aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java36
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IGarbageCollectorProcessing.java)2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java93
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java185
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/MOAGarbageCollector.java77
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java34
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java190
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java122
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java8
-rw-r--r--id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml19
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java4
-rw-r--r--id/server/idserverlib/src/test/java/test/tlenz/simpletest.java197
41 files changed, 816 insertions, 379 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java
new file mode 100644
index 000000000..6f98357e2
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IDestroyableObject {
+ /**
+ * Manually deep destroy a Java object with all child objects like timers and threads
+ *
+ */
+ public void fullyDestroy();
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IGarbageCollectorProcessing.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java
index a1008e883..27d142f2c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IGarbageCollectorProcessing.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java
@@ -20,7 +20,7 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-package at.gv.egovernment.moa.id.config.auth;
+package at.gv.egovernment.moa.id.auth;
/**
* @author tlenz
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
new file mode 100644
index 000000000..52e30a2f0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
@@ -0,0 +1,93 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.auth;
+
+
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.scheduling.annotation.EnableScheduling;
+import org.springframework.scheduling.annotation.Scheduled;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+@Service("MOAGarbageCollector")
+@EnableScheduling
+public class MOAGarbageCollector implements Runnable {
+
+ @Autowired ApplicationContext context;
+
+ private static final long INTERVAL = 24 * 60 * 60 * 1000; // 24 hours
+ //private static final long INITAL_DELAY = 12 * 60 * 60 * 1000; // 12 hours
+
+ private static final long INITAL_DELAY = 2 * 60 * 1000; // 12 hours
+
+// private static final List<IGarbageCollectorProcessing> processModules =
+// new ArrayList<IGarbageCollectorProcessing>();
+
+
+ @Scheduled(fixedRate = INTERVAL, initialDelay = INITAL_DELAY)
+ public void run() {
+
+ Map<String, IGarbageCollectorProcessing> processModules =
+ context.getBeansOfType(IGarbageCollectorProcessing.class);
+
+ if (processModules != null) {
+ Iterator<Entry<String, IGarbageCollectorProcessing>> interator = processModules.entrySet().iterator();
+ while (interator.hasNext()) {
+ try {
+ interator.next().getValue().runGarbageCollector();
+
+ } catch (Throwable e1) {
+ Logger.warn("Garbage collection FAILED in some module.", e1);
+
+ }
+
+ }
+ }
+ }
+
+// /**
+// * Add a module to MOA internal garbage collector. Every module is executed once a day
+// *
+// * @param modul Module which should be executed by the garbage collector.
+// */
+// public static void addModulForGarbageCollection(IGarbageCollectorProcessing modul) {
+// processModules.add(modul);
+//
+// }
+
+// public static void start() {
+// // start the session cleanup thread
+// Thread configLoader = new Thread(new MOAGarbageCollector(), "MOAGarbageCollector");
+// configLoader.setName("MOAGarbageCollectorr");
+// configLoader.setDaemon(true);
+// configLoader.setPriority(Thread.MIN_PRIORITY);
+// configLoader.start();
+// }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 926131b59..11f47052e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -36,18 +36,16 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.logging.LoggingContext;
-import at.gv.egovernment.moa.logging.LoggingContextManager;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
-import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moaspss.logging.LoggingContext;
+import at.gv.egovernment.moaspss.logging.LoggingContextManager;
import iaik.pki.PKIException;
-import iaik.security.ecc.provider.ECCProvider;
+import iaik.security.ec.provider.ECCelerate;
import iaik.security.provider.IAIK;
/**
@@ -104,7 +102,7 @@ public class MOAIDAuthInitializer {
Logger.info("Loading Java security providers.");
IAIK.addAsProvider();
- ECCProvider.addAsProvider();
+ ECCelerate.addAsProvider();
// Initializes SSLSocketFactory store
SSLUtils.initialize();
@@ -141,7 +139,12 @@ public class MOAIDAuthInitializer {
//ECCProvider.addAsProvider();
Security.insertProviderAt(IAIK.getInstance(), 0);
- Security.addProvider(new ECCProvider());
+
+ ECCelerate eccProvider = ECCelerate.getInstance();
+ if (Security.getProvider(eccProvider.getName()) != null)
+ Security.removeProvider(eccProvider.getName());
+
+ Security.addProvider(new ECCelerate());
if (Logger.isDebugEnabled()) {
Logger.debug("Loaded Security Provider:");
@@ -150,7 +153,5 @@ public class MOAIDAuthInitializer {
Logger.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion());
}
-
- MOAGarbageCollector.start();
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 908c7e7b6..f980f299c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -106,6 +106,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
@Autowired protected AuthConfiguration authConfig;
@Autowired private AttributQueryBuilder attributQueryBuilder;
@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
public IAuthData buildAuthenticationData(IRequest pendingReq,
@@ -222,7 +223,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
try {
samlVerificationEngine.verifyIDPResponse(intfResp,
TrustEngineFactory.getSignatureKnownKeysTrustEngine(
- MOAMetadataProvider.getInstance()));
+ metadataProvider));
//create assertion attribute extractor from AttributeQuery response
return new AssertionAttributeExtractor(intfResp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 69c155c1e..140c7aebc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -206,7 +206,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
//validate SSO functionality
- String domainIdentifier = authConfig.getSSOTagetIdentifier().trim();
+ String domainIdentifier = authConfig.getSSOTagetIdentifier();
if (MiscUtil.isEmpty(domainIdentifier) && protocolReq.needSingleSignOnFunctionality()) {
//do not use SSO if no Target is set
Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index 0d99bcd68..1431911a3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -32,6 +32,7 @@ import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.ExceptionHandler;
+import com.google.common.net.MediaType;
import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
@@ -86,7 +87,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
@ExceptionHandler({Exception.class})
public void GenericExceptionHandler(HttpServletResponse resp, Exception exception) throws IOException {
Logger.error("Internel Server Error." , exception);
- resp.setContentType("text/html;charset=UTF-8");
+ resp.setContentType(MediaType.HTML_UTF_8.toString());
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" +
"(Errorcode=9199"
+" | Description="+ exception.getMessage() + ")");
@@ -97,7 +98,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
@ExceptionHandler({IOException.class})
public void IOExceptionHandler(HttpServletResponse resp, Throwable exception) {
Logger.error("Internel Server Error." , exception);
- resp.setContentType("text/html;charset=UTF-8");
+ resp.setContentType(MediaType.HTML_UTF_8.toString());
resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
@@ -221,7 +222,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
Logger.warn(loggedException.getMessage(), loggedException);
} else {
- Logger.info(loggedException.getMessage());
+ Logger.warn(loggedException.getMessage());
}
}
@@ -232,7 +233,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
String code = utils.mapInternalErrorToExternalError(
((InvalidProtocolRequestException)e).getMessageId());
String descr = e.getMessage();
- resp.setContentType("text/html;charset=UTF-8");
+ resp.setContentType(MediaType.HTML_UTF_8.toString());
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" +
"(Errorcode=" + code +
" | Description=" + descr + ")");
@@ -315,7 +316,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
private void internalMOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e, boolean writeExceptionToStatisicLog) throws IOException {
if (e instanceof ProtocolNotActiveException) {
resp.getWriter().write(e.getMessage());
- resp.setContentType("text/html;charset=UTF-8");
+ resp.setContentType(MediaType.HTML_UTF_8.toString());
resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
} else if (e instanceof AuthnRequestValidatorException) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
index babc87866..9b658d81b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
@@ -85,7 +85,7 @@ public class GUILayoutBuilderServlet extends AbstractController {
null);
//build GUI component
- formBuilder.build(resp, config, "text/css;charset=UTF-8", "CSS-Form");
+ formBuilder.build(resp, config, "text/css; charset=UTF-8", "CSS-Form");
} catch (Exception e) {
Logger.warn("GUI ressource:'CSS' generation FAILED.");
@@ -114,7 +114,7 @@ public class GUILayoutBuilderServlet extends AbstractController {
GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION);
//build GUI component
- formBuilder.build(resp, config, "text/javascript;charset=UTF-8", "JavaScript");
+ formBuilder.build(resp, config, "text/javascript; charset=UTF-8", "JavaScript");
} catch (Exception e) {
Logger.warn("GUI ressource:'JavaScript' generation FAILED.");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index d9386d404..3eaede028 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -131,7 +131,7 @@ public class RedirectServlet {
DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT,
null);
config.putCustomParameter(URL, url);
- guiBuilder.build(resp, config, "RedirectForm");
+ guiBuilder.build(resp, config, "RedirectForm.html");
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java
new file mode 100644
index 000000000..93d74d7ef
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.servlet.interceptor;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.List;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.context.ApplicationContext;
+
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class VHostUrlRewriteServletFilter implements Filter {
+
+ private static final String VHOST_PATH = "/vhost/";
+ private static final String AUTHURL = "authURL";
+
+
+ private ApplicationContext context = null;
+
+ public VHostUrlRewriteServletFilter(ApplicationContext context) {
+ Logger.info("Register vHost Servelt Filter");
+ this.context = context;
+
+ }
+
+ /* (non-Javadoc)
+ * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
+ */
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+
+ }
+
+ /* (non-Javadoc)
+ * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
+ */
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+ HttpServletRequest httpReq = (HttpServletRequest) request;
+ try {
+ AuthConfiguration authConfig = context.getBean(AuthConfiguration.class);
+ List<String> configuredPublicURLPrefix = authConfig.getPublicURLPrefix();
+
+ //check if End-Point is valid
+ String publicURLString = HTTPUtils.extractAuthURLFromRequest(httpReq);
+ URL publicURL;
+ try {
+ publicURL = new URL(publicURLString);
+
+ } catch (MalformedURLException e) {
+ Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + publicURLString, e);
+ throw new ConfigurationException("1299", null, e);
+
+ }
+
+ //check if virtual IDPs are enabled
+ if (!authConfig.isVirtualIDPsEnabled()) {
+ Logger.trace("Virtual IDPs are disabled. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0));
+ httpReq.setAttribute(AUTHURL, configuredPublicURLPrefix.get(0));
+ chain.doFilter(request, response);
+
+ } else {
+ String authURLString = HTTPUtils.extractAuthServletPathFromRequest(httpReq);
+ URL authURL;
+ try {
+ authURL = new URL(authURLString);
+
+ } catch (MalformedURLException e) {
+ Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + authURLString, e);
+ throw new ConfigurationException("1299", null, e);
+
+ }
+
+ Logger.debug("Extract AuthenticationServiceURL: " + authURLString);
+ URL resultURL = null;
+
+ for (String el : configuredPublicURLPrefix) {
+ try {
+ URL configuredURL = new URL(el);
+
+ //get Ports from URL
+ int configPort = configuredURL.getPort();
+ if (configPort == -1)
+ configPort = configuredURL.getDefaultPort();
+
+ int authURLPort = authURL.getPort();
+ if (authURLPort == -1)
+ authURLPort = authURL.getDefaultPort();
+
+ //check AuthURL against ConfigurationURL
+ if (configuredURL.getHost().equals(authURL.getHost()) &&
+ configPort == authURLPort &&
+ authURL.getPath().startsWith(configuredURL.getPath())) {
+ Logger.debug("Select configurated PublicURLPrefix: " + configuredURL
+ + " for authURL: " + authURLString);
+ resultURL = configuredURL;
+ }
+
+ } catch (MalformedURLException e) {
+ Logger.error("Configurated IDP PublicURLPrefix is not a valid URL." + el);
+
+ }
+ }
+
+ if (resultURL == null) {
+ Logger.warn("Extract AuthenticationServiceURL: " + authURL + " is NOT found in configuration.");
+ throw new ConfigurationException("config.25", new Object[]{authURLString});
+
+ } else {
+ httpReq.setAttribute(AUTHURL, resultURL.toExternalForm());
+
+ }
+
+ String servletPath = httpReq.getServletPath();
+ if (servletPath.startsWith(VHOST_PATH)) {
+ Logger.trace("Found V-IDP selection via REST URL ... ");
+ String vHostDescriptor = resultURL.toExternalForm().substring(0, publicURLString.length());
+ String requestedServlet = authURLString.substring(0, vHostDescriptor.length());
+ String newURL = publicURL.toExternalForm().concat(requestedServlet);
+ httpReq.setAttribute(AUTHURL, newURL);
+ httpReq.getRequestDispatcher(newURL).forward(httpReq, response);
+
+ } else {
+ Logger.trace("Found V-IDP selection via Domain ...");
+ chain.doFilter(request, response);
+
+ }
+
+ }
+
+ } catch (ConfigurationException e) {
+
+
+ }
+
+ }
+
+ /* (non-Javadoc)
+ * @see javax.servlet.Filter#destroy()
+ */
+ @Override
+ public void destroy() {
+ // TODO Auto-generated method stub
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index 87804ea6c..9fdec9fbb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -53,7 +53,8 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
//only for SAML1 GetAuthenticationData webService functionality
String requestedServlet = request.getServletPath();
- if (MiscUtil.isNotEmpty(requestedServlet) && requestedServlet.startsWith("/services/GetAuthenticationData")) {
+ if (MiscUtil.isNotEmpty(requestedServlet) &&
+ requestedServlet.startsWith("/services")) {
Logger.debug("SAML1 GetAuthenticationServices allow access without SSL");
return true;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/MOAGarbageCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/MOAGarbageCollector.java
deleted file mode 100644
index 1072bec5c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/MOAGarbageCollector.java
+++ /dev/null
@@ -1,77 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.config.auth;
-
-
-import java.util.ArrayList;
-import java.util.List;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-public class MOAGarbageCollector implements Runnable {
-
- private static final long INTERVAL = 24 * 60 * 60; // 24 hours
- private static final List<IGarbageCollectorProcessing> processModules =
- new ArrayList<IGarbageCollectorProcessing>();
-
- public void run() {
- while (true) {
- try {
- Thread.sleep(INTERVAL * 1000);
-
- try {
- for (IGarbageCollectorProcessing element : processModules)
- element.runGarbageCollector();
-
- } catch (Throwable e1) {
- Logger.warn("Garbage collection FAILED in some module.", e1);
- }
-
- } catch (Throwable e) {
- Logger.warn("MOA-ID garbage collection is not possible, actually.", e);
-
- } finally {
-
- }
- }
- }
-
- /**
- * Add a module to MOA internal garbage collector. Every module is executed once a day
- *
- * @param modul Module which should be executed by the garbage collector.
- */
- public static void addModulForGarbageCollection(IGarbageCollectorProcessing modul) {
- processModules.add(modul);
-
- }
-
- public static void start() {
- // start the session cleanup thread
- Thread configLoader = new Thread(new MOAGarbageCollector(), "MOAGarbageCollector");
- configLoader.setName("MOAGarbageCollectorr");
- configLoader.setDaemon(true);
- configLoader.setPriority(Thread.MIN_PRIORITY);
- configLoader.start();
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index b1bba6c17..9f39e32cc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -122,7 +122,10 @@ public String getIdentityLinkDomainIdentifier() {
if (MiscUtil.isNotEmpty(type) && MiscUtil.isNotEmpty(value)) {
if (MOAIDConstants.IDENIFICATIONTYPE_STORK.equals(type)) {
return MOAIDConstants.PREFIX_STORK + "AT" + "+" + value;
-
+
+ } else if (MOAIDConstants.IDENIFICATIONTYPE_EIDAS.equals(type)) {
+ return MOAIDConstants.PREFIX_EIDAS + value;
+
} else {
return MOAIDConstants.PREFIX_WPBK + type + "+" + value;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index 210bda3e6..348b1c45a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -738,13 +738,17 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
*/
public String getSSOTagetIdentifier() throws ConfigurationException {
try {
- return configuration.getStringValue(
+ String value = configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET);
-
+ if (MiscUtil.isNotEmpty(value))
+ return value.trim();
+
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("Single Sign-On Target can not be read from configuration.", e);
- return null;
+
}
+
+ return null;
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 3c6042b51..34b250bf0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -104,7 +104,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
@Autowired private SingleLogOutBuilder sloBuilder;
@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
@Autowired private IGUIFormBuilder guiBuilder;
-
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
+
public void performSingleLogOut(HttpServletRequest httpReq,
HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
performSingleLogOut(httpReq, httpResp, session, pvpReq, null);
@@ -527,7 +528,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
} else {
samlVerificationEngine.verifySLOResponse(sloResp,
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(MOAMetadataProvider.getInstance()));
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index 85e4dc99b..1e0dfca8a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -32,6 +32,8 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
@@ -52,8 +54,12 @@ public abstract class RequestImpl implements IRequest, Serializable{
public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes";
public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID";
+ public static final String DATAID_REQUESTER_IP_ADDRESS = "requesterIP";
+
public static final String eIDAS_GENERIC_REQ_DATA_COUNTRY = "country";
+
+
private static final long serialVersionUID = 1L;
private String module = null;
@@ -91,10 +97,10 @@ public abstract class RequestImpl implements IRequest, Serializable{
*/
public final void initialize(HttpServletRequest req) throws ConfigurationException {
//set requestID
- requestID = Random.nextRandom();
+ requestID = Random.nextLongRandom();
//set unique transaction identifier for logging
- uniqueTransactionIdentifer = Random.nextRandom();
+ uniqueTransactionIdentifer = Random.nextLongRandom();
TransactionIDUtils.setTransactionId(uniqueTransactionIdentifer);
@@ -167,6 +173,15 @@ public abstract class RequestImpl implements IRequest, Serializable{
else
Logger.warn("No unique session-identifier FOUND, but it should be allready set into request!?!");
+ //set requester's IP address
+ try {
+ setGenericDataToSession(DATAID_REQUESTER_IP_ADDRESS, req.getRemoteAddr());
+
+ } catch (SessionDataStorageException e) {
+ Logger.warn("Can not store remote IP address to 'pendingRequest' during an exception." , e);
+
+ }
+
}
/**
@@ -174,7 +189,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
*
* @return List of PVP 2.1 attribute names with maps all protocol specific attributes
*/
- public abstract Collection<String> getRequestedAttributes();
+ public abstract Collection<String> getRequestedAttributes(MetadataProvider metadataProvider);
public void setOAURL(String value) {
oaURL = value;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
index f9986dccb..76e6605c1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
@@ -129,6 +129,11 @@ public class ProcessEngineImpl implements ProcessEngine {
ProcessInstance pi = loadProcessInstance(pendingReq.getProcessInstanceId());
+ if (pi == null ) {
+ throw new ProcessExecutionException("Process instance '" + pendingReq.getProcessInstanceId() + "' does not exist.");
+
+ }
+
MDC.put(MDC_CTX_PI_NAME, pi.getId());
if (!ProcessInstanceState.NOT_STARTED.equals(pi.getState())) {
@@ -164,6 +169,11 @@ public class ProcessEngineImpl implements ProcessEngine {
ProcessInstance pi = loadProcessInstance(pendingReq.getProcessInstanceId());
+ if (pi == null ) {
+ throw new ProcessExecutionException("Process instance '" + pendingReq.getProcessInstanceId() + "' does not exist.");
+
+ }
+
MDC.put(MDC_CTX_PI_NAME, pi.getId());
if (!ProcessInstanceState.SUSPENDED.equals(pi.getState())) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
index b4eed85d0..a611c72b9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -53,7 +53,10 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder
profRepName = misMandate.getTextualDescriptionOfOID();
- if (MiscUtil.isEmpty(profRepName)) {
+ //only read textual prof. rep. OID describtion from mandate annotation
+ // if also OID exists
+ if (MiscUtil.isEmpty(profRepName)
+ && MiscUtil.isNotEmpty(misMandate.getProfRep())) {
Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index 98c6632f1..6375f26a3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -81,6 +81,7 @@ public class AttributQueryAction implements IAction {
@Autowired private IDPCredentialProvider pvpCredentials;
@Autowired private AuthConfiguration authConfig;
@Autowired private MOASessionDBUtils moaSessionDBUtils;
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
new String[]{PVPConstants.EID_STORK_TOKEN_NAME});
@@ -140,7 +141,7 @@ public class AttributQueryAction implements IAction {
//build PVP 2.1 response
Response authResponse = AuthResponseBuilder.buildResponse(
- MOAMetadataProvider.getInstance(), issuerEntityID, attrQuery, date,
+ metadataProvider, issuerEntityID, attrQuery, date,
assertion, authConfig.isPVP2AssertionEncryptionActive());
SoapBinding decoder = new SoapBinding();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index 8de44a2e8..aac49844e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -61,6 +61,7 @@ import at.gv.egovernment.moa.logging.Logger;
public class AuthenticationAction implements IAction {
@Autowired IDPCredentialProvider pvpCredentials;
@Autowired AuthConfiguration authConfig;
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
@@ -70,7 +71,7 @@ public class AuthenticationAction implements IAction {
//get basic information
MOARequest moaRequest = (MOARequest) pvpRequest.getRequest();
AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
- EntityDescriptor peerEntity = moaRequest.getEntityMetadata();
+ EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);
AssertionConsumerService consumerService =
SAML2Utils.createSAMLObject(AssertionConsumerService.class);
@@ -94,7 +95,7 @@ public class AuthenticationAction implements IAction {
peerEntity, date, consumerService, sloInformation);
Response authResponse = AuthResponseBuilder.buildResponse(
- MOAMetadataProvider.getInstance(), issuerEntityID, authnRequest,
+ metadataProvider, issuerEntityID, authnRequest,
date, assertion, authConfig.isPVP2AssertionEncryptionActive());
IEncoder binding = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 2a688da68..b282e3a4b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -28,6 +28,8 @@ import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import com.google.common.net.MediaType;
+
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.commons.api.IRequest;
@@ -62,7 +64,7 @@ public class MetadataAction implements IAction {
String metadataXML = metadatabuilder.buildPVPMetadata(metadataConfig);
Logger.debug("METADATA: " + metadataXML);
- httpResp.setContentType("text/xml");
+ httpResp.setContentType(MediaType.XML_UTF_8.toString());
httpResp.getOutputStream().write(metadataXML.getBytes("UTF-8"));
httpResp.getOutputStream().close();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 82e46b6ce..127284ae0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -104,6 +104,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
@Autowired IDPCredentialProvider pvpCredentials;
@Autowired SAMLVerificationEngineSP samlVerificationEngine;
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
public static final String NAME = PVP2XProtocol.class.getName();
public static final String PATH = "id_pvp2x";
@@ -187,7 +188,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
//get POST-Binding decoder implementation
InboundMessage msg = (InboundMessage) new PostBinding().decode(
- req, resp, MOAMetadataProvider.getInstance(), false,
+ req, resp, metadataProvider, false,
new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL())));
pendingReq.setRequest(msg);
@@ -240,7 +241,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
//get POST-Binding decoder implementation
InboundMessage msg = (InboundMessage) new RedirectBinding().decode(
- req, resp, MOAMetadataProvider.getInstance(), false,
+ req, resp, metadataProvider, false,
new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService(pendingReq.getAuthURL())));
pendingReq.setRequest(msg);
@@ -294,7 +295,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
//get POST-Binding decoder implementation
InboundMessage msg = (InboundMessage) new SoapBinding().decode(
- req, resp, MOAMetadataProvider.getInstance(), false,
+ req, resp, metadataProvider, false,
new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL())));
pendingReq.setRequest(msg);
@@ -336,7 +337,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
if(!msg.isVerified()) {
samlVerificationEngine.verify(msg,
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(MOAMetadataProvider.getInstance()));
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
msg.setVerified(true);
}
@@ -493,7 +494,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
msg = (MOARequest) inMsg;
- EntityDescriptor metadata = msg.getEntityMetadata();
+ EntityDescriptor metadata = msg.getEntityMetadata(metadataProvider);
if(metadata == null) {
throw new NoMetadataInformationException();
}
@@ -643,7 +644,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
throw new MOAIDException("Unsupported request", new Object[] {});
}
- EntityDescriptor metadata = moaRequest.getEntityMetadata();
+ EntityDescriptor metadata = moaRequest.getEntityMetadata(metadataProvider);
if(metadata == null) {
throw new NoMetadataInformationException();
}
@@ -735,7 +736,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
}
}
- String oaURL = moaRequest.getEntityMetadata().getEntityID();
+ String oaURL = moaRequest.getEntityMetadata(metadataProvider).getEntityID();
oaURL = StringEscapeUtils.escapeHtml(oaURL);
IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index e7f2a7d4b..caf66942e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -32,6 +32,7 @@ import org.opensaml.saml2.core.impl.AuthnRequestImpl;
import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
@@ -54,7 +55,6 @@ public class PVPTargetConfiguration extends RequestImpl {
private static final long serialVersionUID = 4889919265919638188L;
-
InboundMessage request;
String binding;
String consumerURL;
@@ -88,14 +88,14 @@ public class PVPTargetConfiguration extends RequestImpl {
* @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
*/
@Override
- public Collection<String> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
Map<String, String> reqAttr = new HashMap<String, String>();
for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
reqAttr.put(el, "");
try {
- SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata().getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+ SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS);
if (spSSODescriptor.getAttributeConsumingServices() != null &&
spSSODescriptor.getAttributeConsumingServices().size() > 0) {
@@ -139,5 +139,6 @@ public class PVPTargetConfiguration extends RequestImpl {
}
- }
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index 57540138e..c762e2505 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -24,17 +24,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
-import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.SerializationUtils;
-import org.hibernate.HibernateException;
-import org.hibernate.Query;
-import org.hibernate.Session;
-import org.hibernate.Transaction;
-import org.hibernate.resource.transaction.spi.TransactionStatus;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.metadata.SingleLogoutService;
@@ -49,7 +43,6 @@ import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.data.IAuthData;
@@ -126,6 +119,9 @@ public class SingleLogOutAction implements IAction {
try {
session = authenticationSessionStorage.getSession(moasession);
+ if (session == null)
+ throw new MOADatabaseException();
+
} catch (MOADatabaseException e) {
Logger.info("Can not find active Session. Single LogOut not possible!");
SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index 25b22f0ad..94d91694a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -62,6 +62,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class SoapBinding implements IDecoder, IEncoder {
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
@Autowired private IDPCredentialProvider credentialProvider;
public InboundMessageInterface decode(HttpServletRequest req,
@@ -109,7 +110,7 @@ public class SoapBinding implements IDecoder, IEncoder {
RequestAbstractType attributeRequest = (RequestAbstractType) attrReq;
try {
if (MiscUtil.isNotEmpty(attributeRequest.getIssuer().getValue()) &&
- MOAMetadataProvider.getInstance().getRole(
+ metadataProvider.getRole(
attributeRequest.getIssuer().getValue(),
SPSSODescriptor.DEFAULT_ELEMENT_NAME) != null)
request.setEntityID(attributeRequest.getIssuer().getValue());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
index 855925272..e2f8664d8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
@@ -24,8 +24,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
import java.io.IOException;
import java.io.StringWriter;
-import java.security.PrivateKey;
-import java.security.interfaces.RSAPrivateKey;
import java.util.List;
import javax.xml.parsers.DocumentBuilder;
@@ -66,7 +64,6 @@ import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
import org.opensaml.xml.signature.SignatureException;
import org.opensaml.xml.signature.Signer;
import org.springframework.stereotype.Service;
@@ -74,6 +71,7 @@ import org.w3c.dom.Document;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
@@ -153,7 +151,7 @@ public class PVPMetadataBuilder {
//set metadata signature parameters
Credential metadataSignCred = config.getMetadataSigningCredentials();
- Signature signature = getIDPSignature(metadataSignCred);
+ Signature signature = AbstractCredentialProvider.getIDPSignature(metadataSignCred);
SecurityHelper.prepareSignatureParams(signature, metadataSignCred, null, null);
@@ -437,27 +435,5 @@ public class PVPMetadataBuilder {
return idpSSODescriptor;
}
-
- private Signature getIDPSignature(Credential credentials) {
- PrivateKey privatekey = credentials.getPrivateKey();
- Signature signer = SAML2Utils.createSAMLObject(Signature.class);
- if (privatekey instanceof RSAPrivateKey) {
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-
- } else if (privatekey instanceof iaik.security.ecc.ecdsa.ECPrivateKey) {
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1);
-
- } else {
- Logger.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential.");
-
-
- }
-
- signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
- signer.setSigningCredential(credentials);
- return signer;
-
- }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index e5c897aa6..de59e6055 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -94,8 +94,9 @@ import at.gv.egovernment.moa.logging.Logger;
@Service("PVP_SingleLogOutBuilder")
public class SingleLogOutBuilder {
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
@Autowired private IDPCredentialProvider credentialProvider;
-
+
public void checkStatusCode(ISLOInformationContainer sloContainer, LogoutResponse logOutResp) {
Status status = logOutResp.getStatus();
if (!status.getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
@@ -353,7 +354,7 @@ public class SingleLogOutBuilder {
public SingleLogoutService getRequestSLODescriptor(String entityID) throws NOSLOServiceDescriptorException {
try {
- EntityDescriptor entity = MOAMetadataProvider.getInstance().getEntityDescriptor(entityID);
+ EntityDescriptor entity = metadataProvider.getEntityDescriptor(entityID);
SSODescriptor spsso = entity.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
SingleLogoutService sloService = null;
@@ -394,7 +395,7 @@ public class SingleLogOutBuilder {
public SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
MOARequest moaReq = (MOARequest) spRequest.getRequest();
- EntityDescriptor metadata = moaReq.getEntityMetadata();
+ EntityDescriptor metadata = moaReq.getEntityMetadata(metadataProvider);
SSODescriptor ssodesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
if (ssodesc == null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 68301d000..55d8fa1ff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -208,8 +208,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
int idx = 0;
- AttributeConsumingService attributeConsumingService = null;
-
+ AttributeConsumingService attributeConsumingService = null;
if (aIdx != null) {
idx = aIdx.intValue();
attributeConsumingService = spSSODescriptor
@@ -223,6 +222,19 @@ public class PVP2AssertionBuilder implements PVPConstants {
}
}
+ /*
+ * TODO: maybe use first AttributeConsumingService if no is selected
+ * in request or on service is marked as default
+ *
+ */
+ if (attributeConsumingService == null ) {
+ List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
+ if (attrConsumingServiceList != null && !attrConsumingServiceList.isEmpty())
+ attributeConsumingService = attrConsumingServiceList.get(0);
+
+ }
+
+
if (attributeConsumingService != null) {
Iterator<RequestedAttribute> it = attributeConsumingService
.getRequestAttributes().iterator();
@@ -316,6 +328,15 @@ public class PVP2AssertionBuilder implements PVPConstants {
//no sourcePin is included --> search for bPK
bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class);
+ try {
+ if (bpk.contains(":"))
+ bpk = bpk.split(":")[1];
+
+ } catch (Exception e) {
+ Logger.warn("Can not split bPK from mandator attribute!", e);
+
+ }
+
//set bPK-Type from configuration, because it MUST be equal to service-provider type
if (oaParam.getBusinessService()) {
if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
@@ -436,10 +457,17 @@ public class PVP2AssertionBuilder implements PVPConstants {
.createSAMLObject(SubjectConfirmationData.class);
subjectConfirmationData.setInResponseTo(authnRequest.getID());
subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime()));
- subjectConfirmationData.setNotBefore(date);
+// subjectConfirmationData.setNotBefore(date);
+ //set 'recipient' attribute in subjectConformationData
subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());
+ //set IP address of the user machine as 'Address' attribute in subjectConformationData
+ String usersIPAddress = pendingReq.getGenericData(
+ PVPTargetConfiguration.DATAID_REQUESTER_IP_ADDRESS, String.class);
+ if (MiscUtil.isNotEmpty(usersIPAddress))
+ subjectConfirmationData.setAddress(usersIPAddress);
+
//set SLO information
sloInformation.setUserNameIdentifier(subjectNameID.getValue());
sloInformation.setNameIDFormat(subjectNameID.getFormat());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
index 332caf967..8c8345bbf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
@@ -25,11 +25,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
import java.io.Serializable;
import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -46,10 +46,12 @@ public class InboundMessage implements InboundMessageInterface, Serializable{
private String relayState = null;
- public EntityDescriptor getEntityMetadata() throws NoMetadataInformationException {
-
+ public EntityDescriptor getEntityMetadata(MetadataProvider metadataProvider) throws NoMetadataInformationException {
try {
- return MOAMetadataProvider.getInstance().getEntityDescriptor(this.entityID);
+ if (metadataProvider == null)
+ throw new NullPointerException("No PVP MetadataProvider found.");
+
+ return metadataProvider.getEntityDescriptor(this.entityID);
} catch (MetadataProviderException e) {
Logger.warn("No Metadata for EntitiyID " + entityID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 3002ca179..19adfe4c4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -44,13 +44,14 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
import org.opensaml.xml.XMLObject;
+import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.auth.IDestroyableObject;
+import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing;
-import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
@@ -58,65 +59,85 @@ import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
+@Service("PVPMetadataProvider")
public class MOAMetadataProvider extends SimpleMOAMetadataProvider
- implements ObservableMetadataProvider, IGarbageCollectorProcessing, IMOARefreshableMetadataProvider {
+ implements ObservableMetadataProvider, IGarbageCollectorProcessing,
+ IMOARefreshableMetadataProvider, IDestroyableObject {
- private static MOAMetadataProvider instance = null;
+ //private static final int METADATA_GARBAGE_TIMEOUT_SEC = 604800; //7 days
+
+// private static MOAMetadataProvider instance = null;
+ MetadataProvider internalProvider = null;
private static Object mutex = new Object();
+ //private Map<String, Date> lastAccess = null;
- public static MOAMetadataProvider getInstance() {
- if (instance == null) {
- synchronized (mutex) {
- if (instance == null) {
- instance = new MOAMetadataProvider();
-
- //add this to MOA garbage collector
- MOAGarbageCollector.addModulForGarbageCollection(instance);
-
- }
- }
- }
- return instance;
+ public MOAMetadataProvider() {
+ internalProvider = new ChainingMetadataProvider();
+ //lastAccess = new HashMap<String, Date>();
+
}
+// public static MOAMetadataProvider getInstance() {
+// if (instance == null) {
+// synchronized (mutex) {
+// if (instance == null) {
+// instance = new MOAMetadataProvider();
+//
+// //add this to MOA garbage collector
+// MOAGarbageCollector.addModulForGarbageCollection(instance);
+//
+// }
+// }
+// }
+// return instance;
+// }
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
*/
@Override
public void runGarbageCollector() {
- reInitialize();
-
- }
-
- private static void reInitialize() {
synchronized (mutex) {
/**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
- if (instance != null)
- try {
- Logger.trace("Check consistence of PVP2X metadata");
- instance.addAndRemoveMetadataProvider();
+ try {
+ Logger.trace("Check consistence of PVP2X metadata");
+ addAndRemoveMetadataProvider();
- } catch (ConfigurationException e) {
- Logger.error("Access to MOA-ID configuration FAILED.", e);
+ } catch (ConfigurationException e) {
+ Logger.error("Access to MOA-ID configuration FAILED.", e);
- }
- else
- Logger.info("MOAMetadataProvider is not loaded.");
+ }
}
+
}
- public static void destroy() {
- if (instance != null) {
- instance.internalDestroy();
+
+// private static void reInitialize() {
+// synchronized (mutex) {
+//
+// /**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
+// if (instance != null)
+// try {
+// Logger.trace("Check consistence of PVP2X metadata");
+// instance.addAndRemoveMetadataProvider();
+//
+// } catch (ConfigurationException e) {
+// Logger.error("Access to MOA-ID configuration FAILED.", e);
+//
+// }
+// else
+// Logger.info("MOAMetadataProvider is not loaded.");
+// }
+// }
+
+ public void fullyDestroy() {
+ internalDestroy();
- } else {
- Logger.info("MOAMetadataProvider is not loaded. Accordingly it can not be destroyed");
- }
}
- MetadataProvider internalProvider;
+
@Override
public boolean refreshMetadataProvider(String entityID) {
@@ -208,7 +229,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
private void addAndRemoveMetadataProvider() throws ConfigurationException {
if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
- Logger.info("Relaod MOAMetaDataProvider.");
+ Logger.info("Reload MOAMetaDataProvider.");
/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
*The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
@@ -217,7 +238,19 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
//get all actually loaded metadata providers
Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
-
+
+ /* TODO: maybe add metadata provider destroy after timeout.
+ * But could be a problem if one Metadataprovider load an EntitiesDescriptor
+ * with more the multiple EntityDescriptors. If one of this EntityDesciptors
+ * are expired the full EntitiesDescriptor is removed.
+ *
+ * Timeout requires a better solution in this case!
+ */
+// Date now = new Date();
+// Date expioredate = new Date(now.getTime() - (METADATA_GARBAGE_TIMEOUT_SEC * 1000));
+// Logger.debug("Starting PVP Metadata garbag collection (Expioredate:"
+// + expioredate + ")");
+
//load all PVP2 OAs form ConfigurationDatabase and
//compare actually loaded Providers with configured PVP2 OAs
Map<String, String> allOAs = AuthConfigurationProviderFactory.getInstance().getConfigurationWithWildCard(
@@ -238,30 +271,31 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
HTTPMetadataProvider httpProvider = null;
try {
if (MiscUtil.isNotEmpty(metadataurl)) {
- if (loadedproviders.containsKey(metadataurl)) {
+ if (loadedproviders.containsKey(metadataurl)) {
// PVP2 OA is actually loaded, to nothing
providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
loadedproviders.remove(metadataurl);
- } else if ( MiscUtil.isNotEmpty(metadataurl) &&
- !providersinuse.containsKey(metadataurl) ) {
- //PVP2 OA is new, add it to MOAMetadataProvider
- String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
- if (MiscUtil.isNotEmpty(certBase64)) {
- byte[] cert = Base64Utils.decode(certBase64, false);
- String oaFriendlyName = oaParam.getFriendlyName();
-
-
- Logger.info("Loading metadata for: " + oaFriendlyName);
- httpProvider = createNewHTTPMetaDataProvider(
- metadataurl,
- buildMetadataFilterChain(oaParam, metadataurl, cert),
- oaFriendlyName);
-
- if (httpProvider != null)
- providersinuse.put(metadataurl, httpProvider);
- }
+ //INFO: load metadata dynamically if they are requested
+// } else if ( MiscUtil.isNotEmpty(metadataurl) &&
+// !providersinuse.containsKey(metadataurl) ) {
+// //PVP2 OA is new, add it to MOAMetadataProvider
+// String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
+// if (MiscUtil.isNotEmpty(certBase64)) {
+// byte[] cert = Base64Utils.decode(certBase64, false);
+// String oaFriendlyName = oaParam.getFriendlyName();
+//
+//
+// Logger.info("Loading metadata for: " + oaFriendlyName);
+// httpProvider = createNewHTTPMetaDataProvider(
+// metadataurl,
+// buildMetadataFilterChain(oaParam, metadataurl, cert),
+// oaFriendlyName);
+//
+// if (httpProvider != null)
+// providersinuse.put(metadataurl, httpProvider);
+// }
}
}
@@ -339,15 +373,21 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
}
}
- instance = null;
+ internalProvider = new ChainingMetadataProvider();
} else {
Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
}
}
- private MOAMetadataProvider() {
+ @Deprecated
+ /**
+ * Load all PVP metadata from OA configuration
+ *
+ * This method is deprecated because OA metadata should be loaded dynamically
+ * if the corresponding OA is requested.
+ */
+ private void loadAllPVPMetadataFromKonfiguration() {
ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
-
Logger.info("Loading metadata");
Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
try {
@@ -417,14 +457,15 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
+ e.getMessage(), e);
}
+ internalProvider = chainProvider;
+
} catch (ConfigurationException e) {
Logger.error("Access MOA-ID configuration FAILED.", e);
}
-
- internalProvider = chainProvider;
+
}
-
+
private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException {
PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
filterChain.getFilters().add(new SchemaValidationFilter());
@@ -505,17 +546,30 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
}
+// if (entityDesc != null)
+// lastAccess.put(entityID, new Date());
+
return entityDesc;
}
public List<RoleDescriptor> getRole(String entityID, QName roleName)
- throws MetadataProviderException {
- return internalProvider.getRole(entityID, roleName);
+ throws MetadataProviderException {
+ List<RoleDescriptor> result = internalProvider.getRole(entityID, roleName);
+
+// if (result != null)
+// lastAccess.put(entityID, new Date());
+
+ return result;
}
public RoleDescriptor getRole(String entityID, QName roleName,
String supportedProtocol) throws MetadataProviderException {
- return internalProvider.getRole(entityID, roleName, supportedProtocol);
+ RoleDescriptor result = internalProvider.getRole(entityID, roleName, supportedProtocol);
+
+// if (result != null)
+// lastAccess.put(entityID, new Date());
+
+ return result;
}
/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
index 442455d4b..8261a86c1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
@@ -81,7 +81,7 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
}
}
- timer = new Timer();
+ timer = new Timer(true);
httpProvider = new HTTPMetadataProvider(timer, httpClient,
metadataURL);
httpProvider.setParserPool(new BasicParserPool());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
index bf4cfd480..77cc7228b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
import java.security.KeyStore;
import java.security.PrivateKey;
+import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import org.opensaml.xml.security.credential.Credential;
@@ -198,7 +199,7 @@ public abstract class AbstractCredentialProvider {
if (privatekey instanceof RSAPrivateKey) {
signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
- } else if (privatekey instanceof iaik.security.ecc.ecdsa.ECPrivateKey) {
+ } else if (privatekey instanceof ECPrivateKey) {
signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1);
} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index f384dd511..f6104bdeb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -41,6 +41,7 @@ import org.opensaml.xml.security.criteria.EntityIDCriteria;
import org.opensaml.xml.security.criteria.UsageCriteria;
import org.opensaml.xml.signature.SignatureTrustEngine;
import org.opensaml.xml.validation.ValidationException;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
@@ -56,6 +57,8 @@ import at.gv.egovernment.moa.util.MiscUtil;
@Service("SAMLVerificationEngine")
public class SAMLVerificationEngine {
+
+ @Autowired(required=true) MOAMetadataProvider metadataProvider;
public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
try {
@@ -72,7 +75,8 @@ public class SAMLVerificationEngine {
}
Logger.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + msg.getEntityID());
- if (!MOAMetadataProvider.getInstance().refreshMetadataProvider(msg.getEntityID()))
+
+ if (metadataProvider == null || !metadataProvider.refreshMetadataProvider(msg.getEntityID()))
throw e;
else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
index 2c0a82708..f37ae0b0b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
@@ -20,48 +20,15 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
package at.gv.egovernment.moa.id.util;
-import iaik.security.ecc.ecdsa.ECDSAParameter;
-import iaik.security.ecc.ecdsa.ECPublicKey;
-import iaik.security.ecc.math.ecgroup.AffineCoordinate;
-import iaik.security.ecc.math.ecgroup.Coordinate;
-import iaik.security.ecc.math.ecgroup.CoordinateTypes;
-import iaik.security.ecc.math.ecgroup.ECGroupFactory;
-import iaik.security.ecc.math.ecgroup.ECPoint;
-import iaik.security.ecc.math.ecgroup.EllipticCurve;
-import iaik.security.ecc.math.field.Field;
-import iaik.security.ecc.math.field.FieldElement;
-import iaik.security.ecc.math.field.PrimeField;
-import iaik.security.ecc.parameter.ECCParameterFactory;
-import iaik.security.ecc.spec.ECCParameterSpec;
-
import java.math.BigInteger;
import java.security.PublicKey;
+import java.security.spec.ECField;
+import java.security.spec.ECFieldF2m;
+import java.security.spec.ECFieldFp;
+import java.security.spec.ECPoint;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Vector;
@@ -72,6 +39,15 @@ import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
+import at.gv.egovernment.moa.logging.Logger;
+import iaik.security.ec.common.ECParameterSpec;
+import iaik.security.ec.common.ECPublicKey;
+import iaik.security.ec.common.ECStandardizedParameterFactory;
+import iaik.security.ec.common.EllipticCurve;
+import iaik.security.ec.math.field.Field;
+import iaik.security.ec.math.field.FieldElement;
+import iaik.security.ec.math.field.PrimeField;
+
public class ECDSAKeyValueConverter
{
@@ -94,15 +70,13 @@ public class ECDSAKeyValueConverter
if (domainParams == null) throw new Exception("Domain parameters must not be implicit.");
Element namedCurve = getChildElement(domainParams, ecdsaNS, "NamedCurve", 1);
- ECCParameterSpec eccParameterSpec;
+ ECParameterSpec eccParameterSpec;
if (namedCurve != null)
{
// URL curveNameURN = new URL(namedCurve.getAttributeNS(null, "URN"));
String curveNameOID = namedCurve.getAttributeNS(null, "URN").substring(8);
- ECCParameterFactory eccParamFactory = ECCParameterFactory.getInstance();
- // eccParameterSpec = eccParamFactory.getParameterByOID(curveNameURN.getPath().substring(4));
- eccParameterSpec = eccParamFactory.getParameterByOID(curveNameOID);
+ eccParameterSpec = ECStandardizedParameterFactory.getParametersByOID(curveNameOID);
}
else
{
@@ -167,14 +141,21 @@ public class ECDSAKeyValueConverter
String cofactorStr = getChildElementText(basePointParams, ecdsaNS, "Cofactor", 1);
BigInteger cofactor = (cofactorStr != null) ? new BigInteger(cofactorStr, 10) : null;
+ BigInteger a = new BigInteger(aStr, 10);
+ BigInteger b = new BigInteger(bStr, 10);
+ BigInteger basePointX = new BigInteger(basePointXStr, 10);
+ BigInteger basePointY = new BigInteger(basePointYStr, 10);
+
if (fieldParamsType == FIELD_TYPE_PRIME)
- {
- BigInteger a = new BigInteger(aStr, 10);
- BigInteger b = new BigInteger(bStr, 10);
- BigInteger basePointX = new BigInteger(basePointXStr, 10);
- BigInteger basePointY = new BigInteger(basePointYStr, 10);
- eccParameterSpec = new ECCParameterSpec(p, cofactor, order, seed, null, a, b, basePointX,
- basePointY, null);
+ {
+ ECField javaECField = new ECFieldFp(p);
+ java.security.spec.EllipticCurve curve =
+ new java.security.spec.EllipticCurve(javaECField, a, b, seed.toByteArray());
+ java.security.spec.ECPoint javaECbasePoint =
+ new java.security.spec.ECPoint(basePointX, basePointY);
+ java.security.spec.ECParameterSpec javaECSpec =
+ new java.security.spec.ECParameterSpec(curve, javaECbasePoint, order, cofactor.intValue());
+ eccParameterSpec = ECParameterSpec.getParameterSpec(javaECSpec);
}
else
{
@@ -193,9 +174,19 @@ public class ECDSAKeyValueConverter
irreducible[k1/32] += 1 << k1 % 32;
irreducible[0] += 1;
}
- eccParameterSpec = new ECCParameterSpec(irreducible, cofactor, order, octetString2IntArray(aStr),
- octetString2IntArray(bStr), octetString2IntArray(basePointXStr),
- octetString2IntArray(basePointYStr), null);
+
+ ECField javaECField = new ECFieldF2m(m, irreducible);
+ java.security.spec.EllipticCurve curve =
+ new java.security.spec.EllipticCurve(javaECField, a, b, seed.toByteArray());
+ java.security.spec.ECPoint javaECbasePoint =
+ new java.security.spec.ECPoint(basePointX, basePointY);
+ java.security.spec.ECParameterSpec javaECSpec =
+ new java.security.spec.ECParameterSpec(curve, javaECbasePoint, order, cofactor.intValue());
+ eccParameterSpec = ECParameterSpec.getParameterSpec(javaECSpec);
+
+// eccParameterSpec = new ECCParameterSpec(irreducible, cofactor, order, octetString2IntArray(aStr),
+// octetString2IntArray(bStr), octetString2IntArray(basePointXStr),
+// octetString2IntArray(basePointYStr), null);
}
}
@@ -206,10 +197,14 @@ public class ECDSAKeyValueConverter
Element publicKeyYElem = getChildElement(publicKeyElem, ecdsaNS, "Y", 1);
String publicKeyYStr = publicKeyYElem.getAttributeNS(null, "Value");
- ECDSAParameter ecdsaParams = new ECDSAParameter(eccParameterSpec, CoordinateTypes.PROJECTIVE_COORDINATES);
- ECGroupFactory ecGroupFactory = ECGroupFactory.getInstance();
- EllipticCurve eCurve = ecGroupFactory.getCurve(eccParameterSpec.getA(),
- eccParameterSpec.getB(), eccParameterSpec.getR(), CoordinateTypes.PROJECTIVE_COORDINATES);
+ //ECParameterSpec ecdsaParams = new ECParameterSpec(eccParameterSpec, CoordinateTypes.PROJECTIVE_COORDINATES);
+ //ECGroupFactory ecGroupFactory = ECGroupFactory.getInstance();
+
+ EllipticCurve eCurve = eccParameterSpec.getCurve();
+
+// EllipticCurve eCurve = ecGroupFactory.getCurve(eccParameterSpec.getA(),
+// eccParameterSpec.getB(), eccParameterSpec.getR(), CoordinateTypes.PROJECTIVE_COORDINATES);
+
Field field = eCurve.getField();
// Detect type of public key field elements
@@ -239,10 +234,19 @@ public class ECDSAKeyValueConverter
}
// ProjectiveCoordinate publicKeyPointCoordinate = new ProjectiveCoordinate(publicKeyPointX,
// publicKeyPointY, field.getONEelement());
- Coordinate publicKeyPointCoordinate = new AffineCoordinate(publicKeyPointX,
- publicKeyPointY).toProjective();
- ECPoint publicKeyPoint = eCurve.newPoint(publicKeyPointCoordinate);
- ECPublicKey publicKey = new ECPublicKey(ecdsaParams, publicKeyPoint);
+// Coordinate publicKeyPointCoordinate = new AffineCoordinate(publicKeyPointX,
+// publicKeyPointY).toProjective();
+
+ ECPoint publicKeyPointECPoint = new ECPoint(publicKeyPointX.toBigInteger(),
+ publicKeyPointY.toBigInteger());
+
+ if (!eCurve.containsPoint(publicKeyPointECPoint)) {
+ Logger.error("IDL ECC parameter extraction FAILED! Public-Key ECPoint is not on the curve!");
+ throw new Exception("IDL ECC parameter extraction FAILED! Public-Key ECPoint is not on the curve!");
+
+ }
+
+ ECPublicKey publicKey = new ECPublicKey(eccParameterSpec, publicKeyPointECPoint);
return publicKey;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
index d2499af9d..4cb6af127 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
@@ -173,6 +173,17 @@ public class HTTPUtils {
}
+ /**
+ * Extract the IDP requested URL from authrequest
+ *
+ * @param req HttpServletRequest
+ * @return RequestURL <String> which ends always without /
+ */
+ public static String extractAuthServletPathFromRequest(HttpServletRequest req) {
+ return extractAuthURLFromRequest(req).concat(req.getServletPath());
+
+ }
+
public static String addURLParameter(String url, String paramname,
String paramvalue) {
String param = paramname + "=" + paramvalue;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 47ea91753..885d03fd8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -539,9 +539,7 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{
return false;
}
- if (StringUtils.isEmpty(oaURL)
- //|| StringUtils.isEmpty(templateURL)
- || StringUtils.isEmpty(bkuURL) )
+ if (StringUtils.isEmpty(bkuURL))
return false;
else
return true;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
index 47f784c33..ba45a3679 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
@@ -99,8 +99,12 @@ public class Random {
char preFix = allowedPreFix[Math.abs(random.nextInt() % allowedPreFix.length)];
//generate ID
- return preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue))); // 20 bytes = 160 bits
-
+ String returnValue = preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue))); // 20 bytes = 160 bits
+ if (returnValue.length() > 40)
+ return returnValue.substring(0, 40);
+ else
+ return returnValue;
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index f0cec1d61..891d01e09 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -46,9 +46,6 @@
package at.gv.egovernment.moa.id.util;
-import iaik.pki.PKIException;
-import iaik.security.provider.IAIK;
-
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.IOException;
@@ -71,6 +68,8 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import iaik.pki.PKIException;
+import iaik.security.provider.IAIK;
/**
@@ -126,8 +125,7 @@ public class SSLUtils {
//INFO: MOA-ID 2.x always use defaultChainingMode
try {
- SSLSocketFactory ssf =
- at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
+ SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
connParam.getUrl(),
conf.getCertstoreDirectory(),
trustStoreURL,
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
index ad2a8a063..ba8c47304 100644
--- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -5,10 +5,16 @@
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:task="http://www.springframework.org/schema/task"
xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
- http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
+ http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.0.xsd">
+
+ <task:annotation-driven executor="MOA-ID-Auth_TaskExecutor" scheduler="MOA-ID-Auth_Scheduler"/>
+ <task:executor id="MOA-ID-Auth_TaskExecutor" pool-size="5"/>
+ <task:scheduler id="MOA-ID-Auth_Scheduler" pool-size="10"/>
<bean id="processEngine" class="at.gv.egovernment.moa.id.process.ProcessEngineImpl">
<property name="transitionConditionExpressionEvaluator">
@@ -51,7 +57,16 @@
class="at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger"/>
<bean id="AuthenticationSessionCleaner"
- class="at.gv.egovernment.moa.id.auth.AuthenticationSessionCleaner"/>
+ class="at.gv.egovernment.moa.id.auth.AuthenticationSessionCleaner"/>
+
+ <bean id="MOAGarbageCollector"
+ class="at.gv.egovernment.moa.id.auth.MOAGarbageCollector"/>
+
+<!-- <bean id="taskExecutor" class="org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor">
+ <property name="corePoolSize" value="5" />
+ <property name="maxPoolSize" value="10" />
+ <property name="queueCapacity" value="25" />
+ </bean> -->
<!-- Authentication Process Tasks -->
<bean id="GenerateBKUSelectionFrameTask"
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
index 66dffe311..0b5128c8b 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
@@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.module.test;
import java.util.Collection;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
@@ -254,7 +256,7 @@ public class TestRequestImpl implements IRequest {
* @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedAttributes()
*/
@Override
- public Collection<String> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
// TODO Auto-generated method stub
return null;
}
diff --git a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java
index 2c80b7ffd..05cd74ed2 100644
--- a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java
+++ b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java
@@ -1,23 +1,23 @@
package test.tlenz;
-import java.io.File;
import java.io.FileInputStream;
-import java.io.InputStream;
-import java.io.ObjectInputStream;
-import java.net.URI;
-import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.List;
-import org.w3c.dom.Element;
+import org.apache.commons.io.IOUtils;
+import org.w3c.dom.NodeList;
-import iaik.asn1.structures.Name;
-import iaik.utils.RFC2253NameParser;
-import iaik.utils.RFC2253NameParserException;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.data.AuthenticationRole;
-import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
-import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
-import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.ContentBinary;
+import at.gv.egovernment.moa.spss.api.common.ContentXML;
+import at.gv.egovernment.moa.spss.api.common.InputData;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
/*******************************************************************************
* Copyright 2014 Federal Chancellery Austria
@@ -62,71 +62,130 @@ import at.gv.egovernment.moa.util.DOMUtils;
public class simpletest {
//
public static void main(String[] args) {
-
- URI fileURI = null;
- try {
- fileURI = new URI("file:c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
- File propertiesFile = new File(fileURI);
+ try {
+ FileInputStream sigDocFIS = null;
+ sigDocFIS = new FileInputStream("D:/idl_test/identity_link.xml");
- InputStream in = new FileInputStream(propertiesFile);
- ObjectInputStream testOIS = new ObjectInputStream(in);
+ SPSSFactory spssFac = SPSSFactory.getInstance();
+ SignatureVerificationService sigVerifyService = SignatureVerificationService.getInstance();
+ Content sigDocContent = spssFac.createContent(sigDocFIS, null);
+
+
+ // Position der zu pruefenden Signatur
+ HashMap nSMap = new HashMap();
+ nSMap.put("dsig", "http://www.w3.org/2000/09/xmldsig#");
+ VerifySignatureLocation sigLocation = spssFac.createVerifySignatureLocation("//dsig:Signature", nSMap);
+
+ // Pruefrequest zusammenstellen
+ VerifySignatureInfo sigInfo = spssFac.createVerifySignatureInfo(sigDocContent, sigLocation);
+ VerifyXMLSignatureRequest verifyRequest = spssFac.createVerifyXMLSignatureRequest(
+ null, // Verwende aktuelle Zeit als Pruefzeit
+ sigInfo,
+ null, // Keine Ergaenzungsobjekte
+ null, // Signaturmanifest-Pruefung soll nicht durchgefuehrt werden
+ true, // Hash-Inputdaten, d.h. tatsaechlich signierte Daten werden nicht zurueckgeliefert
+ "MOAIDBuergerkarteAuthentisierungsDaten");
+
+
+ VerifyXMLSignatureResponse verifyResponse = null;
+ verifyResponse = sigVerifyService.verifyXMLSignature(verifyRequest);
+
+ SignerInfo signerInfo = verifyResponse.getSignerInfo();
+ String signerCertificateEncoded = null;
+
+ List hashInputDatas = verifyResponse.getHashInputDatas();
+ if (hashInputDatas != null && !hashInputDatas.isEmpty()) {
+ for (Object el : hashInputDatas) {
+ InputData inputData = (InputData) el;
+ switch (inputData.getContentType()) {
+ case Content.XML_CONTENT :
+ ContentXML contentXml = (ContentXML) inputData;
+ NodeList input_XML = contentXml.getXMLContent();
+
+ break;
+ case Content.BINARY_CONTENT :
+ ContentBinary contentBinary = (ContentBinary) inputData;
+ String input_Binary = IOUtils.toString(contentBinary.getBinaryContent());
+
+ }
+ }
+ }
+
+
- Object test = testOIS.readObject();
+ } catch (Exception e) {
- } catch (Exception e1) {
- e1.printStackTrace();
- }
-
- try {
- fileURI = new URI("file:/c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
- File propertiesFile = new File(fileURI);
- } catch (Exception e1) {
- e1.printStackTrace();
- }
-
- try {
- fileURI = new URI("file://c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
- File propertiesFile = new File(fileURI);
- } catch (Exception e1) {
- e1.printStackTrace();
- }
-
- try {
- fileURI = new URI("file:///c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
- File propertiesFile = new File(fileURI);
- } catch (Exception e1) {
- e1.printStackTrace();
}
- try {
- InputStream s = new FileInputStream("D:/idl_test/identity_link.xml");
- Element idlTemplate = DOMUtils.parseXmlValidating(s);
-
- //resign IDL
- IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
- Element resignedilAssertion = identitylinkresigner.resignIdentityLink(idlTemplate, "IDLSigning");
- IdentityLink identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink();
-
- } catch (Exception e) {
- System.out.println(e.getMessage());
-
- }
- String subjectName = "serialNumber=896929130327, givenName=OCSP, SN=Responder 03-1, CN=OCSP Responder 03-1, C=AT";
- try {
- Name test = new RFC2253NameParser(subjectName).parse();
-
- System.out.println(test.getRFC2253String());
-
- } catch (RFC2253NameParserException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
+// URI fileURI = null;
+// try {
+// fileURI = new URI("file:c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
+// File propertiesFile = new File(fileURI);
+//
+// InputStream in = new FileInputStream(propertiesFile);
+// ObjectInputStream testOIS = new ObjectInputStream(in);
+//
+// Object test = testOIS.readObject();
+//
+//
+// } catch (Exception e1) {
+// e1.printStackTrace();
+// }
+//
+// try {
+// fileURI = new URI("file:/c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
+// File propertiesFile = new File(fileURI);
+// } catch (Exception e1) {
+// e1.printStackTrace();
+// }
+//
+// try {
+// fileURI = new URI("file://c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
+// File propertiesFile = new File(fileURI);
+// } catch (Exception e1) {
+// e1.printStackTrace();
+// }
+//
+// try {
+// fileURI = new URI("file:///c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
+// File propertiesFile = new File(fileURI);
+// } catch (Exception e1) {
+// e1.printStackTrace();
+// }
+//
+//
+//
+// try {
+// InputStream s = new FileInputStream("D:/idl_test/identity_link.xml");
+// Element idlTemplate = DOMUtils.parseXmlValidating(s);
+//
+// //resign IDL
+// IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+// Element resignedilAssertion = identitylinkresigner.resignIdentityLink(idlTemplate, "IDLSigning");
+// IdentityLink identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink();
+//
+// } catch (Exception e) {
+// System.out.println(e.getMessage());
+//
+// }
+//
+// String subjectName = "serialNumber=896929130327, givenName=OCSP, SN=Responder 03-1, CN=OCSP Responder 03-1, C=AT";
+//
+// try {
+// Name test = new RFC2253NameParser(subjectName).parse();
+//
+// System.out.println(test.getRFC2253String());
+//
+// } catch (RFC2253NameParserException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// }
// AuthenticationRole test = AuthenticationRoleFactory.buildFormPVPole("ecas-demo-EUROPEAN_COMMISSION(key=A\\,B)");