diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java | 983 |
1 files changed, 983 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java new file mode 100644 index 000000000..38af90ade --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -0,0 +1,983 @@ +package at.gv.egovernment.moa.id.config.auth; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Date; +import java.util.List; +import java.util.Properties; + +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; +import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; +import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; +import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; +import at.gv.egovernment.moa.id.commons.db.dao.config.GeneralConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; +import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; +import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.SAML1; +import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; +import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; +import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; +import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; +import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl; +import at.gv.egovernment.moa.id.config.ConfigurationUtils; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.ConnectionParameterForeign; +import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; +import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; +import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed; +import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * A class providing access to the Auth Part of the MOA-ID configuration data. + */ +public class PropertyBasedAuthConfigurationProvider extends ConfigurationProviderImpl implements AuthConfiguration { + + + private static final boolean TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT = true; + + private MOAIDConfiguration configuration; + + private final Properties properties = new Properties(); + + public PropertyBasedAuthConfigurationProvider() { + } + + /** + * The constructor with path to a properties file as argument. + * + * @param fileName the path to the properties file + * @throws ConfigurationException if an error occurs during loading the properties file. + */ + public PropertyBasedAuthConfigurationProvider(String fileName) throws ConfigurationException { + File propertiesFile = new File(fileName); + rootConfigFileDir = propertiesFile.getParent(); + + try (FileInputStream in = new FileInputStream(propertiesFile);) { + properties.load(in); + } catch (FileNotFoundException e) { + throw new ConfigurationException("config.03", null, e); + } catch (IOException e) { + throw new ConfigurationException("config.03", null, e); + } + } + + /** + * Set the {@link Configuration} for this class. + * @param configuration the configuration + */ + @Autowired + public void setConfiguration(MOAIDConfiguration configuration) { + this.configuration = configuration; + } + + /** + * Get the properties. + * @return the properties + */ + private Properties getProperties() { + return properties; + } + + /** + * Method that avoids iterating over a {@link Collection} of type {@code T} which is actual {@code null}. + * @param item the collection + * @return the given {@link Collection} {@code item} if it is not {@code null}, or an empty {@link List} otherwise. + */ + @SuppressWarnings("unchecked") + public static <T extends Iterable<?>> T nullGuard(T item) { + if (item == null) { + return (T) Collections.emptyList(); + } else { + return item; + } + } + + /** + * Returns the general pvp2 properties config. NOTE: may be empty but never {@code null}. + * @return the general pvp2 properties config. + */ + public Properties getGeneralPVP2ProperiesConfig() { + return this.getGeneralProperiesConfig("protocols.pvp2."); + } + + /** + * Returns the general oauth20 properties config. NOTE: may be empty but never {@code null}. + * @return the general oauth20 properties config. + */ + public Properties getGeneralOAuth20ProperiesConfig() { + return this.getGeneralProperiesConfig("protocols.oauth20."); + } + + /** + * Returns the allowed protocols. NOTE: may return {@code null}. + * + * @return the allowed protocols or {@code null}. + */ + public ProtocolAllowed getAllowedProtocols() { + + AuthComponentGeneral authComponentGeneral; + try { + authComponentGeneral = getAuthComponentGeneral(); + } catch (ConfigurationException e) { + return null; + } + Protocols protocols = authComponentGeneral.getProtocols(); + if (protocols != null) { + ProtocolAllowed allowedProtcols = new ProtocolAllowed(); + if (protocols.getSAML1() != null) { + allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive()); + } + + if (protocols.getOAuth() != null) { + allowedProtcols.setOAUTHActive(protocols.getOAuth().isIsActive()); + } + + if (protocols.getPVP2() != null) { + allowedProtcols.setPVP21Active(protocols.getPVP2().isIsActive()); + } + return allowedProtcols; + } else { + Logger.warn("Error in MOA-ID Configuration. No general Protcol configuration found."); + return null; + } + } + + /** + * Returns the general PVP2 configuration. NOTE: may return {@code null}. + * + * @return the general PVP2 configuration or {@code null}. + */ + public PVP2 getGeneralPVP2DBConfig() { + + AuthComponentGeneral authComponentGeneral; + try { + authComponentGeneral = getAuthComponentGeneral(); + } catch (ConfigurationException e) { + return null; + } + Protocols protocols = authComponentGeneral.getProtocols(); + PVP2 result = null; + if (protocols != null) { + PVP2 pvp2 = protocols.getPVP2(); + if (pvp2 != null) { + result = new PVP2(); + result.setIssuerName(pvp2.getIssuerName()); + result.setPublicURLPrefix(pvp2.getPublicURLPrefix()); + + if (pvp2.getOrganization() != null) { + Organization org = new Organization(); + result.setOrganization(org); + org.setDisplayName(pvp2.getOrganization().getDisplayName()); + org.setName(pvp2.getOrganization().getName()); + org.setURL(pvp2.getOrganization().getURL()); + } + + if (pvp2.getContact() != null) { + List<Contact> cont = new ArrayList<Contact>(); + result.setContact(cont); + for (Contact e : pvp2.getContact()) { + Contact c = new Contact(); + c.setCompany(e.getCompany()); + c.setGivenName(e.getGivenName()); + c.getMail().addAll(e.getMail()); + c.getPhone().addAll(e.getPhone()); + c.setSurName(e.getSurName()); + c.setType(e.getType()); + cont.add(c); + } + } + } + + } else { + Logger.warn("Error in MOA-ID Configuration. No general Protcol configuration found."); + } + return result; + } + + /** + * Returns the configured timeouts, or a default timeout. + * + * @return the configured timeout, or the default (never {@code null}). + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}. + */ + public TimeOuts getTimeOuts() throws ConfigurationException { + + TimeOuts timeouts = new TimeOuts(); + + // set default timeouts + timeouts.setAssertion(new BigInteger("300")); + timeouts.setMOASessionCreated(new BigInteger("2700")); + timeouts.setMOASessionUpdated(new BigInteger("1200")); + + AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); + // search timeouts in config + GeneralConfiguration generalConfiguration = authComponentGeneral.getGeneralConfiguration(); + if (generalConfiguration != null) { + if (generalConfiguration.getTimeOuts() != null) { + if (generalConfiguration.getTimeOuts().getAssertion() != null) { + timeouts.setAssertion(generalConfiguration.getTimeOuts().getAssertion()); + } + + if (generalConfiguration.getTimeOuts().getMOASessionCreated() != null) { + timeouts.setMOASessionCreated(generalConfiguration.getTimeOuts().getMOASessionCreated()); + } + + if (generalConfiguration.getTimeOuts().getMOASessionUpdated() != null) { + timeouts.setMOASessionUpdated(generalConfiguration.getTimeOuts().getMOASessionUpdated()); + } + + } else { + Logger.info("No TimeOuts defined. Use default values"); + } + } + return timeouts; + } + + /** + * Returns an alternative source ID. NOTE: may return {@code null}. + * + * @return an alternative source ID or {@code null}. + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} + */ + public String getAlternativeSourceID() throws ConfigurationException { + AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); + String alternativeSourceId = null; + Protocols protocols = authComponentGeneral.getProtocols(); + if (protocols != null) { + SAML1 saml1 = protocols.getSAML1(); + if (saml1 != null && MiscUtil.isNotEmpty(saml1.getSourceID())) { + alternativeSourceId = saml1.getSourceID(); + } + } + GeneralConfiguration generalConfiguration = authComponentGeneral.getGeneralConfiguration(); + if (generalConfiguration != null && MiscUtil.isEmpty(alternativeSourceId)) { + alternativeSourceId = generalConfiguration.getAlternativeSourceID(); + } + return alternativeSourceId; + } + + /** + * Returns a list of legacy allowed protocols. NOTE: may return an empty list but never {@code null}. + * + * @return the list of protocols. + */ + public List<String> getLegacyAllowedProtocols() { + + try { + AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); + + if (authComponentGeneral.getProtocols() != null) { + Protocols procols = authComponentGeneral.getProtocols(); + if (procols.getLegacyAllowed() != null) { + LegacyAllowed legacy = procols.getLegacyAllowed(); + return legacy.getProtocolName(); + } + } + + return new ArrayList<String>(); + + } catch (NullPointerException e) { + Logger.info("No protocols found with legacy allowed flag!"); + return new ArrayList<String>(); + } catch (ConfigurationException e) { + return new ArrayList<String>(); + } + + } + + /** + * Provides configuration information regarding the online application behind the given URL, relevant to the MOA-ID Auth component. + * + * @param oaURL URL requested for an online application + * @return an <code>OAAuthParameter</code>, or <code>null</code> if none is applicable + */ + public OAAuthParameter getOnlineApplicationParameter(String oaURL) { + + OnlineApplication oa = getActiveOnlineApplication(oaURL); + if (oa == null) { + Logger.warn("Online application with identifier " + oaURL + " is not found."); + return null; + } + + return new OAAuthParameter(oa); + } + + /** + * Returns a string with a url-reference to the VerifyAuthBlock trust profile id within the moa-sp part of the authentication component. + * + * @return a string with a url-reference to the VerifyAuthBlock trust profile ID. + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}. + */ + public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException { + return getVerifyAuthBlock().getTrustProfileID(); + } + + /** + * Returns a list of strings with references to all verify transform info IDs within the moa-sp part of the authentication component. + * + * @return a list of strings containing all urls to the verify transform info IDs. + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}. + */ + public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { + return getVerifyAuthBlock().getVerifyTransformsInfoProfileID(); + } + + /** + * Returns a ConnectionParameter bean containing all information of the authentication component moa-sp element. + * + * @return ConnectionParameter of the authentication component moa-sp element. + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}. + */ + public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException { + ConnectionParameter result = null; + AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); + MOASP moasp = authComponentGeneral.getMOASP(); + if (moasp != null) { + ConnectionParameterClientAuthType connectionParameter = moasp.getConnectionParameter(); + if (connectionParameter != null) { + result = new ConnectionParameterMOASP(moasp.getConnectionParameter(), this.getProperties(), this.getRootConfigFileDir()); + } + } + return result; + } + + /** + * Returns the {@link ConnectionParameter} for the ForeignID. NOTE: may return {@code null}. + * + * @return the connection parameter. + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}. + */ + public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException { + + AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); + ForeignIdentities foreign = authComponentGeneral.getForeignIdentities(); + if (foreign != null) { + return new ConnectionParameterForeign(foreign.getConnectionParameter(), this.getProperties(), this.getRootConfigFileDir()); + } else { + Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found"); + return null; + } + } + + /** + * Returns the {@link ConnectionParameter} for the OnlineMandates. NOTE: may return {@code null}. + * + * @return the connection parameter. + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} + */ + public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException { + + AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); + OnlineMandates ovs = authComponentGeneral.getOnlineMandates(); + if (ovs != null) { + return new ConnectionParameterMandate(ovs.getConnectionParameter(), this.getProperties(), this.getRootConfigFileDir()); + } + return null; + } + + /** + * Returns a string with a url-reference to the VerifyIdentityLink trust profile id within the moa-sp part of the authentication component + * + * @return String with a url-reference to the VerifyIdentityLink trust profile ID + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link VerifyIdentityLink}. + */ + public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException { + + String result = null; + AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); + MOASP moasp = authComponentGeneral.getMOASP(); + if (moasp != null) { + VerifyIdentityLink verifyIdentityLink = moasp.getVerifyIdentityLink(); + if (verifyIdentityLink != null) { + result = verifyIdentityLink.getTrustProfileID(); + } else { + Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation."); + throw new ConfigurationException("config.02", null); + } + } + return result; + } + + /** + * Returns a non-empty list of transform infos. NOTE: list is never {@code empty} or {@code null}. + * + * @return a list of transform infos. + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link SecurityLayer}. + */ + public List<String> getTransformsInfos() throws ConfigurationException { + + AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); + SecurityLayer securityLayer = authComponentGeneral.getSecurityLayer(); + if (securityLayer != null) { + + List<String> result = ConfigurationUtils.getTransformInfos(securityLayer.getTransformsInfo()); + + if (result == null || result.isEmpty()) { + Logger.error("No Security-Layer Transformation found."); + throw new ConfigurationException("config.05", new Object[] { "Security-Layer Transformation" }); + } + return result; + + } else { + Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found"); + throw new ConfigurationException("config.02", null); + } + } + + /** + * Returns a list of IdentityLinkX509SubjectNames. NOTE: may return an empty list but never {@code null}. + * + * @return the list of IdentityLinkX509SubjectNames. + * + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} + */ + public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException { + + ArrayList<String> identityLinkX509SubjectNames = new ArrayList<String>(); + + AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); + + IdentityLinkSigners idlsigners = authComponentGeneral.getIdentityLinkSigners(); + if (idlsigners != null) { + Logger.debug("Load own IdentityLinkX509SubjectNames"); + identityLinkX509SubjectNames.addAll(new ArrayList<String>(idlsigners.getX509SubjectName())); + } + + String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID; + for (int i = 0; i < identityLinkSignersWithoutOID.length; i++) { + String identityLinkSigner = identityLinkSignersWithoutOID[i]; + if (!identityLinkX509SubjectNames.contains(identityLinkSigner)) { + identityLinkX509SubjectNames.add(identityLinkSigner); + } + } + + return identityLinkX509SubjectNames; + } + + /** + * Returns a list of default SLRequestTemplates. NOTE: may return an empty list but never {@code null}. + * + * @return list of default SLRequestTemplates. + * @throws ConfigurationException is never thrown + */ + public List<String> getSLRequestTemplates() throws ConfigurationException { + + SLRequestTemplates templates = configuration.get(MOAIDConfigurationConstants.SLREQUEST_TEMPLATES_KEY, SLRequestTemplates.class); + List<String> templatesList = new ArrayList<String>(); + + if (templates != null) { + templatesList.add(templates.getOnlineBKU()); + templatesList.add(templates.getLocalBKU()); + templatesList.add(templates.getHandyBKU()); + } + return templatesList; + } + + /** + * Returns the type's default SLRequestTemplate. NOTE: may return {@code null}. + * + * @param type the type of BKU. + * @return the default SLRequestTemplate for the given type. + * + * @throws ConfigurationException is never thrown + */ + public String getSLRequestTemplates(String type) throws ConfigurationException { + + SLRequestTemplates templates = configuration.get(MOAIDConfigurationConstants.SLREQUEST_TEMPLATES_KEY, SLRequestTemplates.class); + String slRequestTemplate = null; + + if (templates != null) { + switch (type) { + case IOAAuthParameters.ONLINEBKU: + slRequestTemplate = templates.getOnlineBKU(); + break; + case IOAAuthParameters.LOCALBKU: + slRequestTemplate = templates.getLocalBKU(); + break; + case IOAAuthParameters.HANDYBKU: + slRequestTemplate = templates.getHandyBKU(); + break; + default: + Logger.warn("getSLRequestTemplates: BKU Type does not match: " + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + + IOAAuthParameters.LOCALBKU); + } + } + return slRequestTemplate; + } + + /** + * Returns a list of default BKUURLs. NOTE: may return an empty list but never {@code null}. + * + * @return list of default BKUURLs. + * @throws ConfigurationException is never thrown + */ + public List<String> getDefaultBKUURLs() throws ConfigurationException { + + DefaultBKUs bkuurls = configuration.get(MOAIDConfigurationConstants.DEFAULT_BKUS_KEY, DefaultBKUs.class); + List<String> bkuurlsList = new ArrayList<String>(); + + if (bkuurls != null) { + bkuurlsList.add(bkuurls.getOnlineBKU()); + bkuurlsList.add(bkuurls.getLocalBKU()); + bkuurlsList.add(bkuurls.getHandyBKU()); + } + return bkuurlsList; + } + + /** + * Returns the type's default BKUURL. NOTE: may return {@code null}. + * + * @param type the type of BKU. + * @return the default BKUURL for the given type. + * + * @throws ConfigurationException is never thrown + */ + public String getDefaultBKUURL(String type) throws ConfigurationException { + + DefaultBKUs bkuurls = configuration.get(MOAIDConfigurationConstants.DEFAULT_BKUS_KEY, DefaultBKUs.class); + String defaultBKUUrl = null; + + if (bkuurls != null) { + switch (type) { + case IOAAuthParameters.ONLINEBKU: + defaultBKUUrl = bkuurls.getOnlineBKU(); + break; + case IOAAuthParameters.LOCALBKU: + defaultBKUUrl = bkuurls.getLocalBKU(); + break; + case IOAAuthParameters.HANDYBKU: + defaultBKUUrl = bkuurls.getHandyBKU(); + break; + default: + Logger.warn("getDefaultBKUURL: BKU Type does not match: " + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + + IOAAuthParameters.LOCALBKU); + } + } + return defaultBKUUrl; + } + + /** + * Returns the SSOTagetIdentifier. NOTE: returns {@code null} if no SSOTargetIdentifier is set. + * + * @return the SSOTagetIdentifier or {@code null} + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} + */ + public String getSSOTagetIdentifier() throws ConfigurationException { + + AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); + + SSO sso = authComponentGeneral.getSSO(); + if (sso != null) { + return sso.getTarget(); + } + return null; + } + + /** + * Returns the SSOFriendlyName. NOTE: never returns {@code null}, if no SSOFriendlyName is set, a default String is returned. + * + * @return the SSOFriendlyName or a default String + */ + public String getSSOFriendlyName() { + + AuthComponentGeneral authComponentGeneral; + String defaultValue = "Default MOA-ID friendly name for SSO"; + try { + authComponentGeneral = getAuthComponentGeneral(); + } catch (ConfigurationException e) { + return defaultValue; + } + + SSO sso = authComponentGeneral.getSSO(); + if (sso != null) { + if (MiscUtil.isEmpty(sso.getFriendlyName())) { + return sso.getFriendlyName(); + } + } + return defaultValue; + } + + /** + * Returns the SSOSpecialText. NOTE: never returns {@code null}, if no SSOSpecialText is set, an empty String is returned. + * + * @return the SSOSpecialText or an empty String + */ + public String getSSOSpecialText() { + + AuthComponentGeneral authComponentGeneral; + try { + authComponentGeneral = getAuthComponentGeneral(); + } catch (ConfigurationException e) { + return new String(); + } + + SSO sso = authComponentGeneral.getSSO(); + if (sso != null) { + String text = sso.getSpecialText(); + return MiscUtil.isEmpty(text) ? new String() : text; + } + return new String(); + } + + /** + * Returns the MOASessionEncryptionKey NOTE: returns {@code null} if no MOASessionEncryptionKey is set. + * + * @return the MOASessionEncryptionKey or {@code null} + */ + public String getMOASessionEncryptionKey() { + String prop = properties.getProperty("configuration.moasession.key"); + return MiscUtil.isNotEmpty(prop) ? prop : null; + } + + /** + * Returns the MOAConfigurationEncryptionKey NOTE: returns {@code null} if no MOAConfigurationEncryptionKey is set. + * + * @return the MOAConfigurationEncryptionKey or {@code null} + */ + public String getMOAConfigurationEncryptionKey() { + String prop = properties.getProperty("configuration.moaconfig.key"); + return MiscUtil.isNotEmpty(prop) ? prop : null; + } + + /** + * @return {@code true} if IdentityLinkResigning is set, {@code false} otherwise. + */ + public boolean isIdentityLinkResigning() { + String prop = properties.getProperty("configuration.resignidentitylink.active", "false"); + return Boolean.valueOf(prop); + } + + /** + * Returns the IdentityLinkResigningKey. NOTE: returns {@code null} if no IdentityLinkResigningKey is set. + * + * @return the IdentityLinkResigningKey or {@code null} + */ + public String getIdentityLinkResigningKey() { + String prop = properties.getProperty("configuration.resignidentitylink.keygroup"); + return MiscUtil.isNotEmpty(prop) ? prop : null; + } + + /** + * @return {@code true} if MonitoringActive is set, {@code false} otherwise. + */ + public boolean isMonitoringActive() { + String prop = properties.getProperty("configuration.monitoring.active", "false"); + return Boolean.valueOf(prop); + } + + /** + * Returns the MonitoringTestIdentityLinkURL. NOTE: returns {@code null} if no MonitoringTestIdentityLinkURL is set. + * + * @return the MonitoringTestIdentityLinkURL or {@code null} + */ + public String getMonitoringTestIdentityLinkURL() { + String prop = properties.getProperty("configuration.monitoring.test.identitylink.url"); + return MiscUtil.isNotEmpty(prop) ? prop : null; + } + + /** + * Returns the MonitoringMessageSuccess. NOTE: returns {@code null} if no MonitoringMessageSuccess is set. + * + * @return the MonitoringMessageSuccess or {@code null} + */ + public String getMonitoringMessageSuccess() { + String prop = properties.getProperty("configuration.monitoring.message.success"); + return MiscUtil.isNotEmpty(prop) ? prop : null; + } + + /** + * @return {@code true} if AdvancedLoggingActive is set, {@code false} otherwise. + */ + public boolean isAdvancedLoggingActive() { + String prop = properties.getProperty("configuration.advancedlogging.active", "false"); + return Boolean.valueOf(prop); + } + + /** + * Returns the PublicURLPrefix. NOTE: returns {@code null} if no PublicURLPrefix is set. + * + * @return the PublicURLPrefix or {@code null} + */ + public String getPublicURLPrefix() { + + AuthComponentGeneral authComponentGeneral; + try { + authComponentGeneral = getAuthComponentGeneral(); + } catch (ConfigurationException e) { + return null; + } + + String publicURLPreFix = null; + GeneralConfiguration generalConfiguration = authComponentGeneral.getGeneralConfiguration(); + if (generalConfiguration != null && MiscUtil.isNotEmpty(generalConfiguration.getPublicURLPreFix())) { + publicURLPreFix = generalConfiguration.getPublicURLPreFix(); + } else { + Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined."); + } + return publicURLPreFix; + } + + /** + * @return {@code true} if PVP2AssertionEncryptionActive is set, {@code false} otherwise. + */ + public boolean isPVP2AssertionEncryptionActive() { + String prop = this.getProperties().getProperty("protocols.pvp2.assertion.encryption.active", "true"); + return Boolean.valueOf(prop); + } + + /** + * @return {@code true} if CertifiacteQCActive is set, {@code false} otherwise. + */ + public boolean isCertifiacteQCActive() { + String prop = this.getProperties().getProperty("configuration.validation.certificate.QC.ignore", "false"); + return !Boolean.valueOf(prop); + } + + /** + * Returns a STORK Configuration, NOTE: may return {@code null}. + * + * @return a new STORK Configuration or {@code null} + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} + */ + public STORKConfig getStorkConfig() throws ConfigurationException { + + STORKConfig result = null; + AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); + ForeignIdentities foreign = authComponentGeneral.getForeignIdentities(); + if (foreign == null) { + Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); + } else { + result = new STORKConfig(foreign.getSTORK(), this.getProperties(), this.getRootConfigFileDir()); + } + return result; + } + +// /** +// * Small helper method. +// * +// * @return the {@link AuthComponentGeneral} from the database +// * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} +// */ +// private AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException { +// +// AuthComponentGeneral authComponentGeneral = configuration.get(MOAIDConfigurationConstants.AUTH_COMPONENT_GENERAL_KEY, AuthComponentGeneral.class); +// if (authComponentGeneral == null) { +// Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found"); +// throw new ConfigurationException("config.02", null); +// } +// return authComponentGeneral; +// } + + /** + * Returns the {@link VerifyAuthBlock}. + * + * @return the {@link VerifyAuthBlock}. + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}. + */ + private VerifyAuthBlock getVerifyAuthBlock() throws ConfigurationException { + + AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); + MOASP moasp = authComponentGeneral.getMOASP(); + if (moasp != null) { + VerifyAuthBlock vab = moasp.getVerifyAuthBlock(); + if (vab != null) { + VerifyAuthBlock verifyIdl = new VerifyAuthBlock(); + verifyIdl.setTrustProfileID(vab.getTrustProfileID()); + verifyIdl.setVerifyTransformsInfoProfileID(new ArrayList<String>(vab.getVerifyTransformsInfoProfileID())); + return verifyIdl; + } else { + Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation."); + throw new ConfigurationException("config.02", null); + } + } else { + Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found"); + throw new ConfigurationException("config.02", null); + } + } + + /** + * Small helper method. NOTE: may return empty properties, but never {@code null}. + * @param propPrefix the prefix of the desired property. + * @return the {@link Properties} + */ + private Properties getGeneralProperiesConfig(final String propPrefix) { + + Properties configProp = new Properties(); + for (Object key : this.getProperties().keySet()) { + if (key.toString().startsWith(propPrefix)) { + String propertyName = key.toString().substring(propPrefix.length()); + configProp.put(propertyName, this.getProperties().get(key.toString())); + } + } + return configProp; + } + + /** + * Returns whether the trust-manager revocation checking is enabled or not. + * + * @return {@code true} if enable, {@code false} if disabled + */ + @Override + public boolean isTrustmanagerrevoationchecking() { + + try { + AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); + GeneralConfiguration generalConfiguration = authComponentGeneral.getGeneralConfiguration(); + if (generalConfiguration != null && generalConfiguration.isTrustManagerRevocationChecking() != null) { + + return generalConfiguration.isTrustManagerRevocationChecking(); + + } else { + Logger.warn("No TrustMangerRevoationChecking defined. Use default value = " + + String.valueOf(TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT).toUpperCase()); + return TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT; + } + + } catch (ConfigurationException e) { + return TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT; + } + } + + /** + * Returns the path to the certificate-store directory or {@code null} if there is no certificate-store directory defined. + * + * @return the path to the certstore directory or {@code null} + */ + @Override + public String getCertstoreDirectory() { + + try { + AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); + GeneralConfiguration generalConfiguration = authComponentGeneral.getGeneralConfiguration(); + if (generalConfiguration != null) { + return (rootConfigFileDir + generalConfiguration.getCertStoreDirectory()); + } else { + Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined."); + return null; + } + + } catch (ConfigurationException e) { + return null; + } + } + + @Override + public String getTrustedCACertificates() { + return (String) configuration.get(MOAIDConfigurationConstants.TRUSTED_CERTIFICATES_KEY, String.class); + } + + /** + * Returns the default chaining mode or {@code null} if there is no chaining mode defined. + * + * @return the default chaining mode or {@code null} + */ + @Override + public String getDefaultChainingMode() { + + ChainingModes chainingModes = (ChainingModes) configuration.get(MOAIDConfigurationConstants.CHAINING_MODES_KEY, ChainingModes.class); + if (chainingModes != null) { + return chainingModes.getSystemDefaultMode().value(); + } + + Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found."); + return null; + } + + /** + * Returns the current time. + * @return the time stamp + */ + public static Date getTimeStamp() { + + return new Date(); + } + + /** + * Returns a list of all {@link OnlineApplication}. + * + * @return list of all OnlineApplications + */ + public List<OnlineApplication> getAllOnlineApplications() { + Logger.trace("Get all OnlineApplications from database."); + + return configuration.getList(MOAIDConfigurationConstants.ONLINE_APPLICATIONS_KEY, OnlineApplication.class); + } + + /** + * Returns a list of all active {@link OnlineApplication} or {@code null} if no active online application was found. + * + * @return list of all active OnlineApplications or {@code null}. + */ + public List<OnlineApplication> getAllActiveOnlineApplications() { + Logger.debug("Get all new OnlineApplications from database."); + + List<OnlineApplication> result = new ArrayList<OnlineApplication>(); + List<OnlineApplication> allOAs = getAllOnlineApplications(); + + for (OnlineApplication oa : nullGuard(allOAs)) { + if (oa.isIsActive()) { + result.add(oa); + } + } + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return result; + } + + /** + * Returns the active {@link OnlineApplication} with the given ID or {@code null} if either no matching online application is found or if the {@code id} + * matches more than one entry. + * + * @param id the id of the requested online application + * @return the requested online application or {@code null} + */ + public OnlineApplication getActiveOnlineApplication(String id) { + Logger.trace("Get active OnlineApplication with ID " + id + " from database."); + + OnlineApplication result = null; + List<OnlineApplication> allActiveOAs = getAllActiveOnlineApplications(); + + for (OnlineApplication oa : nullGuard(allActiveOAs)) { + String publicUrlPrefix = oa.getPublicURLPrefix(); + if (publicUrlPrefix != null && publicUrlPrefix.length() <= id.length()) { + if ((id.substring(1, publicUrlPrefix.length()).equals(publicUrlPrefix))) { + if (result != null) { + Logger.warn("OAIdentifier matches more than one DB-entry!"); + return null; + } else { + result = oa; + } + } + } + } + return result; + } + +} |