diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java | 313 |
1 files changed, 223 insertions, 90 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 28288815a..69a73215a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ /* * Copyright 2003 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal @@ -24,39 +46,34 @@ package at.gv.egovernment.moa.id.config.auth; -import iaik.security.cipher.AESKeyGenerator; - import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.math.BigInteger; import java.net.MalformedURLException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; import java.util.ArrayList; +import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Properties; -import javax.crypto.Cipher; -import javax.crypto.KeyGenerator; -import javax.crypto.NoSuchPaddingException; import javax.xml.bind.JAXBContext; -import javax.xml.bind.Marshaller; import javax.xml.bind.Unmarshaller; import org.hibernate.cfg.Configuration; - import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; +import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; @@ -77,9 +94,10 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; -import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; +import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConfigurationUtils; @@ -87,6 +105,7 @@ import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.ConnectionParameterForeign; import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; +import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.logging.Logger; @@ -113,8 +132,8 @@ import eu.stork.vidp.messages.common.STORKBootstrap; */ public class AuthConfigurationProvider extends ConfigurationProvider { - /** DEFAULT_ENCODING is "UTF-8" */ - private static final String DEFAULT_ENCODING="UTF-8"; +// /** DEFAULT_ENCODING is "UTF-8" */ +// private static final String DEFAULT_ENCODING="UTF-8"; /** * The name of the generic configuration property giving the authentication session time out. */ @@ -184,9 +203,12 @@ public class AuthConfigurationProvider extends ConfigurationProvider { private static List<String> IdentityLinkX509SubjectNames = new ArrayList<String>(); private static Map<String, String> SLRequestTemplates = new HashMap<String, String>(); + private static Map<String, String> DefaultBKUURLs = new HashMap<String, String>(); private static SSO ssoconfig = null; + private static Date date = null; + /** * Return the single instance of configuration data. * @@ -202,6 +224,10 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return instance; } + public static Date getTimeStamp() { + return date; + } + /** * Reload the configuration data and set it if successful. * @@ -244,7 +270,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { try { //Initial Hibernate Framework Logger.trace("Initializing Hibernate framework."); - + //Load MOAID-2.0 properties file File propertiesFile = new File(fileName); FileInputStream fis; @@ -264,12 +290,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { fis = new FileInputStream(propertiesFile); props.load(fis); - //TODO: maybe some general hibnerate config!!! // read MOAID Session Hibernate properties Properties moaSessionProp = new Properties(); for (Object key : props.keySet()) { String propPrefix = "moasession."; - if (key.toString().startsWith(propPrefix)) { + if (key.toString().startsWith(propPrefix+"hibernate")) { String propertyName = key.toString().substring(propPrefix.length()); moaSessionProp.put(propertyName, props.get(key.toString())); } @@ -279,11 +304,21 @@ public class AuthConfigurationProvider extends ConfigurationProvider { Properties configProp = new Properties(); for (Object key : props.keySet()) { String propPrefix = "configuration."; - if (key.toString().startsWith(propPrefix)) { + if (key.toString().startsWith(propPrefix+"hibernate")) { String propertyName = key.toString().substring(propPrefix.length()); configProp.put(propertyName, props.get(key.toString())); } } + + // read advanced logging properties + Properties statisticProps = new Properties(); + for (Object key : props.keySet()) { + String propPrefix = "advancedlogging."; + if (key.toString().startsWith(propPrefix+"hibernate")) { + String propertyName = key.toString().substring(propPrefix.length()); + statisticProps.put(propertyName, props.get(key.toString())); + } + } // initialize hibernate synchronized (AuthConfigurationProvider.class) { @@ -297,9 +332,20 @@ public class AuthConfigurationProvider extends ConfigurationProvider { config.addAnnotatedClass(AuthenticatedSessionStore.class); config.addAnnotatedClass(OASessionStore.class); config.addAnnotatedClass(OldSSOSessionIDStore.class); + config.addAnnotatedClass(ExceptionStore.class); config.addProperties(moaSessionProp); MOASessionDBUtils.initHibernate(config, moaSessionProp); + //initial advanced logging + if (isAdvancedLoggingActive()) { + Logger.info("Advanced statistic log is activated, starting initialization process ..."); + Configuration statisticconfig = new Configuration(); + statisticconfig.addAnnotatedClass(StatisticLog.class); + statisticconfig.addProperties(statisticProps); + StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps); + Logger.info("Advanced statistic log is initialized."); + } + } Logger.trace("Hibernate initialization finished."); @@ -383,6 +429,16 @@ public class AuthConfigurationProvider extends ConfigurationProvider { Logger.info("XML Configuration load is completed."); } + reloadDataBaseConfig(); + + + } catch (Throwable t) { + throw new ConfigurationException("config.02", null, t); + } + } + + public synchronized void reloadDataBaseConfig() throws ConfigurationException { + Logger.info("Read MOA-ID 2.0 configuration from database."); moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); Logger.info("MOA-ID 2.0 is loaded."); @@ -391,27 +447,17 @@ public class AuthConfigurationProvider extends ConfigurationProvider { Logger.warn("NO MOA-ID configuration found."); throw new ConfigurationException("config.18", null); } - - -// //TODO: only for Testing!!! -// if (MiscUtil.isNotEmpty(xmlconfigout)) { -// Logger.info("Write MOA-ID 2.x xml config into " + xmlconfig); -// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); -// Marshaller m = jc.createMarshaller(); -// m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); -// File test = new File(xmlconfigout); -// m.marshal(moaidconfig, test); -// -// } - + //build STORK Config AuthComponentGeneral auth = getAuthComponentGeneral(); ForeignIdentities foreign = auth.getForeignIdentities(); if (foreign == null ) { Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); - } else - storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir); + } + //TODO: commented because npe was thrown + //else + //storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir); //load Chaining modes @@ -431,41 +477,41 @@ public class AuthConfigurationProvider extends ConfigurationProvider { throw new ConfigurationException("config.02", null); } - //set Trusted CA certs directory - trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates(); + //set Trusted CA certs directory + trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates(); - //set CertStoreDirectory - setCertStoreDirectory(); - - //set TrustManagerRevocationChecking - setTrustManagerRevocationChecking(); - - //set TimeOuts + //set CertStoreDirectory + setCertStoreDirectory(); + + //set TrustManagerRevocationChecking + setTrustManagerRevocationChecking(); + + //set TimeOuts if (auth.getGeneralConfiguration() != null) { - if (auth.getGeneralConfiguration().getTimeOuts() != null) { - - timeouts = new TimeOuts(); - if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() == null) - timeouts.setAssertion(new BigInteger("120")); - else - timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion()); - - if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() == null) - timeouts.setMOASessionCreated(new BigInteger("2700")); - else - timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated()); - - if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() == null) - timeouts.setMOASessionUpdated(new BigInteger("1200")); - else - timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated()); - } - } - else { - Logger.warn("Error in MOA-ID Configuration. No TimeOuts defined."); - throw new ConfigurationException("config.02", null); - } - + if (auth.getGeneralConfiguration().getTimeOuts() != null) { + + timeouts = new TimeOuts(); + if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() == null) + timeouts.setAssertion(new BigInteger("120")); + else + timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion()); + + if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() == null) + timeouts.setMOASessionCreated(new BigInteger("2700")); + else + timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated()); + + if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() == null) + timeouts.setMOASessionUpdated(new BigInteger("1200")); + else + timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated()); + } + } + else { + Logger.warn("Error in MOA-ID Configuration. No TimeOuts defined."); + throw new ConfigurationException("config.02", null); + } + //set PVP2 general config Protocols protocols = auth.getProtocols(); if (protocols != null) { @@ -490,10 +536,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { Contact c = new Contact(); c.setCompany(e.getCompany()); c.setGivenName(e.getGivenName()); - c.setMail(e.getMail()); - c.setPhone(e.getPhone()); + c.getMail().addAll(e.getMail()); + c.getPhone().addAll(e.getPhone()); c.setSurName(e.getSurName()); c.setType(e.getType()); + cont.add(c); } } } @@ -504,6 +551,33 @@ public class AuthConfigurationProvider extends ConfigurationProvider { //set alternativeSourceID if (auth.getGeneralConfiguration() != null) alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID(); + + // sets the authentication session and authentication data time outs + BigInteger param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated(); + + if (param != null) { + long sessionTimeOut = param.longValue(); + if (sessionTimeOut > 0) + AuthenticationServer.getInstance() + .setSecondsSessionTimeOutCreated(sessionTimeOut); + } + + param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated(); + if (param != null) { + long sessionTimeOut = param.longValue(); + if (sessionTimeOut > 0) + AuthenticationServer.getInstance() + .setSecondsSessionTimeOutUpdated(sessionTimeOut); + } + + param = auth.getGeneralConfiguration().getTimeOuts().getAssertion(); + if (param != null) { + long authDataTimeOut = param.longValue(); + if (authDataTimeOut > 0) + AuthenticationServer.getInstance() + .setSecondsAuthDataTimeOut(authDataTimeOut); + } + else { Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined."); throw new ConfigurationException("config.02", null); @@ -577,14 +651,22 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } //set IdentityLinkSignerSubjectNames + IdentityLinkX509SubjectNames = new ArrayList<String>(); IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners(); if (idlsigners != null) { - IdentityLinkX509SubjectNames = new ArrayList<String>(idlsigners.getX509SubjectName()); - - } else { - Logger.warn("Warning in MOA-ID Configuration. No IdenitiyLink signer found."); - } - + Logger.debug("Load own IdentityLinkX509SubjectNames"); + IdentityLinkX509SubjectNames.addAll(new ArrayList<String>(idlsigners.getX509SubjectName())); + } + + // now add the default identity link signers + String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID; + for (int i=0; i<identityLinkSignersWithoutOID.length; i++) { + String identityLinkSigner = identityLinkSignersWithoutOID[i]; + if (!IdentityLinkX509SubjectNames.contains(identityLinkSigner)) { + IdentityLinkX509SubjectNames.add(identityLinkSigner); + } + } + //set SLRequestTemplates SLRequestTemplates templ = moaidconfig.getSLRequestTemplates(); if (templ == null) { @@ -596,6 +678,14 @@ public class AuthConfigurationProvider extends ConfigurationProvider { SLRequestTemplates.put(OAAuthParameter.HANDYBKU, templ.getHandyBKU()); } + //set Default BKU URLS + DefaultBKUs bkuuls = moaidconfig.getDefaultBKUs(); + if (bkuuls != null) { + DefaultBKUURLs.put(OAAuthParameter.ONLINEBKU, bkuuls.getOnlineBKU()); + DefaultBKUURLs.put(OAAuthParameter.LOCALBKU, bkuuls.getLocalBKU()); + DefaultBKUURLs.put(OAAuthParameter.HANDYBKU, bkuuls.getHandyBKU()); + } + //set SSO Config if (auth.getSSO()!= null) { ssoconfig = new SSO(); @@ -613,20 +703,17 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } else { Logger.warn("Error in MOA-ID Configuration. No Single Sign-On Config found"); } - + //close Database ConfigurationDBUtils.closeSession(); - } catch (Throwable t) { - throw new ConfigurationException("config.02", null, t); - } - } - + date = new Date(); + } - public Properties getGeneralPVP2ProperiesConfig() { + + private Properties getGeneralProperiesConfig(final String propPrefix) { Properties configProp = new Properties(); for (Object key : props.keySet()) { - String propPrefix = "protocols.pvp2."; if (key.toString().startsWith(propPrefix)) { String propertyName = key.toString().substring(propPrefix.length()); configProp.put(propertyName, props.get(key.toString())); @@ -635,6 +722,14 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return configProp; } + public Properties getGeneralPVP2ProperiesConfig() { + return this.getGeneralProperiesConfig("protocols.pvp2."); + } + + public Properties getGeneralOAuth20ProperiesConfig() { + return this.getGeneralProperiesConfig("protocols.oauth20."); + } + public PVP2 getGeneralPVP2DBConfig() { return pvp2general; @@ -769,6 +864,21 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } } + public List<String> getDefaultBKUURLs() throws ConfigurationException { + return new ArrayList<String>(DefaultBKUURLs.values()); + } + + public String getDefaultBKUURL(String type) throws ConfigurationException { + String el = DefaultBKUURLs.get(type); + if (MiscUtil.isNotEmpty(el)) + return el; + else { + Logger.warn("getSLRequestTemplates: BKU Type does not match: " + + OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU); + return null; + } + } + public boolean isSSOBusinessService() throws ConfigurationException { if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null) @@ -831,22 +941,44 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } public boolean isIdentityLinkResigning() { - String prop = props.getProperty("configuration.resignidentitylink", "false"); - if (Boolean.valueOf(prop)) - return true; - else - return false; + String prop = props.getProperty("configuration.resignidentitylink.active", "false"); + return Boolean.valueOf(prop); } public String getIdentityLinkResigningKey() { - String prop = props.getProperty("configuration.resignidentitylink.keygroup"); - + String prop = props.getProperty("configuration.resignidentitylink.keygroup"); if (MiscUtil.isNotEmpty(prop)) return prop; else return null; } + public boolean isMonitoringActive() { + String prop = props.getProperty("configuration.monitoring.active", "false"); + return Boolean.valueOf(prop); + } + + public String getMonitoringTestIdentityLinkURL() { + String prop = props.getProperty("configuration.monitoring.test.identitylink.url"); + if (MiscUtil.isNotEmpty(prop)) + return prop; + else + return null; + } + + public String getMonitoringMessageSuccess() { + String prop = props.getProperty("configuration.monitoring.message.success"); + if (MiscUtil.isNotEmpty(prop)) + return prop; + else + return null; + } + + public boolean isAdvancedLoggingActive() { + String prop = props.getProperty("configuration.advancedlogging.active", "false"); + return Boolean.valueOf(prop); + } + /** * Retruns the STORK Configuration * @return STORK Configuration @@ -879,7 +1011,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } } - private AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException { + private static AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException { AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral(); if (authgeneral == null) { Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found"); @@ -888,7 +1020,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return authgeneral; } - private MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException { + private static MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException { MOASP moasp = authgeneral.getMOASP(); if (moasp == null) { @@ -897,4 +1029,5 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } return moasp; } -}
\ No newline at end of file + +} |