aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java32
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java)38
8 files changed, 66 insertions, 52 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 168f2362a..dc0cab8c3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -41,6 +41,11 @@ public interface PVPConstants {
public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3";
public static final String STORK_QAA_1_4 = "http://www.stork.gov.eu/1.0/citizenQAALevel/4";
+ public static final String EIDAS_QAA_PREFIX = "http://eidas.europa.eu/LoA/";
+ public static final String EIDAS_QAA_LOW = EIDAS_QAA_PREFIX + "low";
+ public static final String EIDAS_QAA_SUBSTANTIAL = EIDAS_QAA_PREFIX + "substantial";
+ public static final String EIDAS_QAA_HIGH = EIDAS_QAA_PREFIX + "high";
+
public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/";
public static final String URN_OID_PREFIX = "urn:oid:";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 8a6b09376..b8f7e6d80 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -28,6 +28,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
@@ -50,6 +51,7 @@ import org.opensaml.xml.security.x509.X509Credential;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
@@ -75,6 +77,9 @@ public class PostBinding implements IDecoder, IEncoder {
X509Credential credentials = CredentialProvider
.getIDPAssertionSigningCredential();
+ //load default PVP security configurations
+ MOADefaultBootstrap.initializeDefaultPVPConfiguration();
+
VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
"resources/templates/pvp_postbinding_template.html");
@@ -110,6 +115,9 @@ public class PostBinding implements IDecoder, IEncoder {
X509Credential credentials = CredentialProvider
.getIDPAssertionSigningCredential();
+ //load default PVP security configurations
+ MOADefaultBootstrap.initializeDefaultPVPConfiguration();
+
Logger.debug("create SAML POSTBinding response");
VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 0a459a9be..f48d216dd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletResponse;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
@@ -51,6 +52,7 @@ import org.opensaml.xml.security.x509.X509Credential;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
@@ -74,6 +76,9 @@ public class RedirectBinding implements IDecoder, IEncoder {
X509Credential credentials = CredentialProvider
.getIDPAssertionSigningCredential();
+ //load default PVP security configurations
+ MOADefaultBootstrap.initializeDefaultPVPConfiguration();
+
Logger.debug("create SAML RedirectBinding response");
HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
@@ -104,6 +109,9 @@ public class RedirectBinding implements IDecoder, IEncoder {
X509Credential credentials = CredentialProvider
.getIDPAssertionSigningCredential();
+ //load default PVP security configurations
+ MOADefaultBootstrap.initializeDefaultPVPConfiguration();
+
Logger.debug("create SAML RedirectBinding response");
HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index 2ef861e20..c1e94ff36 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletResponse;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
import org.opensaml.saml2.core.RequestAbstractType;
@@ -47,6 +48,7 @@ import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.SignableXMLObject;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
@@ -142,6 +144,9 @@ public class SoapBinding implements IDecoder, IEncoder {
Credential credentials = CredentialProvider
.getIDPAssertionSigningCredential();
+ //load default PVP security configurations
+ MOADefaultBootstrap.initializeDefaultPVPConfiguration();
+
HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
resp, true);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
index 80789cd12..b731e2a95 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
@@ -50,7 +50,10 @@ public class MOADefaultBootstrap extends DefaultBootstrap {
}
-
+ public static void initializeDefaultPVPConfiguration() {
+ initializeGlobalSecurityConfiguration();
+
+ }
/**
* Initializes the default global security configuration.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index f33cadc41..03fa686f9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -55,18 +55,20 @@ import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing;
+import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
-public class MOAMetadataProvider implements ObservableMetadataProvider{
+public class MOAMetadataProvider implements ObservableMetadataProvider, IGarbageCollectorProcessing {
private static MOAMetadataProvider instance = null;
private static Object mutex = new Object();
@@ -77,18 +79,32 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
synchronized (mutex) {
if (instance == null) {
instance = new MOAMetadataProvider();
+
+ //add this to MOA garbage collector
+ MOAGarbageCollector.addModulForGarbageCollection(instance);
+
}
}
}
return instance;
}
- public static void reInitialize() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
+ */
+ @Override
+ public void runGarbageCollector() {
+ reInitialize();
+
+ }
+
+ private static void reInitialize() {
synchronized (mutex) {
/**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
if (instance != null)
- try {
+ try {
+ Logger.trace("Check consistence of PVP2X metadata");
instance.addAndRemoveMetadataProvider();
} catch (ConfigurationException e) {
@@ -422,8 +438,8 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
internalProvider = chainProvider;
}
- private MetadataFilterChain buildMetadataFilterChain(OAAuthParameter oaParam, String metadataURL, byte[] certificate) throws CertificateException {
- MetadataFilterChain filterChain = new MetadataFilterChain(metadataURL, certificate);
+ private PVPMetadataFilterChain buildMetadataFilterChain(OAAuthParameter oaParam, String metadataURL, byte[] certificate) throws CertificateException {
+ PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
filterChain.getFilters().add(new SchemaValidationFilter());
if (oaParam.isInderfederationIDP()) {
@@ -435,7 +451,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
return filterChain;
}
- private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName, MetadataFilterChain filter) {
+ private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName, PVPMetadataFilterChain filter) {
HTTPMetadataProvider httpProvider = null;
Timer timer= null;
MOAHttpClient httpClient = null;
@@ -470,7 +486,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
//httpProvider.setRefreshDelayFactor(0.1F);
if (filter == null) {
- filter = new MetadataFilterChain(metadataURL, certificate);
+ filter = new PVPMetadataFilterChain(metadataURL, certificate);
}
httpProvider.setMetadataFilter(filter);
httpProvider.initialize();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index 26b3bfbd1..9c294245f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -38,9 +38,6 @@ import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.core.Subject;
import org.opensaml.xml.XMLObject;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.PersonalAttributeList;
-
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
import at.gv.egovernment.moa.logging.Logger;
@@ -50,7 +47,7 @@ public class AssertionAttributeExtractor {
private Assertion assertion = null;
private Map<String, List<String>> attributs = new HashMap<String, List<String>>();
- private PersonalAttributeList storkAttributes = new PersonalAttributeList();
+ //private PersonalAttributeList storkAttributes = new PersonalAttributeList();
private final List<String> minimalAttributeNameList = Arrays.asList(
PVPConstants.PRINCIPAL_NAME_NAME,
@@ -77,9 +74,9 @@ public class AssertionAttributeExtractor {
for (XMLObject el : attr.getAttributeValues())
storkAttrValues.add(el.getDOM().getTextContent());
- PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(),
- false, storkAttrValues , "Available");
- storkAttributes.put(attr.getName(), storkAttr );
+// PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(),
+// false, storkAttrValues , "Available");
+// storkAttributes.put(attr.getName(), storkAttr );
} else {
List<String> attrList = new ArrayList<String>();
@@ -155,9 +152,9 @@ public class AssertionAttributeExtractor {
}
- public PersonalAttributeList getSTORKAttributes() {
- return storkAttributes;
- }
+// public PersonalAttributeList getSTORKAttributes() {
+// return storkAttributes;
+// }
public String getNameID() throws AssertionAttributeExtractorExeption {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
index 4e1d939ff..4c1da747b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
@@ -23,56 +23,28 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
import java.security.cert.CertificateException;
-import java.util.ArrayList;
-import java.util.List;
-import org.opensaml.saml2.metadata.provider.FilterException;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.xml.XMLObject;
-
-import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
/**
* @author tlenz
*
*/
-public class MetadataFilterChain implements MetadataFilter {
+public class PVPMetadataFilterChain extends MetadataFilterChain {
- private List<MetadataFilter> filters = new ArrayList<MetadataFilter>();
-
+
/**
* @throws CertificateException
*
*/
- public MetadataFilterChain(String url, byte[] certificate) throws CertificateException {
+ public PVPMetadataFilterChain(String url, byte[] certificate) throws CertificateException {
addDefaultFilters(url, certificate);
}
public void addDefaultFilters(String url, byte[] certificate) throws CertificateException {
- filters.add(new MetadataSignatureFilter(url, certificate));
+ addFilter(new MetadataSignatureFilter(url, certificate));
}
-
- /**
- * @return the filter
- */
- public List<MetadataFilter> getFilters() {
- return filters;
- }
-
-
- /* (non-Javadoc)
- * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
- */
- @Override
- public void doFilter(XMLObject arg0) throws FilterException {
- for (MetadataFilter filter : filters) {
- Logger.trace("Use MOAMetadatafilter " + filter.getClass().getName());
- filter.doFilter(arg0);
- }
-
- }
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 20:59:54 +0000