diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
28 files changed, 683 insertions, 950 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index 67547d8a2..0d9c1ec20 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -44,7 +44,7 @@ import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; + import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -212,7 +212,7 @@ public class StatisticLogger { } } - ConfigurationDBUtils.closeSession(); + try { StatisticLogDBUtils.saveOrUpdate(dblog); @@ -284,7 +284,7 @@ public class StatisticLogger { generateErrorLogFormThrowable(throwable, dblog); - ConfigurationDBUtils.closeSession(); + try { StatisticLogDBUtils.saveOrUpdate(dblog); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index d7694ac2c..91a91642d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1084,7 +1084,7 @@ public class AuthenticationServer extends MOAIDAuthConstants { * BASE64</strike><br/>New id of the authenticated MOA session or {@code null} in case of mandate mode (???) * @throws BKUException */ - public String verifyAuthenticationBlock(IRequest pendingReq, AuthenticationSession session, + public void verifyAuthenticationBlock(IRequest pendingReq, AuthenticationSession session, String xmlCreateXMLSignatureReadResponse) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException, BKUException { @@ -1132,24 +1132,6 @@ public class AuthenticationServer extends MOAIDAuthConstants { // invokes the call domVsresp = new SignatureVerificationInvoker() .verifyXMLSignature(domVsreq); - // debug output - - // } catch ( ServiceException e) { - // Logger.error("Signature verification error. ", e); - // Logger.error("Signed Data: " + session.getAuthBlock()); - // try { - // Logger.error("VerifyRequest: " + DOMUtils.serializeNode(domVsreq)); - // } catch (TransformerException e1) { - // e1.printStackTrace(); - // - // } catch (IOException e1) { - // e1.printStackTrace(); - // - // } - // - // throw e; - // } - // parses the <VerifyXMLSignatureResponse> VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser( @@ -1202,80 +1184,20 @@ public class AuthenticationServer extends MOAIDAuthConstants { throw e; } - - // // post processing of the infoboxes - // Iterator iter = session.getInfoboxValidatorIterator(); - // boolean formpending = false; - // if (iter != null) { - // while (!formpending && iter.hasNext()) { - // Vector infoboxValidatorVector = (Vector) iter.next(); - // String identifier = (String) infoboxValidatorVector.get(0); - // String friendlyName = (String) infoboxValidatorVector.get(1); - // InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - // .get(2); - // InfoboxValidationResult infoboxValidationResult = null; - // try { - // infoboxValidationResult = infoboxvalidator.validate(csresp - // .getSamlAssertion()); - // } catch (ValidateException e) { - // Logger.error("Error validating " + identifier + " infobox:" - // + e.getMessage()); - // throw new ValidateException("validator.44", - // new Object[]{friendlyName}); - // } - // if (!infoboxValidationResult.isValid()) { - // Logger.info("Validation of " + identifier - // + " infobox failed."); - // throw new ValidateException("validator.40", new Object[]{ - // friendlyName, - // infoboxValidationResult.getErrorMessage()}); - // } - // String form = infoboxvalidator.getForm(); - // if (ParepUtils.isEmpty(form)) { - // AddAdditionalSAMLAttributes( - // session, - // infoboxValidationResult.getExtendedSamlAttributes(), - // identifier, friendlyName); - // } else { - // return "Redirect to Input Processor"; - // } - // } - // } - + session.setXMLVerifySignatureResponse(vsresp); session.setSignerCertificate(vsresp.getX509certificate()); vsresp.setX509certificate(null); session.setForeigner(false); + //set QAA Level four in case of card authentifcation + session.setQAALevel(PVPConstants.STORK_QAA_1_4); + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); MOAReversionLogger.getInstance().logPersonalInformationEvent(pendingReq, session.getIdentityLink() ); - - if (session.getUseMandate()) { - // mandate mode - return null; - - } else { - - session.setAuthenticatedUsed(false); - session.setAuthenticated(true); - - //set QAA Level four in case of card authentifcation - session.setQAALevel(PVPConstants.STORK_QAA_1_4); - - - String oldsessionID = session.getSessionID(); - - //Session is implicte stored in changeSessionID!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - - Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); - Logger.info("Daten angelegt zu MOASession " + newMOASessionID); - - return newMOASessionID; - } } /** @@ -1358,10 +1280,10 @@ public class AuthenticationServer extends MOAIDAuthConstants { * @param sessionID session ID of the running authentication session * @return String "new Session" */ - public String getForeignAuthenticationData(AuthenticationSession session) + public void getForeignAuthenticationData(AuthenticationSession session) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { - + if (session == null) throw new AuthenticationException("auth.10", new Object[]{ REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); @@ -1369,17 +1291,10 @@ public class AuthenticationServer extends MOAIDAuthConstants { X509Certificate cert = session.getSignerCertificate(); vsresp.setX509certificate(cert); - session.setAuthenticatedUsed(false); - session.setAuthenticated(true); - - session.setXMLVerifySignatureResponse(vsresp); session.setSignerCertificate(vsresp.getX509certificate()); vsresp.setX509certificate(null); session.setForeigner(true); - - //TODO: regenerate MOASession ID! - return "new Session"; } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java index 1a311993e..72a7d3ba1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java @@ -127,7 +127,7 @@ public class SignatureVerificationInvoker { VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest); Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse); - Logger.setHierarchy("moa.id.auth"); + //Logger.setHierarchy("moa.id.auth"); return result.getDocumentElement(); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java index ed3089a41..0cfd16262 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java @@ -19,7 +19,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -95,7 +95,7 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { throw new TaskExecutionException(e.getMessage(), e);
} finally {
- ConfigurationDBUtils.closeSession();
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index 183467d87..df3d90aab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -21,7 +21,7 @@ import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
@@ -129,7 +129,7 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { }
finally {
- ConfigurationDBUtils.closeSession();
+
TransactionIDUtils.removeTransactionId();
TransactionIDUtils.removeSessionId();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index 2931d26e2..4951dcab8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -24,7 +24,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -176,7 +176,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { }
finally {
- ConfigurationDBUtils.closeSession();
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index fc5fb6c58..c172fc6f3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -13,7 +13,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -98,7 +98,7 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { }
finally {
- ConfigurationDBUtils.closeSession();
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index 25e0dd37f..6a30e40c1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -28,7 +28,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
@@ -147,7 +147,7 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { finally {
- ConfigurationDBUtils.closeSession();
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index 26c10399d..5e0be0f2c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -22,7 +22,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
@@ -166,7 +166,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { finally {
- ConfigurationDBUtils.closeSession();
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java index 821bb572a..f0a0024e5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java @@ -19,7 +19,7 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -104,7 +104,7 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { }
finally {
- ConfigurationDBUtils.closeSession();
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index 1d4b442da..a840b34e2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -40,8 +40,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; + import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -207,7 +206,7 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { } finally { - ConfigurationDBUtils.closeSession(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index 77675175e..c1e084a59 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -53,7 +53,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; + import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; @@ -122,7 +122,7 @@ public class LogOutServlet extends AuthServlet { return; } finally { - ConfigurationDBUtils.closeSession(); + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index 431a7e0f7..7dd8645c6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -31,7 +31,7 @@ import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; + import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.SSOManager; @@ -135,7 +135,7 @@ public class RedirectServlet extends AuthServlet{ return; } finally { - ConfigurationDBUtils.closeSession(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java deleted file mode 100644 index e9019ded4..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ /dev/null @@ -1,176 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria MOA-ID has been developed in a cooperation between - * BRZ, the Federal Chancellery Austria - ICT staff unit, and Graz University of Technology. - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by the European - * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in - * compliance with the Licence. You may obtain a copy of the Licence at: http://www.osor.eu/eupl/ - * Unless required by applicable law or agreed to in writing, software distributed under the Licence - * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the Licence for the specific language governing permissions and limitations under - * the Licence. This product combines work with different licenses. See the "NOTICE" text file for - * details on the various modules and licenses. The "NOTICE" text file is part of the distribution. - * Any derivative works that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.gv.egovernment.moa.id.config; - -import java.io.Serializable; - -import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; -import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; - -/** - * Configuration parameters belonging to an online application, to be used within both, the MOA ID - * Auth and the MOA ID PROXY component. - * - * @author Harald Bratko - */ -public class OAParameter implements Serializable { - - private static final long serialVersionUID = 1L; - - public OAParameter() { } - - public OAParameter(OnlineApplication oa) { - - this.oaType = oa.getType(); - - if (this.oaType.equals("businessService")) - this.businessService = true; - else - this.businessService = false; - - this.publicURLPrefix = oa.getPublicURLPrefix(); - - this.friendlyName = oa.getFriendlyName(); - - this.target = oa.getTarget(); - - this.targetFriendlyName = oa.getTargetFriendlyName(); - - this.removePBKFromAuthblock = oa.isRemoveBPKFromAuthBlock(); - - this.oAuth20Config = oa.getAuthComponentOA().getOAOAUTH20(); - - this.isInderfederationIDP = oa.isIsInterfederationIDP(); - - this.isSTORKPVPGateway = oa.isIsInterfederationGateway(); - - } - - /** - * type of the online application (maybe "PublicService" or "BusinessService") - */ - private String oaType; - - /** - * specifies whether the online application is a business application or not (<code>true</code> - * if value of {@link #oaType} is "businessService" - */ - protected boolean businessService; - - - /** - * public URL prefix of the online application - */ - protected String publicURLPrefix; - - /** - * specifies a human readable name of the Online Application - */ - protected String friendlyName; - - /** - * specified a specific target for the Online Application (overwrites the target in der request) - */ - protected String target; - /** - * specifies a friendly name for the target - */ - protected String targetFriendlyName; - - protected boolean removePBKFromAuthblock; - - protected Boolean isInderfederationIDP; - - protected Boolean isSTORKPVPGateway; - - /** - * Contains the oAuth 2.0 configuration (client id, secret and redirect uri) - */ - private OAOAUTH20 oAuth20Config; - - public String getOaType() { - return oaType; - } - - public boolean getBusinessService() { - return businessService; - } - - public String getPublicURLPrefix() { - return publicURLPrefix; - } - - public String getFriendlyName() { - return friendlyName; - } - - public String getTarget() { - return target; - } - - public String getTargetFriendlyName() { - return targetFriendlyName; - } - - public boolean isRemovePBKFromAuthBlock() { - return removePBKFromAuthblock; - } - - public OAOAUTH20 getoAuth20Config() { - return oAuth20Config; - } - - /** - * @return the isInderfederationIDP - */ - public boolean isInderfederationIDP() { - if (isInderfederationIDP == null) - return false; - - return isInderfederationIDP; - } - - public boolean isSTORKPVPGateway() { - if (isSTORKPVPGateway == null) - return false; - - return isSTORKPVPGateway; - } - - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java index 87e40c1b3..1f43a0d8a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.config.auth; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; + import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.logging.Logger; @@ -43,7 +43,7 @@ public class AuthConfigLoader implements Runnable { Logger.warn("MOA-ID Configuration validation is not possible, actually. Reuse old configuration.", e); } finally { - ConfigurationDBUtils.closeSession(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java index 4f321764a..ebe08b615 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java @@ -4,8 +4,6 @@ import java.util.List; import java.util.Map; import java.util.Properties; -import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; -import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -23,16 +21,10 @@ public interface AuthConfiguration extends ConfigurationProvider{ public ProtocolAllowed getAllowedProtocols(); - @Deprecated - public PVP2 getGeneralPVP2DBConfig(); - public Map<String, String> getConfigurationWithPrefix(final String Prefix); public String getConfigurationWithKey(final String key); - @Deprecated - public TimeOuts getTimeOuts() throws ConfigurationException; - public int getTransactionTimeOut(); public int getSSOCreatedTimeOut(); public int getSSOUpdatedTimeOut(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 03f4a300a..c25751aa4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -70,7 +70,7 @@ //import at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask; //import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; //import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; -//import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +// //import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; //import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; //import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; @@ -791,7 +791,7 @@ // } // // //close Database -// // ConfigurationDBUtils.closeSession(); +// // // // date = new Date(); // } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index d3292b021..963d1f50e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -47,6 +47,7 @@ package at.gv.egovernment.moa.id.config.auth; import java.io.IOException; +import java.io.Serializable; import java.security.PrivateKey; import java.util.ArrayList; import java.util.Collection; @@ -85,8 +86,13 @@ import at.gv.egovernment.moa.util.MiscUtil; * * @author Thomas Lenz */ -public class OAAuthParameter implements IOAAuthParameters { +public class OAAuthParameter implements IOAAuthParameters, Serializable{ + /** + * + */ + private static final long serialVersionUID = -6522544229837934376L; + final public static String DEFAULT_KEYBOXIDENTIFIER = "SecureSignatureKeypair"; private Map<String, String> oaConfiguration; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index f706bb376..a151d6dbe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -24,8 +24,6 @@ import org.springframework.context.support.ClassPathXmlApplicationContext; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; -import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; -import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl; import at.gv.egovernment.moa.id.config.ConfigurationUtils; @@ -231,19 +229,6 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide } - - - /** - * Returns the general PVP2 configuration. NOTE: may return {@code null}. - * - * @return the general PVP2 configuration or {@code null}. - * - * @deprecated - */ - public PVP2 getGeneralPVP2DBConfig() { - return null; - } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getTransactionTimeOut() @@ -290,48 +275,6 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide } } - - /** - * Returns the configured timeouts, or a default timeout. - * - * @return the configured timeout, or the default (never {@code null}). - * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}. - * - * @deprecated - */ - public TimeOuts getTimeOuts() throws ConfigurationException { - - TimeOuts timeouts = new TimeOuts(); - - // set default timeouts - timeouts.setAssertion(new BigInteger("300")); - timeouts.setMOASessionCreated(new BigInteger("2700")); - timeouts.setMOASessionUpdated(new BigInteger("1200")); - -// AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); -// // search timeouts in config -// GeneralConfiguration generalConfiguration = authComponentGeneral.getGeneralConfiguration(); -// if (generalConfiguration != null) { -// if (generalConfiguration.getTimeOuts() != null) { -// if (generalConfiguration.getTimeOuts().getAssertion() != null) { -// timeouts.setAssertion(generalConfiguration.getTimeOuts().getAssertion()); -// } -// -// if (generalConfiguration.getTimeOuts().getMOASessionCreated() != null) { -// timeouts.setMOASessionCreated(generalConfiguration.getTimeOuts().getMOASessionCreated()); -// } -// -// if (generalConfiguration.getTimeOuts().getMOASessionUpdated() != null) { -// timeouts.setMOASessionUpdated(generalConfiguration.getTimeOuts().getMOASessionUpdated()); -// } -// -// } else { -// Logger.info("No TimeOuts defined. Use default values"); -// } -// } - return timeouts; - } - /** * Returns an alternative source ID. NOTE: may return {@code null}. * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index 44f4da027..e59ac827b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -22,6 +22,7 @@ */ package at.gv.egovernment.moa.id.config.auth.data; +import java.io.Serializable; import java.security.PrivateKey; import java.util.Collection; import java.util.List; @@ -35,8 +36,13 @@ import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin; * @author tlenz * */ -public class DynamicOAAuthParameters implements IOAAuthParameters { +public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ + /** + * + */ + private static final long serialVersionUID = 1648437815185614566L; + private String publicURLPrefix; private String businessTarget; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index 54156330f..887a7e40f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -1,570 +1,570 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.config.legacy; - -import java.io.BufferedInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.math.BigInteger; -import java.net.URI; -import java.nio.file.Path; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collections; -import java.util.List; -import java.util.Map; -import java.util.Properties; -import java.util.Set; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; -import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; -import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; -import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; -import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; -import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; -import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; -import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; -import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; -import at.gv.egovernment.moa.id.commons.db.dao.config.GeneralConfiguration; -import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; -import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; -import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; -import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; -import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; -import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; -import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; -import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; -import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; -import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAuth; -import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; -import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; -import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; -import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; -import at.gv.egovernment.moa.id.commons.db.dao.config.SAML1; -import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; -import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; -import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; -import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; -import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; -import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; -import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; -import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; -import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; -import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; - -import at.gv.egovernment.moa.id.data.IssuerAndSerial; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.MiscUtil; - -public class BuildFromLegacyConfig { - - private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID"; - - private static final String SEARCHBKUTEMPLATE_LOCAL = "https://127.0.0.1:3496/"; - private static final String SEARCHBKUTEMPLATE_HANDY = "https://www.handy-signatur.at"; - private static final String SEARCHBKUTEMPLATE_ONLINE = "bkuonline/http-security-layer-request"; - - public static final String AUTH_SESSION_TIMEOUT_PROPERTY = - "AuthenticationSession.TimeOut"; - /** - * The name of the generic configuration property giving the authentication data time out. - */ - public static final String AUTH_DATA_TIMEOUT_PROPERTY = - "AuthenticationData.TimeOut"; - - - public static MOAIDConfiguration build(File fileName, String rootConfigFileDir, MOAIDConfiguration oldconfig) throws ConfigurationException { - InputStream stream = null; - Element configElem; - ConfigurationBuilder builder; - - Logger.info("Load Legacy-Configuration from file=" + fileName); - - try { - // load the main config file - stream = new BufferedInputStream(new FileInputStream(fileName)); - configElem = DOMUtils.parseXmlValidating(stream); - - } catch (Throwable t) { - throw new ConfigurationException("config.03", null, t); - } - - finally { - try { - if (stream != null) { - stream.close(); - } - } catch (IOException e) { - - } - } - - try { - String oldbkuonline = ""; - String oldbkulocal = ""; - String oldbkuhandy = ""; - - // build the internal datastructures - builder = new ConfigurationBuilder(configElem, rootConfigFileDir); - - - MOAIDConfiguration moaIDConfig = new MOAIDConfiguration(); - - AuthComponentGeneral generalAuth = new AuthComponentGeneral(); - moaIDConfig.setAuthComponentGeneral(generalAuth); - - - //not supported by MOA-ID 2.0 - //ConnectionParameter bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); - //bKUSelectable = (bKUConnectionParameter!=null); - //bKUSelectionType = builder.buildAuthBKUSelectionType(); - - - //Load generic Config - Map<String, String> genericConfiguration = builder.buildGenericConfiguration(); - GeneralConfiguration authGeneral = new GeneralConfiguration(); - - if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)) - authGeneral.setTrustManagerRevocationChecking( - Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))); - else - authGeneral.setTrustManagerRevocationChecking(true); - - if (genericConfiguration.containsKey(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY)) - authGeneral.setCertStoreDirectory( - (String)genericConfiguration.get(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY)); - else - authGeneral.setTrustManagerRevocationChecking(true); - - - //Load Assertion and Session timeouts - TimeOuts timeOuts = new TimeOuts(); - if (genericConfiguration.containsKey(AUTH_DATA_TIMEOUT_PROPERTY)) - timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AUTH_DATA_TIMEOUT_PROPERTY)))); - else - timeOuts.setAssertion(BigInteger.valueOf(2*60)); //default 2min - - if (genericConfiguration.containsKey(AUTH_SESSION_TIMEOUT_PROPERTY)) - timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AUTH_SESSION_TIMEOUT_PROPERTY)))); - else - timeOuts.setAssertion(BigInteger.valueOf(30*60)); //default 30min - - timeOuts.setMOASessionUpdated(BigInteger.valueOf(15*60)); //default 15min - authGeneral.setTimeOuts(timeOuts); - generalAuth.setGeneralConfiguration(authGeneral); - - Protocols auth_protocols = new Protocols(); - generalAuth.setProtocols(auth_protocols); - - LegacyAllowed prot_legacy = new LegacyAllowed(); - auth_protocols.setLegacyAllowed(prot_legacy); - final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); - prot_legacy.setProtocolName(PROTOCOLS_LEGACY_ALLOWED); - - //set SAML1 config - SAML1 saml1 = new SAML1(); - saml1.setIsActive(true); - if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID)) - saml1.setSourceID((String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID)); - auth_protocols.setSAML1(saml1); - - //set OAuth config - OAuth oauth = new OAuth(); - oauth.setIsActive(true); - auth_protocols.setOAuth(oauth); - - //set PVP2.1 config - PVP2 prot_pvp2 = new PVP2(); - auth_protocols.setPVP2(prot_pvp2); - prot_pvp2.setPublicURLPrefix("https://...."); - prot_pvp2.setIssuerName("MOA-ID 2.x IDP"); - - Organization pvp2_org = new Organization(); - prot_pvp2.setOrganization(pvp2_org); - pvp2_org.setDisplayName("OrganisationDisplayName"); - pvp2_org.setName("OrganisatioName"); - pvp2_org.setURL("http://testorganisation.at"); - - List<Contact> pvp2_contacts = new ArrayList<Contact>(); - prot_pvp2.setContact(pvp2_contacts); - - Contact pvp2_contact = new Contact(); - pvp2_contact.setCompany("OrganisationDisplayName"); - pvp2_contact.setGivenName("Max"); - - - List<String> mails = new ArrayList<String>(); - pvp2_contact.setMail(mails); - mails.add("max@muster.mann"); - - List<String> phones = new ArrayList<String>(); - pvp2_contact.setPhone(phones); - phones.add("01 5555 5555"); - - pvp2_contact.setSurName("Mustermann"); - pvp2_contact.setType("technical"); - pvp2_contacts.add(pvp2_contact); - - //SSO - SSO auth_sso = new SSO(); - generalAuth.setSSO(auth_sso); - auth_sso.setTarget(""); - auth_sso.setFriendlyName(""); - - - //set SecurityLayer Transformations - String[] transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH); - String[] transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames); - - List<TransformsInfoType> auth_transformInfos = new ArrayList<TransformsInfoType>(); - if (transformsInfos != null && transformsInfos.length > 0) { - for (int i=0; i<transformsInfos.length; i++) { - - TransformsInfoType transforminfotype = new TransformsInfoType(); - - if (transformsInfoFileNames[i] != null && - transformsInfos[i] != null) { - String fileURL = FileUtils.makeAbsoluteURL(transformsInfoFileNames[i], rootConfigFileDir); - Path fileName_ = new File(new URI(fileURL)).toPath().getFileName(); - transforminfotype.setFilename(fileName_.toString()); - - transforminfotype.setTransformation(Base64Utils.encode(transformsInfos[i].getBytes("UTF-8")).getBytes("UTF-8")); - auth_transformInfos.add(transforminfotype); - - } else - Logger.warn("AuthBlock Transformation " + transformsInfoFileNames[i] - + "not found."); - } - - } - - SecurityLayer auth_securityLayer = new SecurityLayer(); - auth_securityLayer.setTransformsInfo(auth_transformInfos); - generalAuth.setSecurityLayer(auth_securityLayer); - - - //set MOASP configuration - MOASP auth_moaSP = new MOASP(); - generalAuth.setMOASP(auth_moaSP); - - //set MOASP connection - ConnectionParameter moaSpConnectionParameter = builder.buildMoaSpConnectionParameter(); - if (moaSpConnectionParameter != null) { - ConnectionParameterClientAuthType auth_moaSP_connection = - parseConnectionParameterClientAuth(moaSpConnectionParameter); - auth_moaSP.setConnectionParameter(auth_moaSP_connection); - } - - //set VerifyIdentityLink - String moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID(); - VerifyIdentityLink auth_moaSP_verifyIdentityLink = new VerifyIdentityLink(); - auth_moaSP_verifyIdentityLink.setTrustProfileID(moaSpIdentityLinkTrustProfileID); - auth_moaSP.setVerifyIdentityLink(auth_moaSP_verifyIdentityLink); - - //set VerifyAuthBlock - String moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID(); - VerifyAuthBlock auth_moaSP_verifyAuthBlock = new VerifyAuthBlock(); - auth_moaSP_verifyAuthBlock.setTrustProfileID(moaSpAuthBlockTrustProfileID); - String[] moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs(); - List<String> transformlist = new ArrayList<String>(); - Collections.addAll(transformlist, moaSpAuthBlockVerifyTransformsInfoIDs); - auth_moaSP_verifyAuthBlock.setVerifyTransformsInfoProfileID(transformlist); - auth_moaSP.setVerifyAuthBlock(auth_moaSP_verifyAuthBlock); - - - //set IdentityLinkSigners - IdentityLinkSigners auth_idsigners = new IdentityLinkSigners(); - generalAuth.setIdentityLinkSigners(auth_idsigners); - List<String> identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); - auth_idsigners.setX509SubjectName(identityLinkX509SubjectNames); - - - //not supported by MOA-ID 2.0 - VerifyInfoboxParameters defaultVerifyInfoboxParameters = null; -// Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH); -// if (defaultVerifyInfoboxParamtersElem != null) { -// defaultVerifyInfoboxParameters = -// builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID); +///******************************************************************************* +// * Copyright 2014 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// *******************************************************************************/ +//package at.gv.egovernment.moa.id.config.legacy; +// +//import java.io.BufferedInputStream; +//import java.io.File; +//import java.io.FileInputStream; +//import java.io.IOException; +//import java.io.InputStream; +//import java.math.BigInteger; +//import java.net.URI; +//import java.nio.file.Path; +//import java.util.ArrayList; +//import java.util.Arrays; +//import java.util.Collections; +//import java.util.List; +//import java.util.Map; +//import java.util.Properties; +//import java.util.Set; +// +//import org.w3c.dom.Element; +// +//import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; +//import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +//import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; +//import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; +//import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; +//import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +//import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; +//import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; +//import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; +//import at.gv.egovernment.moa.id.commons.db.dao.config.GeneralConfiguration; +//import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +//import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; +//import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; +//import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +//import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; +//import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; +//import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; +//import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem; +//import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +//import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; +//import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; +//import at.gv.egovernment.moa.id.commons.db.dao.config.OAuth; +//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; +//import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; +//import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; +//import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +//import at.gv.egovernment.moa.id.commons.db.dao.config.SAML1; +//import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; +//import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; +//import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; +//import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; +//import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; +//import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; +//import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +//import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; +//import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; +//import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; +//import at.gv.egovernment.moa.id.config.ConfigurationException; +//import at.gv.egovernment.moa.id.config.ConfigurationProvider; +// +//import at.gv.egovernment.moa.id.data.IssuerAndSerial; +//import at.gv.egovernment.moa.logging.Logger; +//import at.gv.egovernment.moa.util.Base64Utils; +//import at.gv.egovernment.moa.util.DOMUtils; +//import at.gv.egovernment.moa.util.FileUtils; +//import at.gv.egovernment.moa.util.MiscUtil; +// +//public class BuildFromLegacyConfig { +// +// private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID"; +// +// private static final String SEARCHBKUTEMPLATE_LOCAL = "https://127.0.0.1:3496/"; +// private static final String SEARCHBKUTEMPLATE_HANDY = "https://www.handy-signatur.at"; +// private static final String SEARCHBKUTEMPLATE_ONLINE = "bkuonline/http-security-layer-request"; +// +// public static final String AUTH_SESSION_TIMEOUT_PROPERTY = +// "AuthenticationSession.TimeOut"; +// /** +// * The name of the generic configuration property giving the authentication data time out. +// */ +// public static final String AUTH_DATA_TIMEOUT_PROPERTY = +// "AuthenticationData.TimeOut"; +// +// +// public static MOAIDConfiguration build(File fileName, String rootConfigFileDir, MOAIDConfiguration oldconfig) throws ConfigurationException { +// InputStream stream = null; +// Element configElem; +// ConfigurationBuilder builder; +// +// Logger.info("Load Legacy-Configuration from file=" + fileName); +// +// try { +// // load the main config file +// stream = new BufferedInputStream(new FileInputStream(fileName)); +// configElem = DOMUtils.parseXmlValidating(stream); +// +// } catch (Throwable t) { +// throw new ConfigurationException("config.03", null, t); +// } +// +// finally { +// try { +// if (stream != null) { +// stream.close(); +// } +// } catch (IOException e) { +// +// } +// } +// +// try { +// String oldbkuonline = ""; +// String oldbkulocal = ""; +// String oldbkuhandy = ""; +// +// // build the internal datastructures +// builder = new ConfigurationBuilder(configElem, rootConfigFileDir); +// +// +// MOAIDConfiguration moaIDConfig = new MOAIDConfiguration(); +// +// AuthComponentGeneral generalAuth = new AuthComponentGeneral(); +// moaIDConfig.setAuthComponentGeneral(generalAuth); +// +// +// //not supported by MOA-ID 2.0 +// //ConnectionParameter bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); +// //bKUSelectable = (bKUConnectionParameter!=null); +// //bKUSelectionType = builder.buildAuthBKUSelectionType(); +// +// +// //Load generic Config +// Map<String, String> genericConfiguration = builder.buildGenericConfiguration(); +// GeneralConfiguration authGeneral = new GeneralConfiguration(); +// +// if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)) +// authGeneral.setTrustManagerRevocationChecking( +// Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))); +// else +// authGeneral.setTrustManagerRevocationChecking(true); +// +// if (genericConfiguration.containsKey(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY)) +// authGeneral.setCertStoreDirectory( +// (String)genericConfiguration.get(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY)); +// else +// authGeneral.setTrustManagerRevocationChecking(true); +// +// +// //Load Assertion and Session timeouts +// TimeOuts timeOuts = new TimeOuts(); +// if (genericConfiguration.containsKey(AUTH_DATA_TIMEOUT_PROPERTY)) +// timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AUTH_DATA_TIMEOUT_PROPERTY)))); +// else +// timeOuts.setAssertion(BigInteger.valueOf(2*60)); //default 2min +// +// if (genericConfiguration.containsKey(AUTH_SESSION_TIMEOUT_PROPERTY)) +// timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AUTH_SESSION_TIMEOUT_PROPERTY)))); +// else +// timeOuts.setAssertion(BigInteger.valueOf(30*60)); //default 30min +// +// timeOuts.setMOASessionUpdated(BigInteger.valueOf(15*60)); //default 15min +// authGeneral.setTimeOuts(timeOuts); +// generalAuth.setGeneralConfiguration(authGeneral); +// +// Protocols auth_protocols = new Protocols(); +// generalAuth.setProtocols(auth_protocols); +// +// LegacyAllowed prot_legacy = new LegacyAllowed(); +// auth_protocols.setLegacyAllowed(prot_legacy); +// final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); +// prot_legacy.setProtocolName(PROTOCOLS_LEGACY_ALLOWED); +// +// //set SAML1 config +// SAML1 saml1 = new SAML1(); +// saml1.setIsActive(true); +// if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID)) +// saml1.setSourceID((String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID)); +// auth_protocols.setSAML1(saml1); +// +// //set OAuth config +// OAuth oauth = new OAuth(); +// oauth.setIsActive(true); +// auth_protocols.setOAuth(oauth); +// +// //set PVP2.1 config +// PVP2 prot_pvp2 = new PVP2(); +// auth_protocols.setPVP2(prot_pvp2); +// prot_pvp2.setPublicURLPrefix("https://...."); +// prot_pvp2.setIssuerName("MOA-ID 2.x IDP"); +// +// Organization pvp2_org = new Organization(); +// prot_pvp2.setOrganization(pvp2_org); +// pvp2_org.setDisplayName("OrganisationDisplayName"); +// pvp2_org.setName("OrganisatioName"); +// pvp2_org.setURL("http://testorganisation.at"); +// +// List<Contact> pvp2_contacts = new ArrayList<Contact>(); +// prot_pvp2.setContact(pvp2_contacts); +// +// Contact pvp2_contact = new Contact(); +// pvp2_contact.setCompany("OrganisationDisplayName"); +// pvp2_contact.setGivenName("Max"); +// +// +// List<String> mails = new ArrayList<String>(); +// pvp2_contact.setMail(mails); +// mails.add("max@muster.mann"); +// +// List<String> phones = new ArrayList<String>(); +// pvp2_contact.setPhone(phones); +// phones.add("01 5555 5555"); +// +// pvp2_contact.setSurName("Mustermann"); +// pvp2_contact.setType("technical"); +// pvp2_contacts.add(pvp2_contact); +// +// //SSO +// SSO auth_sso = new SSO(); +// generalAuth.setSSO(auth_sso); +// auth_sso.setTarget(""); +// auth_sso.setFriendlyName(""); +// +// +// //set SecurityLayer Transformations +// String[] transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH); +// String[] transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames); +// +// List<TransformsInfoType> auth_transformInfos = new ArrayList<TransformsInfoType>(); +// if (transformsInfos != null && transformsInfos.length > 0) { +// for (int i=0; i<transformsInfos.length; i++) { +// +// TransformsInfoType transforminfotype = new TransformsInfoType(); +// +// if (transformsInfoFileNames[i] != null && +// transformsInfos[i] != null) { +// String fileURL = FileUtils.makeAbsoluteURL(transformsInfoFileNames[i], rootConfigFileDir); +// Path fileName_ = new File(new URI(fileURL)).toPath().getFileName(); +// transforminfotype.setFilename(fileName_.toString()); +// +// transforminfotype.setTransformation(Base64Utils.encode(transformsInfos[i].getBytes("UTF-8")).getBytes("UTF-8")); +// auth_transformInfos.add(transforminfotype); +// +// } else +// Logger.warn("AuthBlock Transformation " + transformsInfoFileNames[i] +// + "not found."); +// } +// +// } +// +// SecurityLayer auth_securityLayer = new SecurityLayer(); +// auth_securityLayer.setTransformsInfo(auth_transformInfos); +// generalAuth.setSecurityLayer(auth_securityLayer); +// +// +// //set MOASP configuration +// MOASP auth_moaSP = new MOASP(); +// generalAuth.setMOASP(auth_moaSP); +// +// //set MOASP connection +// ConnectionParameter moaSpConnectionParameter = builder.buildMoaSpConnectionParameter(); +// if (moaSpConnectionParameter != null) { +// ConnectionParameterClientAuthType auth_moaSP_connection = +// parseConnectionParameterClientAuth(moaSpConnectionParameter); +// auth_moaSP.setConnectionParameter(auth_moaSP_connection); +// } +// +// //set VerifyIdentityLink +// String moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID(); +// VerifyIdentityLink auth_moaSP_verifyIdentityLink = new VerifyIdentityLink(); +// auth_moaSP_verifyIdentityLink.setTrustProfileID(moaSpIdentityLinkTrustProfileID); +// auth_moaSP.setVerifyIdentityLink(auth_moaSP_verifyIdentityLink); +// +// //set VerifyAuthBlock +// String moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID(); +// VerifyAuthBlock auth_moaSP_verifyAuthBlock = new VerifyAuthBlock(); +// auth_moaSP_verifyAuthBlock.setTrustProfileID(moaSpAuthBlockTrustProfileID); +// String[] moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs(); +// List<String> transformlist = new ArrayList<String>(); +// Collections.addAll(transformlist, moaSpAuthBlockVerifyTransformsInfoIDs); +// auth_moaSP_verifyAuthBlock.setVerifyTransformsInfoProfileID(transformlist); +// auth_moaSP.setVerifyAuthBlock(auth_moaSP_verifyAuthBlock); +// +// +// //set IdentityLinkSigners +// IdentityLinkSigners auth_idsigners = new IdentityLinkSigners(); +// generalAuth.setIdentityLinkSigners(auth_idsigners); +// List<String> identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); +// auth_idsigners.setX509SubjectName(identityLinkX509SubjectNames); +// +// +// //not supported by MOA-ID 2.0 +// VerifyInfoboxParameters defaultVerifyInfoboxParameters = null; +//// Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH); +//// if (defaultVerifyInfoboxParamtersElem != null) { +//// defaultVerifyInfoboxParameters = +//// builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID); +//// } +// +// +// //Set ForeignIdentities +// ForeignIdentities auth_foreign = new ForeignIdentities(); +// generalAuth.setForeignIdentities(auth_foreign); +// +// //set Connection parameters +// ConnectionParameter foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter(); +// ConnectionParameterClientAuthType auth_foreign_connection = +// parseConnectionParameterClientAuth(foreignIDConnectionParameter); +// auth_foreign.setConnectionParameter(auth_foreign_connection); +// +// //set OnlineMandates config +// ConnectionParameter onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter(); +// if (onlineMandatesConnectionParameter != null) { +// OnlineMandates auth_mandates = new OnlineMandates(); +// generalAuth.setOnlineMandates(auth_mandates); +// auth_mandates.setConnectionParameter( +// parseConnectionParameterClientAuth(onlineMandatesConnectionParameter)); // } - - - //Set ForeignIdentities - ForeignIdentities auth_foreign = new ForeignIdentities(); - generalAuth.setForeignIdentities(auth_foreign); - - //set Connection parameters - ConnectionParameter foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter(); - ConnectionParameterClientAuthType auth_foreign_connection = - parseConnectionParameterClientAuth(foreignIDConnectionParameter); - auth_foreign.setConnectionParameter(auth_foreign_connection); - - //set OnlineMandates config - ConnectionParameter onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter(); - if (onlineMandatesConnectionParameter != null) { - OnlineMandates auth_mandates = new OnlineMandates(); - generalAuth.setOnlineMandates(auth_mandates); - auth_mandates.setConnectionParameter( - parseConnectionParameterClientAuth(onlineMandatesConnectionParameter)); - } - - - //TODO: add auth template configuration!!! - - - if (oldconfig != null) { - if (oldconfig.getDefaultBKUs() != null) { - oldbkuhandy = oldconfig.getDefaultBKUs().getHandyBKU(); - oldbkulocal = oldconfig.getDefaultBKUs().getLocalBKU(); - oldbkuonline = oldconfig.getDefaultBKUs().getOnlineBKU(); - } - } else { - List<String> trustbkus = builder.getTrustedBKUs(); - for (String trustbku : trustbkus) { - if (MiscUtil.isEmpty(oldbkuonline) && trustbku.endsWith(SEARCHBKUTEMPLATE_ONLINE)) - oldbkuonline = trustbku; - - if (MiscUtil.isEmpty(oldbkuhandy) && trustbku.startsWith(SEARCHBKUTEMPLATE_HANDY)) - oldbkuhandy = trustbku; - - if (MiscUtil.isEmpty(oldbkulocal) && trustbku.startsWith(SEARCHBKUTEMPLATE_LOCAL)) - oldbkulocal = trustbku; - } - - } - - - //set OnlineApplications - OAAuthParameter[] onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID); - - ArrayList<OnlineApplication> moa_oas = new ArrayList<OnlineApplication>(); - moaIDConfig.setOnlineApplication(moa_oas); - - for (OAAuthParameter oa : onlineApplicationAuthParameters) { - OnlineApplication moa_oa = new OnlineApplication(); - - //set general OA configuration - moa_oa.setCalculateHPI(false); //TODO: Bernd fragen warum das nicht direkt über den Bereichsidentifyer definert wird - moa_oa.setFriendlyName(oa.getFriendlyName()); - moa_oa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(oa.getKeyBoxIdentifier())); - moa_oa.setPublicURLPrefix(oa.getPublicURLPrefix()); - moa_oa.setTarget(oa.getTarget()); - moa_oa.setTargetFriendlyName(oa.getTargetFriendlyName()); - moa_oa.setType(oa.getOaType()); - moa_oa.setIsActive(true); - - - AuthComponentOA oa_auth = new AuthComponentOA(); - moa_oa.setAuthComponentOA(oa_auth); - - //SLLayer Version / useIframe -// oa_auth.setSlVersion(oa.getSlVersion()); -// oa_auth.setUseIFrame(false); -// oa_auth.setUseUTC(oa.getUseUTC()); - - //BKUURLs - BKUURLS bkuurls = new BKUURLS(); - bkuurls.setOnlineBKU(oldbkuonline); - bkuurls.setHandyBKU(oldbkuhandy); - bkuurls.setLocalBKU(oldbkulocal); - oa_auth.setBKUURLS(bkuurls); - - //IdentificationNumber - IdentificationNumber idnumber = new IdentificationNumber(); - idnumber.setValue(oa.getIdentityLinkDomainIdentifier()); - idnumber.setType(oa.getIdentityLinkDomainIdentifierType()); - oa_auth.setIdentificationNumber(idnumber); - - //set Templates - TemplatesType templates = new TemplatesType(); - oa_auth.setTemplates(templates); - templates.setAditionalAuthBlockText(""); - TemplateType template = new TemplateType(); - template.setURL(oa.getTemplateURL()); - ArrayList<TemplateType> template_list = new ArrayList<TemplateType>(); - template_list.add(template); - templates.setTemplate(template_list); - - - //TransformsInfo not supported by MOAID 2.0 - String[] transforminfos = oa.getTransformsInfos(); - for (String e1 : transforminfos) { - if (MiscUtil.isNotEmpty(e1)) { - Logger.warn("OA specific transformation for OA " + oa.getPublicURLPrefix() - + " are not supported. USE AdditionalAuthBlock text!"); - } - } - - //VerifyInfoBoxes not supported by MOAID 2.0 - - //set Mandates - Mandates oa_mandates = new Mandates(); - oa_auth.setMandates(oa_mandates); - List<MandatesProfileNameItem> profileList = new ArrayList<MandatesProfileNameItem>(); - - String oldProfiles = oa.getMandateProfiles(); - if (MiscUtil.isNotEmpty(oldProfiles)) { - String[] oldprofileList = oldProfiles.split(","); - for (int i=0; i<oldprofileList.length; i++) { - MandatesProfileNameItem item = new MandatesProfileNameItem(); - item.setItem(oldprofileList[i].trim()); - profileList.add(item); - } - oa_mandates.setProfileNameItems(profileList ); - } - - //STORK - //TODO: OA specific STORK config is deactivated in MOA 1.5.2 - - //SSO - OASSO oa_sso = new OASSO(); - oa_auth.setOASSO(oa_sso); - oa_sso.setUseSSO(true); - oa_sso.setSingleLogOutURL(""); - oa_sso.setAuthDataFrame(true); - - //OA_SAML1 - OASAML1 oa_saml1 = new OASAML1(); - oa_auth.setOASAML1(oa_saml1); - oa_saml1.setConditionLength(BigInteger.valueOf(oa.getConditionLength())); - oa_saml1.setProvideAUTHBlock(oa.getProvideAuthBlock()); - oa_saml1.setProvideCertificate(oa.getProvideCertifcate()); - oa_saml1.setProvideFullMandatorData(oa.getProvideFullMandatorData()); - oa_saml1.setProvideIdentityLink(oa.getProvideIdentityLink()); - oa_saml1.setProvideStammzahl(oa.getProvideStammzahl()); - oa_saml1.setUseCondition(oa.getUseCondition()); - oa_saml1.setIsActive(true); - oa_saml1.setProvideAllErrors(false); - - //OA_PVP2 - OAPVP2 oa_pvp2 = new OAPVP2(); - oa_auth.setOAPVP2(oa_pvp2); - - moa_oas.add(moa_oa); - //ConfigurationDBUtils.save(moa_oa); - } - - //removed from MOAID 2.0 config - //identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); - - - //set chaining modes - ChainingModes moa_chainingModes = new ChainingModes(); - moaIDConfig.setChainingModes(moa_chainingModes); - - - - String defaultmode = builder.getDefaultChainingMode(); - ChainingModeType type; - if (defaultmode.equals(iaik.pki.pathvalidation.ChainingModes.CHAIN_MODE)) - type = ChainingModeType.CHAINING; - else - type = ChainingModeType.PKIX; - - - moa_chainingModes.setSystemDefaultMode(type); - - Map<IssuerAndSerial, String> chainingModes = builder.buildChainingModes(); - List<TrustAnchor> chaining_anchor = new ArrayList<TrustAnchor>(); - Set<IssuerAndSerial> chaining_anchor_map = chainingModes.keySet(); - for (IssuerAndSerial e1 : chaining_anchor_map) { - TrustAnchor trustanchor = new TrustAnchor(); - - ChainingModeType type1 = ChainingModeType.fromValue(chainingModes.get(e1)); - trustanchor.setMode(type1); - - trustanchor.setX509IssuerName(e1.getIssuerDN()); - trustanchor.setX509SerialNumber(e1.getSerial()); - chaining_anchor.add(trustanchor); - } - moa_chainingModes.setTrustAnchor(chaining_anchor); - - - //set trustedCACertificate path - moaIDConfig.setTrustedCACertificates(builder.getTrustedCACertificates()); - - - //Not required in MOAID 2.0 config (DefaultBKUs & SLRequestTemplates) - //trustedBKUs = builder.getTrustedBKUs(); - //trustedTemplateURLs = builder.getTrustedTemplateURLs(); - - - //set DefaultBKUs - DefaultBKUs moa_defaultbkus = new DefaultBKUs(); - moaIDConfig.setDefaultBKUs(moa_defaultbkus); - moa_defaultbkus.setOnlineBKU(oldbkuonline); - moa_defaultbkus.setHandyBKU(oldbkuhandy); - moa_defaultbkus.setLocalBKU(oldbkulocal); - - - //set SLRequest Templates - SLRequestTemplates moa_slrequesttemp = new SLRequestTemplates(); - moaIDConfig.setSLRequestTemplates(moa_slrequesttemp); - moa_slrequesttemp.setOnlineBKU("http://localhost:8080/moa-id-auth/template_onlineBKU.html"); - moa_slrequesttemp.setHandyBKU("http://localhost:8080/moa-id-auth/template_handyBKU.html"); - moa_slrequesttemp.setLocalBKU("http://127.0.0.1:8080/moa-id-auth/template_localBKU.html"); - - return moaIDConfig; - - } catch (Throwable t) { - throw new ConfigurationException("config.02", null, t); - } - } - - private static ConnectionParameterClientAuthType parseConnectionParameterClientAuth( - ConnectionParameter old) { - ConnectionParameterClientAuthType auth_moaSP_connection = new ConnectionParameterClientAuthType(); - auth_moaSP_connection.setURL(old.getUrl()); - - //TODO: remove from Database config!!!!! -// auth_moaSP_connection.setAcceptedServerCertificates(old.getAcceptedServerCertificates()); -// ClientKeyStore auth_moaSP_connection_keyStore = new ClientKeyStore(); -// auth_moaSP_connection_keyStore.setValue(old.getClientKeyStore()); -// auth_moaSP_connection_keyStore.setPassword(old.getClientKeyStorePassword()); -// auth_moaSP_connection.setClientKeyStore(auth_moaSP_connection_keyStore); - return auth_moaSP_connection; - } - - private static Properties getGeneralPVP2ProperiesConfig(Properties props) { - Properties configProp = new Properties(); - for (Object key : props.keySet()) { - String propPrefix = "protocols.pvp2."; - if (key.toString().startsWith(propPrefix)) { - String propertyName = key.toString().substring(propPrefix.length()); - configProp.put(propertyName, props.get(key.toString())); - } - } - return configProp; - } -} +// +// +// //TODO: add auth template configuration!!! +// +// +// if (oldconfig != null) { +// if (oldconfig.getDefaultBKUs() != null) { +// oldbkuhandy = oldconfig.getDefaultBKUs().getHandyBKU(); +// oldbkulocal = oldconfig.getDefaultBKUs().getLocalBKU(); +// oldbkuonline = oldconfig.getDefaultBKUs().getOnlineBKU(); +// } +// } else { +// List<String> trustbkus = builder.getTrustedBKUs(); +// for (String trustbku : trustbkus) { +// if (MiscUtil.isEmpty(oldbkuonline) && trustbku.endsWith(SEARCHBKUTEMPLATE_ONLINE)) +// oldbkuonline = trustbku; +// +// if (MiscUtil.isEmpty(oldbkuhandy) && trustbku.startsWith(SEARCHBKUTEMPLATE_HANDY)) +// oldbkuhandy = trustbku; +// +// if (MiscUtil.isEmpty(oldbkulocal) && trustbku.startsWith(SEARCHBKUTEMPLATE_LOCAL)) +// oldbkulocal = trustbku; +// } +// +// } +// +// +// //set OnlineApplications +// OAAuthParameter[] onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID); +// +// ArrayList<OnlineApplication> moa_oas = new ArrayList<OnlineApplication>(); +// moaIDConfig.setOnlineApplication(moa_oas); +// +// for (OAAuthParameter oa : onlineApplicationAuthParameters) { +// OnlineApplication moa_oa = new OnlineApplication(); +// +// //set general OA configuration +// moa_oa.setCalculateHPI(false); //TODO: Bernd fragen warum das nicht direkt über den Bereichsidentifyer definert wird +// moa_oa.setFriendlyName(oa.getFriendlyName()); +// moa_oa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(oa.getKeyBoxIdentifier())); +// moa_oa.setPublicURLPrefix(oa.getPublicURLPrefix()); +// moa_oa.setTarget(oa.getTarget()); +// moa_oa.setTargetFriendlyName(oa.getTargetFriendlyName()); +// moa_oa.setType(oa.getOaType()); +// moa_oa.setIsActive(true); +// +// +// AuthComponentOA oa_auth = new AuthComponentOA(); +// moa_oa.setAuthComponentOA(oa_auth); +// +// //SLLayer Version / useIframe +//// oa_auth.setSlVersion(oa.getSlVersion()); +//// oa_auth.setUseIFrame(false); +//// oa_auth.setUseUTC(oa.getUseUTC()); +// +// //BKUURLs +// BKUURLS bkuurls = new BKUURLS(); +// bkuurls.setOnlineBKU(oldbkuonline); +// bkuurls.setHandyBKU(oldbkuhandy); +// bkuurls.setLocalBKU(oldbkulocal); +// oa_auth.setBKUURLS(bkuurls); +// +// //IdentificationNumber +// IdentificationNumber idnumber = new IdentificationNumber(); +// idnumber.setValue(oa.getIdentityLinkDomainIdentifier()); +// idnumber.setType(oa.getIdentityLinkDomainIdentifierType()); +// oa_auth.setIdentificationNumber(idnumber); +// +// //set Templates +// TemplatesType templates = new TemplatesType(); +// oa_auth.setTemplates(templates); +// templates.setAditionalAuthBlockText(""); +// TemplateType template = new TemplateType(); +// template.setURL(oa.getTemplateURL()); +// ArrayList<TemplateType> template_list = new ArrayList<TemplateType>(); +// template_list.add(template); +// templates.setTemplate(template_list); +// +// +// //TransformsInfo not supported by MOAID 2.0 +// String[] transforminfos = oa.getTransformsInfos(); +// for (String e1 : transforminfos) { +// if (MiscUtil.isNotEmpty(e1)) { +// Logger.warn("OA specific transformation for OA " + oa.getPublicURLPrefix() +// + " are not supported. USE AdditionalAuthBlock text!"); +// } +// } +// +// //VerifyInfoBoxes not supported by MOAID 2.0 +// +// //set Mandates +// Mandates oa_mandates = new Mandates(); +// oa_auth.setMandates(oa_mandates); +// List<MandatesProfileNameItem> profileList = new ArrayList<MandatesProfileNameItem>(); +// +// String oldProfiles = oa.getMandateProfiles(); +// if (MiscUtil.isNotEmpty(oldProfiles)) { +// String[] oldprofileList = oldProfiles.split(","); +// for (int i=0; i<oldprofileList.length; i++) { +// MandatesProfileNameItem item = new MandatesProfileNameItem(); +// item.setItem(oldprofileList[i].trim()); +// profileList.add(item); +// } +// oa_mandates.setProfileNameItems(profileList ); +// } +// +// //STORK +// //TODO: OA specific STORK config is deactivated in MOA 1.5.2 +// +// //SSO +// OASSO oa_sso = new OASSO(); +// oa_auth.setOASSO(oa_sso); +// oa_sso.setUseSSO(true); +// oa_sso.setSingleLogOutURL(""); +// oa_sso.setAuthDataFrame(true); +// +// //OA_SAML1 +// OASAML1 oa_saml1 = new OASAML1(); +// oa_auth.setOASAML1(oa_saml1); +// oa_saml1.setConditionLength(BigInteger.valueOf(oa.getConditionLength())); +// oa_saml1.setProvideAUTHBlock(oa.getProvideAuthBlock()); +// oa_saml1.setProvideCertificate(oa.getProvideCertifcate()); +// oa_saml1.setProvideFullMandatorData(oa.getProvideFullMandatorData()); +// oa_saml1.setProvideIdentityLink(oa.getProvideIdentityLink()); +// oa_saml1.setProvideStammzahl(oa.getProvideStammzahl()); +// oa_saml1.setUseCondition(oa.getUseCondition()); +// oa_saml1.setIsActive(true); +// oa_saml1.setProvideAllErrors(false); +// +// //OA_PVP2 +// OAPVP2 oa_pvp2 = new OAPVP2(); +// oa_auth.setOAPVP2(oa_pvp2); +// +// moa_oas.add(moa_oa); +// //ConfigurationDBUtils.save(moa_oa); +// } +// +// //removed from MOAID 2.0 config +// //identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); +// +// +// //set chaining modes +// ChainingModes moa_chainingModes = new ChainingModes(); +// moaIDConfig.setChainingModes(moa_chainingModes); +// +// +// +// String defaultmode = builder.getDefaultChainingMode(); +// ChainingModeType type; +// if (defaultmode.equals(iaik.pki.pathvalidation.ChainingModes.CHAIN_MODE)) +// type = ChainingModeType.CHAINING; +// else +// type = ChainingModeType.PKIX; +// +// +// moa_chainingModes.setSystemDefaultMode(type); +// +// Map<IssuerAndSerial, String> chainingModes = builder.buildChainingModes(); +// List<TrustAnchor> chaining_anchor = new ArrayList<TrustAnchor>(); +// Set<IssuerAndSerial> chaining_anchor_map = chainingModes.keySet(); +// for (IssuerAndSerial e1 : chaining_anchor_map) { +// TrustAnchor trustanchor = new TrustAnchor(); +// +// ChainingModeType type1 = ChainingModeType.fromValue(chainingModes.get(e1)); +// trustanchor.setMode(type1); +// +// trustanchor.setX509IssuerName(e1.getIssuerDN()); +// trustanchor.setX509SerialNumber(e1.getSerial()); +// chaining_anchor.add(trustanchor); +// } +// moa_chainingModes.setTrustAnchor(chaining_anchor); +// +// +// //set trustedCACertificate path +// moaIDConfig.setTrustedCACertificates(builder.getTrustedCACertificates()); +// +// +// //Not required in MOAID 2.0 config (DefaultBKUs & SLRequestTemplates) +// //trustedBKUs = builder.getTrustedBKUs(); +// //trustedTemplateURLs = builder.getTrustedTemplateURLs(); +// +// +// //set DefaultBKUs +// DefaultBKUs moa_defaultbkus = new DefaultBKUs(); +// moaIDConfig.setDefaultBKUs(moa_defaultbkus); +// moa_defaultbkus.setOnlineBKU(oldbkuonline); +// moa_defaultbkus.setHandyBKU(oldbkuhandy); +// moa_defaultbkus.setLocalBKU(oldbkulocal); +// +// +// //set SLRequest Templates +// SLRequestTemplates moa_slrequesttemp = new SLRequestTemplates(); +// moaIDConfig.setSLRequestTemplates(moa_slrequesttemp); +// moa_slrequesttemp.setOnlineBKU("http://localhost:8080/moa-id-auth/template_onlineBKU.html"); +// moa_slrequesttemp.setHandyBKU("http://localhost:8080/moa-id-auth/template_handyBKU.html"); +// moa_slrequesttemp.setLocalBKU("http://127.0.0.1:8080/moa-id-auth/template_localBKU.html"); +// +// return moaIDConfig; +// +// } catch (Throwable t) { +// throw new ConfigurationException("config.02", null, t); +// } +// } +// +// private static ConnectionParameterClientAuthType parseConnectionParameterClientAuth( +// ConnectionParameter old) { +// ConnectionParameterClientAuthType auth_moaSP_connection = new ConnectionParameterClientAuthType(); +// auth_moaSP_connection.setURL(old.getUrl()); +// +// //TODO: remove from Database config!!!!! +//// auth_moaSP_connection.setAcceptedServerCertificates(old.getAcceptedServerCertificates()); +//// ClientKeyStore auth_moaSP_connection_keyStore = new ClientKeyStore(); +//// auth_moaSP_connection_keyStore.setValue(old.getClientKeyStore()); +//// auth_moaSP_connection_keyStore.setPassword(old.getClientKeyStorePassword()); +//// auth_moaSP_connection.setClientKeyStore(auth_moaSP_connection_keyStore); +// return auth_moaSP_connection; +// } +// +// private static Properties getGeneralPVP2ProperiesConfig(Properties props) { +// Properties configProp = new Properties(); +// for (Object key : props.keySet()) { +// String propPrefix = "protocols.pvp2."; +// if (key.toString().startsWith(propPrefix)) { +// String propertyName = key.toString().substring(propPrefix.length()); +// configProp.put(propertyName, props.get(key.toString())); +// } +// } +// return configProp; +// } +//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 0b45bb461..59b3a632a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -30,6 +30,8 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; @@ -43,7 +45,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; + import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; @@ -132,6 +134,7 @@ public class DispatcherServlet extends AuthServlet{ if (errorRequest != null) { RequestStorage.removePendingRequest(pendingRequestID); + MOAReversionLogger.getInstance().logEvent(errorRequest, MOAIDEventConstants.TRANSACTION_ERROR); try { IModulInfo handlingModule = ModulStorage @@ -247,6 +250,7 @@ public class DispatcherServlet extends AuthServlet{ String ssoId = ssomanager.getSSOSessionID(req); IRequest protocolRequest = null; + String uniqueSessionIdentifier = null; try { Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); @@ -268,6 +272,22 @@ public class DispatcherServlet extends AuthServlet{ } } else { try { + + //load unique session identifier with SSO-sessionID + uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId); + if (MiscUtil.isEmpty(uniqueSessionIdentifier)) + uniqueSessionIdentifier = Random.nextRandom(); + TransactionIDUtils.setSessionId(uniqueSessionIdentifier); + + //set transactionID to Logger + protocolRequestID = Random.nextRandom(); + TransactionIDUtils.setTransactionId(protocolRequestID); + + //log information for security and process reversion + MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_CREATED, uniqueSessionIdentifier); + MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_CREATED, protocolRequestID); + MOAReversionLogger.getInstance().logEvent(uniqueSessionIdentifier, protocolRequestID, MOAIDEventConstants.SESSION_IP, req.getRemoteAddr()); + protocolRequest = info.preProcess(req, resp, action); //request is a valid interfederation response @@ -394,6 +414,9 @@ public class DispatcherServlet extends AuthServlet{ Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " + "Invalidate the corresponding MOASession with ID="+ correspondingMOASession); + MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), + protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID); + AuthenticationSessionStoreage.destroySession(correspondingMOASession); ssomanager.deleteSSOSessionID(req, resp); } @@ -424,6 +447,10 @@ public class DispatcherServlet extends AuthServlet{ boolean tryperform = authmanager.tryPerformAuthentication( req, resp); + if (tryperform) + MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), + protocolRequest, MOAIDEventConstants.AUTHPROCESS_FINISHED); + if (protocolRequest.forceAuth()) { if (!tryperform) { authmanager.doAuthentication(req, resp, @@ -452,6 +479,9 @@ public class DispatcherServlet extends AuthServlet{ if (useSSOOA && isValidSSOSession) { + MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), + protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO); + moasessionID = ssomanager.getMOASession(ssoId); moasession = AuthenticationSessionStoreage.getSession(moasessionID); @@ -535,6 +565,9 @@ public class DispatcherServlet extends AuthServlet{ } + //log transaction_destroy to reversionslog + MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, protocolRequestID); + } catch (WrongParametersException ex) { handleWrongParameters(ex, req, resp); @@ -547,7 +580,10 @@ public class DispatcherServlet extends AuthServlet{ } finally { - ConfigurationDBUtils.closeSession(); + + + TransactionIDUtils.removeTransactionId(); + TransactionIDUtils.removeSessionId(); } Logger.info("Clossing Dispatcher processing loop"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 5fc1f3c4d..3fd99f6fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -42,11 +42,13 @@ import org.hibernate.Query; import org.hibernate.Session; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -176,6 +178,24 @@ public class SSOManager { } + public String getUniqueSessionIdentifier(String ssoSessionID) { + try { + if (MiscUtil.isNotEmpty(ssoSessionID)) { + String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID); + if (MiscUtil.isNotEmpty(moaSessionID)) { + AuthenticationSessionExtensions extSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID); + return extSessionInformation.getUniqueSessionId(); + + } + } + } catch (MOADatabaseException e) { + Logger.debug("No SSO Session with SSO sessionID: " + ssoSessionID); + } + + return null; + } + + public String existsOldSSOSession(String ssoId) { Logger.trace("Check that the SSOID has already been used"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java index 2915ff683..4d12c38da 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java @@ -35,7 +35,6 @@ import org.opensaml.xml.XMLObject; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; -import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; import at.gv.egovernment.moa.id.config.ConfigurationException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java index 6dac4bba1..149874ce0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java @@ -37,7 +37,7 @@ import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.x509.BasicX509Credential; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; + import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier; @@ -151,7 +151,7 @@ public class MetadataSignatureFilter implements MetadataFilter { throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null); } - ConfigurationDBUtils.closeSession(); + Logger.info("Metadata signature policy check done OK"); } catch (MOAIDException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index de1924ba1..8c34d4806 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -23,7 +23,6 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.commons.MOAIDConstants; -import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin; import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider; import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.EHvdAttributeProviderPlugin; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index 30c59af6d..bde0f362d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -91,7 +91,7 @@ public class ConsentEvaluator implements IAction { } //TODO: CHECK: req.getOAURL() should return the unique OA identifier - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL()); + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(req.getOAURL()); if (oaParam == null) throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()}); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java index ea0062620..def89d0d9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java @@ -31,29 +31,24 @@ import java.net.URL; import java.util.ArrayList; import java.util.Arrays; import java.util.List; -import java.util.Properties; import javax.activation.DataSource; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.namespace.QName; import javax.xml.transform.Source; -import javax.xml.transform.TransformerConfigurationException; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactoryConfigurationError; import javax.xml.transform.stream.StreamSource; import javax.xml.ws.Service; import javax.xml.ws.soap.SOAPBinding; import javax.xml.ws.BindingProvider; import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.AttributeStatusType; -import org.apache.commons.codec.binary.Base64; + import org.apache.commons.io.IOUtils; import org.apache.commons.lang.NotImplementedException; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; -import org.bouncycastle.util.encoders.UrlBase64; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; @@ -65,11 +60,11 @@ import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; import eu.stork.oasisdss.api.ApiUtils; import eu.stork.oasisdss.api.LightweightSourceResolver; import eu.stork.oasisdss.api.ResultMajor; import eu.stork.oasisdss.api.exceptions.ApiUtilsException; -import eu.stork.oasisdss.api.exceptions.UtilsException; import eu.stork.oasisdss.profile.AnyType; import eu.stork.oasisdss.profile.Base64Data; import eu.stork.oasisdss.profile.DocumentType; @@ -85,7 +80,6 @@ import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; import eu.stork.documentservice.DocumentService; -import eu.stork.documentservice.data.DatabaseConnectorMySQLImpl; /** * Forwards a signedDoc attribute request to the oasis-dss service instance */ @@ -175,7 +169,7 @@ public class SignedDocAttributeRequestProvider extends AttributeProvider { Logger.debug("signresponse method: " + httpReq.getMethod()); Logger.debug("signresponse content type: " + httpReq.getContentType()); Logger.debug("signresponse parameter:"+base64); - String signResponseString = new String(Base64.decodeBase64(base64), "UTF8"); + String signResponseString = new String(Base64Utils.decode(base64, false), "UTF8"); Logger.debug("RECEIVED signresponse:"+signResponseString); //create SignResponse object Source response = new StreamSource(new java.io.StringReader(signResponseString)); @@ -445,7 +439,7 @@ public class SignedDocAttributeRequestProvider extends AttributeProvider { e.printStackTrace(); } - context.put("signrequest", Base64.encodeBase64String(signRequestString.getBytes("UTF8"))); + context.put("signrequest", Base64Utils.encode(signRequestString.getBytes("UTF8"))); context.put("clienturl", url); context.put("action", oasisDssWebFormURL); |