aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java45
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java114
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java53
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java4
25 files changed, 324 insertions, 97 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index b57e6ed69..55b1a7c9a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -69,6 +69,7 @@ public class StatisticLogger implements IStatisticLogger{
private static final String GENERIC_LOCALBKU = ":3496/https-security-layer-request";
private static final String GENERIC_HANDYBKU = "https://www.handy-signatur.at/";
+ private static final String GENERIC_ONLINE_BKU = "bkuonline";
private static final String MANTATORTYPE_JUR = "jur";
private static final String MANTATORTYPE_NAT = "nat";
@@ -422,8 +423,13 @@ public class StatisticLogger implements IStatisticLogger{
return IOAAuthParameters.HANDYBKU;
}
- Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.ONLINEBKU);
- return IOAAuthParameters.ONLINEBKU;
+ if (bkuURL.contains(GENERIC_ONLINE_BKU)) {
+ Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.ONLINEBKU);
+ return IOAAuthParameters.ONLINEBKU;
+ }
+
+ Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.AUTHTYPE_OTHERS);
+ return IOAAuthParameters.AUTHTYPE_OTHERS;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java
index 6d53fd510..0b066f3b9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java
@@ -23,10 +23,8 @@
package at.gv.egovernment.moa.id.advancedlogging;
-import java.util.Date;
-
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
/**
* @author tlenz
@@ -34,6 +32,43 @@ import at.gv.egovernment.moa.util.MiscUtil;
*/
public class TransactionIDUtils {
+ /**
+ * Set all MDC variables from pending request to this threat context<br>
+ * These includes SessionID, TransactionID, and unique service-provider identifier
+ *
+ * @param pendingRequest
+ */
+ public static void setAllLoggingVariables(IRequest pendingRequest) {
+ setTransactionId(pendingRequest.getUniqueTransactionIdentifier());
+ setSessionId(pendingRequest.getUniqueSessionIdentifier());
+ setServiceProviderId(pendingRequest.getOnlineApplicationConfiguration().getPublicURLPrefix());
+
+ }
+
+ /**
+ * Remove all MDC variables from this threat context
+ *
+ */
+ public static void removeAllLoggingVariables() {
+ removeSessionId();
+ removeTransactionId();
+ removeServiceProviderId();
+
+ }
+
+
+ public static void setServiceProviderId(String oaUniqueId) {
+ org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID, oaUniqueId);
+ org.slf4j.MDC.put(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID, oaUniqueId);
+
+ }
+
+ public static void removeServiceProviderId() {
+ org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID);
+ org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID);
+
+ }
+
public static void setTransactionId(String pendingRequestID) {
org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID,
"TID-" + pendingRequestID);
@@ -50,9 +85,9 @@ public class TransactionIDUtils {
public static void setSessionId(String uniqueSessionId) {
org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID,
- "TID-" + uniqueSessionId);
+ "SID-" + uniqueSessionId);
org.slf4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID,
- "TID-" + uniqueSessionId);
+ "SID-" + uniqueSessionId);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
index bbb322a4f..34d0d4be1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
@@ -74,20 +74,26 @@ public class AuthenticationSessionCleaner implements Runnable {
ExceptionContainer exContainer = (ExceptionContainer) entry;
if (exContainer.getExceptionThrown() != null) {
- //add session and transaction ID to log if exists
+ //add session, transaction, and service-provider IDs into logging context if exists
if (MiscUtil.isNotEmpty(exContainer.getUniqueTransactionID()))
TransactionIDUtils.setTransactionId(exContainer.getUniqueTransactionID());
if (MiscUtil.isNotEmpty(exContainer.getUniqueSessionID()))
TransactionIDUtils.setSessionId(exContainer.getUniqueSessionID());
+ if (MiscUtil.isNotEmpty(exContainer.getUniqueServiceProviderId()))
+ TransactionIDUtils.setServiceProviderId(exContainer.getUniqueServiceProviderId());
+
//log exception to technical log
logExceptionToTechnicalLog(exContainer.getExceptionThrown());
//remove session and transaction ID from thread
- TransactionIDUtils.removeSessionId();
- TransactionIDUtils.removeTransactionId();
- }
+ TransactionIDUtils.removeAllLoggingVariables();
+
+ } else {
+ Logger.warn("Receive an ExceptionContainer that includes no 'Exception' object. Somethinge is suspect!!!!!");
+
+ }
}
} catch (Exception e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
index c582050ad..710008714 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
@@ -32,7 +32,7 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
-import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -68,10 +68,10 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask {
throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() });
}
-
- IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+
+ IGUIBuilderConfiguration config = new SPSpecificGUIBuilderConfigurationWithDBLoad(
pendingReq,
- ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_BKUSELECTION,
+ SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_BKUSELECTION,
GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION);
guiBuilder.build(response, config, "BKU-Selection form");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
index ca99e9ba3..475009cf2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
@@ -31,7 +31,7 @@ import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
-import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -67,10 +67,10 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas
//store pending request
requestStoreage.storePendingRequest(pendingReq);
- //build consents evaluator form
- IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+ //build consents evaluator form
+ IGUIBuilderConfiguration config = new SPSpecificGUIBuilderConfigurationWithDBLoad(
pendingReq,
- ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_SENDASSERTION,
+ SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_SENDASSERTION,
GeneralProcessEngineSignalController.ENDPOINT_SENDASSERTION_EVALUATION);
guiBuilder.build(response, config, "SendAssertion-Evaluation");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index 1431911a3..353261085 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -33,6 +33,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.ExceptionHandler;
import com.google.common.net.MediaType;
+
import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
@@ -139,13 +140,11 @@ public abstract class AbstractController extends MOAIDAuthConstants {
if (pendingReq != null) {
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR);
transactionStorage.put(key,
- new ExceptionContainer(pendingReq.getUniqueSessionIdentifier(),
- pendingReq.getUniqueTransactionIdentifier(), loggedException),-1);
+ new ExceptionContainer(pendingReq, loggedException),-1);
} else {
transactionStorage.put(key,
- new ExceptionContainer(null,
- null, loggedException),-1);
+ new ExceptionContainer(null, loggedException),-1);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
index 0ce7b0050..32f103ca7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
@@ -45,11 +45,7 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont
//change pending-request ID
requestStorage.changePendingRequestID(pendingReq);
pendingRequestID = pendingReq.getRequestID();
-
- //add transactionID and unique sessionID to Logger
- TransactionIDUtils.setSessionId(pendingReq.getUniqueSessionIdentifier());
- TransactionIDUtils.setTransactionId(pendingReq.getUniqueTransactionIdentifier());
-
+
// process instance is mandatory
if (pendingReq.getProcessInstanceId() == null) {
throw new MOAIllegalStateException("process.03", new Object[]{"MOA session does not provide process instance id."});
@@ -64,8 +60,7 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont
} finally {
//MOASessionDBUtils.closeSession();
- TransactionIDUtils.removeTransactionId();
- TransactionIDUtils.removeSessionId();
+ TransactionIDUtils.removeAllLoggingVariables();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
index 9b658d81b..416e787a7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
@@ -34,7 +34,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
-import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IRequest;
@@ -71,17 +71,17 @@ public class GUILayoutBuilderServlet extends AbstractController {
IRequest pendingReq = extractPendingRequest(req);
//initialize GUI builder configuration
- ServiceProviderSpecificGUIFormBuilderConfiguration config = null;
+ SPSpecificGUIBuilderConfigurationWithDBLoad config = null;
if (pendingReq != null)
- config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+ config = new SPSpecificGUIBuilderConfigurationWithDBLoad(
pendingReq,
- ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS,
+ SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_CSS,
null);
else
- config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+ config = new SPSpecificGUIBuilderConfigurationWithDBLoad(
HTTPUtils.extractAuthURLFromRequest(req),
- ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS,
+ SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_CSS,
null);
//build GUI component
@@ -100,17 +100,17 @@ public class GUILayoutBuilderServlet extends AbstractController {
IRequest pendingReq = extractPendingRequest(req);
//initialize GUI builder configuration
- ServiceProviderSpecificGUIFormBuilderConfiguration config = null;
+ SPSpecificGUIBuilderConfigurationWithDBLoad config = null;
if (pendingReq != null)
- config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+ config = new SPSpecificGUIBuilderConfigurationWithDBLoad(
pendingReq,
- ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS,
+ SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_JS,
GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION);
else
- config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+ config = new SPSpecificGUIBuilderConfigurationWithDBLoad(
HTTPUtils.extractAuthURLFromRequest(req),
- ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS,
+ SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_JS,
GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION);
//build GUI component
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
index bedc67513..466364adb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
@@ -57,8 +57,8 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor {
String uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);
if (MiscUtil.isEmpty(uniqueSessionIdentifier))
uniqueSessionIdentifier = Random.nextRandom();
- TransactionIDUtils.setSessionId(uniqueSessionIdentifier);
+ TransactionIDUtils.setSessionId(uniqueSessionIdentifier);
request.setAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier);
return true;
@@ -79,8 +79,8 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor {
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
- // TODO Auto-generated method stub
-
+ TransactionIDUtils.removeAllLoggingVariables();
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java
index 1c6fdcb65..4820b6fdc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java
@@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.data;
import java.io.Serializable;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+
/**
* @author tlenz
*
@@ -34,13 +36,21 @@ public class ExceptionContainer implements Serializable {
private Throwable exceptionThrown = null;
private String uniqueSessionID = null;
private String uniqueTransactionID = null;
+ private String uniqueServiceProviderId = null;
/**
*
*/
- public ExceptionContainer(String uniqueSessionID, String uniqueTransactionID, Throwable exception) {
- this.uniqueSessionID = uniqueSessionID;
- this.uniqueTransactionID = uniqueTransactionID;
+ public ExceptionContainer(IRequest pendingReq, Throwable exception) {
+ if (pendingReq != null) {
+ this.uniqueSessionID = pendingReq.getUniqueSessionIdentifier();
+ this.uniqueTransactionID = pendingReq.getUniqueTransactionIdentifier();
+
+ if (pendingReq.getOnlineApplicationConfiguration() != null)
+ this.uniqueServiceProviderId = pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix();
+
+ }
+
this.exceptionThrown = exception;
}
@@ -62,6 +72,14 @@ public class ExceptionContainer implements Serializable {
public String getUniqueTransactionID() {
return uniqueTransactionID;
}
+
+ /**
+ * @return the uniqueServiceProviderId
+ */
+ public String getUniqueServiceProviderId() {
+ return uniqueServiceProviderId;
+ }
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index ab0a1ec40..7c581d470 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -47,6 +47,7 @@ import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
@@ -202,6 +203,14 @@ public class AuthenticationManager extends MOAIDAuthConstants {
public AuthenticationSession doAuthentication(HttpServletRequest httpReq,
HttpServletResponse httpResp, RequestImpl pendingReq) throws MOADatabaseException, ServletException, IOException, MOAIDException {
+ //load OA configuration from pending request
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+
+ //set logging context and log unique OA identifier to revision log
+ TransactionIDUtils.setServiceProviderId(pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix());
+ revisionsLogger.logEvent(oaParam,
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, pendingReq.getOAURL());
+
//generic authentication request validation
if (pendingReq.isPassiv()
&& pendingReq.forceAuth()) {
@@ -236,12 +245,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
// check if Service-Provider allows SSO sessions
- IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
boolean useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP();
-
- revisionsLogger.logEvent(oaParam,
- pendingReq, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, pendingReq.getOAURL());
-
+
//if a legacy request is used SSO should not be allowed in case of mandate authentication
boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(httpReq);
@@ -615,7 +620,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
//send SLO response to SLO request issuer
SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
- sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState);
+ sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq);
} else {
//print SLO information directly
@@ -651,7 +656,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
if (pvpReq != null) {
SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
- sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState);
+ sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq);
revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
index eec48e0f3..90ccb3c27 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
@@ -52,9 +52,8 @@ public class RequestStorage implements IRequestStorage{
}
//set transactionID and sessionID to Logger
- TransactionIDUtils.setTransactionId(pendingRequest.getUniqueTransactionIdentifier());
- TransactionIDUtils.setSessionId(pendingRequest.getUniqueSessionIdentifier());
-
+ TransactionIDUtils.setAllLoggingVariables(pendingRequest);
+
return pendingRequest;
} catch (MOADatabaseException | NullPointerException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
new file mode 100644
index 000000000..b05e60e94
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.opemsaml;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.io.Writer;
+
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.common.binding.SAMLMessageContext;
+import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.transport.http.HTTPOutTransport;
+import org.opensaml.ws.transport.http.HTTPTransportUtils;
+
+import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAIDHTTPPostEncoder extends HTTPPostEncoder {
+
+ private VelocityEngine velocityEngine;
+ private IGUIBuilderConfiguration guiConfig;
+ private GUIFormBuilderImpl guiBuilder;
+
+ /**
+ * @param engine
+ * @param templateId
+ */
+ public MOAIDHTTPPostEncoder(IGUIBuilderConfiguration guiConfig, GUIFormBuilderImpl guiBuilder, VelocityEngine engine) {
+ super(engine, null);
+ this.velocityEngine = engine;
+ this.guiConfig = guiConfig;
+ this.guiBuilder = guiBuilder;
+
+ }
+
+ /**
+ * Base64 and POST encodes the outbound message and writes it to the outbound transport.
+ *
+ * @param messageContext current message context
+ * @param endpointURL endpoint URL to which to encode message
+ *
+ * @throws MessageEncodingException thrown if there is a problem encoding the message
+ */
+ protected void postEncode(SAMLMessageContext messageContext, String endpointURL) throws MessageEncodingException {
+ Logger.debug("Invoking Velocity template to create POST body");
+ InputStream is = null;
+ try {
+ //build Velocity Context from GUI input paramters
+ VelocityContext context = guiBuilder.generateVelocityContextFromConfiguration(guiConfig);
+
+ //load template
+ is = guiBuilder.getTemplateInputStream(guiConfig);
+
+ //populate velocity context with SAML2 parameters
+ populateVelocityContext(context, messageContext, endpointURL);
+
+ //populate transport parameter
+ HTTPOutTransport outTransport = (HTTPOutTransport) messageContext.getOutboundMessageTransport();
+ HTTPTransportUtils.addNoCacheHeaders(outTransport);
+ HTTPTransportUtils.setUTF8Encoding(outTransport);
+ HTTPTransportUtils.setContentType(outTransport, "text/html");
+
+ //evaluate template and write content to response
+ Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8");
+ velocityEngine.evaluate(context, out, "SAML2_POST_BINDING", new BufferedReader(new InputStreamReader(is)));
+ out.flush();
+
+ } catch (Exception e) {
+ Logger.error("Error invoking Velocity template", e);
+ throw new MessageEncodingException("Error creating output document", e);
+
+ } finally {
+ if (is != null) {
+ try {
+ is.close();
+
+ } catch (IOException e) {
+ Logger.error("Can NOT close GUI-Template InputStream.", e);
+ }
+ }
+
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index 365a31fe1..643e30ac9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -39,6 +39,7 @@ import org.opensaml.saml2.core.Response;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
@@ -79,6 +80,7 @@ public class AttributQueryAction implements IAction {
@Autowired private IDPCredentialProvider pvpCredentials;
@Autowired private AuthConfiguration authConfig;
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
+ @Autowired(required=true) ApplicationContext springContext;
private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
new String[]{PVPConstants.EID_STORK_TOKEN_NAME});
@@ -141,9 +143,9 @@ public class AttributQueryAction implements IAction {
metadataProvider, issuerEntityID, attrQuery, date,
assertion, authConfig.isPVP2AssertionEncryptionActive());
- SoapBinding decoder = new SoapBinding();
+ SoapBinding decoder = springContext.getBean("PVPSOAPBinding", SoapBinding.class);
decoder.encodeRespone(httpReq, httpResp, authResponse, null, null,
- pvpCredentials.getIDPAssertionSigningCredential());
+ pvpCredentials.getIDPAssertionSigningCredential(), pendingReq);
return null;
} catch (MessageEncodingException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index aac49844e..9d60ae4b2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -35,6 +35,7 @@ import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
@@ -62,6 +63,7 @@ public class AuthenticationAction implements IAction {
@Autowired IDPCredentialProvider pvpCredentials;
@Autowired AuthConfiguration authConfig;
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
+ @Autowired(required=true) ApplicationContext springContext;
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
@@ -102,11 +104,11 @@ public class AuthenticationAction implements IAction {
if (consumerService.getBinding().equals(
SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
- binding = new RedirectBinding();
+ binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
} else if (consumerService.getBinding().equals(
SAMLConstants.SAML2_POST_BINDING_URI)) {
- binding = new PostBinding();
+ binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
}
@@ -117,7 +119,7 @@ public class AuthenticationAction implements IAction {
try {
binding.encodeRespone(httpReq, httpResp, authResponse,
consumerService.getLocation(), moaRequest.getRelayState(),
- pvpCredentials.getIDPAssertionSigningCredential());
+ pvpCredentials.getIDPAssertionSigningCredential(), req);
//set protocol type
sloInformation.setProtocolType(req.requestedModule());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index a7a249eed..216d7a8b1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -444,13 +444,13 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
IEncoder encoder = null;
if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
- encoder = new RedirectBinding();
+ encoder = applicationContext.getBean("PVPRedirectBinding", RedirectBinding.class);
} else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
- encoder = new PostBinding();
+ encoder = applicationContext.getBean("PVPPOSTBinding", PostBinding.class);
} else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) {
- encoder = new SoapBinding();
+ encoder = applicationContext.getBean("PVPSOAPBinding", SoapBinding.class);
}
if(encoder == null) {
@@ -465,7 +465,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
X509Credential signCred = pvpCredentials.getIDPAssertionSigningCredential();
encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerURL(),
- relayState, signCred);
+ relayState, signCred, protocolRequest);
return true;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index ff703d585..f709da213 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -111,7 +111,7 @@ public class SingleLogOutAction implements IAction {
//LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null);
Logger.info("Sending SLO success message to requester ...");
- sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState(), pvpReq);
return null;
} else {
@@ -127,7 +127,7 @@ public class SingleLogOutAction implements IAction {
//LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null);
Logger.info("Sending SLO success message to requester ...");
- sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState(), pvpReq);
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
index 3b2fb3687..ccbef6e6c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
@@ -31,6 +31,7 @@ import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
public interface IEncoder {
@@ -43,12 +44,13 @@ public interface IEncoder {
* @param targetLocation URL, where the request should be transmit
* @param relayState token for session handling
* @param credentials Credential to sign the request object
+ * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
* @throws MessageEncodingException
* @throws SecurityException
* @throws PVP2Exception
*/
public void encodeRequest(HttpServletRequest req,
- HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials)
+ HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
throws MessageEncodingException, SecurityException, PVP2Exception;
/**
@@ -59,10 +61,11 @@ public interface IEncoder {
* @param targetLocation URL, where the request should be transmit
* @param relayState token for session handling
* @param credentials Credential to sign the response object
+ * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
* @throws MessageEncodingException
* @throws SecurityException
*/
public void encodeRespone(HttpServletRequest req,
- HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials)
+ HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
throws MessageEncodingException, SecurityException, PVP2Exception;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 9977e607b..c7688c14b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -25,13 +25,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.velocity.app.VelocityEngine;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.common.binding.decoding.URIComparator;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
-import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
@@ -49,8 +47,17 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad;
import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.opemsaml.MOAIDHTTPPostEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
@@ -62,10 +69,14 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
+@Service("PVPPOSTBinding")
public class PostBinding implements IDecoder, IEncoder {
+
+ @Autowired(required=true) AuthConfiguration authConfig;
+ @Autowired(required=true) GUIFormBuilderImpl guiBuilder;
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation, String relayState, Credential credentials)
+ RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
throws MessageEncodingException, SecurityException {
try {
@@ -75,9 +86,18 @@ public class PostBinding implements IDecoder, IEncoder {
//load default PVP security configurations
MOADefaultBootstrap.initializeDefaultPVPConfiguration();
- VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
- HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
- "resources/templates/pvp_postbinding_template.html");
+ //initialize POST binding encoder with template decoration
+ IGUIBuilderConfiguration guiConfig =
+ new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
+ pendingReq,
+ "pvp_postbinding_template.html",
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL,
+ null,
+ authConfig.getRootConfigFileDir());
+ MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder,
+ VelocityProvider.getClassPathVelocityEngine());
+
+ //set OpenSAML2 process parameter into binding context dao
HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
resp, true);
BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
@@ -103,22 +123,27 @@ public class PostBinding implements IDecoder, IEncoder {
}
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
- StatusResponseType response, String targetLocation, String relayState, Credential credentials)
+ StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
throws MessageEncodingException, SecurityException {
try {
-// X509Credential credentials = credentialProvider
-// .getIDPAssertionSigningCredential();
-
//load default PVP security configurations
MOADefaultBootstrap.initializeDefaultPVPConfiguration();
Logger.debug("create SAML POSTBinding response");
- VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
-
- HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
- "resources/templates/pvp_postbinding_template.html");
+ //initialize POST binding encoder with template decoration
+ IGUIBuilderConfiguration guiConfig =
+ new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
+ pendingReq,
+ "pvp_postbinding_template.html",
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL,
+ null,
+ authConfig.getRootConfigFileDir());
+ MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder,
+ VelocityProvider.getClassPathVelocityEngine());
+
+ //set OpenSAML2 process parameter into binding context dao
HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
resp, true);
BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 279038967..4f44a6202 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -50,7 +50,9 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
+import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
@@ -62,10 +64,11 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
+@Service("PVPRedirectBinding")
public class RedirectBinding implements IDecoder, IEncoder {
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation, String relayState, Credential credentials)
+ RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
throws MessageEncodingException, SecurityException {
// try {
@@ -100,7 +103,7 @@ public class RedirectBinding implements IDecoder, IEncoder {
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
StatusResponseType response, String targetLocation, String relayState,
- Credential credentials) throws MessageEncodingException, SecurityException {
+ Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException {
// try {
// X509Credential credentials = credentialProvider
// .getIDPAssertionSigningCredential();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index 94d91694a..552b64ac6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -48,7 +48,9 @@ import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.SignableXMLObject;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
@@ -60,6 +62,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
+@Service("PVPSOAPBinding")
public class SoapBinding implements IDecoder, IEncoder {
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
@@ -136,13 +139,13 @@ public class SoapBinding implements IDecoder, IEncoder {
}
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation, String relayState, Credential credentials)
+ RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
throws MessageEncodingException, SecurityException, PVP2Exception {
}
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
- StatusResponseType response, String targetLocation, String relayState, Credential credentials)
+ StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
throws MessageEncodingException, SecurityException, PVP2Exception {
// try {
// Credential credentials = credentialProvider
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
index 01ef4a43d..f29418853 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
@@ -44,6 +44,8 @@ import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.commons.api.IRequest;
@@ -64,6 +66,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
@Service("PVPAuthnRequestBuilder")
public class PVPAuthnRequestBuilder {
+ @Autowired(required=true) ApplicationContext springContext;
/**
* Build a PVP2.x specific authentication request
@@ -202,17 +205,17 @@ public class PVPAuthnRequestBuilder {
IEncoder binding = null;
if (endpoint.getBinding().equals(
SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
- binding = new RedirectBinding();
+ binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
} else if (endpoint.getBinding().equals(
SAMLConstants.SAML2_POST_BINDING_URI)) {
- binding = new PostBinding();
+ binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
}
//encode message
binding.encodeRequest(null, httpResp, authReq,
- endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential());
+ endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential(), pendingReq);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index de59e6055..4fef52aec 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -59,6 +59,7 @@ import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureConstants;
import org.opensaml.xml.signature.Signer;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
import org.w3c.dom.Document;
@@ -95,7 +96,9 @@ import at.gv.egovernment.moa.logging.Logger;
public class SingleLogOutBuilder {
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
+ @Autowired(required=true) ApplicationContext springContext;
@Autowired private IDPCredentialProvider credentialProvider;
+
public void checkStatusCode(ISLOInformationContainer sloContainer, LogoutResponse logOutResp) {
Status status = logOutResp.getStatus();
@@ -185,15 +188,15 @@ public class SingleLogOutBuilder {
public void sendFrontChannelSLOMessage(SingleLogoutService consumerService,
LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp,
- String relayState) throws MOAIDException {
+ String relayState, PVPTargetConfiguration pvpReq) throws MOAIDException {
IEncoder binding = null;
if (consumerService.getBinding().equals(
SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
- binding = new RedirectBinding();
+ binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
} else if (consumerService.getBinding().equals(
SAMLConstants.SAML2_POST_BINDING_URI)) {
- binding = new PostBinding();
+ binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
}
@@ -204,7 +207,7 @@ public class SingleLogOutBuilder {
try {
binding.encodeRespone(req, resp, sloResp,
consumerService.getLocation(), relayState,
- credentialProvider.getIDPAssertionSigningCredential());
+ credentialProvider.getIDPAssertionSigningCredential(), pvpReq);
} catch (MessageEncodingException e) {
Logger.error("Message Encoding exception", e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index 2ded32bac..d05d180e1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -55,6 +55,12 @@ public class EntityVerifier {
try {
IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID);
+ if (oa == null) {
+ Logger.debug("No OnlineApplication with EntityID: " + entityID);
+ return null;
+
+ }
+
String certBase64 = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
if (MiscUtil.isNotEmpty(certBase64)) {
return Base64Utils.decode(certBase64, false);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
index f37ae0b0b..d30ce4924 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
@@ -44,9 +44,9 @@ import iaik.security.ec.common.ECParameterSpec;
import iaik.security.ec.common.ECPublicKey;
import iaik.security.ec.common.ECStandardizedParameterFactory;
import iaik.security.ec.common.EllipticCurve;
+import iaik.security.ec.math.field.AbstractPrimeField;
import iaik.security.ec.math.field.Field;
import iaik.security.ec.math.field.FieldElement;
-import iaik.security.ec.math.field.PrimeField;
public class ECDSAKeyValueConverter
{
@@ -221,7 +221,7 @@ public class ECDSAKeyValueConverter
// Value xValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyXStr, 10));
// publicKeyPointX = field.newElement(xValue);
- PrimeField pf = (PrimeField) field;
+ AbstractPrimeField pf = (AbstractPrimeField) field;
publicKeyPointX = pf.newElement(new BigInteger(publicKeyXStr, 10));
// Value yValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyYStr, 10));
// publicKeyPointY = field.newElement(yValue);