aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java79
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java59
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java133
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java52
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java161
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java61
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java129
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java33
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java30
30 files changed, 652 insertions, 435 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index 17a5d2be9..d4b5d1c05 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -247,8 +247,11 @@ public class StatisticLogger {
AuthenticationSession moasession = AuthenticationSessionStoreage.getSessionWithPendingRequestID(errorRequest.getRequestID());
if (moasession != null) {
- dblog.setBkuurl(moasession.getBkuURL());
- dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA));
+ if (MiscUtil.isNotEmpty(moasession.getBkuURL())) {
+ dblog.setBkuurl(moasession.getBkuURL());
+ dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA));
+ }
+
dblog.setMandatelogin(moasession.getUseMandate());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 4b3995105..ce5aa15c3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -2,6 +2,7 @@
package at.gv.egovernment.moa.id.auth;
import iaik.asn1.ObjectID;
+import iaik.util.logging.Log;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
@@ -241,6 +242,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String template = null;
if (session.getTemplateURL() != null) {
try {
+
template = new String(FileUtils.readURL(session.getTemplateURL()));
} catch (IOException ex) {
throw new AuthenticationException("auth.03", new Object[] {
@@ -250,16 +252,27 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String infoboxReadRequest = "";
+ String domainIdentifier = AuthConfigurationProvider.getInstance().getSSOTagetIdentifier().trim();
+ if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) {
+ //do not use SSO if no Target is set
+ Log.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!");
+ session.setSsoRequested(false);
+
+ }
+
if (session.isSsoRequested()) {
//load identityLink with SSO Target
boolean isbuisness = false;
- String domainIdentifier = "";
- IdentificationNumber ssobusiness = AuthConfigurationProvider.getInstance().getSSOBusinessService();
- if (ssobusiness != null) {
+
+ if (domainIdentifier.startsWith(PREFIX_WPBK)) {
+
isbuisness = true;
- domainIdentifier = ssobusiness.getValue();
+
+ } else {
+ isbuisness = false;
+
}
-
+
//build ReadInfobox request
infoboxReadRequest = new InfoboxReadRequestBuilder().build(
isbuisness, domainIdentifier);
@@ -798,9 +811,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (session.isSsoRequested()) {
- String oaURL =new String();
+ String oaURL = new String();
try {
- oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl();
+ oaURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
if (MiscUtil.isNotEmpty(oaURL))
oaURL = oaURL.replaceAll("&", "&");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index f555cfb9a..060dc2248 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -104,6 +104,8 @@ public interface MOAIDAuthConstants {
// /** the number of the certifcate extension for party organ representatives */
// public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10";
+ public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+";
+
/** OW */
public static final String OW_ORGANWALTER = PARTY_REPRESENTATION_OID_NUMBER + ".4";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index 70aa1a160..2e08fad6b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -167,8 +167,10 @@ public class GetIdentityLinkFormBuilder extends Builder {
htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest), true, ALL);
htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL);
+ Map<String, String> map = null;
+
if (oaParam != null) {
- Map<String, String> map = oaParam.getFormCustomizaten();
+ map = oaParam.getFormCustomizaten();
htmlForm = replaceTag(htmlForm, COLOR_TAG, map.get(FormBuildUtils.MAIN_BACKGROUNDCOLOR), false, ALL);
htmlForm = replaceTag(htmlForm, REDIRECTTARGETTAG, map.get(FormBuildUtils.REDIRECTTARGET), false, ALL);
@@ -179,11 +181,15 @@ public class GetIdentityLinkFormBuilder extends Builder {
if (MiscUtil.isNotEmpty(appletheigth))
htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, appletheigth, false, ALL);
+ else if (map != null && MiscUtil.isNotEmpty(map.get(FormBuildUtils.APPLET_HEIGHT)))
+ htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, map.get(FormBuildUtils.APPLET_HEIGHT), false, ALL);
else
htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, "160", false, ALL);
if (MiscUtil.isNotEmpty(appletwidth))
htmlForm = replaceTag(htmlForm, APPLETWIDTH_TAG, appletwidth, false, ALL);
+ else if (map != null && MiscUtil.isNotEmpty(map.get(FormBuildUtils.APPLET_WIDTH)))
+ htmlForm = replaceTag(htmlForm, APPLETWIDTH_TAG, map.get(FormBuildUtils.APPLET_WIDTH), false, ALL);
else
htmlForm = replaceTag(htmlForm, APPLETWIDTH_TAG, "250", false, ALL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
index 90ad3cf42..ff3b7b170 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -22,6 +22,7 @@
******************************************************************************/
package at.gv.egovernment.moa.id.auth.builder;
+import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
@@ -58,7 +59,7 @@ public class LoginFormBuilder {
private static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate";
- public static String getTemplate() {
+ private static String getTemplate() {
String pathLocation ="";
InputStream input = null;
@@ -118,8 +119,21 @@ public class LoginFormBuilder {
}
public static String buildLoginForm(String modul, String action, OAAuthParameter oaParam, String contextpath, String moaSessionID) {
- String value = getTemplate();
+ String value = null;
+
+ byte[] oatemplate = oaParam.getBKUSelectionTemplate();
+ // OA specific template requires a size of 8 bits minimum
+ if (oatemplate != null && oatemplate.length > 7) {
+ InputStream is = new ByteArrayInputStream(oatemplate);
+ value = getTemplate(is);
+
+ } else {
+ //load default BKU-selection template
+ value = getTemplate();
+
+ }
+
if(value != null) {
if(modul == null) {
modul = SAML1Protocol.PATH;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
index f65a3c011..24b848176 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
@@ -22,6 +22,7 @@
******************************************************************************/
package at.gv.egovernment.moa.id.auth.builder;
+import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
@@ -58,32 +59,50 @@ public class SendAssertionFormBuilder {
private static String SERVLET = CONTEXTPATH+"/SSOSendAssertionServlet";
private static String getTemplate() {
-
- String template = null;
- InputStream input = null;
- try {
- String pathLocation;
-
- String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
- pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
+ String pathLocation;
+ InputStream input = null;
+ try {
+ String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
+ pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
+
+ try {
+ File file = new File(new URI(pathLocation));
+ input = new FileInputStream(file);
+
+ } catch (FileNotFoundException e) {
- try {
- File file = new File(new URI(pathLocation));
- input = new FileInputStream(file);
-
- } catch (FileNotFoundException e) {
-
- Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package.");
-
- pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;
-
- input = Thread.currentThread()
- .getContextClassLoader()
- .getResourceAsStream(pathLocation);
-
- }
+ Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package.");
+
+ pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;
+
+ input = Thread.currentThread()
+ .getContextClassLoader()
+ .getResourceAsStream(pathLocation);
+
+ }
+
+ return getTemplate(input);
+
+ } catch (Exception e) {
+ try {
+ input.close();
+ } catch (IOException e1) {
+ Logger.warn("SendAssertionTemplate inputstream can not be closed.", e);
+ }
+
+ return null;
+ }
+
+ }
+
+ private static String getTemplate(InputStream input) {
+
+ String template = null;
+
+ try {
+
StringWriter writer = new StringWriter();
IOUtils.copy(input, writer);
template = writer.toString();
@@ -105,7 +124,19 @@ public class SendAssertionFormBuilder {
}
public static String buildForm(String modul, String action, String id, OAAuthParameter oaParam, String contextpath) {
- String value = getTemplate();
+ String value = null;
+
+ byte[] oatemplate = oaParam.getSendAssertionTemplate();
+ // OA specific template requires a size of 8 bits minimum
+ if (oatemplate != null && oatemplate.length > 7) {
+ InputStream is = new ByteArrayInputStream(oatemplate);
+ value = getTemplate(is);
+
+ } else {
+ //load default BKU-selection template
+ value = getTemplate();
+
+ }
if(value != null) {
if(modul == null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 67433dde7..71d2aae37 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -22,6 +22,8 @@
******************************************************************************/
package at.gv.egovernment.moa.id.auth.parser;
+import iaik.util.logging.Log;
+
import java.io.UnsupportedEncodingException;
import java.util.List;
@@ -36,6 +38,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -44,6 +47,7 @@ import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moa.util.URLEncoder;
@@ -164,7 +168,9 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
allowedbkus.addAll(AuthConfigurationProvider.getInstance().getDefaultBKUURLs());
if (!ParamValidatorUtils.isValidBKUURI(bkuURL, allowedbkus))
throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
-
+
+ moasession.setBkuURL(bkuURL);
+
if (!oaParam.getBusinessService()) {
if (isEmpty(target))
throw new WrongParametersException("StartAuthentication",
@@ -199,26 +205,13 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
authURL = authURL.concat(":" + req.getServerPort());
}
authURL = authURL.concat(req.getContextPath() + "/");
-
- if (isEmpty(authURL))
- throw new WrongParametersException("StartAuthentication",
- "AuthURL", "auth.05");
-
- // check if HTTP Connection may be allowed (through
- // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
- //INFO: removed from MOA-ID 2.0 Config
-// String boolStr = AuthConfigurationProvider
-// .getInstance()
-// .getGenericConfigurationParameter(
-// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
-
- if ((!authURL.startsWith("https:"))
-// && (false == BoolUtils.valueOf(boolStr))
- )
+
+ if (!authURL.startsWith("https:"))
throw new AuthenticationException("auth.07",
new Object[] { authURL + "*" });
- moasession.setAuthURL(authURL);
+ //set Auth URL from configuration
+ moasession.setAuthURL(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/");
//check and set SourceID
if (oaParam.getSAML1Parameter() != null) {
@@ -227,16 +220,24 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
moasession.setSourceID(sourceID);
}
- // BKU URL has not been set yet, even if session already exists
- if (bkuURL == null) {
- if (req.getScheme() != null && req.getScheme().equalsIgnoreCase("https")) {
- bkuURL = DEFAULT_BKU_HTTPS;
- } else {
- bkuURL = DEFAULT_BKU;
- }
- }
- moasession.setBkuURL(bkuURL);
-
+ if (MiscUtil.isEmpty(templateURL)) {
+
+ List<TemplateType> templateURLList = oaParam.getTemplateURL();
+
+ if ( templateURLList != null && templateURLList.size() > 0
+ && MiscUtil.isNotEmpty(templateURLList.get(0).getURL()) ) {
+ templateURL = FileUtils.makeAbsoluteURL(
+ oaParam.getTemplateURL().get(0).getURL(),
+ AuthConfigurationProvider.getInstance().getRootConfigFileDir());
+ Log.info("No SL-Template in request, load SL-Template from OA config (URL: " + templateURL + ")");
+
+ } else {
+ Logger.error("NO SL-Tempalte found in OA config");
+ throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+
+ }
+
+ }
if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL()))
throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
@@ -275,7 +276,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
oaURL = request.getOAURL();
target = request.getTarget();
-
+
parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
deleted file mode 100644
index 0c2bb66c0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import java.text.DateFormat;
-import java.util.Date;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
-import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Servlet requested for updating the MOA-ID Auth configuration from configuration file
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ConfigurationServlet extends HttpServlet {
-
- /**
- *
- */
- private static final long serialVersionUID = 7455620886605337681L;
-
-/**
- * Handle a HTTP GET request, used to indicated that the MOA
- * configuration needs to be updated (reloaded).
- *
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
-
-
- response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
- MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
-
- try {
- MOAIDAuthInitializer.initialized=false;
- MOAIDAuthInitializer.initialize();
- String message = msg.getMessage("config.00", new Object[]
- { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} );
-
- Logger.info(message);
- HTTPRequestJSPForwarder.forwardNamed(message, "/message-auth.jsp", getServletContext(), request, response);
-
- } catch (Throwable t) {
- String errorMessage = msg.getMessage("config.04", null);
- Logger.error(errorMessage, t);
- HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-auth.jsp", getServletContext(), request, response);
- }
- }
-
- /**
- * Do the same as <code>doGet</code>.
- *
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- doGet(request, response);
- }
-
- /**
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
- public void init(ServletConfig servletConfig) throws ServletException {
- super.init(servletConfig);
- }
-
-}
-
-
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index c66e19eb0..0a0355bd7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
import java.io.PrintWriter;
+import java.util.List;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
@@ -40,12 +41,14 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
@@ -54,17 +57,17 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
private static final long serialVersionUID = 1L;
public void init(ServletConfig servletConfig) throws ServletException {
- try {
- super.init(servletConfig);
- MOAIDAuthInitializer.initialize();
- Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding"));
- Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
- }
- catch (Exception ex) {
- Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
- throw new ServletException(ex);
- }
- }
+// try {
+// super.init(servletConfig);
+// MOAIDAuthInitializer.initialize();
+// Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding"));
+// Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+// }
+// catch (Exception ex) {
+// Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+// throw new ServletException(ex);
+// }
+ }
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
@@ -82,9 +85,12 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
AuthenticationSession moasession = null;
- try {
- //moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION);
-
+ if (MiscUtil.isEmpty(bkuid) || MiscUtil.isEmpty(moasessionid)) {
+ Logger.warn("MOASessionID or BKU-type is empty. Maybe an old BKU-selection template is in use.");
+ throw new MOAIDException("auth.23", new Object[] {});
+ }
+
+ try {
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);
moasession = AuthenticationSessionStoreage.getSession(moasessionid);
@@ -112,14 +118,28 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
//load Parameters from config
String target = oaParam.getTarget();
-
+
String bkuURL = oaParam.getBKUURL(bkuid);
if (MiscUtil.isEmpty(bkuURL)) {
Logger.info("No OA specific BKU defined. Use BKU from default configuration");
bkuURL = AuthConfigurationProvider.getInstance().getDefaultBKUURL(bkuid);
}
- String templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid);
+ //search for OA specific template
+ String templateURL = null;
+ List<TemplateType> oaTemplateURLList = oaParam.getTemplateURL();
+ if ( oaTemplateURLList != null && oaTemplateURLList.size() > 0
+ && MiscUtil.isNotEmpty(oaTemplateURLList.get(0).getURL()) ) {
+ templateURL = oaTemplateURLList.get(0).getURL();
+
+ } else {
+ templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid);
+ }
+
+ //make url absolut if it is a local url
+ if (MiscUtil.isNotEmpty(templateURL))
+ templateURL = FileUtils.makeAbsoluteURL(templateURL,
+ AuthConfigurationProvider.getInstance().getRootConfigFileDir());
if (oaParam.isOnlyMandateAllowed())
useMandate = "true";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index c87a17c7f..f3495966a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -123,15 +123,15 @@ public class LogOutServlet extends AuthServlet {
* @see javax.servlet.Servlet#init(ServletConfig)
*/
public void init(ServletConfig servletConfig) throws ServletException {
- try {
- super.init(servletConfig);
- MOAIDAuthInitializer.initialize();
- Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
- }
- catch (Exception ex) {
- Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
- throw new ServletException(ex);
- }
+// try {
+// super.init(servletConfig);
+// MOAIDAuthInitializer.initialize();
+// Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+// }
+// catch (Exception ex) {
+// Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+// throw new ServletException(ex);
+// }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 5471c03f5..b2c47fac0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -417,7 +417,7 @@ public class CreateXMLSignatureResponseValidator {
String oaURL;
try {
- oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl();
+ oaURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
} catch (ConfigurationException e1) {
oaURL = new String();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
index 84265f4ba..dc5ec430e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
@@ -76,6 +76,13 @@ public class ConfigurationProvider {
public static final String CONFIG_PROPERTY_NAME =
"moa.id.configuration";
+ /**
+ * The name of the system property which contains the file name of the
+ * configuration file.
+ */
+ public static final String PROXY_CONFIG_PROPERTY_NAME =
+ "moa.id.proxy.configuration";
+
/**
* The name of the generic configuration property giving the certstore directory path.
*/
@@ -129,27 +136,6 @@ public class ConfigurationProvider {
}
/**
- * Returns the mapping of generic configuration properties.
- *
- * @return The mapping of generic configuration properties (a name to value
- * mapping) from the configuration.
- */
- public Map<String, String> getGenericConfiguration() {
- return genericConfiguration;
- }
-
- /**
- * Returns the value of a parameter from the generic configuration section.
- *
- * @return the parameter value; <code>null</code> if no such parameter
- */
- public String getGenericConfigurationParameter(String parameter) {
- if (! genericConfiguration.containsKey(parameter))
- return null;
- return (String)genericConfiguration.get(parameter);
- }
-
- /**
* Return the chaining mode for a given trust anchor.
*
* @param trustAnchor The trust anchor for which the chaining mode should be
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 1804b5fd5..1a3c1b0a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -110,6 +110,7 @@ import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed;
import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.data.IssuerAndSerial;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -211,6 +212,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
private static Date date = null;
+ private String publicURLPreFix = null;
+
/**
* Return the single instance of configuration data.
*
@@ -365,7 +368,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
//Initialize OpenSAML for STORK
Logger.info("Starting initialization of OpenSAML...");
- DefaultBootstrap.bootstrap();
+ MOADefaultBootstrap.bootstrap();
+ //DefaultBootstrap.bootstrap();
Logger.debug("OpenSAML successfully initialized");
@@ -485,32 +489,41 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
//set TrustManagerRevocationChecking
setTrustManagerRevocationChecking();
- //set TimeOuts
- if (auth.getGeneralConfiguration() != null) {
- if (auth.getGeneralConfiguration().getTimeOuts() != null) {
-
- timeouts = new TimeOuts();
- if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() == null)
- timeouts.setAssertion(new BigInteger("120"));
- else
- timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
-
- if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() == null)
- timeouts.setMOASessionCreated(new BigInteger("2700"));
- else
- timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
-
- if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() == null)
- timeouts.setMOASessionUpdated(new BigInteger("1200"));
- else
- timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
- }
- }
- else {
- Logger.warn("Error in MOA-ID Configuration. No TimeOuts defined.");
- throw new ConfigurationException("config.02", null);
- }
+ //set default timeouts
+ timeouts = new TimeOuts();
+ timeouts.setAssertion(new BigInteger("300"));
+ timeouts.setMOASessionCreated(new BigInteger("2700"));
+ timeouts.setMOASessionUpdated(new BigInteger("1200"));
+ //search timeouts in config
+ if (auth.getGeneralConfiguration() != null) {
+ if (auth.getGeneralConfiguration().getTimeOuts() != null) {
+ if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() != null)
+ timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
+
+ if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() != null)
+ timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
+
+ if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() != null)
+ timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
+
+ } else {
+ Logger.info("No TimeOuts defined. Use default values");
+ }
+ }
+
+ // sets the authentication session and authentication data time outs
+ AuthenticationServer.getInstance()
+ .setSecondsSessionTimeOutCreated(timeouts.getMOASessionCreated().longValue());
+
+ AuthenticationServer.getInstance()
+ .setSecondsSessionTimeOutUpdated(timeouts.getMOASessionUpdated().longValue());
+
+ AuthenticationServer.getInstance()
+ .setSecondsAuthDataTimeOut(timeouts.getAssertion().longValue());
+
+
+
//set PVP2 general config
Protocols protocols = auth.getProtocols();
if (protocols != null) {
@@ -519,6 +532,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
if (protocols.getSAML1() != null) {
allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive());
+
+ //load alternative sourceID
+ if (MiscUtil.isNotEmpty(protocols.getSAML1().getSourceID()))
+ alternativesourceid = protocols.getSAML1().getSourceID();
+
}
if (protocols.getOAuth() != null) {
@@ -562,36 +580,21 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
}
//set alternativeSourceID
- if (auth.getGeneralConfiguration() != null)
- alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID();
-
- // sets the authentication session and authentication data time outs
- BigInteger param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated();
-
- if (param != null) {
- long sessionTimeOut = param.longValue();
- if (sessionTimeOut > 0)
- AuthenticationServer.getInstance()
- .setSecondsSessionTimeOutCreated(sessionTimeOut);
- }
-
- param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated();
- if (param != null) {
- long sessionTimeOut = param.longValue();
- if (sessionTimeOut > 0)
- AuthenticationServer.getInstance()
- .setSecondsSessionTimeOutUpdated(sessionTimeOut);
- }
-
- param = auth.getGeneralConfiguration().getTimeOuts().getAssertion();
- if (param != null) {
- long authDataTimeOut = param.longValue();
- if (authDataTimeOut > 0)
- AuthenticationServer.getInstance()
- .setSecondsAuthDataTimeOut(authDataTimeOut);
- }
-
- else {
+ if (auth.getGeneralConfiguration() != null) {
+
+ //TODO: can be removed in a further version, because it is moved to SAML1 config
+ if (MiscUtil.isEmpty(alternativesourceid))
+ alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID();
+
+ if (MiscUtil.isNotEmpty(auth.getGeneralConfiguration().getPublicURLPreFix()))
+ publicURLPreFix = auth.getGeneralConfiguration().getPublicURLPreFix();
+
+ else {
+ Logger.error("No Public URL Prefix configured.");
+ throw new ConfigurationException("config.05", new Object[]{"Public URL Prefix"});
+ }
+
+ } else {
Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined.");
throw new ConfigurationException("config.02", null);
}
@@ -744,7 +747,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
}
public ProtocolAllowed getAllowedProtocols() {
- return this.allowedProtcols;
+ return allowedProtcols;
}
public PVP2 getGeneralPVP2DBConfig() {
@@ -895,27 +898,27 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
}
}
- public boolean isSSOBusinessService() throws ConfigurationException {
-
- if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null)
- return true;
- else
- return false;
- }
+// public boolean isSSOBusinessService() throws ConfigurationException {
+//
+// if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null)
+// return true;
+// else
+// return false;
+// }
- public IdentificationNumber getSSOBusinessService() throws ConfigurationException {
+ public String getSSOTagetIdentifier() throws ConfigurationException {
if (ssoconfig != null)
- return ssoconfig.getIdentificationNumber();
+ return ssoconfig.getTarget();
else
return null;
}
- public String getSSOTarget() throws ConfigurationException {
- if (ssoconfig!= null)
- return ssoconfig.getTarget();
-
- return null;
- }
+// public String getSSOTarget() throws ConfigurationException {
+// if (ssoconfig!= null)
+// return ssoconfig.getTarget();
+//
+// return null;
+// }
public String getSSOFriendlyName() {
if (ssoconfig!= null) {
@@ -937,16 +940,6 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return new String();
}
- public String getSSOPublicUrl() {
- if (ssoconfig!= null) {
- String url = ssoconfig.getPublicURL();
- if (MiscUtil.isEmpty(url))
- url = new String();
- return url;
- }
- return new String();
- }
-
public String getMOASessionEncryptionKey() {
String prop = props.getProperty("configuration.moasession.key");
@@ -995,6 +988,10 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return Boolean.valueOf(prop);
}
+ public String getPublicURLPrefix() {
+ return publicURLPreFix;
+ }
+
/**
* Retruns the STORK Configuration
* @return STORK Configuration
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index c3943d816..881d3bb2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -322,6 +322,12 @@ public Map<String, String> getFormCustomizaten() {
if (MiscUtil.isNotEmpty(bkuselection.getAppletRedirectTarget()))
map.put(FormBuildUtils.REDIRECTTARGET, bkuselection.getAppletRedirectTarget());
+ if (MiscUtil.isNotEmpty(bkuselection.getAppletHeight()))
+ map.put(FormBuildUtils.APPLET_HEIGHT, bkuselection.getAppletHeight());
+
+ if (MiscUtil.isNotEmpty(bkuselection.getAppletWidth()))
+ map.put(FormBuildUtils.APPLET_WIDTH, bkuselection.getAppletWidth());
+
}
}
@@ -346,6 +352,27 @@ public List<OAStorkAttribute> getRequestedAttributes() {
public List<AttributeProviderPlugin> getStorkAPs() {
return oa_auth.getOASTORK().getAttributeProviders();
+
+public byte[] getBKUSelectionTemplate() {
+
+ TemplatesType templates = oa_auth.getTemplates();
+ if (templates != null && templates.getBKUSelectionTemplate() != null) {
+ return templates.getBKUSelectionTemplate().getTransformation();
+
+ }
+
+ return null;
+}
+
+public byte[] getSendAssertionTemplate() {
+
+ TemplatesType templates = oa_auth.getTemplates();
+ if (templates != null && templates.getSendAssertionTemplate() != null) {
+ return templates.getSendAssertionTemplate().getTransformation();
+
+ }
+
+ return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
index f515ea6bd..7ecd7dde8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
@@ -58,11 +58,13 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAuth;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
import at.gv.egovernment.moa.id.commons.db.dao.config.Organization;
import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SAML1;
import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;
import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer;
@@ -141,11 +143,7 @@ public class BuildFromLegacyConfig {
//Load generic Config
Map<String, String> genericConfiguration = builder.buildGenericConfiguration();
GeneralConfiguration authGeneral = new GeneralConfiguration();
-
- if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID))
- authGeneral.setAlternativeSourceID(
- (String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID));
-
+
if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))
authGeneral.setTrustManagerRevocationChecking(
Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)));
@@ -179,6 +177,19 @@ public class BuildFromLegacyConfig {
final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x");
prot_legacy.setProtocolName(PROTOCOLS_LEGACY_ALLOWED);
+ //set SAML1 config
+ SAML1 saml1 = new SAML1();
+ saml1.setIsActive(true);
+ if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID))
+ saml1.setSourceID((String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID));
+ auth_protocols.setSAML1(saml1);
+
+ //set OAuth config
+ OAuth oauth = new OAuth();
+ oauth.setIsActive(true);
+ auth_protocols.setOAuth(oauth);
+
+ //set PVP2.1 config
PVP2 prot_pvp2 = new PVP2();
auth_protocols.setPVP2(prot_pvp2);
prot_pvp2.setPublicURLPrefix("https://....");
@@ -188,7 +199,7 @@ public class BuildFromLegacyConfig {
prot_pvp2.setOrganization(pvp2_org);
pvp2_org.setDisplayName("OrganisationDisplayName");
pvp2_org.setName("OrganisatioName");
- pvp2_org.setURL("http://www.egiz.gv.at");
+ pvp2_org.setURL("http://testorganisation.at");
List<Contact> pvp2_contacts = new ArrayList<Contact>();
prot_pvp2.setContact(pvp2_contacts);
@@ -357,7 +368,6 @@ public class BuildFromLegacyConfig {
// oa_auth.setUseIFrame(false);
// oa_auth.setUseUTC(oa.getUseUTC());
-
//BKUURLs
BKUURLS bkuurls = new BKUURLS();
bkuurls.setOnlineBKU(oldbkuonline);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
index ecde454dd..66d330d20 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
@@ -116,9 +116,9 @@ public class ProxyConfigurationProvider extends ConfigurationProvider {
*/
public static synchronized ProxyConfigurationProvider reload()
throws ConfigurationException {
- String fileName = System.getProperty(CONFIG_PROPERTY_NAME);
+ String fileName = System.getProperty(PROXY_CONFIG_PROPERTY_NAME);
if (fileName == null) {
- throw new ConfigurationException("config.01", null);
+ throw new ConfigurationException("config.20", null);
}
Logger.info("Loading MOA-ID-PROXY configuration " + fileName);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
index 659035337..ab106e3c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
@@ -70,16 +70,18 @@ public class STORKConfig {
cpepsMap = new HashMap<String, CPEPS>();
- for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) {
+ if (cpeps != null) {
+ for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) {
- try {
- CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL()));
+ try {
+ CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL()));
- cpepsMap.put(cpep.getCountryCode(), moacpep);
+ cpepsMap.put(cpep.getCountryCode(), moacpep);
- } catch (MalformedURLException e) {
- Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
- + cpep.getCountryCode() + " has an invalid URL and is ignored.");
+ } catch (MalformedURLException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid URL and is ignored.");
+ }
}
/*catch (ParserConfigurationException e) {
Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
@@ -95,25 +97,12 @@ public class STORKConfig {
+ cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
}*/
}
-
- SAMLSigningParameter samlsign = null;
- try {
- samlsign = stork.getSAMLSigningParameter(); // TODO Fix nullpointerexception when nothing is configured
- }
- catch (Exception ex) {
- Logger.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found.");
- }
-
- if (samlsign == null) {
- Logger.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found.");
-
attr = new ArrayList<StorkAttribute>();
- try {
- for(StorkAttribute current : stork.getAttributes()) {
- attr.add(current);
- } } catch (Exception ex) { // TODO FIX FIX
- Logger.warn("Error in MOA-ID Configuration. No STORK->Attributes found.");
- }
+ if (stork.getAttributes() != null) {
+ for(StorkAttribute current : stork.getAttributes()) {
+ attr.add(current);
+ }
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 01b80a93f..3af8bcfe5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -22,14 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.entrypoints;
-
-
-import iaik.security.ecc.provider.ECCProvider;
-import iaik.security.provider.IAIK;
-
import java.io.IOException;
-import java.io.PrintWriter;
-import java.security.Security;
+
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
@@ -92,7 +86,7 @@ public class DispatcherServlet extends AuthServlet{
null), ex);
throw new ServletException(ex);
}
- Logger.info("Dispatcher Servlet initialization");
+ Logger.info("Dispatcher Servlet initialization finished.");
}
protected void processRequest(HttpServletRequest req,
@@ -497,7 +491,7 @@ public class DispatcherServlet extends AuthServlet{
}
} catch (Throwable e) {
- e.printStackTrace();
+ Logger.info("An authentication error occous: " + e.getMessage());;
// Try handle module specific, if not possible rethrow
if (!info.generateErrorMessage(e, req, resp, protocolRequest)) {
throw e;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 90863890f..666224b3a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -238,8 +238,9 @@ public class AuthenticationManager extends AuthServlet {
//Build authentication form
+ String publicURLPreFix = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(),
- target.requestedAction(), oaParam, request.getContextPath(), moasession.getSessionID());
+ target.requestedAction(), oaParam, publicURLPreFix, moasession.getSessionID());
//store MOASession
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 78fe43daa..1668c31ce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -66,7 +66,7 @@ import at.gv.egovernment.moa.logging.Logger;
public class MetadataAction implements IAction {
- private static final int VALIDUNTIL_IN_DAYES = 30;
+ private static final int VALIDUNTIL_IN_HOURS = 24;
public String processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
@@ -81,7 +81,7 @@ public class MetadataAction implements IAction {
DateTime date = new DateTime();
- idpEntitiesDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_DAYES));
+ idpEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS));
EntityDescriptor idpEntityDescriptor = SAML2Utils
.createSAMLObject(EntityDescriptor.class);
@@ -95,7 +95,7 @@ public class MetadataAction implements IAction {
idpEntityDescriptor
.setEntityID(PVPConfiguration.getInstance().getIDPPublicPath());
- idpEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_DAYES));
+ idpEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS));
List<ContactPerson> persons = PVPConfiguration.getInstance()
.getIDPContacts();
@@ -114,13 +114,31 @@ public class MetadataAction implements IAction {
Credential metadataSigningCredential = CredentialProvider.getIDPMetaDataSigningCredential();
Signature signature = CredentialProvider
.getIDPSignature(metadataSigningCredential);
+
+ idpEntitiesDescriptor.setSignature(signature);
+
+// //set SignatureMethode
+// signature.setSignatureAlgorithm(PVPConstants.DEFAULT_SIGNING_METHODE);
+//
+// //set DigestMethode
+// List<ContentReference> contentList = signature.getContentReferences();
+// for (ContentReference content : contentList) {
+//
+// if (content instanceof SAMLObjectContentReference) {
+//
+// SAMLObjectContentReference el = (SAMLObjectContentReference) content;
+// el.setDigestAlgorithm(PVPConstants.DEFAULT_DIGESTMETHODE);
+//
+// }
+// }
+
// KeyInfoBuilder metadataKeyInfoBuilder = new KeyInfoBuilder();
// KeyInfo metadataKeyInfo = metadataKeyInfoBuilder.buildObject();
// //KeyInfoHelper.addCertificate(metadataKeyInfo, metadataSigningCredential.);
// signature.setKeyInfo(metadataKeyInfo );
- idpEntitiesDescriptor.setSignature(signature);
+
IDPSSODescriptor idpSSODescriptor = SAML2Utils
.createSAMLObject(IDPSSODescriptor.class);
@@ -222,7 +240,7 @@ public class MetadataAction implements IAction {
String metadataXML = sw.toString();
- //System.out.println("METADATA: " + metadataXML);
+ System.out.println("METADATA: " + metadataXML);
httpResp.setContentType("text/xml");
httpResp.getOutputStream().write(metadataXML.getBytes());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 0172cce2d..7946c7596 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -22,8 +22,17 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
+import org.opensaml.xml.encryption.EncryptionConstants;
+import org.opensaml.xml.signature.SignatureConstants;
+
public interface PVPConstants {
+ public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
+ public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
+ public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128;
+ public static final String DEFAULT_ASYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
+
+
public static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/citizenQAALevel/";
public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1";
public static final String STORK_QAA_1_2 = "http://www.stork.gov.eu/1.0/citizenQAALevel/2";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
new file mode 100644
index 000000000..80789cd12
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.config;
+
+import org.opensaml.Configuration;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.saml2.binding.encoding.BaseSAML2MessageEncoder;
+import org.opensaml.xml.ConfigurationException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOADefaultBootstrap extends DefaultBootstrap {
+
+ public static synchronized void bootstrap() throws ConfigurationException {
+
+ initializeXMLSecurity();
+
+ initializeXMLTooling();
+
+ initializeArtifactBuilderFactories();
+
+ initializeGlobalSecurityConfiguration();
+
+ initializeParserPool();
+
+ initializeESAPI();
+
+ }
+
+
+
+ /**
+ * Initializes the default global security configuration.
+ */
+ protected static void initializeGlobalSecurityConfiguration() {
+ Configuration.setGlobalSecurityConfiguration(MOADefaultSecurityConfigurationBootstrap.buildDefaultConfig());
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java
new file mode 100644
index 000000000..1563ba9be
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.config;
+
+import org.opensaml.xml.encryption.EncryptionConstants;
+import org.opensaml.xml.security.BasicSecurityConfiguration;
+import org.opensaml.xml.security.DefaultSecurityConfigurationBootstrap;
+import org.opensaml.xml.signature.SignatureConstants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOADefaultSecurityConfigurationBootstrap extends
+ DefaultSecurityConfigurationBootstrap {
+
+ public static BasicSecurityConfiguration buildDefaultConfig() {
+ BasicSecurityConfiguration config = new BasicSecurityConfiguration();
+
+ populateSignatureParams(config);
+ populateEncryptionParams(config);
+ populateKeyInfoCredentialResolverParams(config);
+ populateKeyInfoGeneratorManager(config);
+ populateKeyParams(config);
+
+ return config;
+ }
+
+ protected static void populateSignatureParams(
+ BasicSecurityConfiguration config) {
+
+ //use SHA256 instead of SHA1
+ config.registerSignatureAlgorithmURI("RSA",
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+
+ config.registerSignatureAlgorithmURI("DSA",
+ "http://www.w3.org/2000/09/xmldsig#dsa-sha1");
+
+ //use SHA256 instead of SHA1
+ config.registerSignatureAlgorithmURI("EC",
+ SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
+
+ //use SHA256 instead of SHA1
+ config.registerSignatureAlgorithmURI("AES",
+ SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
+
+
+ config.registerSignatureAlgorithmURI("DESede",
+ SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
+
+ config.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
+ config.setSignatureHMACOutputLength(null);
+
+ //use SHA256 instead of SHA1
+ config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
+ }
+
+ protected static void populateEncryptionParams(
+ BasicSecurityConfiguration config) {
+ config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128),
+ "http://www.w3.org/2001/04/xmlenc#aes128-cbc");
+ config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192),
+ "http://www.w3.org/2001/04/xmlenc#aes192-cbc");
+ config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256),
+ "http://www.w3.org/2001/04/xmlenc#aes256-cbc");
+
+ //support GCM mode
+ config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128),
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM);
+
+ config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192),
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM);
+
+ config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256),
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM);
+
+
+ config.registerDataEncryptionAlgorithmURI("DESede",
+ Integer.valueOf(168),
+ "http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
+ config.registerDataEncryptionAlgorithmURI("DESede",
+ Integer.valueOf(192),
+ "http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
+
+ config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "AES",
+ "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
+
+ config.registerKeyTransportEncryptionAlgorithmURI("RSA", null,
+ "DESede", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
+
+ config.registerKeyTransportEncryptionAlgorithmURI("AES",
+ Integer.valueOf(128), null,
+ "http://www.w3.org/2001/04/xmlenc#kw-aes128");
+ config.registerKeyTransportEncryptionAlgorithmURI("AES",
+ Integer.valueOf(192), null,
+ "http://www.w3.org/2001/04/xmlenc#kw-aes192");
+ config.registerKeyTransportEncryptionAlgorithmURI("AES",
+ Integer.valueOf(256), null,
+ "http://www.w3.org/2001/04/xmlenc#kw-aes256");
+ config.registerKeyTransportEncryptionAlgorithmURI("DESede",
+ Integer.valueOf(168), null,
+ "http://www.w3.org/2001/04/xmlenc#kw-tripledes");
+ config.registerKeyTransportEncryptionAlgorithmURI("DESede",
+ Integer.valueOf(192), null,
+ "http://www.w3.org/2001/04/xmlenc#kw-tripledes");
+
+ config.setAutoGeneratedDataEncryptionKeyAlgorithmURI("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 769e36fc1..ebfffb648 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -25,9 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.config;
import iaik.x509.X509Certificate;
import java.io.File;
-import java.io.IOException;
import java.net.URL;
-import java.net.URLClassLoader;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.List;
@@ -35,6 +33,7 @@ import java.util.Properties;
import java.util.jar.Attributes;
import java.util.jar.Manifest;
+import org.opensaml.Configuration;
import org.opensaml.saml2.metadata.Company;
import org.opensaml.saml2.metadata.ContactPerson;
import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration;
@@ -47,10 +46,10 @@ import org.opensaml.saml2.metadata.OrganizationName;
import org.opensaml.saml2.metadata.OrganizationURL;
import org.opensaml.saml2.metadata.SurName;
import org.opensaml.saml2.metadata.TelephoneNumber;
+import org.opensaml.xml.security.SecurityConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
-import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -111,21 +110,21 @@ public class PVPConfiguration {
private static String moaIDVersion = null;
- PVP2 generalpvpconfigdb;
+ //PVP2 generalpvpconfigdb;
Properties props;
private PVPConfiguration() {
try {
- generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig();
+ //generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig();
props = AuthConfigurationProvider.getInstance().getGeneralPVP2ProperiesConfig();
-
+
} catch (ConfigurationException e) {
e.printStackTrace();
}
}
- public String getIDPPublicPath() {
- String publicPath = generalpvpconfigdb.getPublicURLPrefix();
+ public String getIDPPublicPath() throws ConfigurationException {
+ String publicPath = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
if(publicPath != null) {
if(publicPath.endsWith("/")) {
int length = publicPath.length();
@@ -135,15 +134,15 @@ public class PVPConfiguration {
return publicPath;
}
- public String getIDPSSOPostService() {
+ public String getIDPSSOPostService() throws ConfigurationException {
return getIDPPublicPath() + PVP2_POST;
}
- public String getIDPSSORedirectService() {
+ public String getIDPSSORedirectService() throws ConfigurationException {
return getIDPPublicPath() + PVP2_REDIRECT;
}
- public String getIDPSSOMetadataService() {
+ public String getIDPSSOMetadataService() throws ConfigurationException {
return getIDPPublicPath() + PVP2_METADATA;
}
@@ -171,13 +170,13 @@ public class PVPConfiguration {
return props.getProperty(IDP_KEY_PASSASSERTION);
}
- public String getIDPIssuerName() {
+ public String getIDPIssuerName() throws ConfigurationException {
if (moaIDVersion == null) {
moaIDVersion = parseMOAIDVersionFromManifest();
}
- return generalpvpconfigdb.getIssuerName() + moaIDVersion;
+ return AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig().getIssuerName() + moaIDVersion;
}
public List<String> getMetadataFiles() {
@@ -250,10 +249,10 @@ public class PVPConfiguration {
}
}
- public List<ContactPerson> getIDPContacts() {
+ public List<ContactPerson> getIDPContacts() throws ConfigurationException {
List<ContactPerson> list = new ArrayList<ContactPerson>();
- List<Contact> contacts = generalpvpconfigdb.getContact();
+ List<Contact> contacts = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig().getContact();
if (contacts != null) {
@@ -344,10 +343,10 @@ public class PVPConfiguration {
return list;
}
- public Organization getIDPOrganisation() {
+ public Organization getIDPOrganisation() throws ConfigurationException {
Organization org = SAML2Utils.createSAMLObject(Organization.class);
- at.gv.egovernment.moa.id.commons.db.dao.config.Organization organisation = generalpvpconfigdb.getOrganization();
+ at.gv.egovernment.moa.id.commons.db.dao.config.Organization organisation = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig().getOrganization();
String org_name = null;
String org_dispname = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index f4b48ece3..229158778 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
import java.util.ArrayList;
import java.util.List;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -45,7 +44,6 @@ import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.security.MetadataCredentialResolver;
import org.opensaml.security.MetadataCriteria;
import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.encryption.EncryptionConstants;
import org.opensaml.xml.encryption.EncryptionException;
import org.opensaml.xml.encryption.EncryptionParameters;
import org.opensaml.xml.encryption.KeyEncryptionParameters;
@@ -57,6 +55,7 @@ import org.opensaml.xml.security.criteria.UsageCriteria;
import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
import org.opensaml.xml.security.x509.X509Credential;
+
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
@@ -96,7 +95,9 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
Response authResponse = SAML2Utils.createSAMLObject(Response.class);
Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
- nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
+
+ //change to entity value from entity name to IDP EntityID (URL)
+ nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
nissuer.setFormat(NameID.ENTITY);
authResponse.setIssuer(nissuer);
authResponse.setInResponseTo(authnRequest.getID());
@@ -123,12 +124,11 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
AssertionConsumerService consumerService = spSSODescriptor
.getAssertionConsumerServices().get(idx);
- if (consumerService == null) {
- //TODO: maybe use default ConsumerService
-
+ if (consumerService == null) {
throw new InvalidAssertionConsumerServiceException(idx);
}
+
String oaURL = consumerService.getLocation();
//check, if metadata includes an encryption key
@@ -156,19 +156,19 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
try {
EncryptionParameters dataEncParams = new EncryptionParameters();
- dataEncParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
-
+ dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE);
+
List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>();
KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters();
keyEncParam.setEncryptionCredential(encryptionCredentials);
- keyEncParam.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
+ keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE);
KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration()
.getKeyInfoGeneratorManager().getDefaultManager()
.getFactory(encryptionCredentials);
keyEncParam.setKeyInfoGenerator(kigf.newInstance());
keyEncParamList.add(keyEncParam);
-
+
Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList);
//samlEncrypter.setKeyPlacement(KeyPlacement.INLINE);
samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
@@ -176,7 +176,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
EncryptedAssertion encryptAssertion = null;
encryptAssertion = samlEncrypter.encrypt(assertion);
-
+
authResponse.getEncryptedAssertions().add(encryptAssertion);
} catch (EncryptionException e1) {
@@ -189,10 +189,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
authResponse.getAssertions().add(assertion);
}
-
-
-
-
+
IEncoder binding = null;
if (consumerService.getBinding().equals(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index 4ef9919ca..550643da1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -22,7 +22,6 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
-import java.util.Iterator;
import java.util.List;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
@@ -44,18 +43,25 @@ import at.gv.egovernment.moa.logging.Logger;
public class EntityVerifier {
public static byte[] fetchSavedCredential(String entityID) {
- List<OnlineApplication> oaList = ConfigurationDBRead
- .getAllActiveOnlineApplications();
- Iterator<OnlineApplication> oaIt = oaList.iterator();
- while (oaIt.hasNext()) {
- OnlineApplication oa = oaIt.next();
- if (oa.getPublicURLPrefix().equals(entityID)) {
+// List<OnlineApplication> oaList = ConfigurationDBRead
+// .getAllActiveOnlineApplications();
+
+ OnlineApplication oa = ConfigurationDBRead
+ .getActiveOnlineApplication(entityID);
+
+// Iterator<OnlineApplication> oaIt = oaList.iterator();
+// while (oaIt.hasNext()) {
+// OnlineApplication oa = oaIt.next();
+// if (oa.getPublicURLPrefix().equals(entityID)) {
+
+ if (oa != null && oa.getAuthComponentOA() != null) {
+
OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2();
if (pvp2Config != null) {
return pvp2Config.getCertificate();
}
}
- }
+// }
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
index f0ae6f446..ed0cf9c62 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
@@ -25,7 +25,9 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
import iaik.x509.X509Certificate;
import java.security.cert.CertificateException;
+import java.util.ArrayList;
import java.util.Iterator;
+import java.util.List;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -69,13 +71,17 @@ public class MetadataSignatureFilter implements MetadataFilter {
while(entID.hasNext()) {
processEntitiesDescriptor(entID.next());
}
-
+
Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator();
-
- //check every Entity
+
+ List<EntityDescriptor> verifiedEntIT = new ArrayList<EntityDescriptor>();
+
+ //check every Entity
+
while(entIT.hasNext()) {
EntityDescriptor entity = entIT.next();
+
String entityID = entity.getEntityID();
//CHECK if Entity also match MetaData signature.
@@ -92,17 +98,31 @@ public class MetadataSignatureFilter implements MetadataFilter {
EntityVerifier.verify(desc, entityCrendential);
+ //add entity to verified entity-list
+ verifiedEntIT.add(entity);
+
} catch (Exception e) {
- throw new MOAIDException("The App", null, e);
+
+ //remove entity of signature can not be verified.
+ Logger.info("Entity " + entityID + " is removed from metadata "
+ + desc.getName() + ". Entity verification error: " + e.getMessage());
+// throw new MOAIDException("The App", null, e);
}
} else {
- throw new NoCredentialsException("NO Certificate found for OA " + entityID);
+ //remove entity if it is not registrated as OA
+ Logger.info("Entity " + entityID + " is removed from metadata "
+ + desc.getName() + ". Entity is not registrated or no certificate is found!");
+// throw new NoCredentialsException("NO Certificate found for OA " + entityID);
}
-
+
//TODO: insert to support signed Entity-Elements
//processEntityDescriptorr(entIT.next());
- }
+ }
+
+ //set only verified entity elements
+ desc.getEntityDescriptors().clear();
+ desc.getEntityDescriptors().addAll(verifiedEntIT);
}
public void doFilter(XMLObject metadata) throws FilterException {
@@ -114,6 +134,13 @@ public class MetadataSignatureFilter implements MetadataFilter {
}
processEntitiesDescriptor(entitiesDescriptor);
+
+ if (entitiesDescriptor.getEntityDescriptors().size() == 0) {
+ throw new MOAIDException("No valid entity in metadata "
+ + entitiesDescriptor.getName() + ". Metadata is not loaded.", null);
+ }
+
+
} else if (metadata instanceof EntityDescriptor) {
EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
processEntityDescriptorr(entityDescriptor);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
index 86da34e1c..9f3de08aa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
@@ -267,7 +267,7 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
//make file name absolut (if it is relative to main config file)
//TODO MOAID XMLLPR check
- String moaIDConfigFileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
+ String moaIDConfigFileName = System.getProperty(ConfigurationProvider.PROXY_CONFIG_PROPERTY_NAME);
String rootConfigFileDir = new File(moaIDConfigFileName).getParent();
this.identityFile = FileUtils.makeAbsoluteURL(configuration, rootConfigFileDir);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java
index 37ead5cff..d3ac574f8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java
@@ -43,6 +43,8 @@ public class FormBuildUtils {
public static String FONTFAMILY = "#FONTTYPE#";
public static String HEADER_TEXT = "#HEADER_TEXT#";
public static String REDIRECTTARGET = "#REDIRECTTARGET#";
+ public static String APPLET_HEIGHT = "#APPLETHEIGHT#";
+ public static String APPLET_WIDTH = "#APPLETWIDTH#";
private static String MANDATEVISIBLE = "#MANDATEVISIBLE#";
private static String MANDATECHECKED = "#MANDATECHECKED#";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 3b6e001bf..9df283965 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -68,6 +68,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
@@ -266,7 +267,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
// if non parameter is given return true
if (StringUtils.isEmpty(template)) {
Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL ist null");
- return true;
+ return false;
}
// check if template is a valid URL
@@ -293,7 +294,8 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
//get OA specific template URLs
if (oaSlTemplates != null && oaSlTemplates.size() > 0) {
for (TemplateType el : oaSlTemplates)
- trustedTemplateURLs.add(el.getURL());
+ if (MiscUtil.isNotEmpty(el.getURL()))
+ trustedTemplateURLs.add(el.getURL());
}
boolean b = trustedTemplateURLs.contains(template);
@@ -308,13 +310,17 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
}
+ } else if (template.startsWith("file")){
+ new URL(template);
+ Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich ueberprueft");
+ Logger.debug("Load SL-Layer Template from local filesystem " + template);
+ return true;
+
+ } else {
+ Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL. Paramter beginnt nicht mit http oder https.");
+ return false;
}
- else {
- Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL. Paramter beginnt nicht mit http oder https.");
- return false;
- }
-
-
+
} catch (MalformedURLException e) {
Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL.", e);
return false;
@@ -513,8 +519,8 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
if (MiscUtil.isEmpty(bkuURL))
throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
- if (MiscUtil.isEmpty(templateURL))
- throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+// if (MiscUtil.isEmpty(templateURL))
+// throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
if (!ParamValidatorUtils.isValidUseMandate(useMandate))
throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
if (!ParamValidatorUtils.isValidCCC(ccc))
@@ -524,7 +530,9 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
return false;
}
- if (StringUtils.isEmpty(oaURL) || StringUtils.isEmpty(templateURL) || StringUtils.isEmpty(bkuURL))
+ if (StringUtils.isEmpty(oaURL)
+ //|| StringUtils.isEmpty(templateURL)
+ || StringUtils.isEmpty(bkuURL) )
return false;
else
return true;