diff options
Diffstat (limited to 'id/server/idserverlib/src')
32 files changed, 814 insertions, 1992 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 66093b851..a35b45af2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -63,10 +63,8 @@ public class MOAIDAuthInitializer { */ public static void initialize(GenericWebApplicationContext rootContext) throws ConfigurationException, PKIException, IOException, GeneralSecurityException { - Logger.setHierarchy("moa.id.auth"); - Logger.info("Default java file.encoding: " - + System.getProperty("file.encoding")); - + Logger.info("Set SystemProperty for UTF-8 file.encoding as default"); + System.setProperty("file.encoding", "UTF-8"); //JDK bug workaround according to: // http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier @@ -149,11 +147,7 @@ public class MOAIDAuthInitializer { throw new ConfigurationException("config.10", new Object[] { e .toString() }, e); } - - - //IAIK.addAsProvider(); - //ECCProvider.addAsProvider(); - + Security.insertProviderAt(IAIK.getInstance(), 0); ECCelerate eccProvider = ECCelerate.getInstance(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 3e6308bf6..acf59cebf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -36,6 +36,7 @@ import java.util.Map.Entry; import javax.annotation.PostConstruct; +import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.w3c.dom.DOMException; @@ -75,11 +76,15 @@ import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; @@ -212,6 +217,18 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder try { //generate basic authentication data generateBasicAuthData(authData, protocolRequest, session); + + //set Austrian eID demo-mode flag + authData.setIseIDNewDemoMode(Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))); + + if (authData.isIseIDNewDemoMode()) { + Logger.info("Demo-mode for 'New Austrian eID' is active. Set 'BaseIDTransferRestrication' to true"); + authData.setBaseIDTransferRestrication(true); + + } // #### generate MOA-ID specific authentication data ###### @@ -519,7 +536,27 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } //build foreign bPKs - generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested()); + generateForeignbPK(oaParam, authData); + + + if (Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))) { + Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... "); + + //build additional bPKs + Logger.debug("Search for additional bPKs"); + generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested()); + + Logger.debug("Clearing identitylink ... "); + authData.setIdentityLink(null); + + Logger.debug("Clearing authBlock ... "); + authData.setAuthBlock(null); + + Logger.info("Post-Processing for Austrian eID finished"); + } //#################################################################### //copy all generic authentication information, which are not processed before to authData @@ -773,9 +810,41 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } - private void generateForeignbPK(MOAAuthenticationData authData, List<String> foreignSectors) { + private void generateForeignbPK(IOAAuthParameters oaParam, MOAAuthenticationData authData) { + List<String> foreignSectors = oaParam.foreignbPKSectorsRequested(); + if (foreignSectors != null && !foreignSectors.isEmpty()) { - Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + + + String mandatorBaseId = null; + String mandatorBaseIdType = null; + boolean isMandatorBaseIdAvailable = false; + if (authData.isUseMandate()) { + try { + Logger.trace("Mandates are used. Extracting mandators sourceID from mandate to calculate foreign encrypted bPKs... "); + + //TODO: remove this workaround in a further version!!! + boolean flagBak = authData.isBaseIDTransferRestrication(); + authData.setBaseIDTransferRestrication(false); + mandatorBaseId = new MandateNaturalPersonSourcePinAttributeBuilder().build( + oaParam, authData, new SimpleStringAttributeGenerator()); + mandatorBaseIdType = new MandateNaturalPersonSourcePinTypeAttributeBuilder().build( + oaParam, authData, new SimpleStringAttributeGenerator()); + authData.setBaseIDTransferRestrication(flagBak); + + isMandatorBaseIdAvailable = StringUtils.isNotEmpty(mandatorBaseId) && StringUtils.isNotEmpty(mandatorBaseIdType); + if (!isMandatorBaseIdAvailable) + Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate."); + + } catch (Exception e) { + Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate. Reason: " + e.getMessage()); + if (Logger.isTraceEnabled()) + Logger.warn("Detail: ", e); + + } + } + for (String foreignSector : foreignSectors) { Logger.trace("Process sector: " + foreignSector + " ... "); if (encKeyMap.containsKey(foreignSector)) { @@ -805,9 +874,23 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder authData.getIdentificationType(), sector); String foreignbPK = BPKBuilder.encryptBPK(bpk.getFirst(), bpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey()); - authData.getEncbPKList().add("(" + foreignSector + "|" + foreignbPK + ")"); + + authData.getEncbPKList().add(Pair.newInstance(foreignbPK, foreignSector)); Logger.debug("Foreign bPK for sector: " + foreignSector + " created."); + + //calculate foreign bPKs for natural-person mandates + if (isMandatorBaseIdAvailable) { + Pair<String, String> mandatorbpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( + mandatorBaseId, + mandatorBaseIdType, + sector); + String foreignMandatorbPK = BPKBuilder.encryptBPK(mandatorbpk.getFirst(), mandatorbpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey()); + + authData.getEncMandateNaturalPersonbPKList().add(Pair.newInstance(foreignMandatorbPK, foreignSector)); + Logger.debug("Foreign mandator bPK for sector: " + foreignSector + " created."); + + } } } catch (Exception e) { @@ -827,4 +910,20 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } + private void generateAdditonalbPK(MOAAuthenticationData authData, List<String> additionalbPKSectorsRequested) throws EAAFBuilderException { + if (additionalbPKSectorsRequested != null && !additionalbPKSectorsRequested.isEmpty()) { + Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + for (String sector : additionalbPKSectorsRequested) { + Logger.trace("Process sector: " + sector + " ... "); + Pair<String, String> bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( + authData.getIdentificationValue(), + authData.getIdentificationType(), + sector); + + Logger.trace("Calculate additional bPK for sector: " + bpk.getSecond() + " with value: " + bpk.getFirst() ); + authData.addAdditionalbPKPair(bpk); + + } + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java new file mode 100644 index 000000000..e19d40773 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java @@ -0,0 +1,66 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.internal.tasks; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Component("GenericFrontChannelRedirectTask") +public class GenericFrontChannelRedirectTask extends AbstractAuthServletTask { + + @Autowired IGUIFormBuilder guiBuilder; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + //perform redirect to itself to get out from BKU communication + Logger.trace("Perform generic 'http Redirect' to MOA-ID ... "); + performRedirectToItself(pendingReq, response, GeneralProcessEngineSignalController.ENDPOINT_GENERIC); + + } catch (Exception e) { + Logger.info("Generic redirect to MOA-ID: General Exception. Msg:" + e.getMessage()); + throw new TaskExecutionException(pendingReq, "MOA-ID-Auth: General Exception.", e); + + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index 0285dd75b..14a2b583b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -105,6 +105,7 @@ public class LogOutServlet { } catch (Exception e) { resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed."); + Logger.warn("Requested URL is not in PublicPrefix Configuration"); return; } finally { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index e5a8bb739..478462adb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -86,7 +86,8 @@ public class RedirectServlet { List<String> allowedPublicUrlPrefixes = authConfig.getPublicURLPrefix(); if ((oa == null && !checkRedirectToItself(url, allowedPublicUrlPrefixes)) - || !authConfig.getPublicURLPrefix().contains(authURL)) { + || !authConfig.getPublicURLPrefix().contains(authURL)) { + Logger.warn("Requested URL " + authURL + " is not in PublicPrefix Configuration"); resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); return; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java index 5aa3a691f..791aa51b7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java @@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moaspss.logging.Logger; /** * @author tlenz @@ -58,6 +59,8 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { String uniqueSessionIdentifier = null; + Logger.trace("PreProcess req. in " + UniqueSessionIdentifierInterceptor.class.getName()); + //if SSOManager is available, search SessionIdentifier in SSO session if (ssomanager != null) { String ssoId = ssomanager.getSSOSessionID(request); @@ -78,8 +81,10 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { } //if NO SSOSession and no PendingRequest create new SessionIdentifier - if (StringUtils.isEmpty(uniqueSessionIdentifier)) + if (StringUtils.isEmpty(uniqueSessionIdentifier)) { uniqueSessionIdentifier = Random.nextHexRandom16(); + Logger.debug("Set new UniqueSessionIdentifier: " + uniqueSessionIdentifier); + } TransactionIDUtils.setSessionId(uniqueSessionIdentifier); request.setAttribute(EAAFConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java deleted file mode 100644 index c25751aa4..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ /dev/null @@ -1,1221 +0,0 @@ -///******************************************************************************* -// * Copyright 2014 Federal Chancellery Austria -// * MOA-ID has been developed in a cooperation between BRZ, the Federal -// * Chancellery Austria - ICT staff unit, and Graz University of Technology. -// * -// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by -// * the European Commission - subsequent versions of the EUPL (the "Licence"); -// * You may not use this work except in compliance with the Licence. -// * You may obtain a copy of the Licence at: -// * http://www.osor.eu/eupl/ -// * -// * Unless required by applicable law or agreed to in writing, software -// * distributed under the Licence is distributed on an "AS IS" basis, -// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// * See the Licence for the specific language governing permissions and -// * limitations under the Licence. -// * -// * This product combines work with different licenses. See the "NOTICE" text -// * file for details on the various modules and licenses. -// * The "NOTICE" text file is part of the distribution. Any derivative works -// * that you distribute must include a readable copy of the "NOTICE" text file. -// ******************************************************************************/ -///* -// * Copyright 2003 Federal Chancellery Austria -// * MOA-ID has been developed in a cooperation between BRZ, the Federal -// * Chancellery Austria - ICT staff unit, and Graz University of Technology. -// * -// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by -// * the European Commission - subsequent versions of the EUPL (the "Licence"); -// * You may not use this work except in compliance with the Licence. -// * You may obtain a copy of the Licence at: -// * http://www.osor.eu/eupl/ -// * -// * Unless required by applicable law or agreed to in writing, software -// * distributed under the Licence is distributed on an "AS IS" basis, -// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// * See the Licence for the specific language governing permissions and -// * limitations under the Licence. -// * -// * This product combines work with different licenses. See the "NOTICE" text -// * file for details on the various modules and licenses. -// * The "NOTICE" text file is part of the distribution. Any derivative works -// * that you distribute must include a readable copy of the "NOTICE" text file. -// */ -// -// -//package at.gv.egovernment.moa.id.config.auth; -// -//import java.io.File; -//import java.io.FileInputStream; -//import java.io.FileNotFoundException; -//import java.io.IOException; -//import java.math.BigInteger; -//import java.net.MalformedURLException; -//import java.util.ArrayList; -//import java.util.Arrays; -//import java.util.Date; -//import java.util.HashMap; -//import java.util.List; -//import java.util.Map; -//import java.util.Properties; -// -//import javax.xml.bind.JAXBContext; -//import javax.xml.bind.Unmarshaller; -// -//import org.hibernate.cfg.Configuration; -// -//import at.gv.egovernment.moa.id.auth.AuthenticationServer; -//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -//import at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask; -//import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -//import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; -// -//import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; -//import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; -//import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; -//import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; -//import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; -//import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; -//import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; -//import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; -//import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; -//import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; -//import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; -//import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; -//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; -//import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; -//import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; -//import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; -//import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; -//import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; -//import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; -//import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; -//import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; -//import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; -//import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; -//import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; -//import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; -//import at.gv.egovernment.moa.id.config.ConfigurationException; -//import at.gv.egovernment.moa.id.config.ConfigurationProvider; -//import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl; -//import at.gv.egovernment.moa.id.config.ConfigurationUtils; -//import at.gv.egovernment.moa.id.config.ConnectionParameter; -//import at.gv.egovernment.moa.id.config.ConnectionParameterForeign; -//import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; -//import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; -//import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed; -//import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; -//import at.gv.egovernment.moa.id.config.stork.STORKConfig; -//import at.gv.egovernment.moa.id.data.IssuerAndSerial; -//import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore; -//import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; -//import at.gv.egovernment.moa.logging.Logger; -//import at.gv.egovernment.moa.util.MiscUtil; -//import at.gv.util.config.EgovUtilPropertiesConfiguration; -// -//import com.fasterxml.jackson.annotation.JsonIgnore; -//import com.fasterxml.jackson.annotation.JsonProperty; -// -///** -// * A class providing access to the Auth Part of the MOA-ID configuration data. -// * -// * <p>Configuration data is read from an XML file, whose location is given by -// * the <code>moa.id.configuration</code> system property.</p> -// * <p>This class implements the Singleton pattern. The <code>reload()</code> -// * method can be used to update the configuration data. Therefore, it is not -// * guaranteed that consecutive calls to <code>getInstance()</code> will return -// * the same <code>AuthConfigurationProvider</code> all the time. During the -// * processing of a web service request, the current -// * <code>TransactionContext</code> should be used to obtain the -// * <code>AuthConfigurationProvider</code> local to that request.</p> -// * -// * @author Patrick Peck -// * @author Stefan Knirsch -// * -// * @version $Id$ -// * -// *@deprecated Use {@link AuthConfigProviderFactory} instead -// */ -//public class AuthConfigurationProvider extends ConfigurationProviderImpl implements AuthConfiguration { -// -//// /** DEFAULT_ENCODING is "UTF-8" */ -//// private static final String DEFAULT_ENCODING="UTF-8"; -// /** -// * The name of the generic configuration property giving the authentication session time out. -// */ -// public static final String AUTH_SESSION_TIMEOUT_PROPERTY = -// "AuthenticationSession.TimeOut"; -// /** -// * The name of the generic configuration property giving the authentication data time out. -// */ -// public static final String AUTH_DATA_TIMEOUT_PROPERTY = -// "AuthenticationData.TimeOut"; -// -// /** -// * BKUSelectionType HTMLComplete, according to schema type <code>BKUSelectionType</code> -// */ -// public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE = -// "HTMLComplete"; -// -// /** -// * BKUSelectionType HTMLSelect, according to schema type <code>BKUSelectionType</code> -// */ -// public static final String BKU_SELECTION_TYPE_HTMLSELECT = -// "HTMLSelect"; -// -// /** -// * The name of the generic configuration property allowing https connection to -// * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets) -// */ -// public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY = -// "FrontendServlets.EnableHTTPConnection"; -// -// /** -// * The name of the generic configuration property allowing to set a individual -// * DATA URL used to communicate with the BKU (SecurityLayer) -// */ -// public static final String INDIVIDUAL_DATA_URL_PREFIX = -// "FrontendServlets.DataURLPrefix"; -// -// /** Singleton instance. <code>null</code>, if none has been created. */ -// private static AuthConfigurationProvider instance; -// -// // -// // configuration data -// // -// private static MOAIDConfiguration moaidconfig = null; -// -// private static Properties props = null; -// -// private static STORKConfig storkconfig = null; -// -// private static TimeOuts timeouts = null; -// -// private static PVP2 pvp2general = null; -// -// private static String alternativesourceid = null; -// -// private static List<String> legacyallowedprotocols = new ArrayList<String>(); -// private static ProtocolAllowed allowedProtcols = null; -// -// private static VerifyAuthBlock verifyidl = null; -// -// private static ConnectionParameter MoaSpConnectionParameter = null; -// private static ConnectionParameter ForeignIDConnectionParameter = null; -// private static ConnectionParameter OnlineMandatesConnectionParameter = null; -// -// private static String MoaSpIdentityLinkTrustProfileID = null; -// -// private static List<String> TransformsInfos = null; -// private static List<String> IdentityLinkX509SubjectNames = new ArrayList<String>(); -// -// private static Map<String, String> SLRequestTemplates = new HashMap<String, String>(); -// private static Map<String, String> DefaultBKUURLs = new HashMap<String, String>(); -// -// private static SSO ssoconfig = null; -// -// private EgovUtilPropertiesConfiguration eGovUtilsConfig = null; -// -// private static Date date = null; -// -// private String publicURLPreFix = null; -// -// /** -// * Return the single instance of configuration data. -// * -// * @return AuthConfigurationProvider The current configuration data. -// * @throws ConfigurationException -// */ -// public static synchronized AuthConfigurationProvider getInstance() -// throws ConfigurationException { -// -// if (instance == null) { -// reload(); -// } -// return instance; -// } -// -// public static Date getTimeStamp() { -// return date; -// } -// -// /** -// * Reload the configuration data and set it if successful. -// * -// * @return AuthConfigurationProvider The loaded configuration data. -// * @throws ConfigurationException Failure to load the configuration data. -// */ -// public static synchronized AuthConfigurationProvider reload() -// throws ConfigurationException { -// String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); -// if (fileName == null) { -// throw new ConfigurationException("config.01", null); -// } -// Logger.info("Loading MOA-ID-AUTH configuration " + fileName); -// -// instance = new AuthConfigurationProvider(fileName); -// return instance; -// } -// -// -// /** -// * Constructor for AuthConfigurationProvider. -// * @param fileName -// * @throws ConfigurationException -// */ -// public AuthConfigurationProvider(String fileName) -// throws ConfigurationException { -// -// load(fileName); -// } -// -// /** -// * Protected constructor. Used by unit tests. -// */ -// protected AuthConfigurationProvider() { -// } -// -// /** -// * Load the configuration data from XML file with the given name and build -// * the internal data structures representing the MOA ID configuration. -// * -// * @param fileName The name of the XML file to load. -// * @throws ConfigurationException The MOA configuration could not be -// * read/built. -// */ -// private void load(String fileName) throws ConfigurationException { -// -// try { -// //Initial Hibernate Framework -// Logger.trace("Initializing Hibernate framework."); -// -// //Load MOAID-2.0 properties file -// File propertiesFile = new File(fileName); -// FileInputStream fis = null; -// props = new Properties(); -// -// // determine the directory of the root config file -// rootConfigFileDir = new File(fileName).getParent(); -// -// try { -// rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); -// -// } catch (MalformedURLException t) { -// throw new ConfigurationException("config.03", null, t); -// } -// -// try { -// fis = new FileInputStream(propertiesFile); -// props.load(fis); -// -// // read MOAID Session Hibernate properties -// Properties moaSessionProp = new Properties(); -// for (Object key : props.keySet()) { -// String propPrefix = "moasession."; -// if (key.toString().startsWith(propPrefix+"hibernate")) { -// String propertyName = key.toString().substring(propPrefix.length()); -// moaSessionProp.put(propertyName, props.get(key.toString())); -// } -// } -// -// // read Config Hibernate properties -// Properties configProp = new Properties(); -// for (Object key : props.keySet()) { -// String propPrefix = "configuration."; -// if (key.toString().startsWith(propPrefix+"hibernate")) { -// String propertyName = key.toString().substring(propPrefix.length()); -// configProp.put(propertyName, props.get(key.toString())); -// } -// } -// -// // read advanced logging properties -// Properties statisticProps = new Properties(); -// for (Object key : props.keySet()) { -// String propPrefix = "advancedlogging."; -// if (key.toString().startsWith(propPrefix+"hibernate")) { -// String propertyName = key.toString().substring(propPrefix.length()); -// statisticProps.put(propertyName, props.get(key.toString())); -// } -// } -// -// // initialize hibernate -// synchronized (AuthConfigurationProvider.class) { -// -// //Initial config Database -// // ConfigurationDBUtils.initHibernate(configProp); -// -// //initial MOAID Session Database -// Configuration config = new Configuration(); -// config.addAnnotatedClass(AssertionStore.class); -// config.addAnnotatedClass(AuthenticatedSessionStore.class); -// config.addAnnotatedClass(OASessionStore.class); -// config.addAnnotatedClass(OldSSOSessionIDStore.class); -// config.addAnnotatedClass(ExceptionStore.class); -// config.addAnnotatedClass(InterfederationSessionStore.class); -// config.addAnnotatedClass(ProcessInstanceStore.class); -// config.addProperties(moaSessionProp); -// MOASessionDBUtils.initHibernate(config, moaSessionProp); -// -// //initial advanced logging -// if (isAdvancedLoggingActive()) { -// Logger.info("Advanced statistic log is activated, starting initialization process ..."); -// Configuration statisticconfig = new Configuration(); -// statisticconfig.addAnnotatedClass(StatisticLog.class); -// statisticconfig.addProperties(statisticProps); -// StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps); -// Logger.info("Advanced statistic log is initialized."); -// } -// -// } -// Logger.trace("Hibernate initialization finished."); -// -// } catch (FileNotFoundException e) { -// throw new ConfigurationException("config.03", null, e); -// -// } catch (IOException e) { -// throw new ConfigurationException("config.03", null, e); -// -// } catch (ExceptionInInitializerError e) { -// throw new ConfigurationException("config.17", null, e); -// -// } finally { -// if (fis != null) -// fis.close(); -// -// } -// -// -// //Initialize OpenSAML for STORK -// Logger.info("Starting initialization of OpenSAML..."); -// MOADefaultBootstrap.bootstrap(); -// //DefaultBootstrap.bootstrap(); -// Logger.debug("OpenSAML successfully initialized"); -// -// -// String legacyconfig = props.getProperty("configuration.xml.legacy"); -// String xmlconfig = props.getProperty("configuration.xml"); -//// String xmlconfigout = props.getProperty("configuration.xml.out"); -// -// -// //configure eGovUtils client implementations -// -// //read eGovUtils client configuration -// Properties eGovUtilsConfigProp = new Properties(); -// for (Object key : props.keySet()) { -// String propPrefix = "service."; -// if (key.toString().startsWith(propPrefix+"egovutil")) { -// String propertyName = key.toString().substring(propPrefix.length()); -// eGovUtilsConfigProp.put(propertyName, props.get(key.toString())); -// } -// } -// if (!eGovUtilsConfigProp.isEmpty()) { -// Logger.info("Start eGovUtils client implementation configuration ..."); -// eGovUtilsConfig = -// new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, rootConfigFileDir); -// } -// -// -// //TODO: removed in MOA-ID 3.x -//// //check if XML config should be used -//// if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) { -//// Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); -//// //moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); -//// moaidconfig = NewConfigurationDBRead.getMOAIDConfiguration(); -//// if (moaidconfig.getAuthComponentGeneral()!= null || moaidconfig.getChainingModes() != null || moaidconfig.getTrustedCACertificates() != null || moaidconfig.getDefaultBKUs() != null -//// || moaidconfig.getSLRequestTemplates() != null || moaidconfig.getTimestampItem() != null || moaidconfig.getPvp2RefreshItem() != null) { -//// -//// // ConfigurationDBUtils.delete(moaidconfig); -//// for(String key : MOAIDConfigurationConstants.getMOAIDConfigurationKeys()){ -//// NewConfigurationDBWrite.delete(key); -//// } -//// } -//// -//// -//// //List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications(); -//// List<OnlineApplication> oas = NewConfigurationDBRead.getAllOnlineApplications(); -//// if (oas != null && oas.size() > 0) { -//// // for (OnlineApplication oa : oas) -//// // ConfigurationDBUtils.delete(oa); -//// NewConfigurationDBWrite.delete(MOAIDConfigurationConstants.ONLINE_APPLICATIONS_KEY); -//// } -//// } -//// -//// //load legacy config if it is configured -//// if (MiscUtil.isNotEmpty(legacyconfig)) { -//// Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!"); -//// -//// MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir, null); -//// -//// List<OnlineApplication> oas = moaconfig.getOnlineApplication(); -//// // for (OnlineApplication oa : oas) -//// // ConfigurationDBUtils.save(oa); -//// NewConfigurationDBWrite.saveOnlineApplications(oas); -//// -//// moaconfig.setOnlineApplication(null); -//// // ConfigurationDBUtils.save(moaconfig); -//// NewConfigurationDBWrite.save(moaconfig); -//// -//// Logger.info("Legacy Configuration load is completed."); -//// -//// -//// } -//// -//// //load MOA-ID 2.x config from XML -//// if (MiscUtil.isNotEmpty(xmlconfig)) { -//// Logger.warn("Load configuration from MOA-ID 2.x XML configuration"); -//// -//// try { -//// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); -//// Unmarshaller m = jc.createUnmarshaller(); -//// File file = new File(xmlconfig); -//// MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file); -//// //ConfigurationDBUtils.save(moaconfig); -//// -//// List<OnlineApplication> importoas = moaconfig.getOnlineApplication(); -//// // for (OnlineApplication importoa : importoas) { -//// // ConfigurationDBUtils.saveOrUpdate(importoa); -//// // } -//// -//// NewConfigurationDBWrite.saveOnlineApplications(importoas); -//// -//// moaconfig.setOnlineApplication(null); -//// //ConfigurationDBUtils.saveOrUpdate(moaconfig); -//// NewConfigurationDBWrite.save(moaconfig); -//// -//// } catch (Exception e) { -//// Logger.warn("MOA-ID XML configuration can not be loaded from File.", e); -//// throw new ConfigurationException("config.02", null); -//// } -//// Logger.info("XML Configuration load is completed."); -//// } -// -// reloadDataBaseConfig(); -// -// -// } catch (Throwable t) { -// throw new ConfigurationException("config.02", null, t); -// } -// } -// -// protected MOAIDConfiguration loadDataBaseConfig() { -// return ConfigurationDBRead.getMOAIDConfiguration(); -// } -// -// public synchronized void reloadDataBaseConfig() throws ConfigurationException { -// -// Logger.info("Read MOA-ID 2.0 configuration from database."); -// moaidconfig = loadDataBaseConfig(); -// Logger.info("MOA-ID 2.0 is loaded."); -// -// if (moaidconfig == null) { -// Logger.warn("NO MOA-ID configuration found."); -// throw new ConfigurationException("config.18", null); -// } -// -// //build STORK Config -// AuthComponentGeneral auth = getAuthComponentGeneral(); -// ForeignIdentities foreign = auth.getForeignIdentities(); -// if (foreign == null ) { -// Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); -// } else -// storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir); -// -// //load Chaining modes -// ChainingModes cm = moaidconfig.getChainingModes(); -// if (cm != null) { -// defaultChainingMode = cm.getSystemDefaultMode().value(); -// -// List<TrustAnchor> tas = cm.getTrustAnchor(); -// -// chainingModes = new HashMap<IssuerAndSerial, String>(); -// for (TrustAnchor ta : tas) { -// IssuerAndSerial is = new IssuerAndSerial(ta.getX509IssuerName(), ta.getX509SerialNumber()); -// chainingModes.put(is, ta.getMode().value()); -// } -// } else { -// Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found."); -// throw new ConfigurationException("config.02", null); -// } -// -// //set Trusted CA certs directory -// trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates(); -// -// //set CertStoreDirectory -// setCertStoreDirectory(); -// -// //set TrustManagerRevocationChecking -// setTrustManagerRevocationChecking(); -// -// //set default timeouts -// timeouts = new TimeOuts(); -// timeouts.setAssertion(new BigInteger("300")); -// timeouts.setMOASessionCreated(new BigInteger("2700")); -// timeouts.setMOASessionUpdated(new BigInteger("1200")); -// -// //search timeouts in config -// if (auth.getGeneralConfiguration() != null) { -// if (auth.getGeneralConfiguration().getTimeOuts() != null) { -// if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() != null) -// timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion()); -// -// if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() != null) -// timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated()); -// -// if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() != null) -// timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated()); -// -// } else { -// Logger.info("No TimeOuts defined. Use default values"); -// } -// } -// -// // sets the authentication session and authentication data time outs -// AuthenticationServer.getInstance() -// .setSecondsSessionTimeOutCreated(timeouts.getMOASessionCreated().longValue()); -// -// AuthenticationServer.getInstance() -// .setSecondsSessionTimeOutUpdated(timeouts.getMOASessionUpdated().longValue()); -// -// AuthenticationServer.getInstance() -// .setSecondsAuthDataTimeOut(timeouts.getAssertion().longValue()); -// -// -// -// //set PVP2 general config -// Protocols protocols = auth.getProtocols(); -// if (protocols != null) { -// -// allowedProtcols = new ProtocolAllowed(); -// -// if (protocols.getSAML1() != null) { -// allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive()); -// -// //load alternative sourceID -// if (MiscUtil.isNotEmpty(protocols.getSAML1().getSourceID())) -// alternativesourceid = protocols.getSAML1().getSourceID(); -// -// } -// -// if (protocols.getOAuth() != null) { -// allowedProtcols.setOAUTHActive(protocols.getOAuth().isIsActive()); -// } -// -// if (protocols.getPVP2() != null) { -// PVP2 el = protocols.getPVP2(); -// -// allowedProtcols.setPVP21Active(el.isIsActive()); -// -// pvp2general = new PVP2(); -// pvp2general.setIssuerName(el.getIssuerName()); -// pvp2general.setPublicURLPrefix(el.getPublicURLPrefix()); -// -// if (el.getOrganization() != null) { -// Organization org = new Organization(); -// pvp2general.setOrganization(org); -// org.setDisplayName(el.getOrganization().getDisplayName()); -// org.setName(el.getOrganization().getName()); -// org.setURL(el.getOrganization().getURL()); -// } -// -// if (el.getContact() != null) { -// List<Contact> cont = new ArrayList<Contact>(); -// pvp2general.setContact(cont); -// for (Contact e : el.getContact()) { -// Contact c = new Contact(); -// c.setCompany(e.getCompany()); -// c.setGivenName(e.getGivenName()); -// c.getMail().addAll(e.getMail()); -// c.getPhone().addAll(e.getPhone()); -// c.setSurName(e.getSurName()); -// c.setType(e.getType()); -// cont.add(c); -// } -// } -// } -// } else { -// Logger.warn("Error in MOA-ID Configuration. No general Protcol configuration found."); -// } -// -// //set alternativeSourceID -// if (auth.getGeneralConfiguration() != null) { -// -// //TODO: can be removed in a further version, because it is moved to SAML1 config -// if (MiscUtil.isEmpty(alternativesourceid)) -// alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID(); -// -// if (MiscUtil.isNotEmpty(auth.getGeneralConfiguration().getPublicURLPreFix())) -// publicURLPreFix = auth.getGeneralConfiguration().getPublicURLPreFix(); -// -// else { -// Logger.error("No Public URL Prefix configured."); -// throw new ConfigurationException("config.05", new Object[]{"Public URL Prefix"}); -// } -// -// } else { -// Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined."); -// throw new ConfigurationException("config.02", null); -// } -// -// //set LegacyAllowedProtocols -// try { -// if (auth.getProtocols() != null) { -// Protocols procols = auth.getProtocols(); -// if (procols.getLegacyAllowed() != null) { -// LegacyAllowed legacy = procols.getLegacyAllowed(); -// legacyallowedprotocols = new ArrayList<String>(legacy.getProtocolName()); -// } -// } -// } catch (Exception e) { -// Logger.info("No protocols found with legacy allowed flag!"); -// } -// -// //set VerifyAuthBlockConfig -// MOASP moasp = getMOASPConfig(auth); -// -// VerifyAuthBlock el = moasp.getVerifyAuthBlock(); -// if (el != null) { -// verifyidl = new VerifyAuthBlock(); -// verifyidl.setTrustProfileID(el.getTrustProfileID()); -// verifyidl.setVerifyTransformsInfoProfileID(new ArrayList<String>(el.getVerifyTransformsInfoProfileID())); -// } -// else { -// Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation."); -// throw new ConfigurationException("config.02", null); -// } -// -// //set MOASP connection parameters -// if (moasp.getConnectionParameter() != null) -// MoaSpConnectionParameter = new ConnectionParameterMOASP(moasp.getConnectionParameter(), props, this.rootConfigFileDir); -// else -// MoaSpConnectionParameter = null; -// -// //set ForeignIDConnectionParameters -// if (foreign != null) { -// ForeignIDConnectionParameter = new ConnectionParameterForeign(foreign.getConnectionParameter(), props, this.rootConfigFileDir); -// } else { -// Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found"); -// } -// -// //set OnlineMandateConnectionParameters -// OnlineMandates ovs = auth.getOnlineMandates(); -// if (ovs != null) { -// OnlineMandatesConnectionParameter = new ConnectionParameterMandate(ovs.getConnectionParameter(), props, this.rootConfigFileDir); -// -// } else { -// Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to OVS Service found"); -// } -// -// //set MOASP IdentityLink Trust-ProfileID -// VerifyIdentityLink verifyidl = moasp.getVerifyIdentityLink(); -// if (verifyidl != null) -// MoaSpIdentityLinkTrustProfileID = verifyidl.getTrustProfileID(); -// else { -// Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation."); -// throw new ConfigurationException("config.02", null); -// } -// -// //set SL transformation infos -// SecurityLayer seclayer = auth.getSecurityLayer(); -// if (seclayer == null) { -// Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found"); -// throw new ConfigurationException("config.02", null); -// } else { -// TransformsInfos = ConfigurationUtils.getTransformInfos(seclayer.getTransformsInfo()); -// -// if (TransformsInfos == null || TransformsInfos.size() == 0) { -// Logger.error("No Security-Layer Transformation found."); -// throw new ConfigurationException("config.05", new Object[]{"Security-Layer Transformation"}); -// } -// -// } -// -// //set IdentityLinkSignerSubjectNames -// IdentityLinkX509SubjectNames = new ArrayList<String>(); -// IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners(); -// if (idlsigners != null) { -// Logger.debug("Load own IdentityLinkX509SubjectNames"); -// IdentityLinkX509SubjectNames.addAll(new ArrayList<String>(idlsigners.getX509SubjectName())); -// } -// -// // now add the default identity link signers -// String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID; -// for (int i=0; i<identityLinkSignersWithoutOID.length; i++) { -// String identityLinkSigner = identityLinkSignersWithoutOID[i]; -// if (!IdentityLinkX509SubjectNames.contains(identityLinkSigner)) { -// IdentityLinkX509SubjectNames.add(identityLinkSigner); -// } -// } -// -// //set SLRequestTemplates -// SLRequestTemplates templ = moaidconfig.getSLRequestTemplates(); -// if (templ == null) { -// Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found"); -// throw new ConfigurationException("config.02", null); -// } else { -// SLRequestTemplates.put(IOAAuthParameters.ONLINEBKU, templ.getOnlineBKU()); -// SLRequestTemplates.put(IOAAuthParameters.LOCALBKU, templ.getLocalBKU()); -// SLRequestTemplates.put(IOAAuthParameters.HANDYBKU, templ.getHandyBKU()); -// } -// -// //set Default BKU URLS -// DefaultBKUs bkuuls = moaidconfig.getDefaultBKUs(); -// if (bkuuls != null) { -// DefaultBKUURLs.put(IOAAuthParameters.ONLINEBKU, bkuuls.getOnlineBKU()); -// DefaultBKUURLs.put(IOAAuthParameters.LOCALBKU, bkuuls.getLocalBKU()); -// DefaultBKUURLs.put(IOAAuthParameters.HANDYBKU, bkuuls.getHandyBKU()); -// } -// -// //set SSO Config -// if (auth.getSSO()!= null) { -// ssoconfig = new SSO(); -// ssoconfig.setFriendlyName(auth.getSSO().getFriendlyName()); -// ssoconfig.setPublicURL(auth.getSSO().getPublicURL()); -// ssoconfig.setSpecialText(auth.getSSO().getSpecialText()); -// ssoconfig.setTarget(auth.getSSO().getTarget()); -// -// if (auth.getSSO().getIdentificationNumber() != null) { -// IdentificationNumber value = new IdentificationNumber(); -// value.setType(auth.getSSO().getIdentificationNumber().getType()); -// value.setValue(auth.getSSO().getIdentificationNumber().getValue()); -// ssoconfig.setIdentificationNumber(value); -// } -// } else { -// Logger.warn("Error in MOA-ID Configuration. No Single Sign-On Config found"); -// } -// -// //close Database -// // -// -// date = new Date(); -// } -// -// -// private Properties getGeneralProperiesConfig(final String propPrefix) { -// Properties configProp = new Properties(); -// for (Object key : props.keySet()) { -// if (key.toString().startsWith(propPrefix)) { -// String propertyName = key.toString().substring(propPrefix.length()); -// configProp.put(propertyName, props.get(key.toString())); -// } -// } -// return configProp; -// } -// -// public Properties getGeneralPVP2ProperiesConfig() { -// return this.getGeneralProperiesConfig("protocols.pvp2."); -// } -// -// public Properties getGeneralOAuth20ProperiesConfig() { -// return this.getGeneralProperiesConfig("protocols.oauth20."); -// } -// -// public ProtocolAllowed getAllowedProtocols() { -// return allowedProtcols; -// } -// -// public PVP2 getGeneralPVP2DBConfig() { -// return pvp2general; -// } -// -// public TimeOuts getTimeOuts() throws ConfigurationException { -// return timeouts; -// } -// -// public String getAlternativeSourceID() throws ConfigurationException { -// return alternativesourceid; -// } -// -// public List<String> getLegacyAllowedProtocols() { -// return legacyallowedprotocols; -// } -// -// -// /** -// * Provides configuration information regarding the online application behind -// * the given URL, relevant to the MOA-ID Auth component. -// * -// * @param oaURL URL requested for an online application -// * @return an <code>OAAuthParameter</code>, or <code>null</code> -// * if none is applicable -// */ -// public OAAuthParameter getOnlineApplicationParameter(String oaURL) { -// -// OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(oaURL); -// -// if (oa == null) { -// Logger.warn("Online application with identifier " + oaURL + " is not found."); -// return null; -// } -// -// return new OAAuthParameter(oa); -// } -// -// -// /** -// * Return a string with a url-reference to the VerifyAuthBlock trust -// * profile id within the moa-sp part of the authentication component -// * -// * @return String with a url-reference to the VerifyAuthBlock trust profile ID -// * @throws ConfigurationException -// */ -// public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException { -// return verifyidl.getTrustProfileID(); -// } -// -// /** -// * Return a string array with references to all verify transform info -// * IDs within the moa-sp part of the authentication component -// * @return A string array containing all urls to the -// * verify transform info IDs -// * @throws ConfigurationException -// */ -// public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { -// return verifyidl.getVerifyTransformsInfoProfileID(); -// } -// -// /** -// * Return a ConnectionParameter bean containing all information -// * of the authentication component moa-sp element -// * @return ConnectionParameter of the authentication component moa-sp element -// * @throws ConfigurationException -// */ -// public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException { -// return MoaSpConnectionParameter; -// } -// -// /** -// * Return a ConnectionParameter bean containing all information -// * of the authentication component foreigid element -// * @return ConnectionParameter of the authentication component foreignid element -// * @throws ConfigurationException -// */ -// public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException { -// return ForeignIDConnectionParameter; -// } -// -// /** -// * Return a ConnectionParameter bean containing all information -// * of the authentication component OnlineMandates element -// * @return ConnectionParameter of the authentication component OnlineMandates element -// * @throws ConfigurationException -// */ -// public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException { -// return OnlineMandatesConnectionParameter; -// } -// -// /** -// * Return a string with a url-reference to the VerifyIdentityLink trust -// * profile id within the moa-sp part of the authentication component -// * @return String with a url-reference to the VerifyIdentityLink trust profile ID -// * @throws ConfigurationException -// */ -// public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException { -// return MoaSpIdentityLinkTrustProfileID; -// } -// -// /** -// * Returns the transformsInfos. -// * @return String[] -// * @throws ConfigurationException -// */ -// public List<String> getTransformsInfos() throws ConfigurationException { -// return TransformsInfos; -// } -// -// /** -// * Returns the identityLinkX509SubjectNames. -// * @return List -// * @throws ConfigurationException -// */ -// public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException { -// return IdentityLinkX509SubjectNames; -// } -// -// public List<String> getSLRequestTemplates() throws ConfigurationException { -// return new ArrayList<String>(SLRequestTemplates.values()); -// } -// -// public String getSLRequestTemplates(String type) throws ConfigurationException { -// String el = SLRequestTemplates.get(type); -// if (MiscUtil.isNotEmpty(el)) -// return el; -// else { -// Logger.warn("getSLRequestTemplates: BKU Type does not match: " -// + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); -// return null; -// } -// } -// -// public List<String> getDefaultBKUURLs() throws ConfigurationException { -// return new ArrayList<String>(DefaultBKUURLs.values()); -// } -// -// public String getDefaultBKUURL(String type) throws ConfigurationException { -// String el = DefaultBKUURLs.get(type); -// if (MiscUtil.isNotEmpty(el)) -// return el; -// else { -// Logger.warn("getSLRequestTemplates: BKU Type does not match: " -// + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); -// return null; -// } -// } -// -//// public boolean isSSOBusinessService() throws ConfigurationException { -//// -//// if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null) -//// return true; -//// else -//// return false; -//// } -// -// public String getSSOTagetIdentifier() throws ConfigurationException { -// if (ssoconfig != null) -// return ssoconfig.getTarget(); -// else -// return null; -// } -// -//// public String getSSOTarget() throws ConfigurationException { -//// if (ssoconfig!= null) -//// return ssoconfig.getTarget(); -//// -//// return null; -//// } -// -// public String getSSOFriendlyName() { -// if (ssoconfig!= null) { -// if (MiscUtil.isNotEmpty(ssoconfig.getFriendlyName())) -// return ssoconfig.getFriendlyName(); -// } -// -// return "Default MOA-ID friendly name for SSO"; -// } -// -// public String getSSOSpecialText() { -// if (ssoconfig!= null) { -// String text = ssoconfig.getSpecialText(); -// if (MiscUtil.isEmpty(text)) -// text = new String(); -// -// return text; -// } -// return new String(); -// } -// -// public String getMOASessionEncryptionKey() { -// -// String prop = props.getProperty("configuration.moasession.key"); -// if (MiscUtil.isEmpty(prop)) -// return null; -// else -// return prop; -// } -// -// /** -// * @return -// */ -// public String getMOAConfigurationEncryptionKey() { -// String prop = props.getProperty("configuration.moaconfig.key"); -// if (MiscUtil.isEmpty(prop)) -// return null; -// else -// return prop; -// } -// -// public boolean isIdentityLinkResigning() { -// String prop = props.getProperty("configuration.resignidentitylink.active", "false"); -// return Boolean.valueOf(prop); -// } -// -// public String getIdentityLinkResigningKey() { -// String prop = props.getProperty("configuration.resignidentitylink.keygroup"); -// if (MiscUtil.isNotEmpty(prop)) -// return prop; -// else -// return null; -// } -// -// /** -// * Checks if is fakeIdL is activated. -// * -// * @return true, if fake IdLs are available for stork -// */ -// public boolean isStorkFakeIdLActive() { -// String prop = props.getProperty("stork.fakeIdL.active", "false"); -// return Boolean.valueOf(prop); -// } -// -// /** -// * Gets the countries which will receive a fake IdL -// * -// * @return the countries -// */ -// public List<String> getStorkFakeIdLCountries() { -// String prop = props.getProperty("stork.fakeIdL.countries", ""); -// return Arrays.asList(prop.replaceAll(" ", "").split(",")); -// } -// -// /** -// * Gets the resigning key (group) for the stork fake IdL. -// * -// * @return the resigning key -// */ -// public String getStorkFakeIdLResigningKey() { -// String prop = props.getProperty("stork.fakeIdL.keygroup"); -// if (MiscUtil.isNotEmpty(prop)) -// return prop; -// else -// return null; -// } -// -// /** -// * Gets the countries for which it is configured to require no signature -// * -// * @return the stork no signature countries -// */ -// public List<String> getStorkNoSignatureCountries() { -// String prop = props.getProperty("stork.fakeIdL.noSignatureCountries", ""); -// return Arrays.asList(prop.replaceAll(" ", "").split(",")); -// } -// -// @JsonProperty("isMonitoringActive") -// public boolean isMonitoringActive() { -// String prop = props.getProperty("configuration.monitoring.active", "false"); -// return Boolean.valueOf(prop); -// } -// -// public String getMonitoringTestIdentityLinkURL() { -// String prop = props.getProperty("configuration.monitoring.test.identitylink.url"); -// if (MiscUtil.isNotEmpty(prop)) -// return prop; -// else -// return null; -// } -// -// public String getMonitoringMessageSuccess() { -// String prop = props.getProperty("configuration.monitoring.message.success"); -// if (MiscUtil.isNotEmpty(prop)) -// return prop; -// else -// return null; -// } -// -// public boolean isAdvancedLoggingActive() { -// String prop = props.getProperty("configuration.advancedlogging.active", "false"); -// return Boolean.valueOf(prop); -// } -// -// public String getPublicURLPrefix() { -// return publicURLPreFix; -// } -// -// public boolean isPVP2AssertionEncryptionActive() { -// String prop = props.getProperty("protocols.pvp2.assertion.encryption.active", "true"); -// return Boolean.valueOf(prop); -// } -// -// public boolean isCertifiacteQCActive() { -// String prop = props.getProperty("configuration.validation.certificate.QC.ignore", "false"); -// return !Boolean.valueOf(prop); -// } -// -// -// //Load document service url from moa properties -// public String getDocumentServiceUrl() { -// String prop = props.getProperty("stork.documentservice.url", "false"); -// return prop; -// } -// -// -// public boolean isPVPSchemaValidationActive() { -// String prop = props.getProperty("protocols.pvp2.schemavalidation", "true"); -// return Boolean.valueOf(prop); -// } -// -// /** -// * Returns the STORK Configuration -// * @return STORK Configuration -// * @throws ConfigurationException -// */ -// public STORKConfig getStorkConfig() throws ConfigurationException { -// -// return storkconfig; -// } -// -// /** -// * @return the eGovUtilsConfig -// */ -//@JsonIgnore -//public EgovUtilPropertiesConfiguration geteGovUtilsConfig() { -// return eGovUtilsConfig; -//} -// -//private void setCertStoreDirectory() throws ConfigurationException { -// AuthComponentGeneral auth = getAuthComponentGeneral(); -// -// if (auth.getGeneralConfiguration() != null) -// certstoreDirectory = rootConfigFileDir + auth.getGeneralConfiguration().getCertStoreDirectory(); -// else { -// Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined."); -// throw new ConfigurationException("config.02", null); -// } -// } -// -// private void setTrustManagerRevocationChecking() throws ConfigurationException { -// AuthComponentGeneral auth = getAuthComponentGeneral(); -// -// if (auth.getGeneralConfiguration() != null && -// auth.getGeneralConfiguration().isTrustManagerRevocationChecking() != null) -// trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking(); -// else { -// Logger.warn("No TrustMangerRevoationChecking defined. Use default value = TRUE"); -// throw new ConfigurationException("config.02", null); -// } -// } -// -// private static AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException { -// AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral(); -// if (authgeneral == null) { -// Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found"); -// throw new ConfigurationException("config.02", null); -// } -// return authgeneral; -// } -// -// private static MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException { -// MOASP moasp = authgeneral.getMOASP(); -// -// if (moasp == null) { -// Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found"); -// throw new ConfigurationException("config.02", null); -// } -// return moasp; -// } -// -///* (non-Javadoc) -// * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getConfigurationWithPrefix(java.lang.String) -// */ -//@Override -//public Properties getConfigurationWithPrefix(String Prefix) { -// // TODO Auto-generated method stub -// return null; -//} -// -///* (non-Javadoc) -// * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getConfigurationWithKey(java.lang.String) -// */ -//@Override -//public String getConfigurationWithKey(String key) { -// // TODO Auto-generated method stub -// return null; -//} -// -//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java index a2dfeba2f..ab2a07f7c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java @@ -263,6 +263,19 @@ public String getKeyBoxIdentifier() { returnValue.setProvideAllErrors( Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR))); + if (Boolean.parseBoolean( + spConfiguration.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))) { + Logger.info("Demo-mode for 'New Austrian eID' is active. Restrict SAML1 response ... "); + returnValue.setProvideBaseId(false); + returnValue.setProvideAuthBlock(false); + returnValue.setProvideIdl(false); + returnValue.setProvideMandate(false); + + } + + return returnValue; } @@ -920,6 +933,16 @@ public List<String> foreignbPKSectorsRequested() { } +@Override +public List<String> additionalbPKSectorsRequested() { + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS); + if (MiscUtil.isNotEmpty(value)) + return KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(value)); + + else + return null; + +} @Override @@ -1002,4 +1025,5 @@ public boolean isConfigurationValue(String key, boolean defaultValue) { } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index 390b77dab..1b2d203c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -541,6 +541,12 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ } @Override + public List<String> additionalbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + + @Override public boolean containsConfigurationKey(String arg0) { // TODO Auto-generated method stub return false; @@ -593,6 +599,5 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ public String getLoAMatchingMode() { return EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM; } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java index ff4b96aab..af4cf6fa7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java @@ -5,6 +5,7 @@ import java.util.List; import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; public interface IMOAAuthData extends IAuthData{ @@ -17,7 +18,22 @@ public interface IMOAAuthData extends IAuthData{ */ String getQAALevel(); - List<String> getEncbPKList(); + /** + * Get a List of Pair<Encrytped bPK, bPKTarget>, where the bPKTarget is formated according + * to Section 3.2.7 ENC-BPK-LIST in PVP Attribute-Profile 2.1.3 + * + * @return + */ + List<Pair<String, String>> getEncbPKList(); + + /** + * Get a List of Pair<Encrytped bPK, bPKTarget> for natural-person mandates, where + * the bPKTarget is formated according to Section 3.2.7 ENC-BPK-LIST in PVP Attribute-Profile 2.1.3 + * + * @return + */ + List<Pair<String, String>> getEncMandateNaturalPersonbPKList(); + byte[] getSignerCertificate(); String getAuthBlock(); boolean isPublicAuthority(); @@ -35,4 +51,10 @@ public interface IMOAAuthData extends IAuthData{ String getPvpAttribute_OU(); List<AuthenticationRole> getAuthenticationRoles(); + /** + * Indicate Austrian eID demo-mode + * + * @return true if it is in demo-mode, otherwise false + */ + public boolean isIseIDNewDemoMode(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java index ca0ae0687..897a06e62 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java @@ -29,6 +29,7 @@ import java.util.List; import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; @@ -54,8 +55,10 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut private byte[] signerCertificate = null; private String authBlock = null; private String QAALevel = null; - private List<String> encbPKList; - + + private List<Pair<String, String>> encbPKList; + private List<Pair<String, String>> encMandateNaturalPersonbPKList; + //ISA 1.18 attributes private List<AuthenticationRole> roles = null; private String pvpAttribute_OU = null; @@ -69,6 +72,8 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut private LoALevelMapper loaMapper; + private boolean iseIDNewDemoMode = false; + public MOAAuthenticationData(ILoALevelMapper loaMapper) { if (loaMapper instanceof LoALevelMapper) this.loaMapper = (LoALevelMapper) loaMapper; @@ -104,9 +109,9 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut } @Override - public List<String> getEncbPKList() { + public List<Pair<String, String>> getEncbPKList() { if (this.encbPKList == null) - this.encbPKList = new ArrayList<String>(); + this.encbPKList = new ArrayList<Pair<String, String>>(); return this.encbPKList; } @@ -291,10 +296,27 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut } /** + * Set a List of encrypted bPKs where each List element is formated according + * to Section 3.2.7 ENC-BPK-LIST in PVP Attribte-Profile 2.1.3 + * * @param encbPKList the encbPKList to set */ public void setEncbPKList(List<String> encbPKList) { - this.encbPKList = encbPKList; + if (encbPKList != null) { + for (String el : encbPKList) { + Logger.trace("Processing foreign bPK string: " + el ); + int index = el.indexOf("|"); + if (index >= 0) { + String encbPK = el.substring(index+1); + String second = el.substring(0, index); + getEncbPKList().add(Pair.newInstance(encbPK, second)); + + } else + Logger.info("Foreign bPK: " + el + " is misformatted. Ignore it"); + + } + + } } @@ -321,648 +343,32 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut public void setQualifiedCertificate(boolean qualifiedCertificate) { this.qualifiedCertificate = qualifiedCertificate; } - - -// private static final long serialVersionUID = -1042697056735596866L; -// public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; -// -// /** -// * URL of the MOA-ID Auth component issueing this assertion -// */ -// private String issuer; -// /** -// * time instant of issue of this assertion -// */ -// private Date issueInstant; -// /** -// * user identification value (Stammzahl); <code>null</code>, -// * if the authentication module is configured not to return this data -// */ -// private String identificationValue; -// /** -// * user identification type -// */ -// private String identificationType; -// -// /** -// * user identityLink specialized to OAParamter -// */ -// private IIdentityLink identityLink; -// -// /** -// * application specific user identifier (bPK/wbPK) -// */ -// private String bPK; -// -// /** -// * application specific user identifier type -// */ -// private String bPKType; -// -// /** -// * given name of the user -// */ -// private String givenName; -// /** -// * family name of the user -// */ -// private String familyName; -// /** -// * date of birth of the user -// */ -// private Date dateOfBirth; -// /** -// * says whether the certificate is a qualified certificate or not -// */ -// -// /** -// * says whether the certificate is a public authority or not -// */ -// /** -// * public authority code (Behördenkennzeichen - BKZ) -// */ -// -// -// /** -// * URL of the BKU -// */ -// -// /** -// * the corresponding <code>lt;saml:Assertion></code> -// */ -// -// private boolean isBaseIDTransferRestrication = true; -// -// -// /** -// * STORK attributes from response -// */ -// private String ccc = null; -// -// private Map<String, Object> genericDataStorate = new HashedMap<String, Object>(); -// -// -// -// private String authBlock = null; -// private List<String> encbPKList = null; -// -// //ISA 1.18 attributes -// private List<AuthenticationRole> roles = null; -// private String pvpAttribute_OU = null; -// -// private boolean useMandate = false; -// private IMISMandate mandate = null; -// private String mandateReferenceValue = null; -// -// private boolean foreigner =false; -// private String QAALevel = null; -// -// private boolean ssoSession = false; -// private Date ssoSessionValidTo = null; -// -//// private boolean interfederatedSSOSession = false; -//// private String interfederatedIDP = null; -// -// private String sessionIndex = null; -// private String nameID = null; -// private String nameIDFormat = null; -// -// public AuthenticationData() { -// issueInstant = new Date(); -// } -// -// /** -// * Returns the publicAuthority. -// * @return boolean -// */ -// public boolean isPublicAuthority() { -// return publicAuthority; -// } -// -// /** -// * Returns the publicAuthorityCode. -// * @return String -// */ -// public String getPublicAuthorityCode() { -// return publicAuthorityCode; -// } -// -// /** -// * Returns the qualifiedCertificate. -// * @return boolean -// */ -// public boolean isQualifiedCertificate() { -// return qualifiedCertificate; -// } -// -// /** -// * Returns the bPK. -// * @return String -// */ -// public String getBPK() { -// return bPK; -// } -// -// /** -// * Sets the publicAuthority. -// * @param publicAuthority The publicAuthority to set -// */ -// public void setPublicAuthority(boolean publicAuthority) { -// this.publicAuthority = publicAuthority; -// } -// -// /** -// * Sets the publicAuthorityCode. -// * @param publicAuthorityIdentification The publicAuthorityCode to set -// */ -// public void setPublicAuthorityCode(String publicAuthorityIdentification) { -// this.publicAuthorityCode = publicAuthorityIdentification; -// } -// -// /** -// * Sets the qualifiedCertificate. -// * @param qualifiedCertificate The qualifiedCertificate to set -// */ -// public void setQualifiedCertificate(boolean qualifiedCertificate) { -// this.qualifiedCertificate = qualifiedCertificate; -// } -// -// /** -// * Sets the bPK. -// * @param bPK The bPK to set -// */ -// public void setBPK(String bPK) { -// this.bPK = bPK; -// } -// -// /** -// * Returns the dateOfBirth. -// * @return String -// */ -// public Date getDateOfBirth() { -// return dateOfBirth; -// } -// -// public String getFormatedDateOfBirth() { -// DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); -// if (getDateOfBirth() != null) -// return pvpDateFormat.format(getDateOfBirth()); -// else -// return "2999-12-31"; -// } -// -// /** -// * Returns the familyName. -// * @return String -// */ -// public String getFamilyName() { -// return familyName; -// } -// -// /** -// * Returns the givenName. -// * @return String -// */ -// public String getGivenName() { -// return givenName; -// } -// -// /** -// * Holds the baseID of a citizen -// * -// * @return baseID -// */ -// public String getIdentificationValue() { -// return identificationValue; -// } -// -// /** -// * Holds the type of the baseID -// * -// * @return baseID-Type -// */ -// public String getIdentificationType() { -// return identificationType; -// } -// -// /** -// * Returns the issueInstant. -// * @return String -// */ -// public String getIssueInstantString() { -// return DateTimeUtils.buildDateTimeUTC(issueInstant); -// -// } -// -// /** -// * Returns the issueInstant. -// * @return String -// */ -// public Date getIssueInstant() { -// return issueInstant; -// -// } -// -// public void setIssueInstant(Date date) { -// this.issueInstant = date; -// } -// -// /** -// * Returns the issuer. -// * @return String -// */ -// public String getIssuer() { -// return issuer; -// } -// -// /** -// * Returns the BKU URL. -// * @return String -// */ -// public String getBkuURL() { -// return bkuURL; -// } -// -// /** -// * Sets the dateOfBirth. -// * @param dateOfBirth The dateOfBirth to set -// */ -// public void setDateOfBirth(Date dateOfBirth) { -// this.dateOfBirth = dateOfBirth; -// } -// -// public void setDateOfBirth(String dateOfBirth) { -// try { -// if (MiscUtil.isNotEmpty(dateOfBirth)) { -// DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); -// this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); -// } -// -// } catch (ParseException e) { -// Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e); -// -// } -// } -// -// /** -// * Sets the familyName. -// * @param familyName The familyName to set -// */ -// public void setFamilyName(String familyName) { -// this.familyName = familyName; -// } -// -// /** -// * Sets the givenName. -// * @param givenName The givenName to set -// */ -// public void setGivenName(String givenName) { -// this.givenName = givenName; -// } -// -// /** -// * Sets the identificationValue. -// * @param identificationValue The identificationValue to set -// */ -// public void setIdentificationValue(String identificationValue) { -// this.identificationValue = identificationValue; -// } -// -// /** -// * Sets the identificationType. -// * @param identificationType The identificationType to set -// */ -// public void setIdentificationType(String identificationType) { -// this.identificationType = identificationType; -// } -// -// /** -// * Sets the issuer. -// * @param issuer The issuer to set -// */ -// public void setIssuer(String issuer) { -// this.issuer = issuer; -// } -// -// /** -// * Sets the bkuURL -// * @param url The BKU URL to set -// */ -// public void setBkuURL(String url) { -// this.bkuURL = url; -// } -// -// public String getBPKType() { -// return bPKType; -// } -// -// public void setBPKType(String bPKType) { -// this.bPKType = bPKType; -// } -// - -// -// - -// -// -// public String getEIDASQAALevel() { -// if (this.QAALevel != null && -// this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) { -// String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel); -// if (MiscUtil.isNotEmpty(mappedQAA)) -// return mappedQAA; -// -// else { -// Logger.error("STORK QAA-level:" + this.QAALevel -// + " can not be mapped to eIDAS QAA-level! Use " -// + PVPConstants.EIDAS_QAA_LOW + " as default value."); -// return PVPConstants.EIDAS_QAA_LOW; -// -// } -// -// -// } else -// return this.QAALevel; -// -// } -// -// -// /** -// * @return -// */ -// public boolean isForeigner() { -// return this.foreigner; -// } -// -// -// /** -// * @param foreigner the foreigner to set -// */ -// public void setForeigner(boolean foreigner) { -// this.foreigner = foreigner; -// } -// -// - -// -// /** -// * @return the ssoSession -// */ -// public boolean isSsoSession() { -// return ssoSession; -// } -// -// -// /** -// * @param ssoSession the ssoSession to set -// */ -// public void setSsoSession(boolean ssoSession) { -// this.ssoSession = ssoSession; -// } -// -// /** -// * @return the mandateReferenceValue -// */ -// public String getMandateReferenceValue() { -// return mandateReferenceValue; -// } -// -// /** -// * @param mandateReferenceValue the mandateReferenceValue to set -// */ -// public void setMandateReferenceValue(String mandateReferenceValue) { -// this.mandateReferenceValue = mandateReferenceValue; -// } -// -// /** -// * CountryCode of the citizen which is identified and authenticated -// * -// * @return the CountryCode <pre>like. AT, SI, ...</pre> -// */ -// public String getCcc() { -// return ccc; -// } -// -// /** -// * @param ccc the ccc to set -// */ -// public void setCcc(String ccc) { -// this.ccc = ccc; -// } -// -// /** -// * @return the sessionIndex -// */ -// public String getSessionIndex() { -// return sessionIndex; -// } -// -// /** -// * @param sessionIndex the sessionIndex to set -// */ -// public void setSessionIndex(String sessionIndex) { -// this.sessionIndex = sessionIndex; -// } -// -// /* (non-Javadoc) -// * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID() -// */ -// @Override -// public String getNameID() { -// return this.nameID; -// } -// -// /** -// * @param nameID the nameID to set -// */ -// public void setNameID(String nameID) { -// this.nameID = nameID; -// } -// -// /** -// * @return the nameIDFormat -// */ -// public String getNameIDFormat() { -// return nameIDFormat; -// } -// -// /** -// * @param nameIDFormat the nameIDFormat to set -// */ -// public void setNameIDFormat(String nameIDFormat) { -// this.nameIDFormat = nameIDFormat; -// } -// -//// /** -//// * @return the interfederatedSSOSession -//// */ -//// public boolean isInterfederatedSSOSession() { -//// return interfederatedSSOSession; -//// } -//// -//// /** -//// * @param interfederatedSSOSession the interfederatedSSOSession to set -//// */ -//// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { -//// this.interfederatedSSOSession = interfederatedSSOSession; -//// } -//// -//// /** -//// * @return the interfederatedIDP -//// */ -//// public String getInterfederatedIDP() { -//// return interfederatedIDP; -//// } -//// -//// /** -//// * @param interfederatedIDP the interfederatedIDP to set -//// */ -//// public void setInterfederatedIDP(String interfederatedIDP) { -//// this.interfederatedIDP = interfederatedIDP; -//// } -// -// /** -// * @return the ssoSessionValidTo -// */ -// public Date getSsoSessionValidTo() { -// return ssoSessionValidTo; -// } -// -// /** -// * @param ssoSessionValidTo the ssoSessionValidTo to set -// */ -// public void setSsoSessionValidTo(Date ssoSessionValidTo) { -// this.ssoSessionValidTo = ssoSessionValidTo; -// } -// -// /** -// * @return the encbPKList -// */ -// public List<String> getEncbPKList() { -// return encbPKList; -// } -// -// /** -// * @param encbPKList the encbPKList to set -// */ -// public void setEncbPKList(List<String> encbPKList) { -// this.encbPKList = encbPKList; -// } -// -// /** -// * @return the roles -// */ -// public List<AuthenticationRole> getAuthenticationRoles() { -//// if (this.roles == null) { -//// this.roles = new ArrayList<AuthenticationRole>(); -//// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole")); -//// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole")); -//// } -// -// return roles; -// } -// -// //ISA 1.18 attributes -// /** -// * @param roles the roles to set -// */ -// public void addAuthenticationRole(AuthenticationRole role) { -// if (this.roles == null) -// this.roles = new ArrayList<AuthenticationRole>(); -// -// this.roles.add(role); -// } -// -// /** -// * @return the pvpAttribute_OU -// */ -// public String getPvpAttribute_OU() { -// return pvpAttribute_OU; -// } -// -// /** -// * @param pvpAttribute_OU the pvpAttribute_OU to set -// */ -// public void setPvpAttribute_OU(String pvpAttribute_OU) { -// this.pvpAttribute_OU = pvpAttribute_OU; -// } -// -// /* (non-Javadoc) -// * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService() -// */ -// @Override -// public boolean isBaseIDTransferRestrication() { -// return isBaseIDTransferRestrication; -// } -// -// /** -// * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set -// */ -// public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) { -// this.isBaseIDTransferRestrication = isBaseIDTransferRestrication; -// } -// -// /** -// * Returns a generic data-object with is stored with a specific identifier -// * -// * @param key The specific identifier of the data object -// * @param clazz The class type which is stored with this key -// * @return The data object or null if no data is found with this key -// */ -// public <T> T getGenericData(String key, final Class<T> clazz) { -// if (MiscUtil.isNotEmpty(key)) { -// Object data = genericDataStorate.get(key); -// -// if (data == null) -// return null; -// -// try { -// @SuppressWarnings("unchecked") -// T test = (T) data; -// return test; -// -// } catch (Exception e) { -// Logger.warn("Generic authentication-data object can not be casted to requsted type", e); -// return null; -// -// } -// -// } -// -// Logger.warn("Can not load generic session-data with key='null'"); -// return null; -// -// } -// -// /** -// * Store a generic data-object to session with a specific identifier -// * -// * @param key Identifier for this data-object -// * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface -// * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage -// */ -// public void setGenericData(String key, Object object) throws SessionDataStorageException { -// if (MiscUtil.isEmpty(key)) { -// Logger.warn("Generic session-data can not be stored with a 'null' key"); -// throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null); -// -// } -// -// if (object != null) { -// if (!Serializable.class.isInstance(object)) { -// Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface"); -// throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null); -// -// } -// } -// -// if (genericDataStorate.containsKey(key)) -// Logger.debug("Overwrite generic data with key:" + key); -// else -// Logger.trace("Add generic data with key:" + key + " to session."); -// -// genericDataStorate.put(key, object); -// } + + + public boolean isIseIDNewDemoMode() { + return iseIDNewDemoMode; + } + + /** + * Set eID demo-mode into AuthData + * @param iseIDNewDemoMode true if it is in demo-mode, otherwise false + */ + public void setIseIDNewDemoMode(boolean iseIDNewDemoMode) { + this.iseIDNewDemoMode = iseIDNewDemoMode; + } + + public List<Pair<String, String>> getEncMandateNaturalPersonbPKList() { + if (this.encMandateNaturalPersonbPKList == null) + this.encMandateNaturalPersonbPKList = new ArrayList<Pair<String, String>>(); + + return this.encMandateNaturalPersonbPKList; + + } + + public void setEncMandateNaturalPersonbPKList(List<Pair<String, String>> encMandateNaturalPersonbPKList) { + this.encMandateNaturalPersonbPKList = encMandateNaturalPersonbPKList; + } + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index b5005d0c9..2b550f21e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -26,7 +26,6 @@ import java.util.Date; import java.util.Map; import java.util.Map.Entry; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -59,6 +58,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.CookieUtils; import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -329,12 +329,12 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf } else { //check if IDP cookie is set - String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION); + String cookie = CookieUtils.getValueFromCookie(httpReq, SSOINTERFEDERATION); if (MiscUtil.isNotEmpty(cookie)) { Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie); moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, cookie); - deleteCookie(httpReq, httpResp, SSOINTERFEDERATION); + CookieUtils.deleteCookie(httpReq, httpResp, SSOINTERFEDERATION); } } @@ -345,7 +345,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf } public void setInterfederationIDPCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String value) { - setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE); + CookieUtils.setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE); } @@ -443,7 +443,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf public String getSSOSessionID(HttpServletRequest httpReq) { - return getValueFromCookie(httpReq, SSOCOOKIE); + return CookieUtils.getValueFromCookie(httpReq, SSOCOOKIE); } @@ -510,43 +510,43 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf private void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) { - setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1); + CookieUtils.setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1); } private void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) { - deleteCookie(httpReq, httpResp, SSOCOOKIE); + CookieUtils.deleteCookie(httpReq, httpResp, SSOCOOKIE); } - private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { - Cookie[] cookies = httpReq.getCookies(); - - if (cookies != null) { - for (Cookie cookie : cookies) { - if (cookie.getName().equals(cookieName)) { - return cookie.getValue(); - } - } - } - return null; - } - - private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, - String cookieName, String cookieValue, int maxAge) { - - Cookie cookie = new Cookie(cookieName, cookieValue); - cookie.setMaxAge(maxAge); - cookie.setSecure(true); - cookie.setHttpOnly(true); - cookie.setPath(httpReq.getContextPath()); - - httpResp.addCookie(cookie); - } - - private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { - setCookie(httpReq, httpResp, cookieName, "", 0); - - } +// private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { +// Cookie[] cookies = httpReq.getCookies(); +// +// if (cookies != null) { +// for (Cookie cookie : cookies) { +// if (cookie.getName().equals(cookieName)) { +// return cookie.getValue(); +// } +// } +// } +// return null; +// } +// +// private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, +// String cookieName, String cookieValue, int maxAge) { +// +// Cookie cookie = new Cookie(cookieName, cookieValue); +// cookie.setMaxAge(maxAge); +// cookie.setSecure(true); +// cookie.setHttpOnly(true); +// cookie.setPath(httpReq.getContextPath()); +// +// httpResp.addCookie(cookie); +// } +// +// private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { +// setCookie(httpReq, httpResp, cookieName, "", 0); +// +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java new file mode 100644 index 000000000..c5a8d88b7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java @@ -0,0 +1,56 @@ + +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; + +@PVPMETADATA +public class BPKListAttributeBuilder extends BPKAttributeBuilder implements IPVPAttributeBuilder { + + private static final Logger log = LoggerFactory.getLogger(BPKListAttributeBuilder.class); + + public static final String DELIMITER_BPK_LIST = ";"; + public static final String LIST_ELEMENT_START = "("; + public static final String LIST_ELEMENT_END = ")"; + + public String getName() { + return BPK_LIST_NAME; + } + + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + String result = LIST_ELEMENT_START + getBpkForSP(authData) + LIST_ELEMENT_END; + + //add additional bPKs if someone are available + if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) { + log.info("Adding additional bPKs into bPK attribute"); + for (Pair<String, String> el : authData.getAdditionalbPKs()) { + result += DELIMITER_BPK_LIST + + LIST_ELEMENT_START + + removeBpkTypePrefix(el.getSecond()) + + DELIMITER_BPKTYPE_BPK + + attrMaxSize(el.getFirst()) + + LIST_ELEMENT_END; + + } + log.trace("Authenticate user with bPK-List: " + result); + } + + log.trace("Authenticate user with bPK/wbPK: " + result); + return g.buildStringAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME, result); + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java index 139bb15cc..a1a5825b3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java @@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@Deprecated @PVPMETADATA public class EIDAuthBlock implements IPVPAttributeBuilder { @@ -49,6 +50,13 @@ public class EIDAuthBlock implements IPVPAttributeBuilder { try { if (authData instanceof IMOAAuthData) { + + if (((IMOAAuthData)authData).isIseIDNewDemoMode()) { + Logger.info(EID_AUTH_BLOCK_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode"); + throw new UnavailableAttributeException(EID_AUTH_BLOCK_NAME); + + } + String authblock = ((IMOAAuthData)authData).getAuthBlock(); if (MiscUtil.isNotEmpty(authblock)) { return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java index 44043ec40..bf7187e51 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java @@ -28,6 +28,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; @@ -35,6 +36,8 @@ import at.gv.egovernment.moa.logging.Logger; @PVPMETADATA public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { + public static final String DELIMITER_ENCBPK_TARGET = "|"; + public String getName() { return ENC_BPK_LIST_NAME; } @@ -45,12 +48,22 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { if (authData instanceof IMOAAuthData) { if (((IMOAAuthData)authData).getEncbPKList() != null && ((IMOAAuthData)authData).getEncbPKList().size() > 0) { - String value = ((IMOAAuthData)authData).getEncbPKList().get(0); - for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++) - value += ";"+((IMOAAuthData)authData).getEncbPKList().get(i); + Pair<String, String> value = ((IMOAAuthData)authData).getEncbPKList().get(0); + String result = BPKListAttributeBuilder.LIST_ELEMENT_START + + value.getSecond() + DELIMITER_ENCBPK_TARGET + value.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++) { + Pair<String, String> el = ((IMOAAuthData)authData).getEncbPKList().get(i); + result += BPKListAttributeBuilder.DELIMITER_BPK_LIST + + BPKListAttributeBuilder.LIST_ELEMENT_START + + el.getSecond() + DELIMITER_ENCBPK_TARGET + el.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + } return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, - value); + result); } @@ -59,16 +72,6 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { throw new UnavailableAttributeException(ENC_BPK_LIST_NAME); -// String encbpk = "XXX01234567890XXX"; -// String type = "Bereich"; -// String vkz = "Verfahrenskennzeichen"; -// -// //TODO: implement encrypted bPK support -// -// Logger.trace("Authenticate user with encrypted bPK " + vkz + "+" + type + "|" + encbpk); -// -// return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, -// vkz + "+" + type + "|" + encbpk); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java index a40c0fefb..fb101467a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -48,8 +48,16 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { - if (authData instanceof IMOAAuthData) { + if (authData instanceof IMOAAuthData) { if (((IMOAAuthData)authData).isUseMandate()) { + + if (((IMOAAuthData)authData).isIseIDNewDemoMode()) { + Logger.info(MANDATE_FULL_MANDATE_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode"); + return null; + + } + + //only provide full mandate if it is included. //In case of federation only a short mandate could be include if (((IMOAAuthData)authData).getMandate() != null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java index f67f79dcf..4d41cc19b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -22,11 +22,13 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; +import org.apache.commons.lang3.StringUtils; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; @@ -36,9 +38,9 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; @@ -57,42 +59,10 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { try { - Pair<String, String> calcResult = internalBPKGenerator((IOAAuthParameters)oaParam, authData); - if (calcResult != null) { - String bpk = calcResult.getFirst(); - String type = calcResult.getSecond(); - - if (MiscUtil.isEmpty(bpk)) - throw new UnavailableAttributeException(BPK_NAME); - - if (type != null) { - if (type.startsWith(Constants.URN_PREFIX_WBPK)) - type = type.substring((Constants.URN_PREFIX_WBPK + "+").length()); - - else if (type.startsWith(Constants.URN_PREFIX_CDID)) - type = type.substring((Constants.URN_PREFIX_CDID + "+").length()); - - else if (type.startsWith(Constants.URN_PREFIX_EIDAS)) - type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length()); - - } else { - Logger.debug("bPK type is 'null' --> use it as it is"); - - } - - if (bpk.length() > BPK_MAX_LENGTH) { - bpk = bpk.substring(0, BPK_MAX_LENGTH); - } - - Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); - - if (type != null) - return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, type + ":" + bpk); - else - return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bpk); - - } - + String bPKResult = getBpkAttributeStringForSP(oaParam, authData); + if (StringUtils.isNoneEmpty(bPKResult)) + return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bPKResult); + } catch (BuildException | ConfigurationException | EAAFBuilderException e) { Logger.error("Failed to generate IdentificationType"); @@ -103,12 +73,109 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui return null; } - + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME); } - protected Pair<String, String> internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException { + protected Pair<String, String> getBpkForSp(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException { + Pair<String, String> baseId = getBaseIdFromMandate(oaParam, authData); + Pair<String, String> bPKResult = null; + + if (baseId != null) { + if (baseId.getSecond() != null && baseId.getSecond().equals(Constants.URN_PREFIX_BASEID)) + bPKResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(baseId.getFirst(), + oaParam.getAreaSpecificTargetIdentifier()); + else { + Logger.debug("No BaseId target in mandate. Use it as it is ... "); + bPKResult = Pair.newInstance(baseId.getFirst(), null); + + } + } + + return bPKResult; + + } + + + /** + * Generate the bPK String for this specific SP + * + * @param oaParam + * @param authData + * @return + * @throws UnavailableAttributeException + * @throws EAAFBuilderException + * @throws ConfigurationException + * @throws BuildException + * @throws NoMandateDataAttributeException + */ + protected String getBpkAttributeStringForSP(ISPConfiguration oaParam, IAuthData authData) throws UnavailableAttributeException, EAAFBuilderException, NoMandateDataAttributeException, BuildException, ConfigurationException { + Pair<String, String> bPKResult = getBpkForSp(oaParam, authData); + if (bPKResult != null) { + String bpk = bPKResult.getFirst(); + String type = bPKResult.getSecond(); + + if (MiscUtil.isEmpty(bpk)) + throw new UnavailableAttributeException(BPK_NAME); + + if (type != null) + type = removeBpkTypePrefix(type); + else + Logger.debug("bPK type is 'null' --> use it as it is"); + + bpk = attrMaxSize(bpk); + + Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); + + if (type != null) + return type + BPKAttributeBuilder.DELIMITER_BPKTYPE_BPK + bpk; + else + return bpk; + + } + + return null; + + } + + + /** + * Limit the attribute value to maximum size + * + * @param attr + * @return + */ + protected String attrMaxSize(String attr) { + if (attr != null && attr.length() > BPK_MAX_LENGTH) { + attr = attr.substring(0, BPK_MAX_LENGTH); + } + return attr; + + } + + /** + * Remove bPKType prefix if available + * + * @param type + * @return + */ + protected String removeBpkTypePrefix(String type) { + if (type.startsWith(EAAFConstants.URN_PREFIX_WBPK)) + return type.substring((EAAFConstants.URN_PREFIX_WBPK).length()); + + else if (type.startsWith(EAAFConstants.URN_PREFIX_CDID)) + return type.substring((EAAFConstants.URN_PREFIX_CDID).length()); + + else if (type.startsWith(EAAFConstants.URN_PREFIX_EIDAS)) + return type.substring((EAAFConstants.URN_PREFIX_EIDAS).length()); + + else + return type; + + } + + protected Pair<String, String> getBaseIdFromMandate(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException { //get PVP attribute directly, if exists Pair<String, String> calcResult = null; if (authData instanceof IMOAAuthData) { @@ -136,13 +203,8 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui Logger.info("Failed to generate IdentificationType"); throw new NoMandateDataAttributeException(); } - - - if (id.getType().equals(Constants.URN_PREFIX_BASEID)) - calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), - oaParam.getAreaSpecificTargetIdentifier()); - else - calcResult = Pair.newInstance(id.getValue().getValue(), id.getType()); + + calcResult = Pair.newInstance(id.getValue().getValue(), id.getType()); } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java new file mode 100644 index 000000000..fd00e2f61 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java @@ -0,0 +1,83 @@ + +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +@PVPMETADATA +public class MandateNaturalPersonBPKListAttributeBuilder extends MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_BPK_LIST_NAME; + } + + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + + try { + String result = getBpkAttributeStringForSP(oaParam, authData); + + if (result != null) { + result = BPKListAttributeBuilder.LIST_ELEMENT_START + result + BPKListAttributeBuilder.LIST_ELEMENT_END; + + //add additional bPKs if someone are available + if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) { + Logger.info("Additional bPKs available. Calculate additional bPKs for mandate ... "); + Pair<String, String> baseId = getBaseIdFromMandate(oaParam, authData); + if (baseId != null && StringUtils.isNotEmpty(baseId.getSecond()) + && baseId.getSecond().equals(Constants.URN_PREFIX_BASEID)) { + for (Pair<String, String> el : authData.getAdditionalbPKs()) { + + Pair<String, String> addBpk = + new BPKBuilder().generateAreaSpecificPersonIdentifier( + baseId.getFirst(), + el.getSecond()); + + Logger.trace("Calculate bPK with " + addBpk.toString()); + + result += BPKListAttributeBuilder.DELIMITER_BPK_LIST + + BPKListAttributeBuilder.LIST_ELEMENT_START + + removeBpkTypePrefix(addBpk.getSecond()) + + BPKAttributeBuilder.DELIMITER_BPKTYPE_BPK + + attrMaxSize(addBpk.getFirst()) + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + } + } + } + + Logger.trace("Authenticate user with List of bPK/wbPK: " + result + " for mandate"); + return g.buildStringAttribute(MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_LIST_NAME, result); + + } + + return null; + + } catch (BuildException | ConfigurationException | EAAFBuilderException e) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAttributeException(); + + } + + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_LIST_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java new file mode 100644 index 000000000..220ccd94e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java @@ -0,0 +1,62 @@ + +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.logging.Logger; + +@PVPMETADATA +public class MandateNaturalPersonEncBPKListAttributeBuilder implements IPVPAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_ENC_BPK_LIST_NAME; + } + + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData) authData).isUseMandate()) { + if (((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList() != null && + ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().size() > 0) { + Pair<String, String> value = ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().get(0); + String result = BPKListAttributeBuilder.LIST_ELEMENT_START + + value.getSecond() + EncryptedBPKAttributeBuilder.DELIMITER_ENCBPK_TARGET + value.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + for (int i=1; i<((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().size(); i++) { + Pair<String, String> el = ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().get(i); + result += BPKListAttributeBuilder.DELIMITER_BPK_LIST + + BPKListAttributeBuilder.LIST_ELEMENT_START + + el.getSecond() + EncryptedBPKAttributeBuilder.DELIMITER_ENCBPK_TARGET + el.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + } + + return g.buildStringAttribute(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_ENC_BPK_LIST_NAME, + result); + + } + + } else + Logger.trace(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME + " is only availabe if mandates are used"); + + } else + Logger.info(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME + " is only available in MOA-ID context"); + + throw new UnavailableAttributeException(MANDATE_NAT_PER_ENC_BPK_LIST_NAME); + + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_ENC_BPK_LIST_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java index 32b45a595..88648b56e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java @@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.No import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +@Deprecated @PVPMETADATA public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttributeBuilder { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java index 90a0d61c9..223994e6e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java @@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.No import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +@Deprecated @PVPMETADATA public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java new file mode 100644 index 000000000..5daa71b1f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java @@ -0,0 +1,68 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; + +/** + * @author tlenz + * + */ +public class SimpleStringAttributeGenerator implements IAttributeGenerator<String> { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String) + */ + @Override + public String buildStringAttribute(String friendlyName, String name, String value) { + return value; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int) + */ + @Override + public String buildIntegerAttribute(String friendlyName, String name, int value) { + return String.valueOf(value); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long) + */ + @Override + public String buildLongAttribute(String friendlyName, String name, long value) { + return String.valueOf(value); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String) + */ + @Override + public String buildEmptyAttribute(String friendlyName, String name) { + return null; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 1fa17c683..4fc37d88f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -145,7 +145,9 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider { try { //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java index d7ada1f36..bd908f894 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java @@ -75,7 +75,9 @@ public class MOASAMLSOAPClient { //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 SecureProtocolSocketFactory sslprotocolsocketfactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, + PVPConstants.SSLSOCKETFACTORYNAME, + AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(), null, AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java index 8d36e81bb..df43316ca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java @@ -36,7 +36,7 @@ import org.springframework.dao.DataAccessException; import org.springframework.data.redis.core.RedisOperations; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.data.redis.core.SessionCallback; -import org.springframework.data.redis.serializer.JacksonJsonRedisSerializer; +import org.springframework.data.redis.serializer.RedisSerializer; import org.springframework.stereotype.Service; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; @@ -58,7 +58,7 @@ public class RedisTransactionStorage implements ITransactionStorage { protected AuthConfiguration authConfig; @Autowired - private JacksonJsonRedisSerializer assertionStoreSerializer; + private RedisSerializer<AssertionStore> assertionStoreSerializer; public RedisTemplate<String, Object> getTemplate(){ return this.redisTemplate; @@ -69,10 +69,11 @@ public class RedisTransactionStorage implements ITransactionStorage { } public boolean containsKey(String key) { + try { searchInDatabase(key); return true; - + } catch (MOADatabaseException e) { return false; } @@ -371,7 +372,7 @@ public void putRaw(String key, Object element) throws EAAFException { + " found. Process gets stopped."); } - redisTemplate.opsForValue().set(as.getArtifact(), new String(assertionStoreSerializer.serialize(element)),expTime,TimeUnit.MILLISECONDS); + redisTemplate.opsForValue().set(as.getArtifact(), new String(assertionStoreSerializer.serialize(as)),expTime,TimeUnit.MILLISECONDS); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java new file mode 100644 index 000000000..21cbd574f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.util; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +public class CookieUtils { + public static String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { + Cookie[] cookies = httpReq.getCookies(); + + if (cookies != null) { + for (Cookie cookie : cookies) { + if (cookie.getName().equals(cookieName)) { + return cookie.getValue(); + } + } + } + return null; + } + + public static void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, + String cookieName, String cookieValue, int maxAge) { + + Cookie cookie = new Cookie(cookieName, cookieValue); + cookie.setMaxAge(maxAge); + cookie.setSecure(true); + cookie.setHttpOnly(true); + cookie.setPath(httpReq.getContextPath()); + + httpResp.addCookie(cookie); + } + + public static void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { + setCookie(httpReq, httpResp, cookieName, "", 0); + + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index 611dff3b1..6bf44a527 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -61,6 +61,7 @@ import javax.net.ssl.SSLSocketFactory; import org.apache.regexp.RE; import org.apache.regexp.RESyntaxException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; @@ -93,6 +94,10 @@ public class SSLUtils { ConfigurationProvider conf, String url ) throws IOException, GeneralSecurityException, ConfigurationException, PKIException { + boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, + false); + // else create new SSLSocketFactory String trustStoreURL = conf.getTrustedCACertificates(); @@ -107,6 +112,7 @@ public class SSLUtils { try { SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( url, + useStandardJavaTrustStore, null, trustStoreURL, acceptedServerCertURL, @@ -148,6 +154,10 @@ public class SSLUtils { ConnectionParameterInterface connParam) throws IOException, GeneralSecurityException, ConfigurationException, PKIException { + boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, + false); + // else create new SSLSocketFactory String trustStoreURL = conf.getTrustedCACertificates(); @@ -162,6 +172,7 @@ public class SSLUtils { try { SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( connParam.getUrl(), + useStandardJavaTrustStore, null, trustStoreURL, acceptedServerCertURL, diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 14d4d9fb6..a10b9b3e0 100644 --- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -20,3 +20,6 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttri at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeOIDAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey +at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder +at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder +at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml index 26fd1f986..02c683305 100644 --- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml +++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml @@ -106,6 +106,10 @@ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask" scope="prototype"/> + <bean id="GenericFrontChannelRedirectTask" + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GenericFrontChannelRedirectTask" + scope="prototype"/> + <beans profile="advancedLogOn"> <bean id="StatisticLogger" class="at.gv.egovernment.moa.id.advancedlogging.StatisticLogger"/> diff --git a/id/server/idserverlib/src/main/resources/session.redis.beans.xml b/id/server/idserverlib/src/main/resources/session.redis.beans.xml index feda9b273..a352cf9ab 100644 --- a/id/server/idserverlib/src/main/resources/session.redis.beans.xml +++ b/id/server/idserverlib/src/main/resources/session.redis.beans.xml @@ -24,7 +24,8 @@ p:port="${redis.port}"/> <bean id="RedisStringSerializer" class="org.springframework.data.redis.serializer.StringRedisSerializer" /> - <bean id="assertionStoreSerializer" class="org.springframework.data.redis.serializer.JacksonJsonRedisSerializer"> + + <bean id="assertionStoreSerializer" class="org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer"> <constructor-arg type="java.lang.Class" value="at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore"/> </bean> diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java index 1ea057186..c3420d833 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java @@ -10,6 +10,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; @@ -72,14 +73,14 @@ public class AuthenticationDataBuilderTest { throw new Exception("bPKType wrong"); - List<String> foreignbPKs = authData.getEncbPKList(); + List<Pair<String, String>> foreignbPKs = authData.getEncbPKList(); if (foreignbPKs.isEmpty()) throw new Exception("NO foreign bPK list is null"); if (foreignbPKs.size() != 1) throw new Exception("NO or MORE THAN ONE foreign bPK"); - if (!foreignbPKs.get(0).startsWith("(wbpk+FN+195738a|") && !(foreignbPKs.get(0).endsWith(")"))) + if (!foreignbPKs.get(0).getSecond().equals("wbpk+FN+195738a") && !(foreignbPKs.get(0).getFirst().isEmpty())) throw new Exception("foreign bPK has wrong prefix"); } diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java index 61e765f55..bcbabae5b 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java @@ -346,5 +346,11 @@ public class DummyOAConfig implements IOAAuthParameters { public void setHasBaseIdTransferRestriction(boolean hasBaseIdTransferRestriction) { this.hasBaseIdTransferRestriction = hasBaseIdTransferRestriction; } + + @Override + public List<String> additionalbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } } |