aboutsummaryrefslogtreecommitdiff
path: root/id.server/src/at/gv
diff options
context:
space:
mode:
Diffstat (limited to 'id.server/src/at/gv')
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java19
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java7
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java (renamed from id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java)28
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java11
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java13
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java27
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java13
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java10
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java37
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java2
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java4
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java40
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java2
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java40
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java1
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java2
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java31
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java28
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java39
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java16
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java12
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java17
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java35
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java189
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java76
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java2
26 files changed, 479 insertions, 222 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index bc3e075be..9cb473d4f 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -28,7 +28,7 @@ import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder;
-import at.gv.egovernment.moa.id.auth.builder.VPKBuilder;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
@@ -379,8 +379,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setAuthBlock(authBlock);
// builds the <CreateXMLSignatureRequest>
String[] transformInfos = authConf.getTransformsInfos();
+
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+
String createXMLSignatureRequest =
- new CreateXMLSignatureRequestBuilder().build(authBlock, transformInfos);
+ new CreateXMLSignatureRequestBuilder().build(authBlock, oaParam.getKeyBoxIdentifier(), transformInfos);
return createXMLSignatureRequest;
}
/**
@@ -502,12 +507,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
authData.setAssertionID(Random.nextRandom());
authData.setIssuer(session.getAuthURL());
authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
- String vpkBase64 =
- new VPKBuilder().buildVPK(
+ String bpkBase64 =
+ new BPKBuilder().buildBPK(
identityLink.getIdentificationValue(),
- identityLink.getDateOfBirth(),
session.getTarget());
- authData.setVPK(vpkBase64);
+ authData.setIdentificationType(identityLink.getIdentificationType());
+ authData.setPBK(bpkBase64);
authData.setGivenName(identityLink.getGivenName());
authData.setFamilyName(identityLink.getFamilyName());
authData.setDateOfBirth(identityLink.getDateOfBirth());
@@ -517,7 +522,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
OAAuthParameter oaParam =
AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
session.getPublicOAURLPrefix());
- String prPerson = new PersonDataBuilder().build(identityLink, oaParam.getProvideZMRZahl());
+ String prPerson = new PersonDataBuilder().build(identityLink, oaParam.getProvideStammzahl());
try {
String ilAssertion =
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index fd7cb1a9d..ed2c863d2 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -19,13 +19,14 @@ public class AuthenticationDataAssertionBuilder implements Constants {
/**
* XML template for the <code>&lt;saml:Assertion&gt;</code> to be built
*/
+ //TODO MOA-ID check if NameQualifier NameQualifier urn:publicid:gv.at:cdid+ "is stable" in specification
private static final String AUTH_DATA =
"<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL +
"<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" +
" MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL +
" <saml:AttributeStatement>" + NL +
" <saml:Subject>" + NL +
- " <saml:NameIdentifier NameQualifier=''http://reference.e-government.gv.at/names/vpk/20020221#''>{3}</saml:NameIdentifier>" + NL +
+ " <saml:NameIdentifier NameQualifier=''urn:publicid:gv.at:cdid+''>{3}</saml:NameIdentifier>" + NL +
" <saml:SubjectConfirmation>" + NL +
" <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL +
" <saml:SubjectConfirmationData>{4}{5}</saml:SubjectConfirmationData>" + NL +
@@ -64,7 +65,7 @@ public class AuthenticationDataAssertionBuilder implements Constants {
* @param xmlPersonData <code>lt;pr:Person&gt;</code> element as a String
* @param xmlAuthBlock authentication block to be included in a
* <code>lt;saml:SubjectConfirmationData&gt;</code> element; may include
- * the <code>"ZMR-Zahl"</code> or not; may be empty
+ * the <code>"Stammzahl"</code> or not; may be empty
* @param xmlIdentityLink the IdentityLink
* @return the <code>&lt;saml:Assertion&gt;</code>
* @throws BuildException if an error occurs during the build process
@@ -89,7 +90,7 @@ public class AuthenticationDataAssertionBuilder implements Constants {
authData.getAssertionID(),
authData.getIssuer(),
authData.getIssueInstant(),
- authData.getVPK(),
+ authData.getPBK(),
removeXMLDeclaration(xmlAuthBlock),
removeXMLDeclaration(xmlIdentityLink),
removeXMLDeclaration(xmlPersonData),
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index c18156a01..706d0a39a 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -6,45 +6,43 @@ import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.util.Base64Utils;
/**
- * Builder for the VPK, as defined in
- * <code>&quot;Ableitung f&uml;r die verfahrensspezifische Personenkennzeichnung&quot;</code>
+ * Builder for the BPK, as defined in
+ * <code>&quot;Ableitung f&uml;r die bereichsspezifische Personenkennzeichnung&quot;</code>
* version <code>1.0.1</code> from <code>&quot;reference.e-government.gv.at&quot;</code>.
*
* @author Paul Ivancsics
* @version $Id$
*/
-public class VPKBuilder {
+public class BPKBuilder {
/**
- * Builds the VPK from given parameters.
- * @param identificationValue "ZMR-Zahl"
- * @param dateOfBirth "Geburtsdatum"
+ * Builds the BPK from given parameters.
+ * @param identificationValue Base64 encoded "Stammzahl"
* @param target "Verfahrensname"; will be transformed to lower case
- * @return VPK in a BASE64 encoding
- * @throws BuildException while building the VPK
+ * @return PBK in a BASE64 encoding
+ * @throws BuildException while building the BPK
*/
- public String buildVPK(String identificationValue, String dateOfBirth, String target)
+ public String buildBPK(String identificationValue, String target)
throws BuildException {
if (identificationValue == null || identificationValue.length() == 0
- || dateOfBirth == null || dateOfBirth.length() == 0
|| target == null || target.length() == 0)
throw new BuildException(
"builder.00",
- new Object[] {"VPK",
+ new Object[] {"BPK",
"Unvollständige Parameterangaben: identificationValue=" + identificationValue +
- ",dateOfBirth=" + dateOfBirth + ",target=" + target});
- String basisbegriff = identificationValue + "+" + dateOfBirth + "+" + target.toLowerCase();
+ ",target=" + target});
+ String basisbegriff = identificationValue + "+" + target;
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
- byte[] hash = md.digest(basisbegriff.getBytes());
+ byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
String hashBase64 = Base64Utils.encode(hash);
return hashBase64;
}
catch (Exception ex) {
throw new BuildException(
"builder.00",
- new Object[] {"VPK", ex.toString()},
+ new Object[] {"BPK", ex.toString()},
ex);
}
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index f8c287cb6..961a40303 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -21,12 +21,10 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
private static final String CREATE_XML_SIGNATURE_REQUEST =
"<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + nl +
"<sl11:CreateXMLSignatureRequest xmlns:dsig=''" + DSIG_NS_URI + "'' xmlns:sl10=''" + SL10_NS_URI + "'' xmlns:sl11=''" + SL11_NS_URI + "''>" + nl +
- " <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier>" + nl +
- //TODO RS Lsg Switch SecureSignatureKeypair / CertifiedKeyPair
- //" <sl11:KeyboxIdentifier>CertifiedKeypair</sl11:KeyboxIdentifier>" + nl +
+ " <sl11:KeyboxIdentifier>{1}</sl11:KeyboxIdentifier>" + nl +
" <sl11:DataObjectInfo Structure=''detached''>" + nl +
" <sl10:DataObject Reference=''''/>" + nl +
- "{1}" +
+ "{2}" +
" </sl11:DataObjectInfo>" + nl +
" <sl11:SignatureInfo>" + nl +
" <sl11:SignatureEnvironment>" + nl +
@@ -47,14 +45,15 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
* Builds the <code>&lt;CreateXMLSignatureRequest&gt;</code>.
*
* @param authBlock String representation of XML authentication block
+ * @param keyBoxIdentfier the key box identifier which will be used (e.g. CertifiedKeyPair)
* @return String representation of <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String build(String authBlock, String[] dsigTransformInfos) {
+ public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos) {
String dsigTransformInfosString = "";
for (int i = 0; i < dsigTransformInfos.length; i++)
dsigTransformInfosString += dsigTransformInfos[i];
String request = MessageFormat.format(
- CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, dsigTransformInfosString });
+ CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, keyBoxIdentifier, dsigTransformInfosString });
return request;
}
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
index 85ec1cb7f..819ed79bb 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
@@ -26,24 +26,25 @@ public class PersonDataBuilder {
/**
* Builds the <code>&lt;pr:Person&gt;</code> element.<br/>
* Utilizes the parsed <code>&lt;prPerson&gt;</code> from the identity link
- * and the information regarding inclusion of <code>"ZMR-Zahl"</code> in the
+ * and the information regarding inclusion of <code>"Stammzahl"</code> in the
* <code>&lt;pr:Person&gt;</code> data.
*
* @param identityLink <code>IdentityLink</code> containing the
* attribute <code>prPerson</code>
- * @param provideZMRZahl true if <code>"ZMR-Zahl"</code> is to be included;
+ * @param provideStammzahl true if <code>"Stammzahl"</code> is to be included;
* false otherwise
* @return the <code>&lt;pr:Person&gt;</code> element as a String
* @throws BuildException on any error
*/
- public String build(IdentityLink identityLink, boolean provideZMRZahl)
+ public String build(IdentityLink identityLink, boolean provideStammzahl)
throws BuildException {
try {
Element prPerson = (Element)identityLink.getPrPerson().cloneNode(true);
- if (! provideZMRZahl) {
- Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification");
- prPerson.removeChild(prIdentification);
+ if (! provideStammzahl) {
+ Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification/pr:Value");
+ //remove IdentificationValue
+ prIdentification.getFirstChild().setNodeValue("");
}
String xmlString = DOMUtils.serializeNode(prPerson);
return xmlString;
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
index e2ad2625a..cc58db916 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
@@ -14,10 +14,14 @@ import org.w3c.dom.Element;
*/
public class IdentityLink {
/**
- * <code>"identificationValue"</code> is the translation of <code>"ZMR-Zahl"</code>.
+ * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
*/
private String identificationValue;
/**
+ * <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
+ */
+ private String identificationType;
+ /**
* first name
*/
private String givenName;
@@ -82,13 +86,22 @@ public class IdentityLink {
/**
* Returns the identificationValue.
- * <code>"identificationValue"</code> is the translation of <code>"ZMR-Zahl"</code>.
+ * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
* @return String
*/
public String getIdentificationValue() {
return identificationValue;
}
+ /**
+ * Returns the identificationType.
+ * <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
+ * @return String
+ */
+ public String getIdentificationType() {
+ return identificationType;
+ }
+
/**
* Sets the dateOfBirth.
* @param dateOfBirth The dateOfBirth to set
@@ -115,12 +128,20 @@ public class IdentityLink {
/**
* Sets the identificationValue.
- * <code>"identificationValue"</code> is the translation of <code>"ZMR-Zahl"</code>.
+ * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
* @param identificationValue The identificationValue to set
*/
public void setIdentificationValue(String identificationValue) {
this.identificationValue = identificationValue;
}
+
+ /**
+ * Sets the Type of the identificationValue.
+ * @param identificationType The type of identificationValue to set
+ */
+ public void setIdentificationType(String identificationType) {
+ this.identificationType = identificationType;
+ }
/**
* Returns the samlAssertion.
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
index f9ef54884..49baf1bf5 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -97,6 +97,16 @@ public class IdentityLinkAssertionParser {
+ "Identification/"
+ PDATA
+ "Value";
+
+ /** Xpath expression to the Identification Value element */
+ private static final String PERSON_IDENT_TYPE_XPATH =
+ PERSON_XPATH
+ + "/"
+ + PDATA
+ + "Identification/"
+ + PDATA
+ + "Type";
+
/** Xpath expression to the RSAKeyValue element */
private static final String RSA_KEY_VALUE_XPATH =
ROOT
@@ -179,12 +189,13 @@ public class IdentityLinkAssertionParser {
IdentityLink identityLink;
try {
identityLink = new IdentityLink();
- //ÄNDERN: NUR der Identification-Teil
identityLink.setSamlAssertion(assertionElem);
identityLink.setPrPerson((Element)
XPathUtils.selectSingleNode(assertionElem, PERSON_XPATH));
identityLink.setIdentificationValue(
XPathUtils.getElementValue(assertionElem, PERSON_IDENT_VALUE_XPATH, ""));
+ identityLink.setIdentificationType(
+ XPathUtils.getElementValue(assertionElem, PERSON_IDENT_TYPE_XPATH, ""));
identityLink.setGivenName(
XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, ""));
identityLink.setFamilyName(
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index 6ff52bc4a..95878007e 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -35,7 +35,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
* <ul>
* <li>Logs the error</li>
* <li>Places error message and exception thrown into the request
- * as request attributes (to be used by <code>"/errorpage.jsp"</code>)</li>
+ * as request attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
* <li>Sets HTTP status 500 (internal server error)</li>
* </ul>
*
@@ -59,9 +59,9 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
req.setAttribute("ExceptionThrown", exceptionThrown);
}
- //forward this to errorpage.jsp wher the HTML error page is generated
+ //forward this to errorpage-auth.jsp where the HTML error page is generated
ServletContext context = getServletContext();
- RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage.jsp");
+ RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
try {
dispatcher.forward(req, resp);
} catch (ServletException e) {
@@ -80,9 +80,9 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
Logger.error(ex.toString());
req.setAttribute("WrongParameters", ex.getMessage());
- // forward this to errorpage.jsp where the HTML error page is generated
+ // forward this to errorpage-auth.jsp where the HTML error page is generated
ServletContext context = getServletContext();
- RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage.jsp");
+ RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
try {
dispatcher.forward(req, resp);
} catch (ServletException e) {
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
index 1dc1897b2..f33377547 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
@@ -1,17 +1,18 @@
package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
-import java.io.PrintWriter;
import java.text.DateFormat;
import java.util.Date;
import java.util.Locale;
+import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -22,9 +23,6 @@ import at.gv.egovernment.moa.logging.Logger;
* @version $Id$
*/
public class ConfigurationServlet extends HttpServlet {
- /** Constant for the DTD-Doc type */
- private static final String DOC_TYPE =
- "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n";
/**
* Handle a HTTP GET request, used to indicated that the MOA
@@ -36,13 +34,7 @@ public class ConfigurationServlet extends HttpServlet {
throws ServletException, IOException {
MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
- PrintWriter out;
- response.setContentType("text/html");
- out = response.getWriter();
- out.println(DOC_TYPE);
- out.println("<head><title>MOA configuration update</title></head>");
- out.println("<body bgcolor=\"#FFFFFF\">");
try {
MOAIDAuthInitializer.initialized=false;
MOAIDAuthInitializer.initialize();
@@ -50,21 +42,13 @@ public class ConfigurationServlet extends HttpServlet {
{ DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} );
Logger.info(message);
- //TODO low-priority: change to ErrorPage
- out.println("<p><b>");
- out.println(message);
- out.println("</b></p>");
+ HTTPRequestJSPForwarder.forwardNamed(message, "/message-auth.jsp", getServletContext(), request, response);
+
} catch (Throwable t) {
String errorMessage = msg.getMessage("config.04", null);
Logger.error(errorMessage, t);
- out.println("<p><b>");
- out.println(errorMessage);
- out.println("</b></p>");
+ HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-auth.jsp", getServletContext(), request, response);
}
- out.println("</body>");
-
- out.flush();
- out.close();
}
/**
@@ -77,4 +61,15 @@ public class ConfigurationServlet extends HttpServlet {
doGet(request, response);
}
+ /**
+ * Calls the web application initializer.
+ *
+ * @see javax.servlet.Servlet#init(ServletConfig)
+ */
+ public void init(ServletConfig servletConfig) throws ServletException {
+ super.init(servletConfig);
+ }
+
}
+
+
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 8de475f95..ec8cb7b1a 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -53,7 +53,7 @@ public class VerifyXMLSignatureResponseValidator {
if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
throw new ValidateException("validator.06", null);
- //TODO enhance error messages (reason why check failed)
+ //TODO MOA-ID enhance error messages (reason why check failed)
if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0)
if (whatToCheck.equals(CHECK_IDENTITY_LINK))
throw new ValidateException("validator.07", null);
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index 6d3e05c29..53f763630 100644
--- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -355,10 +355,12 @@ public class ConfigurationBuilder {
OAAuthParameter oap = new OAAuthParameter();
oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix"));
+ oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier"));
+
//Check if there is an Auth-Block to read from configuration
if (authComponent!=null)
{
- oap.setProvideZMRZahl(BoolUtils.valueOf(authComponent.getAttribute("provideZMRZahl")));
+ oap.setProvideStammzahl(BoolUtils.valueOf(authComponent.getAttribute("provideStammzahl")));
oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock")));
oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink")));
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 9ee1ec606..512d571ab 100644
--- a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -13,10 +13,15 @@ public class OAAuthParameter {
* public URL prefix of the online application
*/
private String publicURLPrefix;
+
/**
- * determines whether "ZMR-Zahl" is to be included in the authentication data
+ * key box Identifier (e.g. CertifiedKeyPair, SecureSignatureKeyPair)
+ */
+ private String keyBoxIdentifier;
+ /**
+ * determines whether "Stammzahl" is to be included in the authentication data
*/
- private boolean provideZMRZahl;
+ private boolean provideStammzahl;
/**
* determines whether AUTH block is to be included in the authentication data
*/
@@ -43,11 +48,11 @@ public class OAAuthParameter {
}
/**
- * Returns the provideZMRZahl.
+ * Returns the provideStammzahl.
* @return String
*/
- public boolean getProvideZMRZahl() {
- return provideZMRZahl;
+ public boolean getProvideStammzahl() {
+ return provideStammzahl;
}
/**
@@ -58,6 +63,14 @@ public class OAAuthParameter {
return publicURLPrefix;
}
+ /**
+ * Returns the key box identifier.
+ * @return String
+ */
+ public String getKeyBoxIdentifier() {
+ return keyBoxIdentifier;
+ }
+
/**
* Sets the provideAuthBlock.
* @param provideAuthBlock The provideAuthBlock to set
@@ -75,11 +88,11 @@ public class OAAuthParameter {
}
/**
- * Sets the provideZMRZahl.
- * @param provideZMRZahl The provideZMRZahl to set
+ * Sets the provideStammzahl.
+ * @param provideStammzahl The provideStammzahl to set
*/
- public void setProvideZMRZahl(boolean provideZMRZahl) {
- this.provideZMRZahl = provideZMRZahl;
+ public void setProvideStammzahl(boolean provideStammzahl) {
+ this.provideStammzahl = provideStammzahl;
}
/**
@@ -90,4 +103,13 @@ public class OAAuthParameter {
this.publicURLPrefix = publicURLPrefix;
}
+ /**
+ * Sets the key box identifier.
+ * @param keyBoxIdentifier to set
+ */
+ public void setKeyBoxIdentier(String keyBoxIdentifier) {
+ this.keyBoxIdentifier = keyBoxIdentifier;
+ }
+
+
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
index 5859d2ae9..fdb7e6f55 100644
--- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
+++ b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
@@ -129,8 +129,6 @@ public class ProxyConfigurationProvider extends ConfigurationProvider {
throw new ConfigurationException("config.03", null, t);
}
- //TODO enhance: use the getter method in makeAbsoluteURL
-
// build the internal datastructures
builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
authComponentConnectionParameter = builder.buildAuthComponentConnectionParameter();
diff --git a/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java
index aac1dc422..65fe9047d 100644
--- a/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -31,14 +31,18 @@ public class AuthenticationData {
*/
private String issueInstant;
/**
- * user identification (ZMR-Zahl); <code>null</code>,
+ * user identification value (Stammzahl); <code>null</code>,
* if the authentication module is configured not to return this data
*/
private String identificationValue;
+ /**
+ * user identification type
+ */
+ private String identificationType;
/**
- * application specific user identifier (VPK)
+ * application specific user identifier (bPK)
*/
- private String vpk;
+ private String bPK;
/**
* given name of the user
*/
@@ -112,11 +116,11 @@ public class AuthenticationData {
}
/**
- * Returns the vpk.
+ * Returns the bPK.
* @return String
*/
- public String getVPK() {
- return vpk;
+ public String getPBK() {
+ return bPK;
}
/**
@@ -152,11 +156,11 @@ public class AuthenticationData {
}
/**
- * Sets the vpk.
- * @param vpk The vpk to set
+ * Sets the bPK.
+ * @param bPK The bPK to set
*/
- public void setVPK(String vpk) {
- this.vpk = vpk;
+ public void setPBK(String bPK) {
+ this.bPK = bPK;
}
/**
@@ -199,6 +203,14 @@ public class AuthenticationData {
return identificationValue;
}
+ /**
+ * Returns the identificationType
+ * @return String
+ */
+ public String getIdentificationType() {
+ return identificationType;
+ }
+
/**
* Returns the issueInstant.
* @return String
@@ -263,6 +275,14 @@ public class AuthenticationData {
this.identificationValue = identificationValue;
}
+ /**
+ * Sets the identificationType.
+ * @param identificationType The identificationType to set
+ */
+ public void setIdentificationType(String identificationType) {
+ this.identificationType = identificationType;
+ }
+
/**
* Sets the issueInstant.
* @param issueInstant The issueInstant to set
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
index 8d09e2bc9..b41de3c44 100644
--- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
+++ b/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
@@ -29,6 +29,7 @@ public class PKIConfigurationImpl implements PKIConfiguration {
* @throws ConfigurationException for any config error
*/
public PKIConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
+
certStoreConfiguration = new CertStoreConfigurationImpl(conf);
revocationConfiguration = new RevocationConfigurationImpl();
validationConfiguration = new ValidationConfigurationImpl(conf);
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
index 2ac8fe28e..bdadcbb81 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
@@ -36,7 +36,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder {
disableHostnameVerification = BoolUtils.valueOf(
ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
"ProxyComponent.DisableHostnameVerification"));
- //TODO undocumented feature
+ //TODO MOA-ID BRZ undocumented feature
if (disableHostnameVerification)
Logger.warn("ProxyComponent.DisableHostnameVerification: " + disableHostnameVerification);
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
index 033a74934..77f6652f3 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
@@ -1,6 +1,7 @@
package at.gv.egovernment.moa.id.proxy;
import java.io.IOException;
+import java.io.UnsupportedEncodingException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
@@ -8,6 +9,7 @@ import java.util.Map;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.URLEncoder;
/**
* Implementation of interface <code>LoginParameterResolver</code>
@@ -79,7 +81,14 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext();) {
String key = (String) iter.next();
String predicate = (String) oaConf.getParamAuthMapping().get(key);
- String resolvedValue = resolveValue(predicate, authData, clientIPAddress);
+ String resolvedValue;
+ try {
+ resolvedValue =
+ URLEncoder.encode(resolveValue(predicate, authData, clientIPAddress), "ISO-8859-1");
+ } catch (UnsupportedEncodingException e) {
+ //ISO-8859-1 is supported
+ resolvedValue = null;
+ }
result.put(key, resolvedValue);
}
}
@@ -97,27 +106,29 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) {
if (predicate.equals(MOAGivenName))
return authData.getGivenName();
- else if (predicate.equals(MOAFamilyName))
+ if (predicate.equals(MOAFamilyName))
return authData.getFamilyName();
- else if (predicate.equals(MOADateOfBirth))
+ if (predicate.equals(MOADateOfBirth))
return authData.getDateOfBirth();
- else if (predicate.equals(MOAVPK))
- return authData.getVPK();
- else if (predicate.equals(MOAPublicAuthority))
+ if (predicate.equals(MOABPK))
+ return authData.getPBK();
+ if (predicate.equals(MOAPublicAuthority))
if (authData.isPublicAuthority())
return "true";
else
return "false";
- else if (predicate.equals(MOABKZ))
+ if (predicate.equals(MOABKZ))
return authData.getPublicAuthorityCode();
- else if (predicate.equals(MOAQualifiedCertificate))
+ if (predicate.equals(MOAQualifiedCertificate))
if (authData.isQualifiedCertificate())
return "true";
else
return "false";
- else if (predicate.equals(MOAZMRZahl))
+ if (predicate.equals(MOAStammzahl))
return authData.getIdentificationValue();
- else if (predicate.equals(MOAIPAddress))
+ if (predicate.equals(MOAIdentificationValueType))
+ return authData.getIdentificationType();
+ if (predicate.equals(MOAIPAddress))
return clientIPAddress;
else return null;
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
index 434a4f674..c391fc16f 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
@@ -15,25 +15,27 @@ import at.gv.egovernment.moa.id.data.AuthenticationData;
*/
public interface LoginParameterResolver {
- /** Constants used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code>,
+ /** Constants used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>,
* naming predicates used by the <code>LoginParameterResolver</code>. */
public static final String MOAGivenName = "MOAGivenName";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
public static final String MOAFamilyName = "MOAFamilyName";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
public static final String MOADateOfBirth = "MOADateOfBirth";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAVPK = "MOAVPK";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOABPK = "MOABPK";
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
public static final String MOAPublicAuthority = "MOAPublicAuthority";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
public static final String MOABKZ = "MOABKZ";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
public static final String MOAQualifiedCertificate =
"MOAQualifiedCertificate";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAZMRZahl = "MOAZMRZahl";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAStammzahl = "MOAStammzahl";
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAIdentificationValueType = "MOAIdentificationValueType";
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
public static final String MOAIPAddress = "MOAIPAddress";
/**
@@ -52,7 +54,7 @@ public interface LoginParameterResolver {
public Map getAuthenticationHeaders(
OAConfiguration oaConf,
AuthenticationData authData,
- String clientIPAddress) throws LoginParameterResolverException;
+ String clientIPAddress) throws LoginParameterResolverException, NotAllowedException;
/**
* Returns request parameters to be added to a URLConnection.
@@ -70,6 +72,6 @@ public interface LoginParameterResolver {
AuthenticationData authData,
String clientIPAddress) throws LoginParameterResolverException;
- public void configure(String configuration) throws LoginParameterResolverException;
+ public void configure(String configuration) throws LoginParameterResolverException, NotAllowedException;
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java b/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java
new file mode 100644
index 000000000..849160a7b
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java
@@ -0,0 +1,39 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+/**
+ * Exception thrown while proxying a request to the online application
+ * Reason for this exception: the dedicated LoginParameterResolver does
+ * not allow access to the desired ressource.
+ *
+ * @author Rudolf Schamberger
+ * @version $Id$
+ */
+public class NotAllowedException extends MOAIDException {
+
+ /**
+ * Constructor for NotAllowedException.
+ * @param messageId
+ * @param parameters
+ */
+ public NotAllowedException(
+ String messageId,
+ Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * Constructor for NotAllowedException.
+ * @param messageId
+ * @param parameters
+ * @param wrapped
+ */
+ public NotAllowedException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java
index c53ed30a6..9766ef57b 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java
@@ -11,9 +11,9 @@ import org.w3c.dom.*;
// Referenced classes of package at.gv.egovernment.moa.id.proxy:
// LoginParameterResolver
-// Old Implementation of XMLLoginParameterResolver (used to migrate old labs applications rapidely to
-// version 1.1.1 of MOA-ID
-// TODO RS migrate this to XMLLoginParameterResolver
+// Old Implementation of XMLLoginParameterResolver
+//
+// TODO MOA-ID CIO internal: migrate this to XMLLoginParameterResolver
public class OldXMLLoginParameterResolver
@@ -98,7 +98,7 @@ public class OldXMLLoginParameterResolver
{
String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
- String bPK = resolveValue("MOAVPK", authData, clientIPAddress);
+ String bPK = resolveValue("MOABPK", authData, clientIPAddress);
String userid = "";
String password = "";
LPRParams params = null;
@@ -193,8 +193,8 @@ public class OldXMLLoginParameterResolver
return authData.getFamilyName();
if(predicate.equals("MOADateOfBirth"))
return authData.getDateOfBirth();
- if(predicate.equals("MOAVPK"))
- return authData.getVPK();
+ if(predicate.equals("MOABPK"))
+ return authData.getPBK();
if(predicate.equals("MOAPublicAuthority"))
if(authData.isPublicAuthority())
return "true";
@@ -207,8 +207,10 @@ public class OldXMLLoginParameterResolver
return "true";
else
return "false";
- if(predicate.equals("MOAZMRZahl"))
+ if(predicate.equals("MOAStammzahl"))
return authData.getIdentificationValue();
+ if (predicate.equals(MOAIdentificationValueType))
+ return authData.getIdentificationType();
if(predicate.equals("MOAIPAddress"))
return clientIPAddress;
else
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java
index 3f7a6872c..3958bb206 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java
@@ -184,7 +184,7 @@ public class XMLLoginParameterResolver implements LoginParameterResolver {
String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
- String bPK = resolveValue("MOAVPK", authData, clientIPAddress);
+ String bPK = resolveValue("MOABPK", authData, clientIPAddress);
String userid = "";
String password = "";
LPRParams params = null;
@@ -247,7 +247,7 @@ public class XMLLoginParameterResolver implements LoginParameterResolver {
String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
- String bPK = resolveValue("MOAVPK", authData, clientIPAddress);
+ String bPK = resolveValue("MOABPK", authData, clientIPAddress);
String userid = "";
String password = "";
LPRParams params = null;
@@ -293,8 +293,8 @@ public class XMLLoginParameterResolver implements LoginParameterResolver {
return authData.getFamilyName();
if (predicate.equals("MOADateOfBirth"))
return authData.getDateOfBirth();
- if (predicate.equals("MOAVPK"))
- return authData.getVPK();
+ if (predicate.equals("MOABPK"))
+ return authData.getPBK();
if (predicate.equals("MOAPublicAuthority"))
if (authData.isPublicAuthority())
return "true";
@@ -307,8 +307,10 @@ public class XMLLoginParameterResolver implements LoginParameterResolver {
return "true";
else
return "false";
- if (predicate.equals("MOAZMRZahl"))
+ if (predicate.equals("MOAStammzahl"))
return authData.getIdentificationValue();
+ if (predicate.equals(MOAIdentificationValueType))
+ return authData.getIdentificationType();
if (predicate.equals("MOAIPAddress"))
return clientIPAddress;
else
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
index ce0743b3d..a78a8d587 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
@@ -40,7 +40,7 @@ public class AuthenticationDataAssertionParser implements Constants {
private static String ATTRIBUTESTATEMENT_XPATH =
SAML + "AttributeStatement/";
/** Prefix for Element NameIdentifier in an Xpath-expression */
- private static String VPK_XPATH =
+ private static String BPK_XPATH =
ATTRIBUTESTATEMENT_XPATH +
SAML + "Subject/" +
SAML + "NameIdentifier";
@@ -51,10 +51,15 @@ public class AuthenticationDataAssertionParser implements Constants {
SAML + "AttributeValue/" +
PR + "Person/";
/** Prefix for Element Value in an Xpath-expression */
- private static String ZMRZAHL_XPATH =
+ private static String IDENTIFICATION_VALUE_XPATH =
PERSONDATA_XPATH +
PR + "Identification/" +
PR + "Value";
+ private static String IDENTIFICATION_TYPE_XPATH =
+ PERSONDATA_XPATH +
+ PR + "Identification/" +
+ PR + "Type";
+
/** Prefix for Element GivenName in an Xpath-expression */
private static String GIVEN_NAME_XPATH =
PERSONDATA_XPATH +
@@ -112,10 +117,12 @@ public class AuthenticationDataAssertionParser implements Constants {
XPathUtils.getAttributeValue(samlAssertion, ISSUER_XPATH, ""));
authData.setIssueInstant(
XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, ""));
- authData.setVPK(
- XPathUtils.getElementValue(samlAssertion, VPK_XPATH, ""));
+ authData.setPBK(
+ XPathUtils.getElementValue(samlAssertion, BPK_XPATH, ""));
authData.setIdentificationValue(
- XPathUtils.getElementValue(samlAssertion, ZMRZAHL_XPATH, ""));
+ XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, ""));
+ authData.setIdentificationType(
+ XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, ""));
authData.setGivenName(
XPathUtils.getElementValue(samlAssertion, GIVEN_NAME_XPATH, ""));
authData.setFamilyName(
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
index d6ec4951b..4ab2e2cf7 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
@@ -1,17 +1,18 @@
package at.gv.egovernment.moa.id.proxy.servlet;
import java.io.IOException;
-import java.io.PrintWriter;
import java.text.DateFormat;
import java.util.Date;
import java.util.Locale;
+import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer;
+import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -22,9 +23,6 @@ import at.gv.egovernment.moa.logging.Logger;
* @version $Id$
*/
public class ConfigurationServlet extends HttpServlet {
- /** The standard String for DTD Doc-type */
- private static final String DOC_TYPE =
- "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n";
/**
* Handle a HTTP GET request, used to indicated that the MOA
@@ -36,13 +34,6 @@ public class ConfigurationServlet extends HttpServlet {
throws ServletException, IOException {
MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
- PrintWriter out;
-
- response.setContentType("text/html");
- out = response.getWriter();
- out.println(DOC_TYPE);
- out.println("<head><title>MOA configuration update</title></head>");
- out.println("<body bgcolor=\"#FFFFFF\">");
try {
MOAIDProxyInitializer.initialize();
@@ -50,21 +41,12 @@ public class ConfigurationServlet extends HttpServlet {
{ DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} );
Logger.info(message);
- //TODO low-priority: change to ErrorPage
- out.println("<p><b>");
- out.println(message);
- out.println("</b></p>");
+ HTTPRequestJSPForwarder.forwardNamed(message, "/message-proxy.jsp", getServletContext(), request, response);
} catch (Throwable t) {
String errorMessage = msg.getMessage("config.04", null);
Logger.error(errorMessage, t);
- out.println("<p><b>");
- out.println(errorMessage);
- out.println("</b></p>");
+ HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-proxy.jsp", getServletContext(), request, response);
}
- out.println("</body>");
-
- out.flush();
- out.close();
}
/**
@@ -77,4 +59,13 @@ public class ConfigurationServlet extends HttpServlet {
doGet(request, response);
}
+/**
+ * Calls the web application initializer.
+ *
+ * @see javax.servlet.Servlet#init(ServletConfig)
+ */
+public void init(ServletConfig servletConfig) throws ServletException {
+ super.init(servletConfig);
}
+
+} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index 362849fb1..7980778d9 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -3,7 +3,6 @@ package at.gv.egovernment.moa.id.proxy.servlet;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.IOException;
-import java.io.OutputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.net.HttpURLConnection;
@@ -14,7 +13,9 @@ import java.util.Iterator;
import java.util.Map;
import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.RequestDispatcher;
import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
@@ -39,6 +40,7 @@ import at.gv.egovernment.moa.id.proxy.LoginParameterResolver;
import at.gv.egovernment.moa.id.proxy.LoginParameterResolverException;
import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory;
import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer;
+import at.gv.egovernment.moa.id.proxy.NotAllowedException;
import at.gv.egovernment.moa.id.proxy.invoke.GetAuthenticationDataInvoker;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.SSLUtils;
@@ -67,6 +69,8 @@ public class ProxyServlet extends HttpServlet {
private static final String ATT_LOGIN_HEADERS = "LoginHeaders";
/** Name of the Attribute for the LoginParameters */
private static final String ATT_LOGIN_PARAMETERS = "LoginParameters";
+ /** Name of the Attribute for the SAMLARTIFACT */
+ private static final String ATT_SAML_ARTIFACT = "SamlArtifact";
/**
* @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse)
@@ -75,17 +79,25 @@ public class ProxyServlet extends HttpServlet {
Logger.debug("getRequestURL:" + req.getRequestURL().toString());
try {
- if (req.getParameter(PARAM_SAMLARTIFACT) != null && req.getParameter(PARAM_TARGET) != null)
- login(req, resp);
+ if (req.getParameter(PARAM_SAMLARTIFACT) != null && req.getParameter(PARAM_TARGET) != null) {
+
+ // check if SAML Artifact was already used in this session (in case of page reload)
+ HttpSession session = req.getSession();
+ if(null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) {
+ tunnelRequest(req, resp);
+ } else
+ // it is the first time that the SAML Artifact was used
+ login(req, resp);
+ }
else
tunnelRequest(req, resp);
}
catch (MOAIDException ex) {
- handleError(resp, ex.toString(), ex);
+ handleError(ex.getMessage(), ex, req, resp);
}
catch (Throwable ex) {
- handleError(resp, ex.toString(), ex);
- }
+ handleError(ex.getMessage(), ex, req, resp);
+ }
}
/**
@@ -113,8 +125,15 @@ public class ProxyServlet extends HttpServlet {
// String target = req.getParameter(PARAM_TARGET); parameter given but not processed
// get authentication data from the MOA-ID Auth component
- AuthenticationData authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact);
-
+ AuthenticationData authData;
+ try {
+ authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact);
+ } catch (ServiceException ex) {
+ throw new ProxyException("proxy.14", new Object[] {ex});
+ } catch (ProxyException ex) {
+ throw new ProxyException("proxy.14", new Object[] {ex});
+ }
+
String urlRequested = req.getRequestURL().toString();
// read configuration data
@@ -129,29 +148,34 @@ public class ProxyServlet extends HttpServlet {
ConnectionParameter oaConnParam = oaParam.getConnectionParameter();
String realURLPrefix = oaConnParam.getUrl();
- // resolve login parameters to be forwarded to online application
- LoginParameterResolver lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix);
+ // resolve login parameters to be forwarded to online application
+ LoginParameterResolver lpr =
+ LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix);
String clientIPAddress = req.getRemoteAddr();
Map loginHeaders = null;
Map loginParameters = null;
try {
- if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH))
- loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress);
- else
- loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress);
-
- } catch (LoginParameterResolverException ex) {
- throw new ProxyException("proxy.13", new Object[] { publicURLPrefix });
- }
+ if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH))
+ loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress);
+ else
+ loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress);
+
+ } catch (LoginParameterResolverException ex) {
+ throw new ProxyException("proxy.13", new Object[] { publicURLPrefix });
+ } catch (NotAllowedException e) {
+ throw new ProxyException("proxy.15", new Object[] { });
+ }
// setup SSLSocketFactory for communication with the online application
SSLSocketFactory ssf = null;
if (oaConnParam.isHTTPSURL()) {
try {
ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
- }
- catch (Throwable ex) {
- throw new ProxyException("proxy.05", new Object[] { oaConnParam.getUrl(), ex.toString()}, ex);
+ } catch (Throwable ex) {
+ throw new ProxyException(
+ "proxy.05",
+ new Object[] { oaConnParam.getUrl(), ex.toString()},
+ ex);
}
}
@@ -160,6 +184,7 @@ public class ProxyServlet extends HttpServlet {
String loginType = oaConf.getLoginType();
Logger.debug("Login type: " + loginType);
if (loginType.equals(OAConfiguration.LOGINTYPE_STATELESS)) {
+
HttpSession session = req.getSession();
int sessionTimeOut = oaParam.getSessionTimeOut();
if (sessionTimeOut == 0)
@@ -170,24 +195,40 @@ public class ProxyServlet extends HttpServlet {
session.setAttribute(ATT_SSL_SOCKET_FACTORY, ssf);
session.setAttribute(ATT_LOGIN_HEADERS, loginHeaders);
session.setAttribute(ATT_LOGIN_PARAMETERS, loginParameters);
+ session.setAttribute(ATT_SAML_ARTIFACT, samlArtifact);
Logger.debug("moa-id-proxy: HTTPSession angelegt");
}
-
- // tunnel request to the online application
- int respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf);
- if (respcode == 401)
- {
- Logger.debug("Got 401, trying again");
- respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf);
- if (respcode == 401)
- throw new ProxyException("proxy.12", new Object[] { realURLPrefix});
- }
- }
- catch (ProxyException ex) {
- throw new ProxyException("proxy.12", new Object[] { realURLPrefix});
- }
- catch (Throwable ex) {
+
+ // tunnel request to the online application
+ int respcode =
+ tunnelRequest(
+ req,
+ resp,
+ loginHeaders,
+ loginParameters,
+ publicURLPrefix,
+ realURLPrefix,
+ ssf);
+ if (respcode == 401) {
+ Logger.debug("Got 401, trying again");
+
+ respcode =
+ tunnelRequest(
+ req,
+ resp,
+ loginHeaders,
+ loginParameters,
+ publicURLPrefix,
+ realURLPrefix,
+ ssf);
+ if (respcode == 401)
+ throw new ProxyException("proxy.12", new Object[] { realURLPrefix });
+ }
+ } catch (ProxyException ex) {
+ throw new ProxyException("proxy.12", new Object[] { realURLPrefix });
+
+ } catch (Throwable ex) {
throw new ProxyException("proxy.04", new Object[] { urlRequested, ex.toString()}, ex);
}
}
@@ -202,9 +243,15 @@ public class ProxyServlet extends HttpServlet {
Logger.debug("Tunnel request (stateless)");
HttpSession session = req.getSession(false);
+
if (session == null)
throw new ProxyException("proxy.07", null);
String publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX);
+ //A sesssion is automatically created when forwarded 1st time to errorpage-proxy.jsp (with the handleError method)
+ //additional check if publicURLPrefix is OK, if not throw an Exception
+ if (publicURLPrefix == null)
+ throw new ProxyException("proxy.07", null);
+
String realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX);
SSLSocketFactory ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY);
Map loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS);
@@ -487,6 +534,7 @@ private boolean isTransferEncodingChunkedHeader(String headerKey, String headerV
* @see javax.servlet.Servlet#init(ServletConfig)
*/
public void init(ServletConfig servletConfig) throws ServletException {
+ super.init(servletConfig);
try {
MOAIDProxyInitializer.initialize();
Logger.info(MOAIDMessageProvider.getInstance().getMessage("proxy.00", null));
@@ -496,42 +544,47 @@ public void init(ServletConfig servletConfig) throws ServletException {
throw new ServletException(ex);
}
}
+
/**
- * Handles an error in proxying the request.
+ * Handles an error. <br>
* <ul>
- * <li>Logs the error.</li>
- * <li>Outputs an HTML error page.</li>
+ * <li>Logs the error</li>
+ * <li>Places error message and exception thrown into the request
+ * as request attributes (to be used by <code>"/errorpage-proxy.jsp"</code>)</li>
+ * <li>Sets HTTP status 500 (internal server error)</li>
* </ul>
- * @param resp the HttpServletResponse
- * @param errorMessage error message to be used
- * @param ex the exception to be logged
+ *
+ * @param errorMessage error message
+ * @param exceptionThrown exception thrown
+ * @param req servlet request
+ * @param resp servlet response
*/
-private void handleError(HttpServletResponse resp, String errorMessage, Throwable ex) {
- Logger.error(errorMessage, ex);
- String htmlCode =
- "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">"
- + "<html><head><title>"
- + MOAIDMessageProvider.getInstance().getMessage("proxy.10", null)
- + "</title></head><body>"
- + "<h1>"
- + MOAIDMessageProvider.getInstance().getMessage("proxy.10", null)
- + "</h1>"
- + "<p>"
- + MOAIDMessageProvider.getInstance().getMessage("proxy.11", null)
- + "</p>"
- + "<p>"
- + errorMessage
- + "</p>"
- + "</body></html>";
- resp.setContentType("text/html");
- try {
- OutputStream respOut = resp.getOutputStream();
- respOut.write(htmlCode.getBytes());
- respOut.flush();
- }
- catch (IOException ioex) {
- Logger.error("", ioex);
- }
+protected void handleError(
+ String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) {
+
+
+ if(null != errorMessage) {
+ Logger.error(errorMessage);
+ req.setAttribute("ErrorMessage", errorMessage );
+ }
+
+ if (null != exceptionThrown) {
+ if(null == errorMessage) errorMessage = exceptionThrown.getMessage();
+ Logger.error(errorMessage, exceptionThrown);
+ //req.setAttribute("ExceptionThrown", exceptionThrown);
+ }
+
+ //forward this to errorpage-proxy.jsp wher the HTML error page is generated
+ ServletContext context = getServletContext();
+ RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-proxy.jsp");
+ try {
+ dispatcher.forward(req, resp);
+ } catch (ServletException e) {
+ Logger.error(e);
+ } catch (IOException e) {
+ Logger.error(e);
+ }
+
}
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java b/id.server/src/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java
new file mode 100644
index 000000000..7c4731555
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java
@@ -0,0 +1,76 @@
+/*
+ * Created on 17.02.2004
+ *
+ * To change the template for this generated file go to
+ * Window>Preferences>Java>Code Generation>Code and Comments
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.io.IOException;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author rschamberger
+ *
+ * To change the template for this generated type comment go to
+ * Window>Preferences>Java>Code Generation>Code and Comments
+ */
+public class HTTPRequestJSPForwarder {
+
+ /**
+ * Forwards the HttpServletRequest to a customizable JSP Page and serves the Response. <br>
+ * <ul>
+ * <li>Logs the message</li>
+ * </ul>
+ *
+ * @param message message text
+ * @param jspPageURI URI of the JSP page
+ * @param context the servlet context of the servlet belonging to the req, resp
+ * @param req servlet request
+ * @param resp servlet response
+ */
+ public static void forwardNamed(
+ String message,
+ String jspPageURI,
+ ServletContext context,
+ HttpServletRequest req,
+ HttpServletResponse resp) {
+
+ if (null != message) {
+ Logger.info(message);
+ req.setAttribute("Message", message);
+ }
+
+ //forward this to the given jsp page where the HTML response is generated
+ try {
+ context.getRequestDispatcher(jspPageURI).forward(req, resp);
+ } catch (IOException e) {
+ Logger.error(e);
+ } catch (ServletException e) {
+ Logger.error(e);
+ }
+ }
+
+ /**
+ * Forwards the HttpServletRequest to the customizable JSP Page 'message.jsp' and serves the Response. <br>
+ * <ul>
+ * <li>Logs the message</li>
+ * </ul>
+ *
+ * @param message message text
+ * @param context the servlet context of the servlet belonging to the req, resp
+ * @param req servlet request
+ * @param resp servlet response
+ */
+ public static void forwardDefault(
+ String message,
+ ServletContext context,
+ HttpServletRequest req,
+ HttpServletResponse resp) {
+ forwardNamed(message, "/message.jsp", context, req, resp);
+ }
+} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java b/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java
index e0739d941..276f126c6 100644
--- a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -119,7 +119,7 @@ public class SSLUtils {
String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING);
//not using BoolUtils because default value hast to be true!
boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString));
- //TODO RS verify SSL Revocation handling
+ //TODO MOA-ID verify SSL Revocation handling
PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
// This call fixes a bug occuring when PKIConfiguration is
// initialized by the MOA-SP initialization code, in case