diff options
Diffstat (limited to 'id.server/src/at/gv')
26 files changed, 479 insertions, 222 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index bc3e075be..9cb473d4f 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -28,7 +28,7 @@ import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder; -import at.gv.egovernment.moa.id.auth.builder.VPKBuilder; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; @@ -379,8 +379,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setAuthBlock(authBlock); // builds the <CreateXMLSignatureRequest> String[] transformInfos = authConf.getTransformsInfos(); + + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + String createXMLSignatureRequest = - new CreateXMLSignatureRequestBuilder().build(authBlock, transformInfos); + new CreateXMLSignatureRequestBuilder().build(authBlock, oaParam.getKeyBoxIdentifier(), transformInfos); return createXMLSignatureRequest; } /** @@ -502,12 +507,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); - String vpkBase64 = - new VPKBuilder().buildVPK( + String bpkBase64 = + new BPKBuilder().buildBPK( identityLink.getIdentificationValue(), - identityLink.getDateOfBirth(), session.getTarget()); - authData.setVPK(vpkBase64); + authData.setIdentificationType(identityLink.getIdentificationType()); + authData.setPBK(bpkBase64); authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); authData.setDateOfBirth(identityLink.getDateOfBirth()); @@ -517,7 +522,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( session.getPublicOAURLPrefix()); - String prPerson = new PersonDataBuilder().build(identityLink, oaParam.getProvideZMRZahl()); + String prPerson = new PersonDataBuilder().build(identityLink, oaParam.getProvideStammzahl()); try { String ilAssertion = diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index fd7cb1a9d..ed2c863d2 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -19,13 +19,14 @@ public class AuthenticationDataAssertionBuilder implements Constants { /** * XML template for the <code><saml:Assertion></code> to be built */ + //TODO MOA-ID check if NameQualifier NameQualifier urn:publicid:gv.at:cdid+ "is stable" in specification private static final String AUTH_DATA = "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL + "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" + " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL + " <saml:AttributeStatement>" + NL + " <saml:Subject>" + NL + - " <saml:NameIdentifier NameQualifier=''http://reference.e-government.gv.at/names/vpk/20020221#''>{3}</saml:NameIdentifier>" + NL + + " <saml:NameIdentifier NameQualifier=''urn:publicid:gv.at:cdid+''>{3}</saml:NameIdentifier>" + NL + " <saml:SubjectConfirmation>" + NL + " <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL + " <saml:SubjectConfirmationData>{4}{5}</saml:SubjectConfirmationData>" + NL + @@ -64,7 +65,7 @@ public class AuthenticationDataAssertionBuilder implements Constants { * @param xmlPersonData <code>lt;pr:Person></code> element as a String * @param xmlAuthBlock authentication block to be included in a * <code>lt;saml:SubjectConfirmationData></code> element; may include - * the <code>"ZMR-Zahl"</code> or not; may be empty + * the <code>"Stammzahl"</code> or not; may be empty * @param xmlIdentityLink the IdentityLink * @return the <code><saml:Assertion></code> * @throws BuildException if an error occurs during the build process @@ -89,7 +90,7 @@ public class AuthenticationDataAssertionBuilder implements Constants { authData.getAssertionID(), authData.getIssuer(), authData.getIssueInstant(), - authData.getVPK(), + authData.getPBK(), removeXMLDeclaration(xmlAuthBlock), removeXMLDeclaration(xmlIdentityLink), removeXMLDeclaration(xmlPersonData), diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index c18156a01..706d0a39a 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -6,45 +6,43 @@ import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.util.Base64Utils; /** - * Builder for the VPK, as defined in - * <code>"Ableitung f¨r die verfahrensspezifische Personenkennzeichnung"</code> + * Builder for the BPK, as defined in + * <code>"Ableitung f¨r die bereichsspezifische Personenkennzeichnung"</code> * version <code>1.0.1</code> from <code>"reference.e-government.gv.at"</code>. * * @author Paul Ivancsics * @version $Id$ */ -public class VPKBuilder { +public class BPKBuilder { /** - * Builds the VPK from given parameters. - * @param identificationValue "ZMR-Zahl" - * @param dateOfBirth "Geburtsdatum" + * Builds the BPK from given parameters. + * @param identificationValue Base64 encoded "Stammzahl" * @param target "Verfahrensname"; will be transformed to lower case - * @return VPK in a BASE64 encoding - * @throws BuildException while building the VPK + * @return PBK in a BASE64 encoding + * @throws BuildException while building the BPK */ - public String buildVPK(String identificationValue, String dateOfBirth, String target) + public String buildBPK(String identificationValue, String target) throws BuildException { if (identificationValue == null || identificationValue.length() == 0 - || dateOfBirth == null || dateOfBirth.length() == 0 || target == null || target.length() == 0) throw new BuildException( "builder.00", - new Object[] {"VPK", + new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" + identificationValue + - ",dateOfBirth=" + dateOfBirth + ",target=" + target}); - String basisbegriff = identificationValue + "+" + dateOfBirth + "+" + target.toLowerCase(); + ",target=" + target}); + String basisbegriff = identificationValue + "+" + target; try { MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] hash = md.digest(basisbegriff.getBytes()); + byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); String hashBase64 = Base64Utils.encode(hash); return hashBase64; } catch (Exception ex) { throw new BuildException( "builder.00", - new Object[] {"VPK", ex.toString()}, + new Object[] {"BPK", ex.toString()}, ex); } } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index f8c287cb6..961a40303 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -21,12 +21,10 @@ public class CreateXMLSignatureRequestBuilder implements Constants { private static final String CREATE_XML_SIGNATURE_REQUEST = "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + nl + "<sl11:CreateXMLSignatureRequest xmlns:dsig=''" + DSIG_NS_URI + "'' xmlns:sl10=''" + SL10_NS_URI + "'' xmlns:sl11=''" + SL11_NS_URI + "''>" + nl + - " <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier>" + nl + - //TODO RS Lsg Switch SecureSignatureKeypair / CertifiedKeyPair - //" <sl11:KeyboxIdentifier>CertifiedKeypair</sl11:KeyboxIdentifier>" + nl + + " <sl11:KeyboxIdentifier>{1}</sl11:KeyboxIdentifier>" + nl + " <sl11:DataObjectInfo Structure=''detached''>" + nl + " <sl10:DataObject Reference=''''/>" + nl + - "{1}" + + "{2}" + " </sl11:DataObjectInfo>" + nl + " <sl11:SignatureInfo>" + nl + " <sl11:SignatureEnvironment>" + nl + @@ -47,14 +45,15 @@ public class CreateXMLSignatureRequestBuilder implements Constants { * Builds the <code><CreateXMLSignatureRequest></code>. * * @param authBlock String representation of XML authentication block + * @param keyBoxIdentfier the key box identifier which will be used (e.g. CertifiedKeyPair) * @return String representation of <code><CreateXMLSignatureRequest></code> */ - public String build(String authBlock, String[] dsigTransformInfos) { + public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos) { String dsigTransformInfosString = ""; for (int i = 0; i < dsigTransformInfos.length; i++) dsigTransformInfosString += dsigTransformInfos[i]; String request = MessageFormat.format( - CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, dsigTransformInfosString }); + CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, keyBoxIdentifier, dsigTransformInfosString }); return request; } } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java index 85ec1cb7f..819ed79bb 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java @@ -26,24 +26,25 @@ public class PersonDataBuilder { /** * Builds the <code><pr:Person></code> element.<br/> * Utilizes the parsed <code><prPerson></code> from the identity link - * and the information regarding inclusion of <code>"ZMR-Zahl"</code> in the + * and the information regarding inclusion of <code>"Stammzahl"</code> in the * <code><pr:Person></code> data. * * @param identityLink <code>IdentityLink</code> containing the * attribute <code>prPerson</code> - * @param provideZMRZahl true if <code>"ZMR-Zahl"</code> is to be included; + * @param provideStammzahl true if <code>"Stammzahl"</code> is to be included; * false otherwise * @return the <code><pr:Person></code> element as a String * @throws BuildException on any error */ - public String build(IdentityLink identityLink, boolean provideZMRZahl) + public String build(IdentityLink identityLink, boolean provideStammzahl) throws BuildException { try { Element prPerson = (Element)identityLink.getPrPerson().cloneNode(true); - if (! provideZMRZahl) { - Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification"); - prPerson.removeChild(prIdentification); + if (! provideStammzahl) { + Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification/pr:Value"); + //remove IdentificationValue + prIdentification.getFirstChild().setNodeValue(""); } String xmlString = DOMUtils.serializeNode(prPerson); return xmlString; diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java index e2ad2625a..cc58db916 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java @@ -14,10 +14,14 @@ import org.w3c.dom.Element; */ public class IdentityLink { /** - * <code>"identificationValue"</code> is the translation of <code>"ZMR-Zahl"</code>. + * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>. */ private String identificationValue; /** + * <code>"identificationType"</code> type of the identificationValue in the IdentityLink. + */ + private String identificationType; + /** * first name */ private String givenName; @@ -82,13 +86,22 @@ public class IdentityLink { /** * Returns the identificationValue. - * <code>"identificationValue"</code> is the translation of <code>"ZMR-Zahl"</code>. + * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>. * @return String */ public String getIdentificationValue() { return identificationValue; } + /** + * Returns the identificationType. + * <code>"identificationType"</code> type of the identificationValue in the IdentityLink. + * @return String + */ + public String getIdentificationType() { + return identificationType; + } + /** * Sets the dateOfBirth. * @param dateOfBirth The dateOfBirth to set @@ -115,12 +128,20 @@ public class IdentityLink { /** * Sets the identificationValue. - * <code>"identificationValue"</code> is the translation of <code>"ZMR-Zahl"</code>. + * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>. * @param identificationValue The identificationValue to set */ public void setIdentificationValue(String identificationValue) { this.identificationValue = identificationValue; } + + /** + * Sets the Type of the identificationValue. + * @param identificationType The type of identificationValue to set + */ + public void setIdentificationType(String identificationType) { + this.identificationType = identificationType; + } /** * Returns the samlAssertion. diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java index f9ef54884..49baf1bf5 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java @@ -97,6 +97,16 @@ public class IdentityLinkAssertionParser { + "Identification/" + PDATA + "Value"; + + /** Xpath expression to the Identification Value element */ + private static final String PERSON_IDENT_TYPE_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "Identification/" + + PDATA + + "Type"; + /** Xpath expression to the RSAKeyValue element */ private static final String RSA_KEY_VALUE_XPATH = ROOT @@ -179,12 +189,13 @@ public class IdentityLinkAssertionParser { IdentityLink identityLink; try { identityLink = new IdentityLink(); - //ÄNDERN: NUR der Identification-Teil identityLink.setSamlAssertion(assertionElem); identityLink.setPrPerson((Element) XPathUtils.selectSingleNode(assertionElem, PERSON_XPATH)); identityLink.setIdentificationValue( XPathUtils.getElementValue(assertionElem, PERSON_IDENT_VALUE_XPATH, "")); + identityLink.setIdentificationType( + XPathUtils.getElementValue(assertionElem, PERSON_IDENT_TYPE_XPATH, "")); identityLink.setGivenName( XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, "")); identityLink.setFamilyName( diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 6ff52bc4a..95878007e 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -35,7 +35,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { * <ul> * <li>Logs the error</li> * <li>Places error message and exception thrown into the request - * as request attributes (to be used by <code>"/errorpage.jsp"</code>)</li> + * as request attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li> * <li>Sets HTTP status 500 (internal server error)</li> * </ul> * @@ -59,9 +59,9 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { req.setAttribute("ExceptionThrown", exceptionThrown); } - //forward this to errorpage.jsp wher the HTML error page is generated + //forward this to errorpage-auth.jsp where the HTML error page is generated ServletContext context = getServletContext(); - RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage.jsp"); + RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp"); try { dispatcher.forward(req, resp); } catch (ServletException e) { @@ -80,9 +80,9 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { Logger.error(ex.toString()); req.setAttribute("WrongParameters", ex.getMessage()); - // forward this to errorpage.jsp where the HTML error page is generated + // forward this to errorpage-auth.jsp where the HTML error page is generated ServletContext context = getServletContext(); - RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage.jsp"); + RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp"); try { dispatcher.forward(req, resp); } catch (ServletException e) { diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java index 1dc1897b2..f33377547 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java @@ -1,17 +1,18 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import java.io.PrintWriter; import java.text.DateFormat; import java.util.Date; import java.util.Locale; +import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; @@ -22,9 +23,6 @@ import at.gv.egovernment.moa.logging.Logger; * @version $Id$ */ public class ConfigurationServlet extends HttpServlet { - /** Constant for the DTD-Doc type */ - private static final String DOC_TYPE = - "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n"; /** * Handle a HTTP GET request, used to indicated that the MOA @@ -36,13 +34,7 @@ public class ConfigurationServlet extends HttpServlet { throws ServletException, IOException { MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance(); - PrintWriter out; - response.setContentType("text/html"); - out = response.getWriter(); - out.println(DOC_TYPE); - out.println("<head><title>MOA configuration update</title></head>"); - out.println("<body bgcolor=\"#FFFFFF\">"); try { MOAIDAuthInitializer.initialized=false; MOAIDAuthInitializer.initialize(); @@ -50,21 +42,13 @@ public class ConfigurationServlet extends HttpServlet { { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} ); Logger.info(message); - //TODO low-priority: change to ErrorPage - out.println("<p><b>"); - out.println(message); - out.println("</b></p>"); + HTTPRequestJSPForwarder.forwardNamed(message, "/message-auth.jsp", getServletContext(), request, response); + } catch (Throwable t) { String errorMessage = msg.getMessage("config.04", null); Logger.error(errorMessage, t); - out.println("<p><b>"); - out.println(errorMessage); - out.println("</b></p>"); + HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-auth.jsp", getServletContext(), request, response); } - out.println("</body>"); - - out.flush(); - out.close(); } /** @@ -77,4 +61,15 @@ public class ConfigurationServlet extends HttpServlet { doGet(request, response); } + /** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ + public void init(ServletConfig servletConfig) throws ServletException { + super.init(servletConfig); + } + } + + diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 8de475f95..ec8cb7b1a 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -53,7 +53,7 @@ public class VerifyXMLSignatureResponseValidator { if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) throw new ValidateException("validator.06", null); - //TODO enhance error messages (reason why check failed) + //TODO MOA-ID enhance error messages (reason why check failed) if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) if (whatToCheck.equals(CHECK_IDENTITY_LINK)) throw new ValidateException("validator.07", null); diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index 6d3e05c29..53f763630 100644 --- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -355,10 +355,12 @@ public class ConfigurationBuilder { OAAuthParameter oap = new OAAuthParameter(); oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix")); + oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier")); + //Check if there is an Auth-Block to read from configuration if (authComponent!=null) { - oap.setProvideZMRZahl(BoolUtils.valueOf(authComponent.getAttribute("provideZMRZahl"))); + oap.setProvideStammzahl(BoolUtils.valueOf(authComponent.getAttribute("provideStammzahl"))); oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock"))); oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink"))); } diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 9ee1ec606..512d571ab 100644 --- a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -13,10 +13,15 @@ public class OAAuthParameter { * public URL prefix of the online application */ private String publicURLPrefix; + /** - * determines whether "ZMR-Zahl" is to be included in the authentication data + * key box Identifier (e.g. CertifiedKeyPair, SecureSignatureKeyPair) + */ + private String keyBoxIdentifier; + /** + * determines whether "Stammzahl" is to be included in the authentication data */ - private boolean provideZMRZahl; + private boolean provideStammzahl; /** * determines whether AUTH block is to be included in the authentication data */ @@ -43,11 +48,11 @@ public class OAAuthParameter { } /** - * Returns the provideZMRZahl. + * Returns the provideStammzahl. * @return String */ - public boolean getProvideZMRZahl() { - return provideZMRZahl; + public boolean getProvideStammzahl() { + return provideStammzahl; } /** @@ -58,6 +63,14 @@ public class OAAuthParameter { return publicURLPrefix; } + /** + * Returns the key box identifier. + * @return String + */ + public String getKeyBoxIdentifier() { + return keyBoxIdentifier; + } + /** * Sets the provideAuthBlock. * @param provideAuthBlock The provideAuthBlock to set @@ -75,11 +88,11 @@ public class OAAuthParameter { } /** - * Sets the provideZMRZahl. - * @param provideZMRZahl The provideZMRZahl to set + * Sets the provideStammzahl. + * @param provideStammzahl The provideStammzahl to set */ - public void setProvideZMRZahl(boolean provideZMRZahl) { - this.provideZMRZahl = provideZMRZahl; + public void setProvideStammzahl(boolean provideStammzahl) { + this.provideStammzahl = provideStammzahl; } /** @@ -90,4 +103,13 @@ public class OAAuthParameter { this.publicURLPrefix = publicURLPrefix; } + /** + * Sets the key box identifier. + * @param keyBoxIdentifier to set + */ + public void setKeyBoxIdentier(String keyBoxIdentifier) { + this.keyBoxIdentifier = keyBoxIdentifier; + } + + } diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java index 5859d2ae9..fdb7e6f55 100644 --- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java +++ b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java @@ -129,8 +129,6 @@ public class ProxyConfigurationProvider extends ConfigurationProvider { throw new ConfigurationException("config.03", null, t); } - //TODO enhance: use the getter method in makeAbsoluteURL - // build the internal datastructures builder = new ConfigurationBuilder(configElem, rootConfigFileDir); authComponentConnectionParameter = builder.buildAuthComponentConnectionParameter(); diff --git a/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java index aac1dc422..65fe9047d 100644 --- a/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -31,14 +31,18 @@ public class AuthenticationData { */ private String issueInstant; /** - * user identification (ZMR-Zahl); <code>null</code>, + * user identification value (Stammzahl); <code>null</code>, * if the authentication module is configured not to return this data */ private String identificationValue; + /** + * user identification type + */ + private String identificationType; /** - * application specific user identifier (VPK) + * application specific user identifier (bPK) */ - private String vpk; + private String bPK; /** * given name of the user */ @@ -112,11 +116,11 @@ public class AuthenticationData { } /** - * Returns the vpk. + * Returns the bPK. * @return String */ - public String getVPK() { - return vpk; + public String getPBK() { + return bPK; } /** @@ -152,11 +156,11 @@ public class AuthenticationData { } /** - * Sets the vpk. - * @param vpk The vpk to set + * Sets the bPK. + * @param bPK The bPK to set */ - public void setVPK(String vpk) { - this.vpk = vpk; + public void setPBK(String bPK) { + this.bPK = bPK; } /** @@ -199,6 +203,14 @@ public class AuthenticationData { return identificationValue; } + /** + * Returns the identificationType + * @return String + */ + public String getIdentificationType() { + return identificationType; + } + /** * Returns the issueInstant. * @return String @@ -263,6 +275,14 @@ public class AuthenticationData { this.identificationValue = identificationValue; } + /** + * Sets the identificationType. + * @param identificationType The identificationType to set + */ + public void setIdentificationType(String identificationType) { + this.identificationType = identificationType; + } + /** * Sets the issueInstant. * @param issueInstant The issueInstant to set diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java index 8d09e2bc9..b41de3c44 100644 --- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java +++ b/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java @@ -29,6 +29,7 @@ public class PKIConfigurationImpl implements PKIConfiguration { * @throws ConfigurationException for any config error */ public PKIConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { + certStoreConfiguration = new CertStoreConfigurationImpl(conf); revocationConfiguration = new RevocationConfigurationImpl(); validationConfiguration = new ValidationConfigurationImpl(conf); diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java index 2ac8fe28e..bdadcbb81 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java @@ -36,7 +36,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { disableHostnameVerification = BoolUtils.valueOf( ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( "ProxyComponent.DisableHostnameVerification")); - //TODO undocumented feature + //TODO MOA-ID BRZ undocumented feature if (disableHostnameVerification) Logger.warn("ProxyComponent.DisableHostnameVerification: " + disableHostnameVerification); } diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java index 033a74934..77f6652f3 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.proxy; import java.io.IOException; +import java.io.UnsupportedEncodingException; import java.util.HashMap; import java.util.Iterator; import java.util.Map; @@ -8,6 +9,7 @@ import java.util.Map; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.URLEncoder; /** * Implementation of interface <code>LoginParameterResolver</code> @@ -79,7 +81,14 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver { for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext();) { String key = (String) iter.next(); String predicate = (String) oaConf.getParamAuthMapping().get(key); - String resolvedValue = resolveValue(predicate, authData, clientIPAddress); + String resolvedValue; + try { + resolvedValue = + URLEncoder.encode(resolveValue(predicate, authData, clientIPAddress), "ISO-8859-1"); + } catch (UnsupportedEncodingException e) { + //ISO-8859-1 is supported + resolvedValue = null; + } result.put(key, resolvedValue); } } @@ -97,27 +106,29 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver { private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) { if (predicate.equals(MOAGivenName)) return authData.getGivenName(); - else if (predicate.equals(MOAFamilyName)) + if (predicate.equals(MOAFamilyName)) return authData.getFamilyName(); - else if (predicate.equals(MOADateOfBirth)) + if (predicate.equals(MOADateOfBirth)) return authData.getDateOfBirth(); - else if (predicate.equals(MOAVPK)) - return authData.getVPK(); - else if (predicate.equals(MOAPublicAuthority)) + if (predicate.equals(MOABPK)) + return authData.getPBK(); + if (predicate.equals(MOAPublicAuthority)) if (authData.isPublicAuthority()) return "true"; else return "false"; - else if (predicate.equals(MOABKZ)) + if (predicate.equals(MOABKZ)) return authData.getPublicAuthorityCode(); - else if (predicate.equals(MOAQualifiedCertificate)) + if (predicate.equals(MOAQualifiedCertificate)) if (authData.isQualifiedCertificate()) return "true"; else return "false"; - else if (predicate.equals(MOAZMRZahl)) + if (predicate.equals(MOAStammzahl)) return authData.getIdentificationValue(); - else if (predicate.equals(MOAIPAddress)) + if (predicate.equals(MOAIdentificationValueType)) + return authData.getIdentificationType(); + if (predicate.equals(MOAIPAddress)) return clientIPAddress; else return null; } diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java index 434a4f674..c391fc16f 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java @@ -15,25 +15,27 @@ import at.gv.egovernment.moa.id.data.AuthenticationData; */ public interface LoginParameterResolver { - /** Constants used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code>, + /** Constants used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>, * naming predicates used by the <code>LoginParameterResolver</code>. */ public static final String MOAGivenName = "MOAGivenName"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ public static final String MOAFamilyName = "MOAFamilyName"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ public static final String MOADateOfBirth = "MOADateOfBirth"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAVPK = "MOAVPK"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ + public static final String MOABPK = "MOABPK"; + /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ public static final String MOAPublicAuthority = "MOAPublicAuthority"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ public static final String MOABKZ = "MOABKZ"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ public static final String MOAQualifiedCertificate = "MOAQualifiedCertificate"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAZMRZahl = "MOAZMRZahl"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ + public static final String MOAStammzahl = "MOAStammzahl"; + /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ + public static final String MOAIdentificationValueType = "MOAIdentificationValueType"; + /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ public static final String MOAIPAddress = "MOAIPAddress"; /** @@ -52,7 +54,7 @@ public interface LoginParameterResolver { public Map getAuthenticationHeaders( OAConfiguration oaConf, AuthenticationData authData, - String clientIPAddress) throws LoginParameterResolverException; + String clientIPAddress) throws LoginParameterResolverException, NotAllowedException; /** * Returns request parameters to be added to a URLConnection. @@ -70,6 +72,6 @@ public interface LoginParameterResolver { AuthenticationData authData, String clientIPAddress) throws LoginParameterResolverException; - public void configure(String configuration) throws LoginParameterResolverException; + public void configure(String configuration) throws LoginParameterResolverException, NotAllowedException; } diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java b/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java new file mode 100644 index 000000000..849160a7b --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java @@ -0,0 +1,39 @@ +package at.gv.egovernment.moa.id.proxy; + +import at.gv.egovernment.moa.id.MOAIDException; + +/** + * Exception thrown while proxying a request to the online application + * Reason for this exception: the dedicated LoginParameterResolver does + * not allow access to the desired ressource. + * + * @author Rudolf Schamberger + * @version $Id$ + */ +public class NotAllowedException extends MOAIDException { + + /** + * Constructor for NotAllowedException. + * @param messageId + * @param parameters + */ + public NotAllowedException( + String messageId, + Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for NotAllowedException. + * @param messageId + * @param parameters + * @param wrapped + */ + public NotAllowedException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java index c53ed30a6..9766ef57b 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java @@ -11,9 +11,9 @@ import org.w3c.dom.*; // Referenced classes of package at.gv.egovernment.moa.id.proxy: // LoginParameterResolver -// Old Implementation of XMLLoginParameterResolver (used to migrate old labs applications rapidely to -// version 1.1.1 of MOA-ID -// TODO RS migrate this to XMLLoginParameterResolver +// Old Implementation of XMLLoginParameterResolver +// +// TODO MOA-ID CIO internal: migrate this to XMLLoginParameterResolver public class OldXMLLoginParameterResolver @@ -98,7 +98,7 @@ public class OldXMLLoginParameterResolver { String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); - String bPK = resolveValue("MOAVPK", authData, clientIPAddress); + String bPK = resolveValue("MOABPK", authData, clientIPAddress); String userid = ""; String password = ""; LPRParams params = null; @@ -193,8 +193,8 @@ public class OldXMLLoginParameterResolver return authData.getFamilyName(); if(predicate.equals("MOADateOfBirth")) return authData.getDateOfBirth(); - if(predicate.equals("MOAVPK")) - return authData.getVPK(); + if(predicate.equals("MOABPK")) + return authData.getPBK(); if(predicate.equals("MOAPublicAuthority")) if(authData.isPublicAuthority()) return "true"; @@ -207,8 +207,10 @@ public class OldXMLLoginParameterResolver return "true"; else return "false"; - if(predicate.equals("MOAZMRZahl")) + if(predicate.equals("MOAStammzahl")) return authData.getIdentificationValue(); + if (predicate.equals(MOAIdentificationValueType)) + return authData.getIdentificationType(); if(predicate.equals("MOAIPAddress")) return clientIPAddress; else diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java index 3f7a6872c..3958bb206 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java @@ -184,7 +184,7 @@ public class XMLLoginParameterResolver implements LoginParameterResolver { String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); - String bPK = resolveValue("MOAVPK", authData, clientIPAddress); + String bPK = resolveValue("MOABPK", authData, clientIPAddress); String userid = ""; String password = ""; LPRParams params = null; @@ -247,7 +247,7 @@ public class XMLLoginParameterResolver implements LoginParameterResolver { String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); - String bPK = resolveValue("MOAVPK", authData, clientIPAddress); + String bPK = resolveValue("MOABPK", authData, clientIPAddress); String userid = ""; String password = ""; LPRParams params = null; @@ -293,8 +293,8 @@ public class XMLLoginParameterResolver implements LoginParameterResolver { return authData.getFamilyName(); if (predicate.equals("MOADateOfBirth")) return authData.getDateOfBirth(); - if (predicate.equals("MOAVPK")) - return authData.getVPK(); + if (predicate.equals("MOABPK")) + return authData.getPBK(); if (predicate.equals("MOAPublicAuthority")) if (authData.isPublicAuthority()) return "true"; @@ -307,8 +307,10 @@ public class XMLLoginParameterResolver implements LoginParameterResolver { return "true"; else return "false"; - if (predicate.equals("MOAZMRZahl")) + if (predicate.equals("MOAStammzahl")) return authData.getIdentificationValue(); + if (predicate.equals(MOAIdentificationValueType)) + return authData.getIdentificationType(); if (predicate.equals("MOAIPAddress")) return clientIPAddress; else diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java index ce0743b3d..a78a8d587 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java @@ -40,7 +40,7 @@ public class AuthenticationDataAssertionParser implements Constants { private static String ATTRIBUTESTATEMENT_XPATH = SAML + "AttributeStatement/"; /** Prefix for Element NameIdentifier in an Xpath-expression */ - private static String VPK_XPATH = + private static String BPK_XPATH = ATTRIBUTESTATEMENT_XPATH + SAML + "Subject/" + SAML + "NameIdentifier"; @@ -51,10 +51,15 @@ public class AuthenticationDataAssertionParser implements Constants { SAML + "AttributeValue/" + PR + "Person/"; /** Prefix for Element Value in an Xpath-expression */ - private static String ZMRZAHL_XPATH = + private static String IDENTIFICATION_VALUE_XPATH = PERSONDATA_XPATH + PR + "Identification/" + PR + "Value"; + private static String IDENTIFICATION_TYPE_XPATH = + PERSONDATA_XPATH + + PR + "Identification/" + + PR + "Type"; + /** Prefix for Element GivenName in an Xpath-expression */ private static String GIVEN_NAME_XPATH = PERSONDATA_XPATH + @@ -112,10 +117,12 @@ public class AuthenticationDataAssertionParser implements Constants { XPathUtils.getAttributeValue(samlAssertion, ISSUER_XPATH, "")); authData.setIssueInstant( XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, "")); - authData.setVPK( - XPathUtils.getElementValue(samlAssertion, VPK_XPATH, "")); + authData.setPBK( + XPathUtils.getElementValue(samlAssertion, BPK_XPATH, "")); authData.setIdentificationValue( - XPathUtils.getElementValue(samlAssertion, ZMRZAHL_XPATH, "")); + XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, "")); + authData.setIdentificationType( + XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, "")); authData.setGivenName( XPathUtils.getElementValue(samlAssertion, GIVEN_NAME_XPATH, "")); authData.setFamilyName( diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java index d6ec4951b..4ab2e2cf7 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java @@ -1,17 +1,18 @@ package at.gv.egovernment.moa.id.proxy.servlet; import java.io.IOException; -import java.io.PrintWriter; import java.text.DateFormat; import java.util.Date; import java.util.Locale; +import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer; +import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; @@ -22,9 +23,6 @@ import at.gv.egovernment.moa.logging.Logger; * @version $Id$ */ public class ConfigurationServlet extends HttpServlet { - /** The standard String for DTD Doc-type */ - private static final String DOC_TYPE = - "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n"; /** * Handle a HTTP GET request, used to indicated that the MOA @@ -36,13 +34,6 @@ public class ConfigurationServlet extends HttpServlet { throws ServletException, IOException { MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance(); - PrintWriter out; - - response.setContentType("text/html"); - out = response.getWriter(); - out.println(DOC_TYPE); - out.println("<head><title>MOA configuration update</title></head>"); - out.println("<body bgcolor=\"#FFFFFF\">"); try { MOAIDProxyInitializer.initialize(); @@ -50,21 +41,12 @@ public class ConfigurationServlet extends HttpServlet { { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} ); Logger.info(message); - //TODO low-priority: change to ErrorPage - out.println("<p><b>"); - out.println(message); - out.println("</b></p>"); + HTTPRequestJSPForwarder.forwardNamed(message, "/message-proxy.jsp", getServletContext(), request, response); } catch (Throwable t) { String errorMessage = msg.getMessage("config.04", null); Logger.error(errorMessage, t); - out.println("<p><b>"); - out.println(errorMessage); - out.println("</b></p>"); + HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-proxy.jsp", getServletContext(), request, response); } - out.println("</body>"); - - out.flush(); - out.close(); } /** @@ -77,4 +59,13 @@ public class ConfigurationServlet extends HttpServlet { doGet(request, response); } +/** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ +public void init(ServletConfig servletConfig) throws ServletException { + super.init(servletConfig); } + +}
\ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 362849fb1..7980778d9 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -3,7 +3,6 @@ package at.gv.egovernment.moa.id.proxy.servlet; import java.io.BufferedInputStream; import java.io.BufferedOutputStream; import java.io.IOException; -import java.io.OutputStream; import java.io.PrintWriter; import java.io.StringWriter; import java.net.HttpURLConnection; @@ -14,7 +13,9 @@ import java.util.Iterator; import java.util.Map; import javax.net.ssl.SSLSocketFactory; +import javax.servlet.RequestDispatcher; import javax.servlet.ServletConfig; +import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -39,6 +40,7 @@ import at.gv.egovernment.moa.id.proxy.LoginParameterResolver; import at.gv.egovernment.moa.id.proxy.LoginParameterResolverException; import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory; import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer; +import at.gv.egovernment.moa.id.proxy.NotAllowedException; import at.gv.egovernment.moa.id.proxy.invoke.GetAuthenticationDataInvoker; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.SSLUtils; @@ -67,6 +69,8 @@ public class ProxyServlet extends HttpServlet { private static final String ATT_LOGIN_HEADERS = "LoginHeaders"; /** Name of the Attribute for the LoginParameters */ private static final String ATT_LOGIN_PARAMETERS = "LoginParameters"; + /** Name of the Attribute for the SAMLARTIFACT */ + private static final String ATT_SAML_ARTIFACT = "SamlArtifact"; /** * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse) @@ -75,17 +79,25 @@ public class ProxyServlet extends HttpServlet { Logger.debug("getRequestURL:" + req.getRequestURL().toString()); try { - if (req.getParameter(PARAM_SAMLARTIFACT) != null && req.getParameter(PARAM_TARGET) != null) - login(req, resp); + if (req.getParameter(PARAM_SAMLARTIFACT) != null && req.getParameter(PARAM_TARGET) != null) { + + // check if SAML Artifact was already used in this session (in case of page reload) + HttpSession session = req.getSession(); + if(null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) { + tunnelRequest(req, resp); + } else + // it is the first time that the SAML Artifact was used + login(req, resp); + } else tunnelRequest(req, resp); } catch (MOAIDException ex) { - handleError(resp, ex.toString(), ex); + handleError(ex.getMessage(), ex, req, resp); } catch (Throwable ex) { - handleError(resp, ex.toString(), ex); - } + handleError(ex.getMessage(), ex, req, resp); + } } /** @@ -113,8 +125,15 @@ public class ProxyServlet extends HttpServlet { // String target = req.getParameter(PARAM_TARGET); parameter given but not processed // get authentication data from the MOA-ID Auth component - AuthenticationData authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact); - + AuthenticationData authData; + try { + authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact); + } catch (ServiceException ex) { + throw new ProxyException("proxy.14", new Object[] {ex}); + } catch (ProxyException ex) { + throw new ProxyException("proxy.14", new Object[] {ex}); + } + String urlRequested = req.getRequestURL().toString(); // read configuration data @@ -129,29 +148,34 @@ public class ProxyServlet extends HttpServlet { ConnectionParameter oaConnParam = oaParam.getConnectionParameter(); String realURLPrefix = oaConnParam.getUrl(); - // resolve login parameters to be forwarded to online application - LoginParameterResolver lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix); + // resolve login parameters to be forwarded to online application + LoginParameterResolver lpr = + LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix); String clientIPAddress = req.getRemoteAddr(); Map loginHeaders = null; Map loginParameters = null; try { - if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) - loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress); - else - loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress); - - } catch (LoginParameterResolverException ex) { - throw new ProxyException("proxy.13", new Object[] { publicURLPrefix }); - } + if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) + loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress); + else + loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress); + + } catch (LoginParameterResolverException ex) { + throw new ProxyException("proxy.13", new Object[] { publicURLPrefix }); + } catch (NotAllowedException e) { + throw new ProxyException("proxy.15", new Object[] { }); + } // setup SSLSocketFactory for communication with the online application SSLSocketFactory ssf = null; if (oaConnParam.isHTTPSURL()) { try { ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); - } - catch (Throwable ex) { - throw new ProxyException("proxy.05", new Object[] { oaConnParam.getUrl(), ex.toString()}, ex); + } catch (Throwable ex) { + throw new ProxyException( + "proxy.05", + new Object[] { oaConnParam.getUrl(), ex.toString()}, + ex); } } @@ -160,6 +184,7 @@ public class ProxyServlet extends HttpServlet { String loginType = oaConf.getLoginType(); Logger.debug("Login type: " + loginType); if (loginType.equals(OAConfiguration.LOGINTYPE_STATELESS)) { + HttpSession session = req.getSession(); int sessionTimeOut = oaParam.getSessionTimeOut(); if (sessionTimeOut == 0) @@ -170,24 +195,40 @@ public class ProxyServlet extends HttpServlet { session.setAttribute(ATT_SSL_SOCKET_FACTORY, ssf); session.setAttribute(ATT_LOGIN_HEADERS, loginHeaders); session.setAttribute(ATT_LOGIN_PARAMETERS, loginParameters); + session.setAttribute(ATT_SAML_ARTIFACT, samlArtifact); Logger.debug("moa-id-proxy: HTTPSession angelegt"); } - - // tunnel request to the online application - int respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf); - if (respcode == 401) - { - Logger.debug("Got 401, trying again"); - respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf); - if (respcode == 401) - throw new ProxyException("proxy.12", new Object[] { realURLPrefix}); - } - } - catch (ProxyException ex) { - throw new ProxyException("proxy.12", new Object[] { realURLPrefix}); - } - catch (Throwable ex) { + + // tunnel request to the online application + int respcode = + tunnelRequest( + req, + resp, + loginHeaders, + loginParameters, + publicURLPrefix, + realURLPrefix, + ssf); + if (respcode == 401) { + Logger.debug("Got 401, trying again"); + + respcode = + tunnelRequest( + req, + resp, + loginHeaders, + loginParameters, + publicURLPrefix, + realURLPrefix, + ssf); + if (respcode == 401) + throw new ProxyException("proxy.12", new Object[] { realURLPrefix }); + } + } catch (ProxyException ex) { + throw new ProxyException("proxy.12", new Object[] { realURLPrefix }); + + } catch (Throwable ex) { throw new ProxyException("proxy.04", new Object[] { urlRequested, ex.toString()}, ex); } } @@ -202,9 +243,15 @@ public class ProxyServlet extends HttpServlet { Logger.debug("Tunnel request (stateless)"); HttpSession session = req.getSession(false); + if (session == null) throw new ProxyException("proxy.07", null); String publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX); + //A sesssion is automatically created when forwarded 1st time to errorpage-proxy.jsp (with the handleError method) + //additional check if publicURLPrefix is OK, if not throw an Exception + if (publicURLPrefix == null) + throw new ProxyException("proxy.07", null); + String realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX); SSLSocketFactory ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY); Map loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS); @@ -487,6 +534,7 @@ private boolean isTransferEncodingChunkedHeader(String headerKey, String headerV * @see javax.servlet.Servlet#init(ServletConfig) */ public void init(ServletConfig servletConfig) throws ServletException { + super.init(servletConfig); try { MOAIDProxyInitializer.initialize(); Logger.info(MOAIDMessageProvider.getInstance().getMessage("proxy.00", null)); @@ -496,42 +544,47 @@ public void init(ServletConfig servletConfig) throws ServletException { throw new ServletException(ex); } } + /** - * Handles an error in proxying the request. + * Handles an error. <br> * <ul> - * <li>Logs the error.</li> - * <li>Outputs an HTML error page.</li> + * <li>Logs the error</li> + * <li>Places error message and exception thrown into the request + * as request attributes (to be used by <code>"/errorpage-proxy.jsp"</code>)</li> + * <li>Sets HTTP status 500 (internal server error)</li> * </ul> - * @param resp the HttpServletResponse - * @param errorMessage error message to be used - * @param ex the exception to be logged + * + * @param errorMessage error message + * @param exceptionThrown exception thrown + * @param req servlet request + * @param resp servlet response */ -private void handleError(HttpServletResponse resp, String errorMessage, Throwable ex) { - Logger.error(errorMessage, ex); - String htmlCode = - "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">" - + "<html><head><title>" - + MOAIDMessageProvider.getInstance().getMessage("proxy.10", null) - + "</title></head><body>" - + "<h1>" - + MOAIDMessageProvider.getInstance().getMessage("proxy.10", null) - + "</h1>" - + "<p>" - + MOAIDMessageProvider.getInstance().getMessage("proxy.11", null) - + "</p>" - + "<p>" - + errorMessage - + "</p>" - + "</body></html>"; - resp.setContentType("text/html"); - try { - OutputStream respOut = resp.getOutputStream(); - respOut.write(htmlCode.getBytes()); - respOut.flush(); - } - catch (IOException ioex) { - Logger.error("", ioex); - } +protected void handleError( + String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) { + + + if(null != errorMessage) { + Logger.error(errorMessage); + req.setAttribute("ErrorMessage", errorMessage ); + } + + if (null != exceptionThrown) { + if(null == errorMessage) errorMessage = exceptionThrown.getMessage(); + Logger.error(errorMessage, exceptionThrown); + //req.setAttribute("ExceptionThrown", exceptionThrown); + } + + //forward this to errorpage-proxy.jsp wher the HTML error page is generated + ServletContext context = getServletContext(); + RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-proxy.jsp"); + try { + dispatcher.forward(req, resp); + } catch (ServletException e) { + Logger.error(e); + } catch (IOException e) { + Logger.error(e); + } + } } diff --git a/id.server/src/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java b/id.server/src/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java new file mode 100644 index 000000000..7c4731555 --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java @@ -0,0 +1,76 @@ +/* + * Created on 17.02.2004 + * + * To change the template for this generated file go to + * Window>Preferences>Java>Code Generation>Code and Comments + */ +package at.gv.egovernment.moa.id.util; + +import java.io.IOException; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author rschamberger + * + * To change the template for this generated type comment go to + * Window>Preferences>Java>Code Generation>Code and Comments + */ +public class HTTPRequestJSPForwarder { + + /** + * Forwards the HttpServletRequest to a customizable JSP Page and serves the Response. <br> + * <ul> + * <li>Logs the message</li> + * </ul> + * + * @param message message text + * @param jspPageURI URI of the JSP page + * @param context the servlet context of the servlet belonging to the req, resp + * @param req servlet request + * @param resp servlet response + */ + public static void forwardNamed( + String message, + String jspPageURI, + ServletContext context, + HttpServletRequest req, + HttpServletResponse resp) { + + if (null != message) { + Logger.info(message); + req.setAttribute("Message", message); + } + + //forward this to the given jsp page where the HTML response is generated + try { + context.getRequestDispatcher(jspPageURI).forward(req, resp); + } catch (IOException e) { + Logger.error(e); + } catch (ServletException e) { + Logger.error(e); + } + } + + /** + * Forwards the HttpServletRequest to the customizable JSP Page 'message.jsp' and serves the Response. <br> + * <ul> + * <li>Logs the message</li> + * </ul> + * + * @param message message text + * @param context the servlet context of the servlet belonging to the req, resp + * @param req servlet request + * @param resp servlet response + */ + public static void forwardDefault( + String message, + ServletContext context, + HttpServletRequest req, + HttpServletResponse resp) { + forwardNamed(message, "/message.jsp", context, req, resp); + } +}
\ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java b/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java index e0739d941..276f126c6 100644 --- a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -119,7 +119,7 @@ public class SSLUtils { String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING); //not using BoolUtils because default value hast to be true! boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString)); - //TODO RS verify SSL Revocation handling + //TODO MOA-ID verify SSL Revocation handling PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation); // This call fixes a bug occuring when PKIConfiguration is // initialized by the MOA-SP initialization code, in case |