aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java100
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java504
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java20
6 files changed, 601 insertions, 45 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index cef9f9ff9..e23b26417 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -143,6 +143,7 @@ public class MOAIDAuthInitializer {
// Loads the configuration
AuthConfigurationProvider authConf = AuthConfigurationProvider.reload();
+
ConnectionParameter moaSPConnParam = authConf
.getMoaSpConnectionParameter();
@@ -175,6 +176,8 @@ public class MOAIDAuthInitializer {
AxisSecureSocketFactory.initialize(ssf);
}
+
+ //TODO: Set TimeOuts!!!
// sets the authentication session and authentication data time outs
String param = authConf
.getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index d85d61bc7..6f1af9842 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -38,7 +38,10 @@ import org.hibernate.cfg.Configuration;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationUtil;
+import at.gv.egovernment.moa.id.commons.db.MOASessionUtil;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
@@ -276,37 +279,69 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
} catch (IOException e) {
}
}
- try {
- // determine the directory of the root config file
- rootConfigFileDir = new File(fileName).getParent();
- try {
- rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
- } catch (MalformedURLException t) {
- throw new ConfigurationException("config.03", null, t);
- }
-
+ try {
+
//Initial Hibernate Framework
- //TODO: Full update to new MOA-ID configuration!!!
Logger.trace("Initializing Hibernate framework.");
-
+
+ //Load MOAID-2.0 properties file
String propertiesFileLocation = System.getProperty("moa.id.config");
MiscUtil.assertNotNull(propertiesFileLocation, "propertiesFileName");
File propertiesFile = new File(propertiesFileLocation);
FileInputStream fis;
Properties props = new Properties();
+
+ //TODO: determine from new config file path
+ // determine the directory of the root config file
+ rootConfigFileDir = new File(fileName).getParent();
+
+ try {
+ rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
+
+ } catch (MalformedURLException t) {
+ throw new ConfigurationException("config.03", null, t);
+ }
+
try {
fis = new FileInputStream(propertiesFile);
props.load(fis);
+
+ // read MOAID Session Hibernate properties
+ Properties moaSessionProp = new Properties();
+ for (Object key : props.keySet()) {
+ String propPrefix = "moasession.";
+ if (key.toString().startsWith(propPrefix)) {
+ String propertyName = key.toString().substring(propPrefix.length());
+ moaSessionProp.put(propertyName, props.get(key.toString()));
+ }
+ }
+
+ // read Config Hibernate properties
+ Properties configProp = new Properties();
+ for (Object key : props.keySet()) {
+ String propPrefix = "configuration.";
+ if (key.toString().startsWith(propPrefix)) {
+ String propertyName = key.toString().substring(propPrefix.length());
+ configProp.put(propertyName, props.get(key.toString()));
+ }
+ }
+
// initialize hibernate
synchronized (AuthConfigurationProvider.class) {
- Configuration hibernateConfig = new Configuration();
- hibernateConfig.addAnnotatedClass(AssertionStore.class);
- hibernateConfig.addAnnotatedClass(AuthenticatedSessionStore.class);
- hibernateConfig.addAnnotatedClass(OASessionStore.class);
- hibernateConfig.addAnnotatedClass(OldSSOSessionIDStore.class);
- hibernateConfig.addProperties(props);
- HibernateUtil.initHibernate(hibernateConfig, props);
+
+ //Initial config Database
+ ConfigurationUtil.initHibernate(configProp);
+
+ //initial MOAID Session Database
+ Configuration config = new Configuration();
+ config.addAnnotatedClass(AssertionStore.class);
+ config.addAnnotatedClass(AuthenticatedSessionStore.class);
+ config.addAnnotatedClass(OASessionStore.class);
+ config.addAnnotatedClass(OldSSOSessionIDStore.class);
+ config.addProperties(moaSessionProp);
+ MOASessionUtil.initHibernate(config, moaSessionProp);
+
}
Logger.trace("Hibernate initialization finished.");
@@ -327,8 +362,19 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
Logger.debug("OpenSAML successfully initialized");
+ //TODO: load from Legacy if legacy.xml.configuration != null
+// MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(fileName, rootConfigFileDir);
+// ConfigurationUtil.save(moaconfig);
+
+ //TODO: Save MOAID 2.0 config to XML
+// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
+// Marshaller m = jc.createMarshaller();
+// m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
+// File test = new File("D:/moa2.0_config.xml");
+// m.marshal(moaconfig, test);
+
- // build the internal datastructures
+// // build the internal datastructures
builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
bKUSelectable = (bKUConnectionParameter!=null);
@@ -399,14 +445,17 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
// }
// return transformsInfos;
// }
+
+
/**
* Return a string array with all filenames leading
* to the Transforms Information for the Security Layer
* @return String[] of filenames to the Security Layer Transforms Information
*/
- public String[] getTransformsInfoFileNames() {
- return transformsInfoFileNames;
- }
+ //TODO: only for testing
+// public String[] getTransformsInfoFileNames() {
+// return transformsInfoFileNames;
+// }
/**
* Build an array of the OnlineApplication Parameters containing information
@@ -428,7 +477,10 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
* if none is applicable
*/
public OAAuthParameter getOnlineApplicationParameter(String oaURL) {
- OAAuthParameter[] oaParams = getOnlineApplicationParameters();
+
+// return ConfigurationDBUtils.getOnlineApplication(oaURL);
+
+ OAAuthParameter[] oaParams = getOnlineApplicationParameters();
for (int i = 0; i < oaParams.length; i++) {
OAAuthParameter oaParam = oaParams[i];
if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
new file mode 100644
index 000000000..62f85fa3c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
@@ -0,0 +1,504 @@
+package at.gv.egovernment.moa.id.config.legacy;
+
+import iaik.util.logging.Log;
+
+import java.io.BufferedInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.XMLObject;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
+import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ClientKeyStore;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
+import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities;
+import at.gv.egovernment.moa.id.commons.db.dao.config.GeneralConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners;
+import at.gv.egovernment.moa.id.commons.db.dao.config.KeyName;
+import at.gv.egovernment.moa.id.commons.db.dao.config.KeyStore;
+import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Organization;
+import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
+import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributeType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;
+import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureCreationParameterType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor;
+import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock;
+import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
+import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
+import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.data.IssuerAndSerial;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class BuildFromLegacyConfig {
+
+ private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID";
+
+ public static MOAIDConfiguration build(String fileName, String rootConfigFileDir) throws ConfigurationException {
+ InputStream stream = null;
+ Element configElem;
+ ConfigurationBuilder builder;
+
+ Log.info("Load Legacy-Configuration from file=" + fileName);
+
+ try {
+ // load the main config file
+ stream = new BufferedInputStream(new FileInputStream(fileName));
+ configElem = DOMUtils.parseXmlValidating(stream);
+
+ } catch (Throwable t) {
+ throw new ConfigurationException("config.03", null, t);
+ }
+
+ finally {
+ try {
+ if (stream != null) {
+ stream.close();
+ }
+ } catch (IOException e) {
+
+ }
+ }
+
+ try {
+ // build the internal datastructures
+ builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
+
+
+ MOAIDConfiguration moaIDConfig = new MOAIDConfiguration();
+
+ AuthComponentGeneral generalAuth = new AuthComponentGeneral();
+ moaIDConfig.setAuthComponentGeneral(generalAuth);
+
+
+ //not supported by MOA-ID 2.0
+ //ConnectionParameter bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
+ //bKUSelectable = (bKUConnectionParameter!=null);
+ //bKUSelectionType = builder.buildAuthBKUSelectionType();
+
+
+ //Load generic Config
+ Map genericConfiguration = builder.buildGenericConfiguration();
+ GeneralConfiguration authGeneral = new GeneralConfiguration();
+ if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID))
+ authGeneral.setAlternativeSourceID(
+ (String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID));
+
+ if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))
+ authGeneral.setTrustManagerRevocationChecking(
+ Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)));
+
+ if (genericConfiguration.containsKey(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY))
+ authGeneral.setCertStoreDirectory(
+ (String)genericConfiguration.get(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY));
+
+
+ //Load Assertion and Session timeouts
+ TimeOuts timeOuts = new TimeOuts();
+ if (genericConfiguration.containsKey(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY))
+ timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY))));
+ else
+ timeOuts.setAssertion(BigInteger.valueOf(2*60)); //default 2min
+
+ if (genericConfiguration.containsKey(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY))
+ timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY))));
+ else
+ timeOuts.setAssertion(BigInteger.valueOf(30*60)); //default 30min
+
+ timeOuts.setMOASessionUpdated(BigInteger.valueOf(15*60)); //default 15min
+ authGeneral.setTimeOuts(timeOuts);
+ generalAuth.setGeneralConfiguration(authGeneral);
+
+
+ //TODO: set Protocols!!!!
+ Protocols auth_protocols = new Protocols();
+ generalAuth.setProtocols(auth_protocols);
+
+ LegacyAllowed prot_legacy = new LegacyAllowed();
+ auth_protocols.setLegacyAllowed(prot_legacy);
+ final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); //TODO: set default values
+ prot_legacy.setProtocolName(PROTOCOLS_LEGACY_ALLOWED);
+
+ //TODO: remove beta test values
+ PVP2 prot_pvp2 = new PVP2();
+ auth_protocols.setPVP2(prot_pvp2);
+ prot_pvp2.setPublicURLPrefix("https://labda.iaik.tugraz.at:8443/moa-id-auth/");
+
+ Organization pvp2_org = new Organization();
+ prot_pvp2.setOrganization(pvp2_org);
+ pvp2_org.setDisplayName("OrganisationDisplayName");
+ pvp2_org.setName("OrganisatioName");
+ pvp2_org.setURL("http://www.egiz.gv.at");
+
+ Contact pvp2_contact = new Contact();
+ prot_pvp2.setContact(pvp2_contact);
+ pvp2_contact.setCompany("OrganisationDisplayName");
+ pvp2_contact.setGivenName("Max");
+ pvp2_contact.setMail("max@muster.mann");
+ pvp2_contact.setPhone("01 5555 5555");
+ pvp2_contact.setSurName("Mustermann");
+ pvp2_contact.setType("technical");
+
+
+ //SSO
+ SSO auth_sso = new SSO();
+ generalAuth.setSSO(auth_sso);
+ auth_sso.setTarget("BF");
+ auth_sso.setFriendlyName("EGIZ MOAID 2.0 Beta");
+
+
+ //set SecurityLayer Transformations
+ String[] transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH);
+ String[] transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames);
+
+ List<TransformsInfoType> auth_transformInfos = new ArrayList<TransformsInfoType>();
+ for (String transformInfo : transformsInfos) {
+ TransformsInfoType transforminfotype = new TransformsInfoType();
+ transforminfotype.setFilename("");
+ //TODO: Transformation is stored in BASE64
+ transforminfotype.setTransformation(Base64Utils.encode(transformInfo.getBytes()).getBytes());
+ auth_transformInfos.add(transforminfotype);
+ }
+ SecurityLayer auth_securityLayer = new SecurityLayer();
+ auth_securityLayer.setTransformsInfo(auth_transformInfos);
+ generalAuth.setSecurityLayer(auth_securityLayer);
+
+
+ //set MOASP configuration
+ MOASP auth_moaSP = new MOASP();
+ generalAuth.setMOASP(auth_moaSP);
+
+ //set MOASP connection
+ ConnectionParameter moaSpConnectionParameter = builder.buildMoaSpConnectionParameter();
+ if (moaSpConnectionParameter != null) {
+ ConnectionParameterClientAuthType auth_moaSP_connection =
+ parseConnectionParameterClientAuth(moaSpConnectionParameter);
+ auth_moaSP.setConnectionParameter(auth_moaSP_connection);
+ }
+
+ //set VerifyIdentityLink
+ String moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID();
+ VerifyIdentityLink auth_moaSP_verifyIdentityLink = new VerifyIdentityLink();
+ auth_moaSP_verifyIdentityLink.setTrustProfileID(moaSpIdentityLinkTrustProfileID);
+ auth_moaSP.setVerifyIdentityLink(auth_moaSP_verifyIdentityLink);
+
+ //set VerifyAuthBlock
+ String moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID();
+ VerifyAuthBlock auth_moaSP_verifyAuthBlock = new VerifyAuthBlock();
+ auth_moaSP_verifyAuthBlock.setTrustProfileID(moaSpAuthBlockTrustProfileID);
+ String[] moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs();
+ List<String> transformlist = new ArrayList<String>();
+ Collections.addAll(transformlist, moaSpAuthBlockVerifyTransformsInfoIDs);
+ auth_moaSP_verifyAuthBlock.setVerifyTransformsInfoProfileID(transformlist);
+ auth_moaSP.setVerifyAuthBlock(auth_moaSP_verifyAuthBlock);
+
+
+ //TODO: check correctness!!!
+ //set IdentityLinkSigners
+ IdentityLinkSigners auth_idsigners = new IdentityLinkSigners();
+ generalAuth.setIdentityLinkSigners(auth_idsigners);
+ List<String> identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
+ auth_idsigners.setX509SubjectName(identityLinkX509SubjectNames);
+
+
+ //not supported by MOA-ID 2.0
+ VerifyInfoboxParameters defaultVerifyInfoboxParameters = null;
+// Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH);
+// if (defaultVerifyInfoboxParamtersElem != null) {
+// defaultVerifyInfoboxParameters =
+// builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID);
+// }
+
+
+ //Set ForeignIdentities
+ ForeignIdentities auth_foreign = new ForeignIdentities();
+ generalAuth.setForeignIdentities(auth_foreign);
+
+ //set Connection parameters
+ ConnectionParameter foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter();
+ ConnectionParameterClientAuthType auth_foreign_connection =
+ parseConnectionParameterClientAuth(foreignIDConnectionParameter);
+ auth_foreign.setConnectionParameter(auth_foreign_connection);
+
+ //set STORK configuration
+ STORKConfig storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap());
+ STORK auth_foreign_stork = new STORK();
+ auth_foreign.setSTORK(auth_foreign_stork);
+
+ //set CPEPS
+ Map<String, at.gv.egovernment.moa.id.config.stork.CPEPS> map = storkConfig.getCpepsMap();
+ Set<String> map_keys = map.keySet();
+ List<CPEPS> auth_foreign_stork_cpeps = new ArrayList<CPEPS>();
+ for (String key : map_keys) {
+ CPEPS cpep = new CPEPS();
+ cpep.setCountryCode(map.get(key).getCountryCode());
+ cpep.setURL(map.get(key).getPepsURL().toExternalForm()); //check correctness!!!!
+
+ List<RequestedAttributeType> cpep_reqs = new ArrayList<RequestedAttributeType>();
+ List<RequestedAttribute> map1 = map.get(key).getCountrySpecificRequestedAttributes();
+ for (RequestedAttribute e1 : map1) {
+ RequestedAttributeType cpep_req = new RequestedAttributeType();
+ cpep_req.setIsRequired(e1.isRequired());
+ cpep_req.setFriendlyName(e1.getFriendlyName());
+ cpep_req.setNameFormat(e1.getNameFormat());
+ cpep_req.setName(e1.getName());
+
+ List<XMLObject> e2s = e1.getAttributeValues();
+ List<Object> cpep_req_attr = new ArrayList<Object>();
+ for (XMLObject e2 : e2s) {
+ cpep_req_attr.add(e2);
+ }
+ cpep_req.setAttributeValue(cpep_req_attr);
+ }
+ cpep.setRequestedAttribute(cpep_reqs);
+ auth_foreign_stork_cpeps.add(cpep);
+ }
+ auth_foreign_stork.setCPEPS(auth_foreign_stork_cpeps);
+
+ //set SAMLSigningParameter
+ SAMLSigningParameter auth_foreign_stork_samlSign = new SAMLSigningParameter();
+ auth_foreign_stork.setSAMLSigningParameter(auth_foreign_stork_samlSign);
+
+ SignatureCreationParameterType stork_saml_creat = new SignatureCreationParameterType();
+ auth_foreign_stork_samlSign.setSignatureCreationParameter(stork_saml_creat);
+ KeyStore stork_saml_creat_keystore = new KeyStore();
+ stork_saml_creat.setKeyStore(stork_saml_creat_keystore);
+ stork_saml_creat_keystore.setPassword(storkConfig.getSignatureCreationParameter().getKeyStorePassword());
+ stork_saml_creat_keystore.setValue(storkConfig.getSignatureCreationParameter().getKeyStorePath());
+ KeyName stork_saml_creat_keyname = new KeyName();
+ stork_saml_creat.setKeyName(stork_saml_creat_keyname);
+ stork_saml_creat_keyname.setValue(storkConfig.getSignatureCreationParameter().getKeyName());
+ stork_saml_creat_keyname.setPassword(storkConfig.getSignatureCreationParameter().getKeyPassword());
+
+ SignatureVerificationParameterType stork_saml_verify = new SignatureVerificationParameterType();
+ auth_foreign_stork_samlSign.setSignatureVerificationParameter(stork_saml_verify);
+ stork_saml_verify.setTrustProfileID(storkConfig.getSignatureVerificationParameter().getTrustProfileID());
+
+ //TODO: check correctness
+ //set QualityAuthenticationAssurance
+ //set RequestedAttbutes
+
+
+ //set OnlineMandates config
+ ConnectionParameter onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter();
+ OnlineMandates auth_mandates = new OnlineMandates();
+ generalAuth.setOnlineMandates(auth_mandates);
+ auth_mandates.setConnectionParameter(
+ parseConnectionParameterClientAuth(onlineMandatesConnectionParameter));
+
+
+ //TODO: add auth template configuration!!!
+
+
+ //set OnlineApplications
+ OAAuthParameter[] onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);
+ ArrayList<OnlineApplication> moa_oas = new ArrayList<OnlineApplication>();
+ moaIDConfig.setOnlineApplication(moa_oas);
+ for (OAAuthParameter oa : onlineApplicationAuthParameters) {
+ OnlineApplication moa_oa = new OnlineApplication();
+
+ //set general OA configuration
+ moa_oa.setCalculateHPI(false); //TODO: Bernd fragen warum das nicht direkt über den Bereichsidentifyer definert wird
+ moa_oa.setFriendlyName(oa.getFriendlyName());
+ moa_oa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(oa.getKeyBoxIdentifier())); //TODO: check correctness
+ moa_oa.setPublicURLPrefix(oa.getPublicURLPrefix());
+ moa_oa.setTarget(oa.getTarget());
+ moa_oa.setTargetFriendlyName(oa.getTargetFriendlyName());
+ moa_oa.setType(oa.getOaType());
+
+
+ AuthComponentOA oa_auth = new AuthComponentOA();
+ moa_oa.setAuthComponentOA(oa_auth);
+
+ //SLLayer Version / useIframe
+ oa_auth.setSlVersion(oa.getSlVersion());
+ oa_auth.setUseIFrame(false);
+
+
+ //BKUURLs
+ BKUURLS bkuurls = new BKUURLS();
+ bkuurls.setOnlineBKU("https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request");
+ bkuurls.setHandyBKU("https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx");
+ bkuurls.setLocalBKU("https://127.0.0.1:3496/https-security-layer-request");
+ oa_auth.setBKUURLS(bkuurls);
+
+ //IdentificationNumber
+ IdentificationNumber idnumber = new IdentificationNumber();
+ idnumber.setValue(oa.getIdentityLinkDomainIdentifier());
+ idnumber.setType(oa.getIdentityLinkDomainIdentifierType());
+ oa_auth.setIdentificationNumber(idnumber);
+
+ //set Templates
+ TemplatesType templates = new TemplatesType();
+ oa_auth.setTemplates(templates);
+ templates.setAditionalAuthBlockText("");
+ TemplateType template = new TemplateType();
+ template.setURL(oa.getTemplateURL());
+ templates.setTemplate(template);
+
+ //set TransformsInfo
+ String[] transforminfos = oa.getTransformsInfos();
+ ArrayList<TransformsInfoType> oa_transforminfos = new ArrayList<TransformsInfoType>();
+ for (String e1 : transforminfos) {
+ TransformsInfoType transforminfo = new TransformsInfoType();
+ transforminfo.setFilename(e1);
+ oa_transforminfos.add(transforminfo);
+ }
+ oa_auth.setTransformsInfo(oa_transforminfos);
+
+ //VerifyInfoBoxes not supported by MOAID 2.0
+
+ //set Mandates
+ Mandates oa_mandates = new Mandates();
+ oa_auth.setMandates(oa_mandates);
+ oa_mandates.setProfiles(oa.getMandateProfiles());
+
+ //STORK
+ //TODO: OA specific STORK config is deactivated in MOA 1.5.2
+
+ //SSO
+ OASSO oa_sso = new OASSO();
+ oa_auth.setOASSO(oa_sso);
+ oa_sso.setUseSSO(true);
+ oa_sso.setSingleLogOutURL("");
+
+ //OA_SAML1
+ OASAML1 oa_saml1 = new OASAML1();
+ oa_auth.setOASAML1(oa_saml1);
+ oa_saml1.setConditionLength(BigInteger.valueOf(oa.getConditionLength()));
+ oa_saml1.setProvideAUTHBlock(oa.getProvideAuthBlock());
+ oa_saml1.setProvideCertificate(oa.getProvideCertifcate());
+ oa_saml1.setProvideFullMandatorData(oa.getProvideFullMandatorData());
+ oa_saml1.setProvideIdentityLink(oa.getProvideIdentityLink());
+ oa_saml1.setProvideStammzahl(oa.getProvideStammzahl());
+ oa_saml1.setUseCondition(oa.getUseCondition());
+ oa_saml1.setUseUTC(oa.getUseUTC());
+
+ //OA_PVP2
+ OAPVP2 oa_pvp2 = new OAPVP2();
+ oa_auth.setOAPVP2(oa_pvp2);
+ oa_pvp2.setMetadataURL("TODO!!!");
+ oa_pvp2.setCertificate("TODO!!!".getBytes());
+
+ moa_oas.add(moa_oa);
+ }
+
+ //removed from MOAID 2.0 config
+ //identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
+
+
+ //set chaining modes
+ ChainingModes moa_chainingModes = new ChainingModes();
+ moaIDConfig.setChainingModes(moa_chainingModes);
+
+ ChainingModeType type = ChainingModeType.fromValue(builder.getDefaultChainingMode());
+ moa_chainingModes.setSystemDefaultMode(type);
+
+ Map<IssuerAndSerial, String> chainingModes = builder.buildChainingModes();
+ List<TrustAnchor> chaining_anchor = new ArrayList<TrustAnchor>();
+ Set<IssuerAndSerial> chaining_anchor_map = chainingModes.keySet();
+ for (IssuerAndSerial e1 : chaining_anchor_map) {
+ TrustAnchor trustanchor = new TrustAnchor();
+
+ ChainingModeType type1 = ChainingModeType.fromValue(chainingModes.get(e1));
+ trustanchor.setMode(type1);
+
+ trustanchor.setX509IssuerName(e1.getIssuerDN());
+ trustanchor.setX509SerialNumber(e1.getSerial());
+ chaining_anchor.add(trustanchor);
+ }
+ moa_chainingModes.setTrustAnchor(chaining_anchor);
+
+
+ //set trustedCACertificate path
+ moaIDConfig.setTrustedCACertificates(builder.getTrustedCACertificates());
+
+
+ //TODO: move to read config functionality
+ //trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);
+
+
+ //Not required in MOAID 2.0 config (DefaultBKUs & SLRequestTemplates)
+ //trustedBKUs = builder.getTrustedBKUs();
+ //trustedTemplateURLs = builder.getTrustedTemplateURLs();
+
+
+ //set DefaultBKUs
+ DefaultBKUs moa_defaultbkus = new DefaultBKUs();
+ moaIDConfig.setDefaultBKUs(moa_defaultbkus);
+ moa_defaultbkus.setOnlineBKU("https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request");
+ moa_defaultbkus.setHandyBKU("https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx");
+ moa_defaultbkus.setLocalBKU("https://127.0.0.1:3496/https-security-layer-request");
+
+
+ //set SLRequest Templates
+ SLRequestTemplates moa_slrequesttemp = new SLRequestTemplates();
+ moaIDConfig.setSLRequestTemplates(moa_slrequesttemp);
+ moa_slrequesttemp.setOnlineBKU("http://localhost:8080/moa-id-auth/template_onlineBKU.html");
+ moa_slrequesttemp.setHandyBKU("http://localhost:8080/moa-id-auth/template_handyBKU.html");
+ moa_slrequesttemp.setLocalBKU("http://127.0.0.1:8080/moa-id-auth/template_localBKU.html");
+
+ return moaIDConfig;
+
+ } catch (Throwable t) {
+ throw new ConfigurationException("config.02", null, t);
+ }
+ }
+
+ private static ConnectionParameterClientAuthType parseConnectionParameterClientAuth(
+ ConnectionParameter old) {
+ ConnectionParameterClientAuthType auth_moaSP_connection = new ConnectionParameterClientAuthType();
+ auth_moaSP_connection.setURL(old.getUrl());
+ auth_moaSP_connection.setAcceptedServerCertificates(old.getAcceptedServerCertificates());
+ ClientKeyStore auth_moaSP_connection_keyStore = new ClientKeyStore();
+ auth_moaSP_connection_keyStore.setValue(old.getClientKeyStore());
+ auth_moaSP_connection_keyStore.setPassword(old.getClientKeyStorePassword());
+ auth_moaSP_connection.setClientKeyStore(auth_moaSP_connection_keyStore);
+ return auth_moaSP_connection;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index d55482e95..eeb0afae2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -1,9 +1,6 @@
package at.gv.egovernment.moa.id.moduls;
import java.util.List;
-import java.util.Set;
-
-import iaik.util.logging.Log;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
@@ -13,7 +10,7 @@ import org.hibernate.Query;
import org.hibernate.Session;
import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
+import at.gv.egovernment.moa.id.commons.db.MOASessionUtil;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -60,7 +57,7 @@ public class SSOManager {
public String existsOldSSOSession(String ssoId) {
Logger.trace("Check that the SSOID has already been used");
- Session session = HibernateUtil.getCurrentSession();
+ Session session = MOASessionUtil.getCurrentSession();
List<OldSSOSessionIDStore> result;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
index b5de788af..9933142e3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
@@ -11,7 +11,7 @@ import org.hibernate.HibernateException;
import org.hibernate.Query;
import org.hibernate.Session;
-import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
+import at.gv.egovernment.moa.id.commons.db.MOASessionUtil;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.logging.Logger;
@@ -52,7 +52,7 @@ public class AssertionStorage {
//store AssertionStore element to Database
try {
- HibernateUtil.saveOrUpdate(element);
+ MOASessionUtil.saveOrUpdate(element);
Log.info("Assertion with Artifact=" + artifact + " is stored in Database");
} catch (MOADatabaseException e) {
@@ -85,7 +85,7 @@ public class AssertionStorage {
Date expioredate = new Date(now - authDataTimeOut);
List<AssertionStore> results;
- Session session = HibernateUtil.getCurrentSession();
+ Session session = MOASessionUtil.getCurrentSession();
synchronized (session) {
session.beginTransaction();
@@ -98,7 +98,7 @@ public class AssertionStorage {
if (results.size() != 0) {
for(AssertionStore result : results) {
try {
- HibernateUtil.delete(result);
+ MOASessionUtil.delete(result);
Logger.info("Remove Assertion with Artifact=" + result.getArtifact()
+ " after assertion timeout.");
@@ -115,7 +115,7 @@ public class AssertionStorage {
try {
AssertionStore element = searchInDatabase(artifact);
- HibernateUtil.delete(element);
+ MOASessionUtil.delete(element);
} catch (MOADatabaseException e) {
Logger.info("Assertion not removed! (Assertion with Artifact=" + artifact
@@ -130,7 +130,7 @@ public class AssertionStorage {
private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException {
MiscUtil.assertNotNull(artifact, "artifact");
Logger.trace("Getting Assertion with Artifact " + artifact + " from database.");
- Session session = HibernateUtil.getCurrentSession();
+ Session session = MOASessionUtil.getCurrentSession();
List result;
synchronized (session) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 8ea6a6633..faff2955b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -18,7 +18,7 @@ import org.hibernate.Transaction;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
+import at.gv.egovernment.moa.id.commons.db.MOASessionUtil;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
@@ -62,7 +62,7 @@ public class AuthenticationSessionStoreage {
//store AssertionStore element to Database
try {
- HibernateUtil.saveOrUpdate(dbsession);
+ MOASessionUtil.saveOrUpdate(dbsession);
Log.info("MOASession with sessionID=" + id + " is stored in Database");
} catch (MOADatabaseException e) {
@@ -83,7 +83,7 @@ public class AuthenticationSessionStoreage {
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
dbsession.setUpdated(new Date());
- HibernateUtil.saveOrUpdate(dbsession);
+ MOASessionUtil.saveOrUpdate(dbsession);
Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
} catch (MOADatabaseException e) {
@@ -96,7 +96,7 @@ public class AuthenticationSessionStoreage {
public static void destroySession(String moaSessionID) throws MOADatabaseException {
- Session session = HibernateUtil.getCurrentSession();
+ Session session = MOASessionUtil.getCurrentSession();
List result;
@@ -168,7 +168,7 @@ public class AuthenticationSessionStoreage {
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
dbsession.setUpdated(new Date());
- HibernateUtil.saveOrUpdate(dbsession);
+ MOASessionUtil.saveOrUpdate(dbsession);
return id;
@@ -203,7 +203,7 @@ public class AuthenticationSessionStoreage {
try {
- Session session = HibernateUtil.getCurrentSession();
+ Session session = MOASessionUtil.getCurrentSession();
List result;
synchronized (session) {
@@ -288,7 +288,7 @@ public class AuthenticationSessionStoreage {
MiscUtil.assertNotNull(SSOId, "moasessionID");
Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
- Session session = HibernateUtil.getCurrentSession();
+ Session session = MOASessionUtil.getCurrentSession();
List<AuthenticatedSessionStore> result;
@@ -331,7 +331,7 @@ public class AuthenticationSessionStoreage {
Date expioredate = new Date(now - authDataTimeOut);
List<AuthenticatedSessionStore> results;
- Session session = HibernateUtil.getCurrentSession();
+ Session session = MOASessionUtil.getCurrentSession();
synchronized (session) {
session.beginTransaction();
@@ -344,7 +344,7 @@ public class AuthenticationSessionStoreage {
if (results.size() != 0) {
for(AuthenticatedSessionStore result : results) {
try {
- HibernateUtil.delete(result);
+ MOASessionUtil.delete(result);
Logger.info("Authenticated session with sessionID=" + result.getSessionid()
+ " after session timeout.");
@@ -361,7 +361,7 @@ public class AuthenticationSessionStoreage {
private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException {
MiscUtil.assertNotNull(sessionID, "moasessionID");
Logger.trace("Get authenticated session with sessionID " + sessionID + " from database.");
- Session session = HibernateUtil.getCurrentSession();
+ Session session = MOASessionUtil.getCurrentSession();
List result;