diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols')
37 files changed, 693 insertions, 502 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java index 93a2f7d6d..8eddd7833 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java @@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.protocols.oauth20; import java.util.Properties; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.util.FileUtils; public class OAuth20Configuration { @@ -49,8 +49,8 @@ public class OAuth20Configuration { private OAuth20Configuration() { try { - props = AuthConfigurationProvider.getInstance().getGeneralOAuth20ProperiesConfig(); - rootDir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); + props = AuthConfigurationProviderFactory.getInstance().getGeneralOAuth20ProperiesConfig(); + rootDir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); } catch (ConfigurationException e) { e.printStackTrace(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java index 75501d812..b0736ff2e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java @@ -48,6 +48,7 @@ public final class OAuth20Constants { public static final String PARAM_RESPONSE_TYPE = "response_type"; public static final String PARAM_REDIRECT_URI = "redirect_uri"; public static final String PARAM_STATE = "state"; + public static final String PARAM_NONCE = "nonce"; public static final String PARAM_GRANT_TYPE = "grant_type"; public static final String PARAM_GRANT_TYPE_VALUE_AUTHORIZATION_CODE = "authorization_code"; public static final String PARAM_CLIENT_ID = "client_id"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index 583120a86..439d08e0b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -30,6 +30,7 @@ import org.apache.commons.lang.StringUtils; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.oauth20.Pair; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDAuthBlock; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCcsURL; @@ -116,6 +117,7 @@ public final class OAuth20AttributeBuilder { buildersOpenId.add(new OpenIdIssueInstantAttribute()); buildersOpenId.add(new OpenIdAuthenticationTimeAttribute()); buildersOpenId.add(new OpenIdAudiencesAttribute()); + buildersOpenId.add(new OpenIdNonceAttribute()); // profile buildersProfile.add(new ProfileGivenNameAttribute()); @@ -173,10 +175,18 @@ public final class OAuth20AttributeBuilder { } private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData) { + final OAAuthParameter oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) { for (IAttributeBuilder b : builders) { try { - Pair<String, JsonPrimitive> attribute = b.build(oaParam, authData, generator); + //TODO: better solution requires more refactoring :( + Pair<String, JsonPrimitive> attribute = null; + if (b instanceof OpenIdNonceAttribute) { + OpenIdNonceAttribute nonceBuilder = (OpenIdNonceAttribute) b; + attribute = nonceBuilder.build(oaParam, authData, oAuthRequest, generator); + + } else + attribute = b.build(oaParam, authData, generator); + if (attribute != null && !StringUtils.isEmpty(attribute.getSecond().getAsString())) { jsonObject.add(attribute.getFirst(), attribute.getSecond()); } @@ -188,33 +198,34 @@ public final class OAuth20AttributeBuilder { } public static void addScopeOpenId(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData) { - addAttibutes(buildersOpenId, jsonObject, oaParam, authData); + final OAAuthParameter oaParam, final IAuthData authData, + final OAuth20AuthRequest oAuthRequest) { + addAttibutes(buildersOpenId, jsonObject, oaParam, authData, oAuthRequest); } public static void addScopeProfile(final JsonObject jsonObject, final OAAuthParameter oaParam, final IAuthData authData) { - addAttibutes(buildersProfile, jsonObject, oaParam, authData); + addAttibutes(buildersProfile, jsonObject, oaParam, authData, null); } public static void addScopeEID(final JsonObject jsonObject, final OAAuthParameter oaParam, final IAuthData authData) { - addAttibutes(buildersEID, jsonObject, oaParam, authData); + addAttibutes(buildersEID, jsonObject, oaParam, authData, null); } public static void addScopeEIDGov(final JsonObject jsonObject, final OAAuthParameter oaParam, final IAuthData authData) { - addAttibutes(buildersEIDGov, jsonObject, oaParam, authData); + addAttibutes(buildersEIDGov, jsonObject, oaParam, authData, null); } public static void addScopeMandate(final JsonObject jsonObject, final OAAuthParameter oaParam, final IAuthData authData) { - addAttibutes(buildersMandate, jsonObject, oaParam, authData); + addAttibutes(buildersMandate, jsonObject, oaParam, authData, null); } public static void addScopeSTORK(final JsonObject jsonObject, final OAAuthParameter oaParam, final IAuthData authData) { - addAttibutes(buildersSTORK, jsonObject, oaParam, authData); + addAttibutes(buildersSTORK, jsonObject, oaParam, authData, null); } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java new file mode 100644 index 000000000..6baa69b1e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java @@ -0,0 +1,57 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.protocols.oauth20.attributes; + +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.util.MiscUtil; + +public class OpenIdNonceAttribute implements IAttributeBuilder { + + public String getName() { + return "nonce"; + } + + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + return g.buildStringAttribute(this.getName(), "", null); + } + + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest, + IAttributeGenerator<ATT> g) throws AttributeException { + if (MiscUtil.isNotEmpty(oAuthRequest.getNonce())) + return g.buildStringAttribute(this.getName(), "", oAuthRequest.getNonce()); + else + return null; + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(this.getName(), ""); + } + +} + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index 562113920..d90df51e7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -33,7 +33,7 @@ import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; @@ -54,6 +54,7 @@ import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; class OAuth20AuthAction implements IAction { @@ -130,8 +131,7 @@ class OAuth20AuthAction implements IAction { Map<String, Object> params = new HashMap<String, Object>(); params.put(OAuth20Constants.RESPONSE_ACCESS_TOKEN, accessToken); params.put(OAuth20Constants.RESPONSE_TOKEN_TYPE, OAuth20Constants.RESPONSE_TOKEN_TYPE_VALUE_BEARER); - params.put(OAuth20Constants.RESPONSE_EXPIRES_IN, OpenIdExpirationTimeAttribute.expirationTime); - + params.put(OAuth20Constants.RESPONSE_EXPIRES_IN, OpenIdExpirationTimeAttribute.expirationTime); // build id token and scope Pair<String, String> pair = buildIdToken(auth20SessionObject.getScope(), oAuthRequest, authData); @@ -146,14 +146,14 @@ class OAuth20AuthAction implements IAction { private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData) throws MOAIDException, SignatureException { - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL()); + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL()); OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer()); OAuthJsonToken token = new OAuthJsonToken(signer); StringBuilder resultScopes = new StringBuilder(); // always fill with open id - OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), oaParam, authData); + OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), oaParam, authData, oAuthRequest); resultScopes.append("openId"); for (String s : scope.split(" ")) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index 5a4655b42..b5baa6a05 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -30,9 +30,9 @@ import javax.servlet.http.HttpServletRequest; import org.opensaml.saml2.core.Attribute; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; @@ -46,7 +46,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.logging.Logger; -class OAuth20AuthRequest extends OAuth20BaseRequest { +public class OAuth20AuthRequest extends OAuth20BaseRequest { private static final long serialVersionUID = 1L; @@ -55,6 +55,7 @@ class OAuth20AuthRequest extends OAuth20BaseRequest { private String redirectUri; private String scope; private String clientID; + private String nonce; /** * @return the responseType @@ -131,6 +132,22 @@ class OAuth20AuthRequest extends OAuth20BaseRequest { this.clientID = clientID; } + + + /** + * @return the nonce + */ + public String getNonce() { + return nonce; + } + + /** + * @param nonce the nonce to set + */ + public void setNonce(String nonce) { + this.nonce = nonce; + } + @Override protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception { this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true)); @@ -138,6 +155,7 @@ class OAuth20AuthRequest extends OAuth20BaseRequest { this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true)); this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true)); this.setScope(this.getParam(request, OAuth20Constants.PARAM_SCOPE, false)); + this.setNonce(this.getParam(request, OAuth20Constants.PARAM_NONCE, false)); // check for response type if (!this.responseType.equals(OAuth20Constants.RESPONSE_CODE)) { @@ -152,15 +170,12 @@ class OAuth20AuthRequest extends OAuth20BaseRequest { // check if client id and redirect uri are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - OAAuthParameter oaConfig = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(this.getOAURL()); - OAOAUTH20 oAuthConfig = oaConfig.getoAuth20Config(); - - if (!this.getClientID().equals(oAuthConfig.getOAuthClientId()) - || !this.getRedirectUri().equals(oAuthConfig.getOAuthRedirectUri())) { + OAAuthParameter oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); + + if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) + || !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) { throw new OAuth20AccessDeniedException(); } - - this.setOnlineApplicationConfiguration(oaConfig); } catch (ConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); @@ -178,7 +193,7 @@ class OAuth20AuthRequest extends OAuth20BaseRequest { reqAttr.put(el, ""); try { - OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL()); for (String s : scope.split(" ")) { if (s.equalsIgnoreCase("profile")) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index d08bd593a..844cfa815 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -31,16 +31,15 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringUtils; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidRequestException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; -import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -77,19 +76,16 @@ abstract class OAuth20BaseRequest extends RequestImpl { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } this.setOAURL(oaURL); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL); if (oaParam == null) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } this.setTarget(oaParam.getTarget()); - OAOAUTH20 config = oaParam.getoAuth20Config(); - if (config == null) { - throw new OAuth20InvalidRequestException(); - } - if (StringUtils.isEmpty(config.getOAuthClientSecret()) || StringUtils.isEmpty(config.getOAuthClientId()) - || StringUtils.isEmpty(config.getOAuthRedirectUri())) { + if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) + || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) + || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) { throw new OAuth20OANotSupportedException(); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 182f07675..98d46d424 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -11,7 +11,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -103,7 +103,7 @@ public class OAuth20Protocol implements IModulInfo { // get error code and description String errorCode; String errorDescription; - String errorUri = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + String errorUri = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() +"/" + OAuth20Constants.ERRORPAGE; String moaError = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index 50240b37b..1b6d93fdd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -28,9 +28,9 @@ import javax.servlet.http.HttpServletRequest; import org.opensaml.saml2.core.Attribute; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; @@ -122,19 +122,16 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { // check if client id and secret are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - OAAuthParameter oaConfig = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(this.getOAURL()); - OAOAUTH20 oAuthConfig = oaConfig.getoAuth20Config(); + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); - if (!this.getClientID().equals(oAuthConfig.getOAuthClientId())) { + if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) { throw new OAuth20AccessDeniedException(); } - if (!this.getClientSecret().equals(oAuthConfig.getOAuthClientSecret())) { + if (!this.getClientSecret().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))) { throw new OAuth20AccessDeniedException(); } - this.setOnlineApplicationConfiguration(oaConfig); - } catch (ConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index fbbc4b817..5440e7138 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -65,7 +65,7 @@ import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; @@ -102,7 +102,7 @@ import at.gv.egovernment.moa.id.util.VelocityLogAdapter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { +public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { public static final String NAME = PVP2XProtocol.class.getName(); public static final String PATH = "id_pvp2x"; @@ -200,7 +200,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { HttpServletResponse response, String action) throws MOAIDException { - if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isPVP21Active()) { + if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) { Logger.info("PVP2.1 is deaktivated!"); throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); @@ -473,7 +473,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { String oaURL = metadata.getEntityID(); oaURL = StringEscapeUtils.escapeHtml(oaURL); - OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL); Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding()); @@ -540,7 +540,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaRequest.getEntityID()); + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(moaRequest.getEntityID()); if (!oa.isInderfederationIDP()) { Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs."); throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null); @@ -647,7 +647,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { String oaURL = moaRequest.getEntityMetadata().getEntityID(); oaURL = StringEscapeUtils.escapeHtml(oaURL); - OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL); Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java index 65da23565..74b20356e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java @@ -34,7 +34,7 @@ import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.saml2.metadata.SPSSODescriptor; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; @@ -88,7 +88,7 @@ public class PVPTargetConfiguration extends RequestImpl { reqAttr.put(el, ""); try { - OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL()); SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata().getSPSSODescriptor(SAMLConstants.SAML20P_NS); if (spSSODescriptor.getAttributeConsumingServices() != null && diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index aa154b84b..b567798fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -60,6 +60,7 @@ import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.x509.X509Credential; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -69,7 +70,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationImpl; @@ -258,23 +259,23 @@ public class SingleLogOutAction implements IAction { } else { //print SLO information directly - redirectURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/idpSingleLogout"; + redirectURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/idpSingleLogout"; String artifact = Random.nextRandom(); String statusCode = null; if (sloContainer.getSloFailedOAs() == null || sloContainer.getSloFailedOAs().size() == 0) - statusCode = SLOSTATUS_SUCCESS; + statusCode = MOAIDAuthConstants.SLOSTATUS_SUCCESS; else - statusCode = SLOSTATUS_ERROR; + statusCode = MOAIDAuthConstants.SLOSTATUS_ERROR; AssertionStorage.getInstance().put(artifact, statusCode); - redirectURL = addURLParameter(redirectURL, PARAM_SLOSTATUS, artifact); + redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact); } //redirect to Redirect Servlet - String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet"; + String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(redirectURL, "UTF-8")); url = httpResp.encodeRedirectURL(url); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index 1a268c812..5402e3dce 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -62,6 +62,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public class PostBinding implements IDecoder, IEncoder { @@ -170,10 +171,12 @@ public class PostBinding implements IDecoder, IEncoder { RequestAbstractType inboundMessage = (RequestAbstractType) messageContext .getInboundMessage(); msg = new MOARequest(inboundMessage, getSAML2BindingName()); + msg.setEntityID(inboundMessage.getIssuer().getValue()); } else if (messageContext.getInboundMessage() instanceof StatusResponseType){ - StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage(); + StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage(); msg = new MOAResponse(inboundMessage); + msg.setEntityID(inboundMessage.getIssuer().getValue()); } else //create empty container if request type is unknown @@ -182,8 +185,10 @@ public class PostBinding implements IDecoder, IEncoder { if (messageContext.getPeerEntityMetadata() != null) msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); - else - Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer()); + else { + if (MiscUtil.isEmpty(msg.getEntityID())) + Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer()); + } msg.setVerified(false); msg.setRelayState(messageContext.getRelayState()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 587d8e935..81863f48f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -33,7 +33,6 @@ import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule; import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule; import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; @@ -48,7 +47,6 @@ import org.opensaml.ws.transport.http.HttpServletRequestAdapter; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.x509.X509Credential; import at.gv.egovernment.moa.id.config.ConfigurationException; @@ -63,7 +61,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.MiscUtil; public class RedirectBinding implements IDecoder, IEncoder { @@ -173,11 +171,32 @@ public class RedirectBinding implements IDecoder, IEncoder { else messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - decode.decode(messageContext); + try { + decode.decode(messageContext); - //check signature - signatureRule.evaluate(messageContext); + //check signature + signatureRule.evaluate(messageContext); + + } catch (SecurityException e) { + if (MiscUtil.isEmpty(messageContext.getInboundMessageIssuer())) { + throw e; + + } + Logger.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + messageContext.getPeerEntityId()); + if (!MOAMetadataProvider.getInstance().refreshMetadataProvider(messageContext.getInboundMessageIssuer())) + throw e; + + else { + Logger.trace("PVP2X metadata reload finished. Check validate message again."); + decode.decode(messageContext); + //check signature + signatureRule.evaluate(messageContext); + + } + Logger.trace("Second PVP2X message validation finished"); + } + InboundMessage msg = null; if (messageContext.getInboundMessage() instanceof RequestAbstractType) { RequestAbstractType inboundMessage = (RequestAbstractType) messageContext diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java index 4ef09184d..4959df16c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java @@ -52,7 +52,7 @@ import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory; import org.opensaml.xml.security.x509.X509Credential; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException; @@ -106,7 +106,7 @@ public class AuthResponseBuilder { } - boolean isEncryptionActive = AuthConfigurationProvider.getInstance().isPVP2AssertionEncryptionActive(); + boolean isEncryptionActive = AuthConfigurationProviderFactory.getInstance().isPVP2AssertionEncryptionActive(); if (encryptionCredentials != null && isEncryptionActive) { //encrypt SAML2 assertion diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 1b2e64759..61bc51565 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -64,7 +64,7 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; @@ -153,7 +153,7 @@ public class PVP2AssertionBuilder implements PVPConstants { AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter( peerEntity.getEntityID()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java index 8adf5cad9..72775ec02 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -interface IPVPAttributeBuilder extends PVPConstants, MOAIDAuthConstants, IAttributeBuilder { +interface IPVPAttributeBuilder extends PVPConstants, IAttributeBuilder { } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index d3a9ad3e7..de58c34a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -24,11 +24,12 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.config; import iaik.x509.X509Certificate; -import java.io.File; +import java.io.IOException; import java.net.URL; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.List; +import java.util.Map; import java.util.Properties; import java.util.jar.Attributes; import java.util.jar.Manifest; @@ -46,14 +47,14 @@ import org.opensaml.saml2.metadata.OrganizationURL; import org.opensaml.saml2.metadata.SurName; import org.opensaml.saml2.metadata.TelephoneNumber; -import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; @@ -90,31 +91,19 @@ public class PVPConfiguration { public static final String IDP_KEYALIASENCRYTPION = "sp.ks.assertion.encryption.alias"; public static final String IDP_KEY_PASSENCRYTPION = "sp.ks.assertion.encryption.keypassword"; - public static final String IDP_ISSUER_NAME = "idp.issuer.name"; - - public static final String METADATA_FILE = "md.dir"; - public static final String METADATA_EXTENSION = "md.ext"; - - public static final String IDP_ENTITY = "idp.entityid"; - public static final String IDP_ORG_NAME = "idp.org.name"; - public static final String IDP_ORG_DISPNAME = "idp.org.dispname"; - public static final String IDP_ORG_URL = "idp.org.url"; - - public static final String IDP_PUBLIC_URL = "idp.public.url"; - - public static final String IDP_TRUST_STORE = "idp.truststore"; - public static final String SP_TARGET_PREFIX = "sp.target."; - - public static final String IDP_CONTACT_PREFIX = "idp.contact"; - public static final String IDP_CONTACT_LIST = "idp.contact_list"; + public static final String IDP_ISSUER_NAME = "servicename"; + + public static final String IDP_ORG_NAME = "name.short"; + public static final String IDP_ORG_DISPNAME = "name.full"; + public static final String IDP_ORG_URL = "url"; - public static final String IDP_CONTACT_SURNAME = "surname"; + public static final String IDP_CONTACT_SURNAME = "familyname"; public static final String IDP_CONTACT_GIVENNAME = "givenname"; public static final String IDP_CONTACT_MAIL = "mail"; public static final String IDP_CONTACT_TYPE = "type"; public static final String IDP_CONTACT_COMPANY = "company"; - public static final String IDP_CONTACT_PHONE = "phone"; - + public static final String IDP_CONTACT_PHONE = "phone"; + private static String moaIDVersion = null; //PVP2 generalpvpconfigdb; @@ -124,8 +113,11 @@ public class PVPConfiguration { private PVPConfiguration() { try { //generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig(); - props = AuthConfigurationProvider.getInstance().getGeneralPVP2ProperiesConfig(); - rootDir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); + props = AuthConfigurationProviderFactory.getInstance().getGeneralPVP2ProperiesConfig(); + rootDir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); + + //load PVP2X metadata for all active online applications + MOAMetadataProvider.getInstance(); } catch (ConfigurationException e) { e.printStackTrace(); @@ -133,7 +125,7 @@ public class PVPConfiguration { } public String getIDPPublicPath() throws ConfigurationException { - String publicPath = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + String publicPath = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); if(publicPath != null) { if(publicPath.endsWith("/")) { int length = publicPath.length(); @@ -209,75 +201,42 @@ public class PVPConfiguration { moaIDVersion = parseMOAIDVersionFromManifest(); } - return AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig().getIssuerName() + moaIDVersion; + return AuthConfigurationProviderFactory.getInstance().getConfigurationWithKey( + MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_SERVICENAMME) + moaIDVersion; } - - public List<String> getMetadataFiles() { - String filter = props.getProperty(METADATA_EXTENSION); - - if (filter == null) { - filter = ".mdxml"; - } - - List<String> files = new ArrayList<String>(); - - File[] faFiles = new File(props.getProperty(METADATA_FILE)).listFiles(); - for (File file : faFiles) { - if (!file.isDirectory()) { - if (file.getName().endsWith(filter)) { - files.add(file.getAbsolutePath()); - } - } - } - - return files; - } - - //TODO: - public String getTargetForSP(String sp) { - - try { - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(sp); - - if (oaParam != null) - return oaParam.getTarget(); - - Logger.warn("OnlineApplication with ID "+ sp + " is not found."); - return null; - - } catch (ConfigurationException e) { - Logger.warn("OnlineApplication with ID "+ sp + " is not found."); - return null; - } - - } - public iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) { + + try { + Logger.trace("Load metadata signing certificate for online application " + entityID); + IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID); + if (oaParam == null) { + Logger.info("Online Application with ID " + entityID + " not found!"); + return null; + } - try { - IOAAuthParameters oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(entityID); - - if (oaParam == null) { - Logger.warn("Online Application with ID " + entityID + " not found!"); - return null; - } - - OAPVP2 pvp2param = oaParam.getPVP2Parameter(); - - if (pvp2param == null) { - return null; - } - - Logger.info("Load TrustEntityCertificate ("+entityID+") from Database."); - return new X509Certificate(pvp2param.getCertificate()); + String pvp2MetadataCertificateString = + oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + if (MiscUtil.isEmpty(pvp2MetadataCertificateString)) { + Logger.info("Online Application with ID " + entityID + " include not PVP2X metadata signing certificate!"); + return null; + + } + + X509Certificate cert = new X509Certificate(Base64Utils.decode(pvp2MetadataCertificateString, false)); + Logger.debug("Metadata signing certificate is loaded for ("+entityID+") is loaded."); + return cert; } catch (CertificateException e) { - Logger.warn("Signer certificate can not be loaded from session database!", e); + Logger.warn("Metadata signer certificate is not parsed.", e); return null; } catch (ConfigurationException e) { - e.printStackTrace(); + Logger.error("Configuration is not accessable.", e); + return null; + + } catch (IOException e) { + Logger.warn("Metadata signer certificate is not decodeable.", e); return null; } } @@ -285,112 +244,101 @@ public class PVPConfiguration { public List<ContactPerson> getIDPContacts() throws ConfigurationException { List<ContactPerson> list = new ArrayList<ContactPerson>(); - List<Contact> contacts = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig().getContact(); + Map<String, String> contacts = AuthConfigurationProviderFactory.getInstance().getConfigurationWithPrefix( + MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT + "."); - if (contacts != null) { + ContactPerson person = SAML2Utils + .createSAMLObject(ContactPerson.class); + + String type = contacts.get(IDP_CONTACT_TYPE); + + if (type == null) { + Logger.error("IDP Contact with SurName " + contacts.get(IDP_CONTACT_SURNAME) + + " has no type defined!"); + type = "unknown"; + } + + ContactPersonTypeEnumeration enumType = null; + + if (type.equals(ContactPersonTypeEnumeration.ADMINISTRATIVE + .toString())) { + enumType = ContactPersonTypeEnumeration.ADMINISTRATIVE; + } else if (type.equals(ContactPersonTypeEnumeration.BILLING + .toString())) { + enumType = ContactPersonTypeEnumeration.BILLING; + } else if (type.equals(ContactPersonTypeEnumeration.OTHER + .toString())) { + enumType = ContactPersonTypeEnumeration.OTHER; + } else if (type.equals(ContactPersonTypeEnumeration.SUPPORT + .toString())) { + enumType = ContactPersonTypeEnumeration.SUPPORT; + } else if (type.equals(ContactPersonTypeEnumeration.TECHNICAL + .toString())) { + enumType = ContactPersonTypeEnumeration.TECHNICAL; + } + + if (enumType == null) { + Logger.error("IDP Contact with SurName " + contacts.get(IDP_CONTACT_SURNAME) + + " has invalid type defined: " + type); + } + + person.setType(enumType); + + String givenName = contacts.get(IDP_CONTACT_GIVENNAME); + + if (givenName != null) { + GivenName name = SAML2Utils + .createSAMLObject(GivenName.class); + name.setName(givenName); + person.setGivenName(name); + } + + String company = contacts.get(IDP_CONTACT_COMPANY); + + if (company != null) { + Company comp = SAML2Utils.createSAMLObject(Company.class); + comp.setName(company); + person.setCompany(comp); + } + + String surname = contacts.get(IDP_CONTACT_SURNAME); + + if (surname != null) { + SurName name = SAML2Utils.createSAMLObject(SurName.class); + name.setName(surname); + person.setSurName(name); + } + + String phone = contacts.get(IDP_CONTACT_PHONE); + if (phone != null) { + TelephoneNumber telePhone = SAML2Utils + .createSAMLObject(TelephoneNumber.class); + telePhone.setNumber(phone); + person.getTelephoneNumbers().add(telePhone); + } - for (Contact contact : contacts) { - - ContactPerson person = SAML2Utils - .createSAMLObject(ContactPerson.class); - - String type = contact.getType(); - - if (type == null) { - Logger.error("IDP Contact with SurName " + contact.getSurName() - + " has no type defined!"); - break; - } - - ContactPersonTypeEnumeration enumType = null; - - if (type.equals(ContactPersonTypeEnumeration.ADMINISTRATIVE - .toString())) { - enumType = ContactPersonTypeEnumeration.ADMINISTRATIVE; - } else if (type.equals(ContactPersonTypeEnumeration.BILLING - .toString())) { - enumType = ContactPersonTypeEnumeration.BILLING; - } else if (type.equals(ContactPersonTypeEnumeration.OTHER - .toString())) { - enumType = ContactPersonTypeEnumeration.OTHER; - } else if (type.equals(ContactPersonTypeEnumeration.SUPPORT - .toString())) { - enumType = ContactPersonTypeEnumeration.SUPPORT; - } else if (type.equals(ContactPersonTypeEnumeration.TECHNICAL - .toString())) { - enumType = ContactPersonTypeEnumeration.TECHNICAL; - } - - if (enumType == null) { - Logger.error("IDP Contact with SurName " + contact.getSurName() - + " has invalid type defined: " + type); - break; - } - - person.setType(enumType); - - String givenName = contact.getGivenName(); - - if (givenName != null) { - GivenName name = SAML2Utils - .createSAMLObject(GivenName.class); - name.setName(givenName); - person.setGivenName(name); - } - - String company = contact.getCompany(); - - if (company != null) { - Company comp = SAML2Utils.createSAMLObject(Company.class); - comp.setName(company); - person.setCompany(comp); - } - - String surname = contact.getSurName(); - - if (surname != null) { - SurName name = SAML2Utils.createSAMLObject(SurName.class); - name.setName(surname); - person.setSurName(name); - } - - List<String> phones = contact.getPhone(); - for (String phone : phones) { - TelephoneNumber telePhone = SAML2Utils - .createSAMLObject(TelephoneNumber.class); - telePhone.setNumber(phone); - person.getTelephoneNumbers().add(telePhone); - } - - List<String> mails = contact.getMail(); - for (String mail : mails) { - EmailAddress mailAddress = SAML2Utils - .createSAMLObject(EmailAddress.class); - mailAddress.setAddress(mail); - person.getEmailAddresses().add(mailAddress); - } - - list.add(person); - } + String mail = contacts.get(IDP_CONTACT_MAIL); + if (mail != null) { + EmailAddress mailAddress = SAML2Utils + .createSAMLObject(EmailAddress.class); + mailAddress.setAddress(mail); + person.getEmailAddresses().add(mailAddress); } + + list.add(person); return list; } public Organization getIDPOrganisation() throws ConfigurationException { Organization org = SAML2Utils.createSAMLObject(Organization.class); - at.gv.egovernment.moa.id.commons.db.dao.config.Organization organisation = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig().getOrganization(); - - String org_name = null; - String org_dispname = null; - String org_url = null; - - if (organisation != null) { - org_name = organisation.getName(); - org_dispname = organisation.getDisplayName(); - org_url = organisation.getURL(); - } + Map<String, String> organisation = AuthConfigurationProviderFactory.getInstance().getConfigurationWithPrefix( + MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG + "."); + String org_name = organisation.get(IDP_ORG_NAME); + String org_dispname = organisation.get(IDP_ORG_DISPNAME); + String org_url = organisation.get(IDP_ORG_URL); + if (org_name == null || org_dispname == null || org_url == null) { return null; } @@ -416,6 +364,7 @@ public class PVPConfiguration { private String parseMOAIDVersionFromManifest() { try { + @SuppressWarnings("rawtypes") Class clazz = PVPConfiguration.class; String className = clazz.getSimpleName() + ".class"; String classPath = clazz.getResource(className).toString(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index d493ef9e0..389b9825f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -22,14 +22,18 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.metadata; +import java.io.IOException; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Collection; +import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; +import java.util.Map.Entry; +import java.util.concurrent.CopyOnWriteArrayList; import java.util.Timer; import javax.net.ssl.SSLHandshakeException; @@ -44,16 +48,18 @@ import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider; +import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider.Observer; import org.opensaml.xml.XMLObject; import org.opensaml.xml.parse.BasicParserPool; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; -import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; -import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; @@ -61,14 +67,15 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.Interfeder import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; -public class MOAMetadataProvider implements MetadataProvider { +public class MOAMetadataProvider implements ObservableMetadataProvider{ private static MOAMetadataProvider instance = null; - private static Object mutex = new Object(); - private static Date timestamp = null; + private List<ObservableMetadataProvider.Observer> observers; + public static MOAMetadataProvider getInstance() { if (instance == null) { @@ -80,18 +87,19 @@ public class MOAMetadataProvider implements MetadataProvider { } return instance; } - - public static Date getTimeStamp() { - return timestamp; - } public static void reInitialize() { synchronized (mutex) { /**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/ if (instance != null) - instance.addAndRemoveMetadataProvider(); - + try { + instance.addAndRemoveMetadataProvider(); + + } catch (ConfigurationException e) { + Logger.error("Access to MOA-ID configuration FAILED.", e); + + } else Logger.info("MOAMetadataProvider is not loaded."); } @@ -108,90 +116,168 @@ public class MOAMetadataProvider implements MetadataProvider { MetadataProvider internalProvider; + public boolean refreshMetadataProvider(String entityID) { + try { + OAAuthParameter oaParam = + AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID); + if (oaParam != null) { + String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); + if (MiscUtil.isNotEmpty(metadataURL)) { + Map<String, HTTPMetadataProvider> actuallyLoadedProviders = getAllActuallyLoadedProviders(); + + // check if MetadataProvider is actually loaded + if (actuallyLoadedProviders.containsKey(metadataURL)) { + actuallyLoadedProviders.get(metadataURL).refresh(); + Logger.info("PVP2X metadata for onlineApplication: " + + entityID + " is refreshed."); + return true; + + } else { + //load new Metadata Provider + String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + if (MiscUtil.isNotEmpty(certBase64)) { + byte[] cert = Base64Utils.decode(certBase64, false); + String oaFriendlyName = oaParam.getFriendlyName(); + + ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider; + HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL, + cert, oaFriendlyName, + buildMetadataFilterChain(oaParam, metadataURL, + cert)); + + chainProvider.addMetadataProvider(newMetadataProvider); + + emitChangeEvent(); + + Logger.info("PVP2X metadata for onlineApplication: " + + entityID + " is added."); + return true; + + } else + Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata certificate for OA with Id: " + entityID); + + } + + } else + Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata URL for OA with Id: " + entityID); + + } else + Logger.debug("Can not refresh PVP2X metadata: NO onlineApplication with Id: " + entityID); + + + } catch (ConfigurationException e) { + Logger.warn("Access MOA-ID configuration FAILED.", e); + + } catch (MetadataProviderException e) { + Logger.warn("Refresh PVP2X metadata for onlineApplication: " + + entityID + " FAILED.", e); + + } catch (IOException e) { + Logger.warn("Refresh PVP2X metadata for onlineApplication: " + + entityID + " FAILED.", e); + + } catch (CertificateException e) { + Logger.warn("Refresh PVP2X metadata for onlineApplication: " + + entityID + " FAILED.", e); + + } + + return false; + + } + + private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() { + Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>(); + ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider; + + //make a Map of all actually loaded HTTPMetadataProvider + List<MetadataProvider> providers = chainProvider.getProviders(); + for (MetadataProvider provider : providers) { + if (provider instanceof HTTPMetadataProvider) { + HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider; + loadedproviders.put(httpprovider.getMetadataURI(), httpprovider); + + } + } + + return loadedproviders; + } - private void addAndRemoveMetadataProvider() { + + private void addAndRemoveMetadataProvider() throws ConfigurationException { if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) { Logger.info("Relaod MOAMetaDataProvider."); /*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException) *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/ Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>(); - - Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>(); ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider; - //make a Map of all actually loaded HTTPMetadataProvider - List<MetadataProvider> providers = chainProvider.getProviders(); - for (MetadataProvider provider : providers) { - if (provider instanceof HTTPMetadataProvider) { - HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider; - loadedproviders.put(httpprovider.getMetadataURI(), httpprovider); - } - } - - //set Timestamp - Date oldTimeStamp = timestamp; - timestamp = new Date(); + //get all actually loaded metadata providers + Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders(); //load all PVP2 OAs form ConfigurationDatabase and //compare actually loaded Providers with configured PVP2 OAs - List<OnlineApplication> oaList = ConfigurationDBRead - .getAllActiveOnlineApplications(); - - Iterator<OnlineApplication> oaIt = oaList.iterator(); - while (oaIt.hasNext()) { - HTTPMetadataProvider httpProvider = null; - - try { - OnlineApplication oa = oaIt.next(); - OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2(); - if (pvp2Config != null && MiscUtil.isNotEmpty(pvp2Config.getMetadataURL())) { - - String metadataurl = pvp2Config.getMetadataURL(); + Map<String, String> allOAs = AuthConfigurationProviderFactory.getInstance().getConfigurationWithWildCard( + MOAIDConfigurationConstants.PREFIX_SERVICES + + ".%." + + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + + if (allOAs != null) { + Iterator<Entry<String, String>> oaInterator = allOAs.entrySet().iterator(); + while (oaInterator.hasNext()) { + Entry<String, String> oaKeyPair = oaInterator.next(); + + OAAuthParameter oaParam = + AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaKeyPair.getValue()); + if (oaParam != null) { + String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); - if (loadedproviders.containsKey(metadataurl)) { + HTTPMetadataProvider httpProvider = null; + try { + if (MiscUtil.isNotEmpty(metadataurl)) { + if (loadedproviders.containsKey(metadataurl)) { + // PVP2 OA is actually loaded, to nothing + providersinuse.put(metadataurl, loadedproviders.get(metadataurl)); + loadedproviders.remove(metadataurl); - if (pvp2Config.getUpdateRequiredItem() != null && - pvp2Config.getUpdateRequiredItem().after(oldTimeStamp)) { - //PVP2 OA is actually loaded, but update is requested - Logger.info("Reload metadata for: " + oa.getFriendlyName()); - loadedproviders.get(metadataurl).refresh(); - - } - - // PVP2 OA is actually loaded, to nothing - providersinuse.put(metadataurl, loadedproviders.get(metadataurl)); - loadedproviders.remove(metadataurl); + } else if ( MiscUtil.isNotEmpty(metadataurl) && + !providersinuse.containsKey(metadataurl) ) { + //PVP2 OA is new, add it to MOAMetadataProvider + String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + if (MiscUtil.isNotEmpty(certBase64)) { + byte[] cert = Base64Utils.decode(certBase64, false); + String oaFriendlyName = oaParam.getFriendlyName(); + + + Logger.info("Loading metadata for: " + oaFriendlyName); + httpProvider = createNewHTTPMetaDataProvider( + metadataurl, + cert, + oaFriendlyName, + buildMetadataFilterChain(oaParam, metadataurl, + cert)); - } else if ( MiscUtil.isNotEmpty(metadataurl) && - !providersinuse.containsKey(metadataurl) ) { - //PVP2 OA is new, add it to MOAMetadataProvider - - Logger.info("Loading metadata for: " + oa.getFriendlyName()); - httpProvider = createNewHTTPMetaDataProvider( - pvp2Config.getMetadataURL(), - pvp2Config.getCertificate(), - oa.getFriendlyName(), - buildMetadataFilterChain(oa, pvp2Config.getMetadataURL(), - pvp2Config.getCertificate())); - - if (httpProvider != null) - providersinuse.put(metadataurl, httpProvider); + if (httpProvider != null) + providersinuse.put(metadataurl, httpProvider); + } - } - } - } catch (Throwable e) { - Logger.error( + } + } + } catch (Throwable e) { + Logger.error( "Failed to add Metadata (unhandled reason: " + e.getMessage(), e); - if (httpProvider != null) { - Logger.debug("Destroy failed Metadata provider"); - httpProvider.destroy(); - } + if (httpProvider != null) { + Logger.debug("Destroy failed Metadata provider"); + httpProvider.destroy(); + } - } + } + } + } } //remove all actually loaded MetadataProviders with are not in ConfigurationDB any more @@ -220,6 +306,8 @@ public class MOAMetadataProvider implements MetadataProvider { try { chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values())); + emitChangeEvent(); + } catch (MetadataProviderException e) { Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e); @@ -249,7 +337,9 @@ public class MOAMetadataProvider implements MetadataProvider { } else { Logger.warn("MetadataProvider can not be destroyed."); } - } + } + + this.observers = Collections.emptyList(); instance = null; } else { Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy"); @@ -258,80 +348,95 @@ public class MOAMetadataProvider implements MetadataProvider { private MOAMetadataProvider() { ChainingMetadataProvider chainProvider = new ChainingMetadataProvider(); - Logger.info("Loading metadata"); + this.observers = new CopyOnWriteArrayList<Observer>(); + Logger.info("Loading metadata"); Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>(); - - List<OnlineApplication> oaList = ConfigurationDBRead - .getAllActiveOnlineApplications(); - - if (oaList.size() == 0) - Logger.info("No Online-Application configuration found. PVP 2.1 metadata provider initialization failed!"); - - Iterator<OnlineApplication> oaIt = oaList.iterator(); - while (oaIt.hasNext()) { - HTTPMetadataProvider httpProvider = null; + try { + //TODO: database search does not work!!!!! + Map<String, String> allOAs = AuthConfigurationProviderFactory.getInstance().getConfigurationWithWildCard( + MOAIDConfigurationConstants.PREFIX_SERVICES + + ".%." + + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); - try { - OnlineApplication oa = oaIt.next(); - Logger.info("Loading metadata for: " + oa.getFriendlyName()); - OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2(); - if (pvp2Config != null && MiscUtil.isNotEmpty(pvp2Config.getMetadataURL())) { - String metadataURL = pvp2Config.getMetadataURL(); + if (allOAs != null) { + Iterator<Entry<String, String>> oaInterator = allOAs.entrySet().iterator(); + while (oaInterator.hasNext()) { + Entry<String, String> oaKeyPair = oaInterator.next(); - if (!providersinuse.containsKey(metadataURL)) { - - httpProvider = createNewHTTPMetaDataProvider( - metadataURL, - pvp2Config.getCertificate(), - oa.getFriendlyName(), - buildMetadataFilterChain(oa, metadataURL, - pvp2Config.getCertificate())); - - if (httpProvider != null) - providersinuse.put(metadataURL, httpProvider); + OAAuthParameter oaParam = + AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaKeyPair.getValue()); + if (oaParam != null) { + String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); + String oaFriendlyName = oaParam.getFriendlyName(); + HTTPMetadataProvider httpProvider = null; + + try { + String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + if (MiscUtil.isNotEmpty(certBase64) || MiscUtil.isNotEmpty(metadataurl)) { + byte[] cert = Base64Utils.decode(certBase64, false); + + + Logger.info("Loading metadata for: " + oaFriendlyName); + if (!providersinuse.containsKey(metadataurl)) { + httpProvider = createNewHTTPMetaDataProvider( + metadataurl, + cert, + oaFriendlyName, + buildMetadataFilterChain(oaParam, metadataurl, + cert)); - } else { - Logger.info(metadataURL + " are already added."); - } + if (httpProvider != null) + providersinuse.put(metadataurl, httpProvider); + + } else { + Logger.info(metadataurl + " are already added."); + } + + } else { + Logger.info(oaFriendlyName + + " is not a PVP2 Application skipping"); + } + } catch (Throwable e) { + Logger.error( + "Failed to add Metadata (unhandled reason: " + + e.getMessage(), e); - } else { - Logger.info(oa.getFriendlyName() - + " is not a PVP2 Application skipping"); + if (httpProvider != null) { + Logger.debug("Destroy failed Metadata provider"); + httpProvider.destroy(); + } + } + } } - } catch (Throwable e) { + + } else + Logger.info("No Online-Application configuration found. PVP 2.1 metadata provider initialization failed!"); + + try { + chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values())); + + } catch (MetadataProviderException e) { Logger.error( "Failed to add Metadata (unhandled reason: " + e.getMessage(), e); - - if (httpProvider != null) { - Logger.debug("Destroy failed Metadata provider"); - httpProvider.destroy(); - } - } - } - - - try { - chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values())); + } + + } catch (ConfigurationException e) { + Logger.error("Access MOA-ID configuration FAILED.", e); - } catch (MetadataProviderException e) { - Logger.error( - "Failed to add Metadata (unhandled reason: " - + e.getMessage(), e); } internalProvider = chainProvider; - timestamp = new Date(); } - private MetadataFilterChain buildMetadataFilterChain(OnlineApplication oa, String metadataURL, byte[] certificate) throws CertificateException { + private MetadataFilterChain buildMetadataFilterChain(OAAuthParameter oaParam, String metadataURL, byte[] certificate) throws CertificateException { MetadataFilterChain filterChain = new MetadataFilterChain(metadataURL, certificate); filterChain.getFilters().add(new SchemaValidationFilter()); - if (oa.isIsInterfederationIDP() != null && oa.isIsInterfederationIDP()) { + if (oaParam.isInderfederationIDP()) { Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies"); - filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oa.getType())); + filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oaParam.getBusinessService())); } @@ -349,11 +454,11 @@ public class MOAMetadataProvider implements MetadataProvider { try { MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( PVPConstants.SSLSOCKETFACTORYNAME, - AuthConfigurationProvider.getInstance().getCertstoreDirectory(), - AuthConfigurationProvider.getInstance().getTrustedCACertificates(), + AuthConfigurationProviderFactory.getInstance().getCertstoreDirectory(), + AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(), null, - ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()), - AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking()); + AuthConfiguration.DEFAULT_X509_CHAININGMODE, + AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking()); httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); @@ -458,4 +563,23 @@ public class MOAMetadataProvider implements MetadataProvider { return internalProvider.getRole(entityID, roleName, supportedProtocol); } + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers() + */ + @Override + public List<Observer> getObservers() { + return ((ChainingMetadataProvider) internalProvider).getObservers(); + } + + protected void emitChangeEvent() { + if ((getObservers() == null) || (getObservers().size() == 0)) { + return; + } + + List<Observer> tempObserverList = new ArrayList<Observer>(getObservers()); + for (ObservableMetadataProvider.Observer observer : tempObserverList) + if (observer != null) + observer.onEvent(this); + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java index 12de97a3f..2915ff683 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java @@ -39,7 +39,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; @@ -65,11 +65,11 @@ public class MOASAMLSOAPClient { SecureProtocolSocketFactory sslprotocolsocketfactory = new MOAHttpProtocolSocketFactory( PVPConstants.SSLSOCKETFACTORYNAME, - AuthConfigurationProvider.getInstance().getCertstoreDirectory(), - AuthConfigurationProvider.getInstance().getTrustedCACertificates(), + AuthConfigurationProviderFactory.getInstance().getCertstoreDirectory(), + AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(), null, - ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()), - AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking()); + AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), + AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking()); clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory ); } catch (MOAHttpProtocolSocketFactoryException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java index 550643da1..69c760f19 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java @@ -22,6 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.verification; +import java.io.IOException; import java.util.List; import org.opensaml.saml2.metadata.EntitiesDescriptor; @@ -32,36 +33,39 @@ import org.opensaml.xml.signature.SignatureValidator; import org.opensaml.xml.validation.ValidationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; -import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; public class EntityVerifier { public static byte[] fetchSavedCredential(String entityID) { // List<OnlineApplication> oaList = ConfigurationDBRead // .getAllActiveOnlineApplications(); + try { + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID); - OnlineApplication oa = ConfigurationDBRead - .getActiveOnlineApplication(entityID); - -// Iterator<OnlineApplication> oaIt = oaList.iterator(); -// while (oaIt.hasNext()) { -// OnlineApplication oa = oaIt.next(); -// if (oa.getPublicURLPrefix().equals(entityID)) { - - if (oa != null && oa.getAuthComponentOA() != null) { - - OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2(); - if (pvp2Config != null) { - return pvp2Config.getCertificate(); - } + String certBase64 = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + if (MiscUtil.isNotEmpty(certBase64)) { + return Base64Utils.decode(certBase64, false); + } -// } + + } catch (ConfigurationException e) { + Logger.error("Access MOA-ID configuration FAILED.", e); + + } catch (IOException e) { + Logger.warn("Decoding PVP2X metadata certificate FAILED.", e); + + } + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java index 257f9dac4..70b778c49 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java @@ -38,7 +38,6 @@ import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.StatusCode; import org.opensaml.saml2.core.StatusResponseType; -import org.opensaml.saml2.core.validator.AuthnRequestSchemaValidator; import org.opensaml.saml2.encryption.Decrypter; import org.opensaml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver; import org.opensaml.saml2.metadata.IDPSSODescriptor; @@ -68,25 +67,50 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationExcep import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public class SAMLVerificationEngine { public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { - if (msg instanceof MOARequest && - ((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType) - verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine); - - else - verifyResponse(((MOAResponse)msg).getResponse(), sigTrustEngine); + try { + if (msg instanceof MOARequest && + ((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType) + verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine); + else + verifyResponse(((MOAResponse)msg).getResponse(), sigTrustEngine); + + } catch (InvalidProtocolRequestException e) { + if (MiscUtil.isEmpty(msg.getEntityID())) { + throw e; + + } + Logger.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + msg.getEntityID()); + if (!MOAMetadataProvider.getInstance().refreshMetadataProvider(msg.getEntityID())) + throw e; + + else { + Logger.trace("PVP2X metadata reload finished. Check validate message again."); + + if (msg instanceof MOARequest && + ((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType) + verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine); + + else + verifyResponse(((MOAResponse)msg).getResponse(), sigTrustEngine); + + } + Logger.trace("Second PVP2X message validation finished"); + } } - public void verifyResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { + public void verifyResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException{ SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); try { profileValidator.validate(samlObj.getSignature()); @@ -110,13 +134,13 @@ public class SAMLVerificationEngine { if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) { throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } - } catch (SecurityException e) { - e.printStackTrace(); + } catch (org.opensaml.xml.security.SecurityException e) { + Logger.warn("PVP2x message signature validation FAILED.", e); throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } } - public void verifyRequest(RequestAbstractType samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { + public void verifyRequest(RequestAbstractType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException { SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); try { profileValidator.validate(samlObj.getSignature()); @@ -140,8 +164,8 @@ public class SAMLVerificationEngine { if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) { throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } - } catch (SecurityException e) { - e.printStackTrace(); + } catch (org.opensaml.xml.security.SecurityException e) { + Logger.warn("PVP2x message signature validation FAILED.", e); throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java index 885de6805..942fab4f3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java @@ -38,7 +38,7 @@ import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; @@ -52,7 +52,7 @@ public class SAMLVerifierMOASP implements ISAMLVerifier { try { if (request.isSigned()) { - String trustProfileID = AuthConfigurationProvider.getInstance() + String trustProfileID = AuthConfigurationProviderFactory.getInstance() .getStorkConfig().getSignatureVerificationParameter() .getTrustProfileID(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java index 4d9b97a52..918863d05 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java @@ -41,14 +41,10 @@ public class InterfederatedIDPPublicServiceFilter implements MetadataFilter { /** * */ - public InterfederatedIDPPublicServiceFilter(String metadataURL, String oaType) { + public InterfederatedIDPPublicServiceFilter(String metadataURL, boolean isBusinessService) { Logger.debug("Add " + this.getClass().getName() + " to metadata policy"); this.metadataURL = metadataURL; - - if (oaType.equals("businessService")) - this.isPublicService = false; - else - this.isPublicService = true; + this.isPublicService = !isBusinessService; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java index f73b541bf..1aca587c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java @@ -35,7 +35,7 @@ import org.opensaml.common.xml.SAMLSchemaBuilder; import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; import at.gv.egovernment.moa.logging.Logger; @@ -49,7 +49,7 @@ public class SchemaValidationFilter implements MetadataFilter { public SchemaValidationFilter() { try { - isActive = AuthConfigurationProvider.getInstance().isPVPSchemaValidationActive(); + isActive = AuthConfigurationProviderFactory.getInstance().isPVPSchemaValidationActive(); } catch (ConfigurationException e) { e.printStackTrace(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 4cdd1db01..2019b0d20 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -27,11 +27,12 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; @@ -65,7 +66,7 @@ public class GetArtifactAction implements IAction { } try { - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter(oaURL); SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); @@ -80,11 +81,11 @@ public class GetArtifactAction implements IAction { String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID); if (authData.isSsoSession()) { - String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet"; + String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8")); if (!oaParam.getBusinessService()) - url = addURLParameter(url, PARAM_TARGET, URLEncoder.encode(req.getTarget(), "UTF-8")); - url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, URLEncoder.encode(req.getTarget(), "UTF-8")); + url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = httpResp.encodeRedirectURL(url); httpResp.setContentType("text/html"); @@ -94,12 +95,12 @@ public class GetArtifactAction implements IAction { } else { String redirectURL = oaURL; if (!oaParam.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, + redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_TARGET, URLEncoder.encode(req.getTarget(), "UTF-8")); } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, + redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); redirectURL = httpResp.encodeRedirectURL(redirectURL); httpResp.setContentType("text/html"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index c8a480cac..e70e71d49 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -51,10 +51,10 @@ import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; -import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; @@ -173,10 +173,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer { throws ConfigurationException, BuildException, AuthenticationException { //Load SAML1 Parameter from OA config - OASAML1 saml1parameter = oaParam.getSAML1Parameter(); + SAML1ConfigurationParameters saml1parameter = oaParam.getSAML1Parameter(); boolean useCondition = saml1parameter.isUseCondition(); - int conditionLength = saml1parameter.getConditionLength().intValue(); + int conditionLength = saml1parameter.getConditionLength(); try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 4c30a1148..f75293ef0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -32,15 +32,14 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; -import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -50,7 +49,7 @@ import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; -public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { +public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { public static final String NAME = SAML1Protocol.class.getName(); public static final String PATH = "id_saml1"; @@ -101,7 +100,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { HttpServletResponse response, String action) throws MOAIDException { SAML1RequestImpl config = new SAML1RequestImpl(); - if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isSAML1Active()) { + if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) { Logger.info("SAML1 is deaktivated!"); throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" }); @@ -142,14 +141,14 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { //load Target only from OA config - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter(oaURL); if (oaParam == null) throw new InvalidProtocolRequestException("auth.00", new Object[] { null }); - OASAML1 saml1 = oaParam.getSAML1Parameter(); + SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter(); if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) { Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication."); throw new InvalidProtocolRequestException("auth.00", @@ -173,7 +172,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { IRequest protocolRequest) throws Throwable{ - OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); if (!oa.getSAML1Parameter().isProvideAllErrors()) return false; @@ -181,7 +180,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace(); String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest); - String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet"; + String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = response.encodeRedirectURL(url); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java index 9bf88534f..5370573a7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java @@ -27,10 +27,10 @@ import java.util.List; import org.opensaml.saml2.core.Attribute; -import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; @@ -70,8 +70,8 @@ public class SAML1RequestImpl extends RequestImpl { reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION); try { - OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); - OASAML1 saml1 = oa.getSAML1Parameter(); + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL()); + SAML1ConfigurationParameters saml1 = oa.getSAML1Parameter(); if (saml1 != null) { if (saml1.isProvideAUTHBlock()) reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 1e6cf6910..71b55d991 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -26,14 +26,10 @@ import java.util.ArrayList; import java.util.Iterator; import java.util.List; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; -import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; @@ -130,7 +126,7 @@ public class AttributeCollector implements IAction { // read configuration parameters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(container.getRequest().getAssertionConsumerServiceURL()); + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(container.getRequest().getAssertionConsumerServiceURL()); if (oaParam == null) throw new AuthenticationException("stork.12", new Object[]{container.getRequest().getAssertionConsumerServiceURL()}); @@ -278,7 +274,7 @@ public class AttributeCollector implements IAction { Logger.info(e.getAp().getClass().getSimpleName() + " is going to ask an external service provider for the requested attributes"); // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, request, response, oaParam); + e.getAp().performRedirect(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, request, response, oaParam); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index 10b325234..de1924ba1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -22,7 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.stork2; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; +import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin; import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider; import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.EHvdAttributeProviderPlugin; import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.EHvdAttribute_deprecatedProviderPlugin; @@ -33,6 +35,7 @@ import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.StorkAttribu import at.gv.egovernment.moa.logging.Logger; import java.util.ArrayList; +import java.util.Collection; import java.util.Iterator; import java.util.List; import java.util.PriorityQueue; @@ -48,14 +51,7 @@ public class AttributeProviderFactory { * @return the available plugins */ public static List<String> getAvailablePlugins() { - List<String> result = new ArrayList<String>(); - result.add("StorkAttributeRequestProvider"); - result.add("EHvdAttributeProvider_deprecated"); - result.add("EHvdAttributeProvider"); - result.add("SignedDocAttributeRequestProvider"); - result.add("MandateAttributeRequestProvider"); - result.add("PVPAuthenticationProvider"); - return result; + return MOAIDConstants.ALLOWED_STORKATTRIBUTEPROVIDERS; } /** @@ -91,14 +87,14 @@ public class AttributeProviderFactory { /** * Gets fresh instances of the configured plugins. * - * @param configuredAPs the configured a ps + * @param collection the configured a ps * @return the configured plugins */ public static Iterator<AttributeProvider> getConfiguredPlugins( - List<AttributeProviderPlugin> configuredAPs) { + Collection<StorkAttributeProviderPlugin> collection) { PriorityQueue<AttributeProvider> result = new PriorityQueue<AttributeProvider>(); - for (AttributeProviderPlugin current : configuredAPs) { + for (StorkAttributeProviderPlugin current : collection) { result.add(create(current.getName(), current.getUrl(), current.getAttributes())); Logger.debug("Adding configured attribute provider: " + current.getClass().getName() + current.getName() + " at " + current.getUrl()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 859f4900b..48502e9e9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; @@ -81,7 +81,7 @@ public class AuthenticationRequest implements IAction { httpResp.reset(); //TODO: CHECK: req.getOAURL() should return the unique OA identifier - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL()); + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(req.getOAURL()); if (oaParam == null) throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()}); @@ -200,7 +200,7 @@ public class AuthenticationRequest implements IAction { //TODO: in case of Single LogOut -> SLO information has to be stored // check if citizen country is configured in the system - if (!(AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode))) { + if (!(AuthConfigurationProviderFactory.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode))) { Logger.error("Citizen country PEPS not configured in MOA instance: " + citizenCountryCode); throw new MOAIDException("stork.05", null); // TODO } @@ -212,12 +212,12 @@ public class AuthenticationRequest implements IAction { String destinationURL = null; try { - issuer = new URL(AuthConfigurationProvider.getInstance().getPublicURLPrefix()).toString(); - destinationURL = AuthConfigurationProvider.getInstance().getStorkConfig().getCPEPS(citizenCountryCode).getPepsURL().toString(); - publicURLPrefix = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + issuer = new URL(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()).toString(); + destinationURL = AuthConfigurationProviderFactory.getInstance().getStorkConfig().getCPEPS(citizenCountryCode).getPepsURL().toString(); + publicURLPrefix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); assertionConsumerURL = publicURLPrefix + "/stork2/SendPEPSAuthnRequest"; } catch (MalformedURLException ex) { - Logger.error("Wrong PublicURLPrefix setting of MOA instance: " + AuthConfigurationProvider.getInstance().getPublicURLPrefix(), ex); + Logger.error("Wrong PublicURLPrefix setting of MOA instance: " + AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(), ex); throw new MOAIDException("stork.05", null); // TODO } catch (Exception ex) { Logger.error("Problem with PEPS configuration of MOA instance.", ex); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index 2c5728798..9377d045b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -28,7 +28,7 @@ import java.util.HashMap; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; @@ -130,7 +130,7 @@ public class ConsentEvaluator implements IAction { Template template = velocityEngine.getTemplate("/resources/templates/stork2_consent.html"); VelocityContext context = new VelocityContext(); - context.put("action", AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/CompleteAuthentication?" + ARTIFACT_ID + "=" + newArtifactId); + context.put("action", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/stork2/CompleteAuthentication?" + ARTIFACT_ID + "=" + newArtifactId); // assemble table String table = ""; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index a92d02e08..e9a1c2f1d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -30,7 +30,7 @@ import org.opensaml.saml2.core.Attribute; import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; @@ -235,7 +235,7 @@ public class MOASTORKRequest extends RequestImpl { //TODO: only for testing with MOA-ID as PVP Stammportal IOAAuthParameters oa; try { - oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); + oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL()); oa = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oa, this); DynamicOAAuthParameters tmp = (DynamicOAAuthParameters) oa; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java index ed8480ccb..b48a5acef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java @@ -27,7 +27,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; @@ -84,7 +84,7 @@ public class MandateRetrievalRequest implements IAction { Logger.debug("Removing personal identification value and type from original mandate "); originalContent = StringUtils.getBytesUtf8(originalMandate); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL()); + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(req.getOAURL()); if (oaParam == null) throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()}); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 1ef08464f..843b519a6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; @@ -45,7 +45,7 @@ import java.util.HashMap; * * @author bsuzic */ -public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { +public class STORKProtocol extends MOAIDAuthConstants implements IModulInfo { public static final String NAME = STORKProtocol.class.getName(); public static final String PATH = "id_stork2"; @@ -187,7 +187,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { STORK2Request.setSTORKAttrRequest(attrRequest); //check if OA is instance of VIDP or STORKPVPGateway - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(STORK2Request.getOAURL()); + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(STORK2Request.getOAURL()); if (oaParam == null) throw new AuthenticationException("stork.12", new Object[]{STORK2Request.getOAURL()}); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java index 2c77db94e..ea0062620 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java @@ -56,7 +56,8 @@ import org.apache.velocity.app.VelocityEngine; import org.bouncycastle.util.encoders.UrlBase64; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; @@ -110,7 +111,7 @@ public class SignedDocAttributeRequestProvider extends AttributeProvider { this.oasisDssWebFormURL = oasisDssWebFormURL; try { - AuthConfigurationProvider authConfigurationProvider = AuthConfigurationProvider.getInstance(); + AuthConfiguration authConfigurationProvider = AuthConfigurationProviderFactory.getInstance(); dtlUrl = authConfigurationProvider.getDocumentServiceUrl(); Logger.info ("SignedDocAttributeRequestProvider, using dtlUrl:"+dtlUrl); } catch (Exception e) { |