- * security layer implementation.
- * <br>Form parameters include
- * <ul>
- * <li>the <code>&lt;InfoboxReadRequest&gt;</code></li>
- * <li>the data URL where the security layer implementation sends it response to</li>
- * </ul>
- * </ul>
+ * Processes the beginning of an authentication session.
+ * <ul>
+ * <li>Starts an authentication session</li>
+ * <li>Creates an <code>&lt;InfoboxReadRequest&gt;</code></li>
+ * <li>Creates an HTML form for querying the identity link from the
+ * security layer implementation.
+ * <br>Form parameters include
+ * <ul>
+ * <li>the <code>&lt;InfoboxReadRequest&gt;</code></li>
+ * <li>the data URL where the security layer implementation sends it response to</li>
+ * </ul>
+ * </ul>
* @param authURL URL of the servlet to be used as data URL
* @param target "Gesch&auml;ftsbereich" of the online application requested
* @param oaURL online application URL requested
* @param bkuURL URL of the "B&uuml;rgerkartenumgebung" to be used;
* may be <code>null</code>; in this case, the default location will be used
* @param templateURL URL providing an HTML template for the HTML form generated
- * @return HTML form
+ * @return HTML form
* @throws AuthenticationException
* @see GetIdentityLinkFormBuilder
* @see InfoboxReadRequestBuilder
- */
- public String startAuthentication(
- String authURL, String target, String oaURL, String templateURL, String bkuURL, String sessionID)
- throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
+ */
+ public String startAuthentication(
+ String authURL,
+ String target,
+ String oaURL,
+ String templateURL,
+ String bkuURL,
+ String sessionID)
+ throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
if (isEmpty(sessionID)) {
if (isEmpty(authURL))
throw new WrongParametersException("StartAuthentication", "AuthURL");
- if (! authURL.startsWith("https:"))
- throw new AuthenticationException("auth.07", null);
+
+ //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+ String boolStr =
+ AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(
+ AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+ if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr)))
+ throw new AuthenticationException("auth.07", new Object[] { authURL + "*" });
if (isEmpty(target))
throw new WrongParametersException("StartAuthentication", PARAM_TARGET);
if (isEmpty(oaURL))
@@ -234,105 +261,128 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
AuthenticationSession session;
if (sessionID != null)
- session = getSession(sessionID);
- else {
- OAAuthParameter oaParam =
+ session = getSession(sessionID);
+ else {
+ OAAuthParameter oaParam =
AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] {oaURL});
+ throw new AuthenticationException("auth.00", new Object[] { oaURL });
session = newSession();
- Logger.info("MOASession " + session.getSessionID() + " angelegt");
- session.setTarget(target);
- session.setOAURLRequested(oaURL);
- session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- session.setAuthURL(authURL);
+ Logger.info("MOASession " + session.getSessionID() + " angelegt");
+ session.setTarget(target);
+ session.setOAURLRequested(oaURL);
+ session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
+ session.setAuthURL(authURL);
session.setTemplateURL(templateURL);
}
- String infoboxReadRequest = new InfoboxReadRequestBuilder().build();
- String dataURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session.getSessionID());
+ String infoboxReadRequest = new InfoboxReadRequestBuilder().build();
+ String dataURL =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ REQ_VERIFY_IDENTITY_LINK,
+ session.getSessionID());
String template = null;
if (session.getTemplateURL() != null) {
- try {
- template = new String(FileUtils.readURL(session.getTemplateURL()));
- }
- catch (IOException ex) {
- throw new AuthenticationException("auth.03", new Object[] {session.getTemplateURL(), ex.toString()}, ex);
+ try {
+ template = new String(FileUtils.readURL(session.getTemplateURL()));
+ } catch (IOException ex) {
+ throw new AuthenticationException(
+ "auth.03",
+ new Object[] { session.getTemplateURL(), ex.toString()},
+ ex);
}
}
String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build();
- String certInfoDataURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(), REQ_START_AUTHENTICATION, session.getSessionID());
- String htmlForm = new GetIdentityLinkFormBuilder().build(
- template, bkuURL, infoboxReadRequest, dataURL, certInfoRequest, certInfoDataURL);
- return htmlForm;
- }
- /**
- * Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
- * security layer implementation.<br>
- * <ul>
- * <li>Validates given <code>&lt;InfoboxReadResponse&gt;</code></li>
- * <li>Parses identity link enclosed in <code>&lt;InfoboxReadResponse&gt;</code></li>
- * <li>Verifies identity link by calling the MOA SP component</li>
- * <li>Checks certificate authority of identity link</li>
- * <li>Stores identity link in the session</li>
- * <li>Creates an authentication block to be signed by the user</li>
- * <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
- * containg the authentication block, meant to be returned to the
- * security layer implementation</li>
- * </ul>
- *
- * @param sessionID ID of associated authentication session data
- * @param xmlInfoboxReadResponse String representation of the
- * <code>&lt;InfoboxReadResponse&gt;</code>
- * @return String representation of the <code>&lt;CreateXMLSignatureRequest&gt;</code>
- */
- public String verifyIdentityLink (String sessionID, String xmlInfoboxReadResponse)
- throws AuthenticationException, ParseException, ConfigurationException, ValidateException, ServiceException, WrongParametersException {
-
+ String certInfoDataURL =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ REQ_START_AUTHENTICATION,
+ session.getSessionID());
+ String htmlForm =
+ new GetIdentityLinkFormBuilder().build(
+ template,
+ bkuURL,
+ infoboxReadRequest,
+ dataURL,
+ certInfoRequest,
+ certInfoDataURL);
+ return htmlForm;
+ }
+ /**
+ * Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
+ * security layer implementation.<br>
+ * <ul>
+ * <li>Validates given <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * <li>Parses identity link enclosed in <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * <li>Verifies identity link by calling the MOA SP component</li>
+ * <li>Checks certificate authority of identity link</li>
+ * <li>Stores identity link in the session</li>
+ * <li>Creates an authentication block to be signed by the user</li>
+ * <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ * containg the authentication block, meant to be returned to the
+ * security layer implementation</li>
+ * </ul>
+ *
+ * @param sessionID ID of associated authentication session data
+ * @param xmlInfoboxReadResponse String representation of the
+ * <code>&lt;InfoboxReadResponse&gt;</code>
+ * @return String representation of the <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ */
+ public String verifyIdentityLink(String sessionID, String xmlInfoboxReadResponse)
+ throws
+ AuthenticationException,
+ ParseException,
+ ConfigurationException,
+ ValidateException,
+ ServiceException {
+
if (isEmpty(sessionID))
- throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID);
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID});
if (isEmpty(xmlInfoboxReadResponse))
- throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE);
- AuthenticationSession session = getSession(sessionID);
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE});
+ AuthenticationSession session = getSession(sessionID);
if (session.getTimestampIdentityLink() != null)
- throw new AuthenticationException("auth.01", new Object[] {sessionID});
- session.setTimestampIdentityLink();
+ throw new AuthenticationException("auth.01", new Object[] { sessionID });
+ session.setTimestampIdentityLink();
AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
// parses the <InfoboxReadResponse>
- IdentityLink identityLink = new InfoboxReadResponseParser(xmlInfoboxReadResponse).
- parseIdentityLink();
+ IdentityLink identityLink =
+ new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink();
// validates the identity link
- IdentityLinkValidator.getInstance().validate(identityLink);
+ IdentityLinkValidator.getInstance().validate(identityLink);
// builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
- Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(
- identityLink, authConf.getMoaSpIdentityLinkTrustProfileID());
+ Element domVerifyXMLSignatureRequest =
+ new VerifyXMLSignatureRequestBuilder().build(
+ identityLink,
+ authConf.getMoaSpIdentityLinkTrustProfileID());
// debug output
- debugOutputXMLFile("VerifyIdentityLinkRequest.xml", domVerifyXMLSignatureRequest);
+ if(null != domVerifyXMLSignatureRequest)
+ debugOutputXMLFile("VerifyIdentityLinkRequest.xml", domVerifyXMLSignatureRequest);
// invokes the call
- Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().
- verifyXMLSignature(domVerifyXMLSignatureRequest);
+ Element domVerifyXMLSignatureResponse =
+ new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
// parses the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponse verifyXMLSignatureResponse =
- new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData();
+ VerifyXMLSignatureResponse verifyXMLSignatureResponse =
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData();
// debug output
- debugOutputXMLFile("VerifyIdentityLinkResponse.xml", domVerifyXMLSignatureResponse);
+ if(null != domVerifyXMLSignatureResponse)
+ debugOutputXMLFile("VerifyIdentityLinkResponse.xml", domVerifyXMLSignatureResponse);
// validates the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponseValidator.getInstance().validate(
- verifyXMLSignatureResponse,
+ VerifyXMLSignatureResponseValidator.getInstance().validate(
+ verifyXMLSignatureResponse,
authConf.getIdentityLinkX509SubjectNames(),
VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK);
-
- session.setIdentityLink(identityLink);
+
+ session.setIdentityLink(identityLink);
// builds the AUTH-block
String authBlock = buildAuthenticationBlock(session);
- session.setAuthBlock(authBlock);
+ session.setAuthBlock(authBlock);
// builds the <CreateXMLSignatureRequest>
- String[] transformInfos = authConf.getTransformsInfos();
- String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder().
- build(authBlock, transformInfos);
- return createXMLSignatureRequest;
- }
+ String[] transformInfos = authConf.getTransformsInfos();
+ String createXMLSignatureRequest =
+ new CreateXMLSignatureRequestBuilder().build(authBlock, transformInfos);
+ return createXMLSignatureRequest;
+ }
/**
* Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from given session data.
* @param session authentication session
@@ -345,74 +395,92 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String authURL = session.getAuthURL();
String target = session.getTarget();
String oaURL = session.getPublicOAURLPrefix();
- String authBlock = new AuthenticationBlockAssertionBuilder().
- build(issuer, issueInstant, authURL, target, oaURL);
+ String authBlock =
+ new AuthenticationBlockAssertionBuilder().build(issuer, issueInstant, authURL, target, oaURL);
return authBlock;
}
- /**
- * Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
- * security layer implementation.<br>
- * <ul>
- * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
- * <li>Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error codes</li>
- * <li>Parses authentication block enclosed in
- * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
- * <li>Verifies authentication block by calling the MOA SP component</li>
- * <li>Creates authentication data</li>
- * <li>Creates a corresponding SAML artifact</li>
- * <li>Stores authentication data in the authentication data store
- * indexed by the SAML artifact</li>
- * <li>Deletes authentication session</li>
- * <li>Returns the SAML artifact, encoded BASE64</li>
- * </ul>
- *
- * @param sessionID session ID of the running authentication session
- * @param xmlCreateXMLSignatureReadResponse String representation of the
- * <code>&lt;CreateXMLSignatureResponse&gt;</code>
- * @return SAML artifact needed for retrieving authentication data, encoded BASE64
- */
- public String verifyAuthenticationBlock(
- String sessionID, String xmlCreateXMLSignatureReadResponse)
- throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException, WrongParametersException {
+ /**
+ * Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ * security layer implementation.<br>
+ * <ul>
+ * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error codes</li>
+ * <li>Parses authentication block enclosed in
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Verifies authentication block by calling the MOA SP component</li>
+ * <li>Creates authentication data</li>
+ * <li>Creates a corresponding SAML artifact</li>
+ * <li>Stores authentication data in the authentication data store
+ * indexed by the SAML artifact</li>
+ * <li>Deletes authentication session</li>
+ * <li>Returns the SAML artifact, encoded BASE64</li>
+ * </ul>
+ *
+ * @param sessionID session ID of the running authentication session
+ * @param xmlCreateXMLSignatureReadResponse String representation of the
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ * @return SAML artifact needed for retrieving authentication data, encoded BASE64
+ */
+ public String verifyAuthenticationBlock(
+ String sessionID,
+ String xmlCreateXMLSignatureReadResponse)
+ throws
+ AuthenticationException,
+ BuildException,
+ ParseException,
+ ConfigurationException,
+ ServiceException,
+ ValidateException {
if (isEmpty(sessionID))
- throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID);
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
if (isEmpty(xmlCreateXMLSignatureReadResponse))
- throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE);
- AuthenticationSession session = getSession(sessionID);
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
+ AuthenticationSession session = getSession(sessionID);
AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
// parses <CreateXMLSignatureResponse>
- CreateXMLSignatureResponse csresp =
- new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse();
+ CreateXMLSignatureResponse csresp =
+ new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse();
// validates <CreateXMLSignatureResponse>
- new CreateXMLSignatureResponseValidator().validate(csresp, session.getTarget(), session.getPublicOAURLPrefix());
+ new CreateXMLSignatureResponseValidator().validate(
+ csresp,
+ session.getTarget(),
+ session.getPublicOAURLPrefix());
// builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
String tpid = authConf.getMoaSpAuthBlockTrustProfileID();
Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid);
// debug output
- AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockRequest.xml", domVsreq);
+ if(null != domVsreq)
+ AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockRequest.xml", domVsreq);
// invokes the call
Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq);
// parses the <VerifyXMLSignatureResponse>
VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData();
// debug output
- AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockResponse.xml", domVsresp);
+ if(null != domVsresp)
+ AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockResponse.xml", domVsresp);
// validates the <VerifyXMLSignatureResponse>
VerifyXMLSignatureResponseValidator.getInstance().validate(
- vsresp, null,VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK);
+ vsresp,
+ null,
+ VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK);
// compares the public keys from the identityLink with the AuthBlock
- VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(vsresp, session.getIdentityLink());
-
+ VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(
+ vsresp,
+ session.getIdentityLink());
+
// builds authentication data and stores it together with a SAML artifact
- AuthenticationData authData = buildAuthenticationData(session, vsresp);
- String samlArtifact = new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
- storeAuthenticationData(samlArtifact, authData);
+ AuthenticationData authData = buildAuthenticationData(session, vsresp);
+ String samlArtifact =
+ new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
+ storeAuthenticationData(samlArtifact, authData);
// invalidates the authentication session
- sessionStore.remove(sessionID);
- Logger.info("Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
+ sessionStore.remove(sessionID);
+ Logger.info(
+ "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
return samlArtifact;
- }
+ }
/**
* Builds the AuthenticationData object together with the
* corresponding <code>&lt;saml:Assertion&gt;</code>
@@ -422,20 +490,23 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws ConfigurationException while accessing configuration data
* @throws BuildException while building the <code>&lt;saml:Assertion&gt;</code>
*/
- private AuthenticationData buildAuthenticationData(
- AuthenticationSession session,
- VerifyXMLSignatureResponse verifyXMLSigResp)
- throws ConfigurationException, BuildException {
-
+ private AuthenticationData buildAuthenticationData(
+ AuthenticationSession session,
+ VerifyXMLSignatureResponse verifyXMLSigResp)
+ throws ConfigurationException, BuildException {
+
IdentityLink identityLink = session.getIdentityLink();
- AuthenticationData authData = new AuthenticationData();
+ AuthenticationData authData = new AuthenticationData();
authData.setMajorVersion(1);
authData.setMinorVersion(0);
authData.setAssertionID(Random.nextRandom());
authData.setIssuer(session.getAuthURL());
authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
- String vpkBase64 = new VPKBuilder().buildVPK(
- identityLink.getIdentificationValue(), identityLink.getDateOfBirth(), session.getTarget());
+ String vpkBase64 =
+ new VPKBuilder().buildVPK(
+ identityLink.getIdentificationValue(),
+ identityLink.getDateOfBirth(),
+ session.getTarget());
authData.setVPK(vpkBase64);
authData.setGivenName(identityLink.getGivenName());
authData.setFamilyName(identityLink.getFamilyName());
@@ -443,57 +514,57 @@ public class AuthenticationServer implements MOAIDAuthConstants {
authData.setQualifiedCertificate(verifyXMLSigResp.isQualifiedCertificate());
authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode());
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- String prPerson = new PersonDataBuilder().build(
- identityLink, oaParam.getProvideZMRZahl());
-
- try {
- String ilAssertion =
- oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : "";
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+ String prPerson = new PersonDataBuilder().build(identityLink, oaParam.getProvideZMRZahl());
+
+ try {
+ String ilAssertion =
+ oaParam.getProvideIdentityLink()
+ ? DOMUtils.serializeNode(identityLink.getSamlAssertion())
+ : "";
String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : "";
- String samlAssertion = new AuthenticationDataAssertionBuilder().build(
- authData, prPerson, authBlock, ilAssertion);
+ String samlAssertion =
+ new AuthenticationDataAssertionBuilder().build(authData, prPerson, authBlock, ilAssertion);
authData.setSamlAssertion(samlAssertion);
- return authData;
- }
- catch (Throwable ex) {
- throw new BuildException(
- "builder.00",
- new Object[] { "AuthenticationData", ex.toString() },
- ex);
- }
- }
- /**
- * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
- * The <code>AuthenticationData</code> is deleted from the store upon end of this call.
- *
- * @return <code>AuthenticationData</code>
- */
- public AuthenticationData getAuthenticationData(String samlArtifact) throws AuthenticationException {
+ return authData;
+ } catch (Throwable ex) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] { "AuthenticationData", ex.toString()},
+ ex);
+ }
+ }
+ /**
+ * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+ * The <code>AuthenticationData</code> is deleted from the store upon end of this call.
+ *
+ * @return <code>AuthenticationData</code>
+ */
+ public AuthenticationData getAuthenticationData(String samlArtifact)
+ throws AuthenticationException {
String assertionHandle;
try {
assertionHandle = new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
- }
- catch (ParseException ex) {
- throw new AuthenticationException("1205", new Object[] {samlArtifact, ex.toString()});
+ } catch (ParseException ex) {
+ throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString()});
}
AuthenticationData authData = null;
synchronized (authenticationDataStore) {
- authData = (AuthenticationData)authenticationDataStore.get(assertionHandle);
- if (authData == null) {
+ authData = (AuthenticationData) authenticationDataStore.get(assertionHandle);
+ if (authData == null) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
- throw new AuthenticationException("1206", new Object[] {samlArtifact});
+ throw new AuthenticationException("1206", new Object[] { samlArtifact });
}
authenticationDataStore.remove(assertionHandle);
- }
+ }
long now = new Date().getTime();
if (now - authData.getTimestamp().getTime() > authDataTimeOut)
- throw new AuthenticationException("1207", new Object[] {samlArtifact});
+ throw new AuthenticationException("1207", new Object[] { samlArtifact });
Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
- return authData;
- }
+ return authData;
+ }
/**
* Stores authentication data indexed by the assertion handle contained in the
* given saml artifact.
@@ -501,26 +572,24 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @param authData authentication data
* @throws AuthenticationException when SAML artifact is invalid
*/
- private void storeAuthenticationData(String samlArtifact, AuthenticationData authData)
+ private void storeAuthenticationData(String samlArtifact, AuthenticationData authData)
throws AuthenticationException {
-
- try {
+
+ try {
SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact);
// check type code 0x0001
byte[] typeCode = parser.parseTypeCode();
if (typeCode[0] != 0 || typeCode[1] != 1)
- throw new AuthenticationException("auth.06", new Object[] {samlArtifact});
+ throw new AuthenticationException("auth.06", new Object[] { samlArtifact });
String assertionHandle = parser.parseAssertionHandle();
- synchronized(authenticationDataStore) {
+ synchronized (authenticationDataStore) {
Logger.debug("Assertion stored for SAML Artifact: " + samlArtifact);
authenticationDataStore.put(assertionHandle, authData);
}
- }
- catch (AuthenticationException ex) {
+ } catch (AuthenticationException ex) {
throw ex;
- }
- catch (Throwable ex) {
- throw new AuthenticationException("auth.06", new Object[] {samlArtifact});
+ } catch (Throwable ex) {
+ throw new AuthenticationException("auth.06", new Object[] { samlArtifact });
}
}
/**
@@ -533,13 +602,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* already for the given session ID
*/
private static AuthenticationSession newSession() throws AuthenticationException {
- String sessionID = Random.nextRandom();
+ String sessionID = Random.nextRandom();
AuthenticationSession newSession = new AuthenticationSession(sessionID);
synchronized (sessionStore) {
- AuthenticationSession session = (AuthenticationSession)sessionStore.get(sessionID);
- if (session != null)
- throw new AuthenticationException("auth.01", new Object[] { sessionID });
- sessionStore.put(sessionID, newSession);
+ AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID);
+ if (session != null)
+ throw new AuthenticationException("auth.01", new Object[] { sessionID });
+ sessionStore.put(sessionID, newSession);
}
return newSession;
}
@@ -551,38 +620,45 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* <code>null</code> if session ID unknown
*/
public static AuthenticationSession getSession(String id) throws AuthenticationException {
- AuthenticationSession session = (AuthenticationSession)sessionStore.get(id);
+ AuthenticationSession session = (AuthenticationSession) sessionStore.get(id);
if (session == null)
- throw new AuthenticationException("auth.02", new Object[] { id });
+ throw new AuthenticationException("auth.02", new Object[] { id });
return session;
}
/**
* Cleans up expired session and authentication data stores.
*/
public void cleanup() {
- long now = new Date().getTime();
- synchronized(sessionStore) {
- Set keys = new HashSet(sessionStore.keySet());
- for (Iterator iter = keys.iterator(); iter.hasNext(); ) {
- String sessionID = (String) iter.next();
- AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID);
- if (now - session.getTimestampStart().getTime() > sessionTimeOut) {
- Logger.info(MOAIDMessageProvider.getInstance().getMessage("cleaner.02", new Object[] {sessionID}));
- sessionStore.remove(sessionID);
- }
- }
- }
- synchronized(authenticationDataStore) {
- Set keys = new HashSet(authenticationDataStore.keySet());
- for (Iterator iter = keys.iterator(); iter.hasNext(); ) {
- String samlArtifact = (String) iter.next();
- AuthenticationData authData = (AuthenticationData) authenticationDataStore.get(samlArtifact);
- if (now - authData.getTimestamp().getTime() > authDataTimeOut) {
- Logger.info(MOAIDMessageProvider.getInstance().getMessage("cleaner.03", new Object[] {samlArtifact}));
- authenticationDataStore.remove(samlArtifact);
- }
- }
- }
+ long now = new Date().getTime();
+ synchronized (sessionStore) {
+ Set keys = new HashSet(sessionStore.keySet());
+ for (Iterator iter = keys.iterator(); iter.hasNext();) {
+ String sessionID = (String) iter.next();
+ AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID);
+ if (now - session.getTimestampStart().getTime() > sessionTimeOut) {
+ Logger.info(
+ MOAIDMessageProvider.getInstance().getMessage(
+ "cleaner.02",
+ new Object[] { sessionID }));
+ sessionStore.remove(sessionID);
+ }
+ }
+ }
+ synchronized (authenticationDataStore) {
+ Set keys = new HashSet(authenticationDataStore.keySet());
+ for (Iterator iter = keys.iterator(); iter.hasNext();) {
+ String samlArtifact = (String) iter.next();
+ AuthenticationData authData =
+ (AuthenticationData) authenticationDataStore.get(samlArtifact);
+ if (now - authData.getTimestamp().getTime() > authDataTimeOut) {
+ Logger.info(
+ MOAIDMessageProvider.getInstance().getMessage(
+ "cleaner.03",
+ new Object[] { samlArtifact }));
+ authenticationDataStore.remove(samlArtifact);
+ }
+ }
+ }
}
/**
@@ -599,7 +675,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
public void setSecondsAuthDataTimeOut(long seconds) {
authDataTimeOut = 1000 * seconds;
}
-
+
/**
* Checks a parameter.
* @param param parameter
@@ -620,8 +696,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
try {
String xmlString = new String(DOMUtils.serializeNode(rootElem));
debugOutputXMLFile(filename, xmlString);
- }
- catch (Exception ex) {
+ } catch (Exception ex) {
ex.printStackTrace();
}
}
@@ -639,8 +714,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
byte[] xmlData = xmlString.getBytes("UTF-8");
fout.write(xmlData);
fout.close();
- }
- catch (Exception ex) {
+ } catch (Exception ex) {
ex.printStackTrace();
}
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index 8693c71a9..f8c287cb6 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -22,6 +22,8 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
"<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + nl +
"<sl11:CreateXMLSignatureRequest xmlns:dsig=''" + DSIG_NS_URI + "'' xmlns:sl10=''" + SL10_NS_URI + "'' xmlns:sl11=''" + SL11_NS_URI + "''>" + nl +
" <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier>" + nl +
+ //TODO RS Lsg Switch SecureSignatureKeypair / CertifiedKeyPair
+ //" <sl11:KeyboxIdentifier>CertifiedKeypair</sl11:KeyboxIdentifier>" + nl +
" <sl11:DataObjectInfo Structure=''detached''>" + nl +
" <sl10:DataObject Reference=''''/>" + nl +
"{1}" +
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
index 575149d9e..30cc1df5a 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
@@ -1,6 +1,10 @@
package at.gv.egovernment.moa.id.auth.builder;
import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
/**
* Builds a DataURL parameter meant for the security layer implementation
@@ -29,7 +33,31 @@ public class DataURLBuilder {
* @return String
*/
public String buildDataURL(String authBaseURL, String authServletName, String sessionID) {
- String dataURL = authBaseURL + authServletName;
+
+ String individualDataURLPrefix = null;
+ String dataURL;
+ try {
+ //check if an individual prefix is configured
+ individualDataURLPrefix = AuthConfigurationProvider.getInstance().
+ getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX);
+
+ if (null != individualDataURLPrefix) {
+
+ //check individualDataURLPrefix
+ if(!individualDataURLPrefix.startsWith("http"))
+ throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix}));
+
+ //when ok then use it
+ dataURL = individualDataURLPrefix + authServletName;
+ } else
+ dataURL = authBaseURL + authServletName;
+
+ } catch (ConfigurationException e) {
+ Logger.warn(e);
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", new Object[] { authBaseURL } ));
+ dataURL = authBaseURL + authServletName;
+ }
+
dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID);
return dataURL;
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index 3a1cab4be..6ff52bc4a 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -7,6 +7,10 @@ import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -43,13 +47,29 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
protected void handleError(
String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) {
- if (exceptionThrown != null)
- Logger.error(errorMessage, exceptionThrown);
- else
+
+ if(null != errorMessage) {
Logger.error(errorMessage);
- req.setAttribute("ErrorMessage", errorMessage);
- req.setAttribute("ExceptionThrown", exceptionThrown);
- resp.setStatus(500);
+ req.setAttribute("ErrorMessage", errorMessage );
+ }
+
+ if (null != exceptionThrown) {
+ if(null == errorMessage) errorMessage = exceptionThrown.getMessage();
+ Logger.error(errorMessage, exceptionThrown);
+ req.setAttribute("ExceptionThrown", exceptionThrown);
+ }
+
+ //forward this to errorpage.jsp wher the HTML error page is generated
+ ServletContext context = getServletContext();
+ RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage.jsp");
+ try {
+ dispatcher.forward(req, resp);
+ } catch (ServletException e) {
+ Logger.error(e);
+ } catch (IOException e) {
+ Logger.error(e);
+ }
+
}
/**
* Handles a <code>WrongParametersException</code>.
@@ -58,8 +78,18 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
*/
protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) {
Logger.error(ex.toString());
- req.setAttribute("WrongParameters", "true");
- resp.setStatus(500);
+ req.setAttribute("WrongParameters", ex.getMessage());
+
+ // forward this to errorpage.jsp where the HTML error page is generated
+ ServletContext context = getServletContext();
+ RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage.jsp");
+ try {
+ dispatcher.forward(req, resp);
+ } catch (ServletException e) {
+ Logger.error(e);
+ } catch (IOException e) {
+ Logger.error(e);
+ }
}
/**
@@ -114,4 +144,13 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
}
return bout.toString();
}
+
+ /**
+ * Calls the web application initializer.
+ *
+ * @see javax.servlet.Servlet#init(ServletConfig)
+ */
+ public void init(ServletConfig servletConfig) throws ServletException {
+ super.init(servletConfig);
+ }
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
index 554819f73..1dc1897b2 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
@@ -2,6 +2,9 @@ package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
import java.io.PrintWriter;
+import java.text.DateFormat;
+import java.util.Date;
+import java.util.Locale;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
@@ -43,8 +46,11 @@ public class ConfigurationServlet extends HttpServlet {
try {
MOAIDAuthInitializer.initialized=false;
MOAIDAuthInitializer.initialize();
- String message = msg.getMessage("config.00", null);
+ String message = msg.getMessage("config.00", new Object[]
+ { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} );
+
Logger.info(message);
+ //TODO low-priority: change to ErrorPage
out.println("<p><b>");
out.println(message);
out.println("</b></p>");
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
index 50ca21c69..422ddf0a3 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
@@ -35,6 +35,7 @@ public class SelectBKUServlet extends AuthServlet {
*/
public void init(ServletConfig servletConfig) throws ServletException {
try {
+ super.init(servletConfig);
MOAIDAuthInitializer.initialize();
Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
}
@@ -71,9 +72,9 @@ public class SelectBKUServlet extends AuthServlet {
String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
// bkuSelectionType==HTMLComplete
- String redirectURL = returnValue;
+ String redirectURL = returnValue;
resp.sendRedirect(redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
+ Logger.info("REDIRECT TO: " + redirectURL);
}
else {
// bkuSelectionType==HTMLSelect
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index 2ea43935b..6308742bf 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -90,6 +90,7 @@ public class StartAuthenticationServlet extends AuthServlet {
*/
public void init(ServletConfig servletConfig) throws ServletException {
try {
+ super.init(servletConfig);
MOAIDAuthInitializer.initialize();
Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
}
@@ -97,6 +98,6 @@ public class StartAuthenticationServlet extends AuthServlet {
Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
throw new ServletException(ex);
}
- }
+ }
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 8d16f73dd..eda0c6726 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -10,7 +10,6 @@ import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.logging.Logger;
@@ -70,8 +69,10 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
Map parameters = getParameters(req);
String sessionID = req.getParameter(PARAM_SESSIONID);
String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
- // debug output
- AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureResponse.xml", createXMLSignatureResponse);
+
+ // debug XMLSignatureResponse from BKU
+ if(null != createXMLSignatureResponse)
+ AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureResponse.xml", createXMLSignatureResponse);
try {
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
String samlArtifactBase64 =
@@ -84,9 +85,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
resp.addHeader("Location", redirectURL);
Logger.debug("REDIRECT TO: " + redirectURL);
}
- catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- }
+
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index d3a28c7d4..55bce7af3 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -10,7 +10,6 @@ import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.logging.Logger;
@@ -68,7 +67,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
String sessionID = req.getParameter(PARAM_SESSIONID);
String infoboxReadResponse = (String)parameters.get(PARAM_XMLRESPONSE);
// debug output
- AuthenticationServer.debugOutputXMLFile("InfoboxReadResponse.xml", infoboxReadResponse);
+ if(null != infoboxReadResponse)
+ AuthenticationServer.debugOutputXMLFile("InfoboxReadResponse.xml", infoboxReadResponse);
try {
String createXMLSignatureRequest =
AuthenticationServer.getInstance().verifyIdentityLink(sessionID, infoboxReadResponse);
@@ -79,16 +79,14 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
resp.addHeader("Location", dataURL);
resp.setContentType("text/xml");
// debug output
- AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureRequest.xml", createXMLSignatureRequest);
+ if(null != createXMLSignatureRequest)
+ AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureRequest.xml", createXMLSignatureRequest);
OutputStream out = resp.getOutputStream();
out.write(createXMLSignatureRequest.getBytes("UTF-8"));
out.flush();
out.close();
Logger.debug("Finished POST VerifyIdentityLink");
}
- catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- }
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index a238d28cb..8de475f95 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -53,6 +53,7 @@ public class VerifyXMLSignatureResponseValidator {
if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
throw new ValidateException("validator.06", null);
+ //TODO enhance error messages (reason why check failed)
if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0)
if (whatToCheck.equals(CHECK_IDENTITY_LINK))
throw new ValidateException("validator.07", null);
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index f91222ac3..6d3e05c29 100644
--- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -111,7 +111,9 @@ public class ConfigurationBuilder {
private static final String OA_PROXY_SESSION_TIMEOUT_XPATH = CONF + "ProxyComponent/@sessionTimeOut";
/** an XPATH-Expression */
private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl";
- /** an XPATH-Expression */
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration";
+ /** an XPATH-Expression */
private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl";
/** an XPATH-Expression */
private static final String CONNECTION_PARAMETER_URL_XPATH =
@@ -160,6 +162,12 @@ public class ConfigurationBuilder {
private static final String TRUSTED_CA_CERTIFICATES_XPATH =
ROOT + CONF + "TrustedCACertificates";
+
+ /**
+ * main configuration file directory name used to configure MOA-ID
+ */
+ private String rootConfigFileDir;
+
/** The root element of the MOA-ID configuration */
private Element configElem;
@@ -168,8 +176,9 @@ public class ConfigurationBuilder {
*
* @param configElem The root element of the MOA-ID configuration.
*/
- public ConfigurationBuilder(Element configElem) {
+ public ConfigurationBuilder(Element configElem, String rootConfigDir) {
this.configElem = configElem;
+ this.rootConfigFileDir = rootConfigDir;
}
/**
@@ -386,10 +395,18 @@ public class ConfigurationBuilder {
ConnectionParameter result = new ConnectionParameter();
result.setAcceptedServerCertificates(
XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null));
+
+ result.setAcceptedServerCertificates(FileUtils.makeAbsoluteURL(
+ result.getAcceptedServerCertificates(), rootConfigFileDir));
+
result.setUrl(
XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, ""));
result.setClientKeyStore(
XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null));
+
+ result.setClientKeyStore(FileUtils.makeAbsoluteURL(
+ result.getClientKeyStore(), rootConfigFileDir));
+
result.setClientKeyStorePassword(
XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,""));
@@ -422,9 +439,11 @@ public class ConfigurationBuilder {
Element proxyComponentElem = (Element) XPathUtils.selectSingleNode(oAElem,OA_PROXY_COMPONENT_XPATH);
if (proxyComponentElem != null) {
oap.setConfigFileURL(XPathUtils.getAttributeValue(oAElem, OA_PROXY_URL_XPATH, null));
+ oap.setConfigFileURL(FileUtils.makeAbsoluteURL(oap.getConfigFileURL(), rootConfigFileDir));
// default session time out: 3600 sec = 1 h
oap.setSessionTimeOut(new Integer(XPathUtils.getAttributeValue(oAElem,OA_PROXY_SESSION_TIMEOUT_XPATH,"3600")).intValue());
oap.setLoginParameterResolverImpl(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_XPATH, null));
+ oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null));
oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null));
ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem);
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
index 5d523ba62..48e82011d 100644
--- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
+++ b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
@@ -34,7 +34,14 @@ public class ConfigurationProvider {
* The name of the generic configuration property giving the certstore directory path.
*/
public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY =
- "DirectoryCertStoreParameters.RootDir";
+ "DirectoryCertStoreParameters.RootDir";
+
+ /**
+ * The name of the generic configuration property switching the ssl revocation checking on/off
+ */
+ public static final String TRUST_MANAGER_REVOCATION_CHECKING =
+ "TrustManager.RevocationChecking";
+
/**
* A <code>Map</code> which contains generic configuration information. Maps a
@@ -100,6 +107,8 @@ public class ConfigurationProvider {
* @return String
*/
public String getTrustedCACertificates() {
+
return trustedCACertificates;
}
+
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index e3c869d53..2e133130c 100644
--- a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -1,10 +1,11 @@
package at.gv.egovernment.moa.id.config.auth;
import java.io.BufferedInputStream;
+import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
-
+import java.net.MalformedURLException;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
@@ -59,6 +60,20 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
*/
public static final String BKU_SELECTION_TYPE_HTMLSELECT =
"HTMLSelect";
+
+ /**
+ * The name of the generic configuration property allowing https connection to
+ * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets)
+ */
+ public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY =
+ "FrontendServlets.EnableHTTPConnection";
+
+ /**
+ * The name of the generic configuration property allowing to set a individual
+ * DATA URL used to communicate with the BKU (SecurityLayer)
+ */
+ public static final String INDIVIDUAL_DATA_URL_PREFIX =
+ "FrontendServlets.DataURLPrefix";
/** Singleton instance. <code>null</code>, if none has been created. */
private static AuthConfigurationProvider instance;
@@ -67,6 +82,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
// configuration data
//
+ /**
+ * main configuration file directory name used to configure MOA-ID
+ */
+ private String rootConfigFileDir;
+
/**
* configuration files containing transformations for rendering in the
* secure viewer of the security layer implementation;
@@ -172,7 +192,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
InputStream stream = null;
Element configElem;
ConfigurationBuilder builder;
-
+
try {
// load the main config file
stream = new BufferedInputStream(new FileInputStream(fileName));
@@ -189,8 +209,16 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
}
}
try {
+ // determine the directory of the root config file
+ rootConfigFileDir = new File(fileName).getParent();
+ try {
+ rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
+ } catch (MalformedURLException t) {
+ throw new ConfigurationException("config.03", null, t);
+ }
+
// build the internal datastructures
- builder = new ConfigurationBuilder(configElem);
+ builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
bKUSelectable = (bKUConnectionParameter!=null);
bKUSelectionType = builder.buildAuthBKUSelectionType();
@@ -205,7 +233,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
defaultChainingMode = builder.getDefaultChainingMode();
chainingModes = builder.buildChainingModes();
- trustedCACertificates = builder.getTrustedCACertificates(); }
+ trustedCACertificates = builder.getTrustedCACertificates();
+ trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); }
+
catch (Throwable t) {
throw new ConfigurationException("config.02", null, t);
}
@@ -216,9 +246,13 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
* @throws Exception on any exception thrown
*/
private void loadTransformsInfos() throws Exception {
+
transformsInfos = new String[transformsInfoFileNames.length];
for (int i = 0; i < transformsInfoFileNames.length; i++) {
String fileURL = transformsInfoFileNames[i];
+
+ //if fileURL is relative to rootConfigFileDir make it absolute
+ fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir);
String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
transformsInfos[i] = transformsInfo;
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
index f08c60736..a16dcfa26 100644
--- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
+++ b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
@@ -26,6 +26,12 @@ public class OAProxyParameter {
* defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver}
*/
private String loginParameterResolverImpl;
+
+ /**
+ * Configuration Parameter of LoginParameterResolver
+ */
+ private String loginParameterResolverConfiguration;
+
/**
* implementation of {@link at.gv.egovernment.moa.id.proxy.ConnectionBuilder} interface
* to be used for connecting to the online application;
@@ -44,6 +50,7 @@ public class OAProxyParameter {
* parameters for logging into the online application
*/
private OAConfiguration oaConfiguration;
+
/**
* Returns the configFileURL.
@@ -126,6 +133,14 @@ public class OAProxyParameter {
}
/**
+ * Returns the loginParameterResolverConfiguration.
+ * @return String
+ */
+ public String getLoginParameterResolverConfiguration() {
+ return loginParameterResolverConfiguration;
+ }
+
+ /**
* Sets the connectionBuilderImpl.
* @param connectionBuilderImpl The connectionBuilderImpl to set
*/
@@ -142,6 +157,14 @@ public class OAProxyParameter {
}
/**
+ * Sets the loginParameterResolverConfiguration.
+ * @param loginParameterResolverImpl The loginParameterResolverImpl to set
+ */
+ public void setLoginParameterResolverConfiguration(String loginParameterResolverConfiguration) {
+ this.loginParameterResolverConfiguration = loginParameterResolverConfiguration;
+ }
+
+ /**
* Returns the oaConfiguration.
* @return OAConfiguration
*/
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
index 897d14da9..622ae6f82 100644
--- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
+++ b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
@@ -1,7 +1,9 @@
package at.gv.egovernment.moa.id.config.proxy;
+import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
+import java.net.MalformedURLException;
import org.w3c.dom.Element;
@@ -11,6 +13,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.FileUtils;
/**
* A class providing access to the Proxy Part of the MOA-ID configuration data.
@@ -32,6 +35,11 @@ public class ProxyConfigurationProvider extends ConfigurationProvider {
/** Singleton instance. <code>null</code>, if none has been created. */
private static ProxyConfigurationProvider instance;
+ /**
+ * main configuration file directory name used to configure MOA-ID
+ */
+ private String rootConfigFileDir;
+
//
// configuration data
//
@@ -117,14 +125,29 @@ public class ProxyConfigurationProvider extends ConfigurationProvider {
}
}
try {
+ // determine the directory of the root config file
+ rootConfigFileDir = new File(fileName).getParent();
+ try {
+ rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
+ } catch (MalformedURLException t) {
+ throw new ConfigurationException("config.03", null, t);
+ }
+
// build the internal datastructures
- builder = new ConfigurationBuilder(configElem);
+ builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
authComponentConnectionParameter = builder.buildAuthComponentConnectionParameter();
- onlineApplicationProxyParameter = builder.buildOnlineApplicationProxyParameters();
+
+ onlineApplicationProxyParameter = builder.buildOnlineApplicationProxyParameters();
+ for(int i = 0; i < onlineApplicationProxyParameter.length; i++) {
+ onlineApplicationProxyParameter[i].setConfigFileURL(FileUtils.makeAbsoluteURL(onlineApplicationProxyParameter[i].getConfigFileURL(), rootConfigFileDir));
+ }
+
genericConfiguration = builder.buildGenericConfiguration();
defaultChainingMode = builder.getDefaultChainingMode();
chainingModes = builder.buildChainingModes();
trustedCACertificates = builder.getTrustedCACertificates();
+ trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);
+
}
catch (Throwable t) {
throw new ConfigurationException("config.02", null, t);
@@ -166,5 +189,5 @@ public class ProxyConfigurationProvider extends ConfigurationProvider {
}
return null;
}
-
+
} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
index 882a9c255..4d309c18c 100644
--- a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
+++ b/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
@@ -28,13 +28,20 @@ public class PKIProfileImpl extends ObservableImpl
*/
private String trustStoreURI;
+ /**
+ * revocation checking;
+ */
+ private boolean revocationChecking;
+
+
/**
* Create a new <code>PKIProfileImpl</code>.
*
* @param trustStoreURI trust store URI
*/
- public PKIProfileImpl(String trustStoreURI) {
+ public PKIProfileImpl(String trustStoreURI, boolean revocationChecking) {
this.trustStoreURI = trustStoreURI;
+ this.revocationChecking = revocationChecking;
}
/**
@@ -153,7 +160,7 @@ public class PKIProfileImpl extends ObservableImpl
* @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking()
*/
public boolean getRevocationChecking() {
- return true;
+ return this.revocationChecking;
}
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java b/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java
index 7a6c3e575..ff7787839 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java
@@ -4,8 +4,8 @@ import java.util.HashMap;
import java.util.Map;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
/**
* Factory delivering a {@link ConnectionBuilder} implementation for
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
index 48e21f673..2ac8fe28e 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
@@ -36,6 +36,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder {
disableHostnameVerification = BoolUtils.valueOf(
ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
"ProxyComponent.DisableHostnameVerification"));
+ //TODO undocumented feature
if (disableHostnameVerification)
Logger.warn("ProxyComponent.DisableHostnameVerification: " + disableHostnameVerification);
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
index db3c452bc..033a74934 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
@@ -21,6 +21,13 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
*/
public DefaultLoginParameterResolver() {
}
+
+ /**
+ * Configuration mehtod (not used)
+ */
+ public void configure(String configuration) throws LoginParameterResolverException {
+ }
+
/**
* @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.auth.data.AuthenticationData, java.lang.String)
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
index 497176a96..434a4f674 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
@@ -14,33 +14,34 @@ import at.gv.egovernment.moa.id.data.AuthenticationData;
* @version $Id$
*/
public interface LoginParameterResolver {
-
- /** Constants used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code>,
- * naming predicates used by the <code>LoginParameterResolver</code>. */
- public static final String MOAGivenName = "MOAGivenName";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAFamilyName = "MOAFamilyName";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOADateOfBirth = "MOADateOfBirth";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAVPK = "MOAVPK";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAPublicAuthority = "MOAPublicAuthority";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOABKZ = "MOABKZ";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAQualifiedCertificate = "MOAQualifiedCertificate";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAZMRZahl = "MOAZMRZahl";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAIPAddress = "MOAIPAddress";
-
+
+ /** Constants used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code>,
+ * naming predicates used by the <code>LoginParameterResolver</code>. */
+ public static final String MOAGivenName = "MOAGivenName";
+ /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAFamilyName = "MOAFamilyName";
+ /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOADateOfBirth = "MOADateOfBirth";
+ /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAVPK = "MOAVPK";
+ /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAPublicAuthority = "MOAPublicAuthority";
+ /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOABKZ = "MOABKZ";
+ /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAQualifiedCertificate =
+ "MOAQualifiedCertificate";
+ /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAZMRZahl = "MOAZMRZahl";
+ /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAIPAddress = "MOAIPAddress";
+
/**
* Returns authentication headers to be added to a URLConnection.
*
* @param oaConf configuration data
* @param authData authentication data
- * @param clientIPAddress client IP address
+ * @param clientIPAddress client IP address
* @return A map, the keys being header names and values being corresponding header values.
* <br>In case of authentication type <code>"basic-auth"</code>, header fields
* <code>username</code> and <code>password</code>.
@@ -48,25 +49,27 @@ public interface LoginParameterResolver {
* derived from parameter mapping and authentication data provided.
* <br>Otherwise, an empty map.
*/
- public Map getAuthenticationHeaders (
+ public Map getAuthenticationHeaders(
OAConfiguration oaConf,
AuthenticationData authData,
- String clientIPAddress);
-
+ String clientIPAddress) throws LoginParameterResolverException;
+
/**
* Returns request parameters to be added to a URLConnection.
*
* @param oaConf configuration data
* @param authData authentication data
- * @param clientIPAddress client IP address
+ * @param clientIPAddress client IP address
* @return A map, the keys being parameter names and values being corresponding parameter values.
* <br>In case of authentication type <code>"param-auth"</code>, parameters
* derived from parameter mapping and authentication data provided.
* <br>Otherwise, an empty map.
*/
- public Map getAuthenticationParameters (
- OAConfiguration oaConf,
- AuthenticationData authData,
- String clientIPAddress);
+ public Map getAuthenticationParameters(
+ OAConfiguration oaConf,
+ AuthenticationData authData,
+ String clientIPAddress) throws LoginParameterResolverException;
+
+ public void configure(String configuration) throws LoginParameterResolverException;
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java
new file mode 100644
index 000000000..3aa2368bf
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java
@@ -0,0 +1,37 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+/**
+ * Exception thrown while proxying a request to the online application
+ *
+ * @author Rudolf Schamberger
+ * @version $Id$
+ */
+public class LoginParameterResolverException extends MOAIDException {
+
+ /**
+ * Constructor for LoginParameterResolverException.
+ * @param messageId
+ * @param parameters
+ */
+ public LoginParameterResolverException(
+ String messageId,
+ Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * Constructor for LoginParameterResolverException.
+ * @param messageId
+ * @param parameters
+ * @param wrapped
+ */
+ public LoginParameterResolverException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
index 2ab245923..0db7f66fe 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
@@ -1,11 +1,12 @@
package at.gv.egovernment.moa.id.proxy;
+import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.Map;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
/**
* Factory delivering a {@link LoginParameterResolver} implementation for
@@ -39,11 +40,25 @@ public class LoginParameterResolverFactory {
OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i];
String publicURLPrefix = oaParam.getPublicURLPrefix();
String className = oaParam.getLoginParameterResolverImpl();
+ String configuration = oaParam.getLoginParameterResolverConfiguration();
+
if (className != null) {
try {
+ Class lprClass = Class.forName(className);
LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance();
+
+ Class[] argumentTypes = { String.class };
+ Method confMethod = lprClass.getMethod( "configure", argumentTypes );
+
+ Object[] arguments = { new String(configuration) };
+ confMethod.invoke( lpr, arguments );
+
+ lpr.configure(configuration);
loginParameterResolverMap.put(publicURLPrefix, lpr);
}
+ catch (LoginParameterResolverException lpex) {
+ throw new ConfigurationException("config.11", new Object[] {className}, lpex);
+ }
catch (Throwable ex) {
throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex);
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java
new file mode 100644
index 000000000..3f7a6872c
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java
@@ -0,0 +1,481 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import java.io.File;
+import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import java.io.IOException;
+import java.util.*;
+//import org.apache.xerces.parsers.AbstractDOMParser;
+import org.apache.xerces.parsers.DOMParser;
+import org.w3c.dom.*;
+
+/**
+ * XMLLoginParameterResolver an implementation of implementation of interface
+ * <code>LoginParameterResolver</code>
+ * This implementation used to map identities stored in an XML file to parameters
+ * which are given to OAs.
+ *
+ * @author Rudolf Schamberger
+ * @version $Id$
+ */
+public class XMLLoginParameterResolver implements LoginParameterResolver {
+
+ //file which is parsed and interpreted for paremeter resolving.
+ private String identityFile;
+
+ /**
+ * inner class used to store mapped parameters
+ */
+ class LPRParams {
+
+ /**
+ * getter method for parameter Enabled.
+ * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver
+ */
+ public boolean getEnabled() {
+ return enabled.booleanValue();
+ }
+
+ /**
+ * getter method for parameter UN (username)
+ * @return Parameter UN or <code>null</code> not set.
+ */
+ public String getUN() {
+ return UN;
+ }
+
+ /**
+ * getter method for parameter PW (password)
+ * @return Parameter PW or <code>null</code> not set.
+ */
+ public String getPW() {
+ return PW;
+ }
+
+ /**
+ * getter method for parameter Param1
+ * @return Parameter Param1 or <code>null</code> not set.
+ */
+ public String getParam1() {
+ return Param1;
+ }
+
+ /**
+ * getter method for parameter Param2
+ * @return Parameter Param2 or <code>null</code> not set.
+ */
+ public String getParam2() {
+ return Param2;
+ }
+
+ /**
+ * getter method for parameter Param3
+ * @return Parameter Param3 or <code>null</code> not set.
+ */
+ public String getParam3() {
+ return Param3;
+ }
+
+ /**
+ * Returns a string representation of LPRParams
+ *
+ * @return a <code>String</code> representation of this object.
+ * @see XMLLoginParameterResolver.LPRParams
+ */
+ public String toString() {
+ return "Enabled: "
+ + enabled.toString()
+ + "UN: '"
+ + UN
+ + "' PW: '"
+ + PW
+ + "' Param1: '"
+ + Param1
+ + "' Param2: '"
+ + Param2
+ + "' Param3: '"
+ + Param3
+ + "'\n";
+ }
+
+ //private member variables used
+ private Boolean enabled = null;
+ private String UN = null;
+ private String PW = null;
+ private String Param1 = null;
+ private String Param2 = null;
+ private String Param3 = null;
+
+ /**
+ * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object.
+ *
+ * @param enabled enable user mapping to parameter set for the parameter set.
+ * @param UN username used in HTTP 401 - BasicAuthentication
+ * @param PW password used in HTTP 401 - BasicAuthentication
+ * @param Param1 parameter1 used in HeaderAuthentication and ParameterAuthentication
+ * @param Param2 parameter2 used in HeaderAuthentication and ParameterAuthentication
+ * @param Param3 parameter3 used in HeaderAuthentication and ParameterAuthentication
+ **/
+ LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) {
+ this.enabled = new Boolean(enabled);
+ this.UN = UN;
+ this.PW = PW;
+ this.Param1 = Param1;
+ this.Param1 = Param2;
+ this.Param1 = Param3;
+ }
+
+ /**
+ * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object.
+ *
+ * @param enabled enable user mapping to parameter set for the parameter set.
+ * @param UN username used in HTTP 401 - BasicAuthentication
+ * @param PW password used in HTTP 401 - BasicAuthentication
+ **/
+ LPRParams(boolean enabled, String UN, String PW) {
+ this(enabled, UN, PW, null, null, null);
+ }
+ }
+
+ /**
+ * Constructs a newly allocated <code>XMLLoginParameterResolver</code> object.
+ **/
+ public XMLLoginParameterResolver() {
+ bPKMap = new HashMap();
+ namedMap = new HashMap();
+ }
+
+ /**
+ * configuration method
+ * @param configuration enabled enable user mapping to parameter set for the parameter set.
+ */
+ public void configure(String configuration) throws LoginParameterResolverException {
+ File idFile;
+ this.identityFile = configuration;
+
+ try {
+ if (null == identityFile || false == (idFile = new File(identityFile)).canRead()) {
+ Logger.error("XMLLoginParameterResolver could not read '"
+ + identityFile
+ + "' " );
+ return;
+ }
+ Document doc = readXMLFile(identityFile);
+ buildInfo(doc);
+ } catch (Throwable ex) {
+ throw new LoginParameterResolverException("config.11", new Object[] {identityFile}, ex);
+ }
+ isConfigured = true;
+ }
+
+ public Map getAuthenticationHeaders(
+ OAConfiguration oaConf,
+ AuthenticationData authData,
+ String clientIPAddress) throws LoginParameterResolverException {
+ Map result = new HashMap();
+
+ if (!isConfigured) {
+ throw new LoginParameterResolverException("XMLLoginParameterResolver with configuration '" +
+ identityFile + "' is not configured!", null);
+ }
+
+ String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
+ String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
+ String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
+ String bPK = resolveValue("MOAVPK", authData, clientIPAddress);
+ String userid = "";
+ String password = "";
+ LPRParams params = null;
+ boolean userFound = false;
+
+ //try bPK and named search
+ userFound = bPKIdentitySearch(bPK, params);
+
+ if(false == userFound)
+ namedIdentitySearch(famName, givenName, dateOfBirth, params);
+
+ if(false == userFound)
+ return result;
+
+ //HTTP 401 - Basic Authentication
+ if (oaConf.getAuthType().equals("basic")) {
+ userid = params.getUN();
+ password = params.getPW();
+
+ try {
+ String userIDPassword = userid + ":" + password;
+ String credentials = Base64Utils.encode(userIDPassword.getBytes());
+ Logger.debug("XMLLoginParameterResolver: calculated credentials: " + credentials);
+ result.put("Authorization", "Basic " + credentials);
+ } catch (IOException ignore) {
+ }
+ return result;
+ }
+ if (oaConf.getAuthType().equals("header")) {
+ String key;
+ String resolvedValue;
+ result.put("Param1", params.getParam1());
+ result.put("Param2", params.getParam2());
+ result.put("Param3", params.getParam3());
+ return result;
+ /* for (Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator();
+ iter.hasNext();
+ result.put(key, resolvedValue)) {
+ key = (String) iter.next();
+ String predicate = (String) oaConf.getHeaderAuthMapping().get(key);
+ resolvedValue = resolveValue(predicate, authData, clientIPAddress);
+ }
+ */
+ }
+ return result;
+ }
+
+ public Map getAuthenticationParameters(
+ OAConfiguration oaConf,
+ AuthenticationData authData,
+ String clientIPAddress) {
+
+ Map result = new HashMap();
+
+ if (!isConfigured) {
+ Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured");
+ return result;
+ }
+
+ String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
+ String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
+ String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
+ String bPK = resolveValue("MOAVPK", authData, clientIPAddress);
+ String userid = "";
+ String password = "";
+ LPRParams params = null;
+ boolean userFound = false;
+
+ //try bPK and named search
+ userFound = bPKIdentitySearch(bPK, params);
+
+ if (false == userFound)
+ namedIdentitySearch(famName, givenName, dateOfBirth, params);
+
+ if (false == userFound)
+ return result;
+
+ if (oaConf.getAuthType().equals("param")) {
+ result.put("Param1", params.getParam1());
+ result.put("Param2", params.getParam2());
+ result.put("Param3", params.getParam3());
+ return result;
+ /*
+ String key;
+ String resolvedValue;
+ for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator();
+ iter.hasNext();
+ result.put(key, resolvedValue)) {
+ key = (String) iter.next();
+ String predicate = (String) oaConf.getParamAuthMapping().get(key);
+ resolvedValue = resolveValue(predicate, authData, clientIPAddress);
+ }
+ */
+
+ }
+ return result;
+ }
+
+ private static String resolveValue(
+ String predicate,
+ AuthenticationData authData,
+ String clientIPAddress) {
+ if (predicate.equals("MOAGivenName"))
+ return authData.getGivenName();
+ if (predicate.equals("MOAFamilyName"))
+ return authData.getFamilyName();
+ if (predicate.equals("MOADateOfBirth"))
+ return authData.getDateOfBirth();
+ if (predicate.equals("MOAVPK"))
+ return authData.getVPK();
+ if (predicate.equals("MOAPublicAuthority"))
+ if (authData.isPublicAuthority())
+ return "true";
+ else
+ return "false";
+ if (predicate.equals("MOABKZ"))
+ return authData.getPublicAuthorityCode();
+ if (predicate.equals("MOAQualifiedCertificate"))
+ if (authData.isQualifiedCertificate())
+ return "true";
+ else
+ return "false";
+ if (predicate.equals("MOAZMRZahl"))
+ return authData.getIdentificationValue();
+ if (predicate.equals("MOAIPAddress"))
+ return clientIPAddress;
+ else
+ return null;
+ }
+
+ private Document readXMLFile(String fileName) {
+ Logger.info("XMLLoginParameterResolver: Loading MOA-OA configuration " + fileName);
+ DOMParser parser = new DOMParser();
+ try {
+ parser.setFeature("http://xml.org/sax/features/validation", true);
+ parser.setFeature("http://apache.org/xml/features/validation/schema", true);
+ parser.parse(fileName);
+ return parser.getDocument();
+ } catch (Exception e) {
+ String msg = e.toString();
+ Logger.error("XMLLoginParameterResolver: Error parsing file" + fileName + "\n" + msg);
+ return null;
+ }
+ }
+
+ private void buildInfo(Document doc) {
+ Element root = doc.getDocumentElement();
+ NodeList idList = root.getElementsByTagName(XSD_IDELEM);
+ NodeList paramList = root.getElementsByTagName("Parameters");
+ for (int i = 0; i < idList.getLength(); i++)
+ Logger.debug("XMLLoginParameterResolver: LocalName idList: " + idList.item(i).getLocalName());
+
+ for (int i = 0; i < paramList.getLength(); i++)
+ Logger.debug(
+ "XMLLoginParameterResolver: LocalName paramList: " + paramList.item(i).getLocalName());
+
+ for (int i = 0; i < idList.getLength(); i++) {
+ Element tmpElem = (Element) idList.item(i);
+ NodeList tmpList = tmpElem.getElementsByTagName("NamedIdentity");
+ for (int j = 0; j < tmpList.getLength(); j++)
+ Logger.debug("XMLLoginParameterResolver: LocalName tmp: " + tmpList.item(j).getLocalName());
+
+ if (1 == tmpList.getLength()) {
+ tmpElem = (Element) tmpList.item(0);
+ String tmpStr = tmpElem.getAttribute("SurName") + "," + tmpElem.getAttribute("GivenName");
+ boolean tmpBool = false;
+ if (tmpElem.getFirstChild() != null
+ && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0)
+ tmpBool = true;
+ Logger.debug(
+ "XMLLoginParameterResolver: tmpStr: "
+ + tmpStr
+ + " value: "
+ + (new Boolean(tmpBool)).toString());
+ tmpElem = (Element) paramList.item(i);
+ Logger.debug(
+ "XMLLoginParameterResolver: attribute UN: "
+ + tmpElem.getAttribute("UN")
+ + " attribute PW: "
+ + tmpElem.getAttribute("PW"));
+ namedMap.put(
+ tmpStr,
+ new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW")));
+ } else {
+ tmpList = tmpElem.getElementsByTagName("bPKIdentity");
+ if (1 == tmpList.getLength()) {
+ tmpElem = (Element) tmpList.item(0);
+ String tmpStr = tmpElem.getAttribute("bPK");
+ boolean tmpBool = false;
+ if (tmpElem.getFirstChild() != null
+ && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0)
+ tmpBool = true;
+ Logger.debug(
+ "XMLLoginParameterResolver: tmpStr: "
+ + tmpStr
+ + " value: "
+ + (new Boolean(tmpBool)).toString());
+ tmpElem = (Element) paramList.item(i);
+ Logger.debug(
+ "XMLLoginParameterResolver: attribute UN: "
+ + tmpElem.getAttribute("UN")
+ + " attribute PW: "
+ + tmpElem.getAttribute("PW")
+ + " attribute Param1: "
+ + tmpElem.getAttribute("Param1"));
+ bPKMap.put(
+ tmpStr,
+ new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW")));
+ } else {
+ Logger.warn(
+ "XMLLoginParameterResolver: wrong format no NamedIdentity or bPKIdentity found");
+ }
+ }
+ }
+
+ Logger.debug("namedMap:" + namedMap.toString());
+ Logger.debug("bPKMap:" + bPKMap.toString());
+ }
+
+ private void buildIdentityInfo(Document doc) {
+
+ }
+
+
+ boolean bPKIdentitySearch(String bPK, LPRParams params) {
+ //search for mapping with bPK of the user
+ Logger.info("XMLLoginParameterResolver: search for login data mapped to bPK:" + bPK);
+ params = (LPRParams) bPKMap.get(bPK);
+ if (null == params) {
+ Logger.info("XMLLoginParameterResolver: params for bPK: " + bPK + " not found!");
+ return false;
+ } else if (params.getEnabled()) {
+ Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list; user is enabled");
+ Logger.debug("XMLLoginParameterResolver: using: " + params.toString());
+ return true;
+ }
+ Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list but user is NOT enabled");
+ return false;
+ }
+
+ boolean namedIdentitySearch(
+ String famName,
+ String givenName,
+ String dateOfBirth,
+ LPRParams params) {
+ Logger.info(
+ "XMLLoginParameterResolver: search for login data for SurName:"
+ + famName
+ + " GivenName: "
+ + givenName);
+
+ params = (LPRParams) namedMap.get(famName + "," + givenName);
+ if (null == params) {
+
+ Logger.info(
+ "XMLLoginParameterResolver: params for Surname: "
+ + famName
+ + " GivenName: "
+ + givenName
+ + " not found!");
+ return false;
+ }
+
+ if (params.getEnabled()) {
+ Logger.info(
+ "XMLLoginParameterResolver: SurName:"
+ + famName
+ + " GivenName: "
+ + givenName
+ + "found in list; user is enabled");
+ Logger.debug("XMLLoginParameterResolver: using: " + params.toString());
+ return true;
+ }
+ Logger.info(
+ "XMLLoginParameterResolver: SurName:"
+ + famName
+ + " GivenName: "
+ + givenName
+ + "found in list; user is NOT enabled");
+ return false;
+ }
+
+ public static final String XSD_MAPPING = "Mapping";
+
+ public static final String XSD_DOCELEM = "MOAIdentities";
+ public static final String XSD_IDELEM = "Identity";
+ public static final String XSD_NAMEDIDELEM = "NamedIdentity";
+ public static final String XSD_BPKIDELEM = "bPKIdentity";
+ public static final String XSD_PARAMELEM = "Parameters";
+ public static final String XML_LPR_CONFIG_PROPERTY_NAME = "moa.id.xmllpr.configuration";
+ private Map bPKMap;
+ private Map namedMap;
+ private boolean isConfigured = false;
+} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
index a00c48387..d6ec4951b 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
@@ -2,6 +2,9 @@ package at.gv.egovernment.moa.id.proxy.servlet;
import java.io.IOException;
import java.io.PrintWriter;
+import java.text.DateFormat;
+import java.util.Date;
+import java.util.Locale;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
@@ -42,8 +45,12 @@ public class ConfigurationServlet extends HttpServlet {
out.println("<body bgcolor=\"#FFFFFF\">");
try {
MOAIDProxyInitializer.initialize();
- String message = msg.getMessage("config.00", null);
+
+ String message = msg.getMessage("config.00", new Object[]
+ { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} );
Logger.info(message);
+
+ //TODO low-priority: change to ErrorPage
out.println("<p><b>");
out.println(message);
out.println("</b></p>");
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index c52de2ba8..362849fb1 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -36,6 +36,7 @@ import at.gv.egovernment.moa.id.data.CookieManager;
import at.gv.egovernment.moa.id.proxy.ConnectionBuilder;
import at.gv.egovernment.moa.id.proxy.ConnectionBuilderFactory;
import at.gv.egovernment.moa.id.proxy.LoginParameterResolver;
+import at.gv.egovernment.moa.id.proxy.LoginParameterResolverException;
import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory;
import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer;
import at.gv.egovernment.moa.id.proxy.invoke.GetAuthenticationDataInvoker;
@@ -133,10 +134,15 @@ public class ProxyServlet extends HttpServlet {
String clientIPAddress = req.getRemoteAddr();
Map loginHeaders = null;
Map loginParameters = null;
- if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH))
- loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress);
- else
- loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress);
+ try {
+ if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH))
+ loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress);
+ else
+ loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress);
+
+ } catch (LoginParameterResolverException ex) {
+ throw new ProxyException("proxy.13", new Object[] { publicURLPrefix });
+ }
// setup SSLSocketFactory for communication with the online application
SSLSocketFactory ssf = null;
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java b/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java
index f21b0880e..e0739d941 100644
--- a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -116,7 +116,11 @@ public class SSLUtils {
PKIConfiguration cfg = null;
if (! PKIFactory.getInstance().isAlreadyConfigured())
cfg = new PKIConfigurationImpl(conf);
- PKIProfile profile = new PKIProfileImpl(trustStoreURL);
+ String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING);
+ //not using BoolUtils because default value hast to be true!
+ boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString));
+ //TODO RS verify SSL Revocation handling
+ PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
// This call fixes a bug occuring when PKIConfiguration is
// initialized by the MOA-SP initialization code, in case
// MOA-SP is called by API