diff options
Diffstat (limited to 'id/server/idserverlib')
161 files changed, 6213 insertions, 13938 deletions
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 19e81c36d..ba11f949b 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -46,6 +46,18 @@ </dependency>
<dependency>
+ <groupId>at.gv.egiz.components</groupId>
+ <artifactId>eventlog-api</artifactId>
+ <version>0.4</version>
+ </dependency>
+
+ <dependency>
+ <groupId>at.gv.egiz.components</groupId>
+ <artifactId>eventlog-slf4j</artifactId>
+ <version>0.4</version>
+ </dependency>
+
+ <dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-commons</artifactId>
</dependency>
@@ -258,6 +270,22 @@ <version>1.7.6</version>
</dependency> -->
+ <dependency>
+ <groupId>org.easymock</groupId>
+ <artifactId>easymock</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.unitils</groupId>
+ <artifactId>unitils-core</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>MOA</groupId>
+ <artifactId>moa-common</artifactId>
+ <type>test-jar</type>
+ <scope>test</scope>
+ </dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
@@ -442,6 +470,26 @@ </exclusions>
</dependency>
+ <!-- the core, which includes Streaming API, shared low-level abstractions (but NOT data-binding) -->
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ <version>2.5.4</version>
+ </dependency>
+ <!-- databinding; ObjectMapper, JsonNode and related classes are here -->
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ <version>2.5.4</version>
+ </dependency>
+
+
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-annotations</artifactId>
+ <version>2.5.4</version>
+ </dependency>
+
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java new file mode 100644 index 000000000..aae4dd8c4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java @@ -0,0 +1,98 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.advancedlogging; + +import at.gv.egiz.components.eventlog.api.EventConstants; + +/** + * @author tlenz + * + *Defines Constants for Event Logging + * + *Event codes from 3000 to 9999 can be defined here + * + */ +public interface MOAIDEventConstants extends EventConstants { + + //move to EventConstants + public static final int TRANSACTION_ERROR = 1103; + public static final int SESSION_ERROR = 1003; + + + //auth protocol specific information + public static final int AUTHPROTOCOL_TYPE = 3000; + + public static final int AUTHPROTOCOL_PVP_METADATA = 3100; + public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST = 3101; + public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE = 3102; + public static final int AUTHPROTOCOL_PVP_REQUEST_SLO = 3103; + public static final int AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY = 3104; + + public static final int AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST = 3200; + public static final int AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST = 3201; + + + //authentication process information + public static final int AUTHPROCESS_START = 4000; + public static final int AUTHPROCESS_FINISHED = 4001; + public static final int AUTHPROCESS_MANDATES_REQUESTED = 4002; + public static final int AUTHPROCESS_STORK_REQUESTED = 4003; + public static final int AUTHPROCESS_SSO = 4004; + public static final int AUTHPROCESS_SSO_INVALID = 4005; + public static final int AUTHPROCESS_SSO_ASK_USER_START = 4006; + public static final int AUTHPROCESS_SSO_ASK_USER_FINISHED = 4007; + public static final int AUTHPROCESS_INTERFEDERATION = 4008; + public static final int AUTHPROCESS_INTERFEDERATION_REVEIVED = 4009; + + public static final int AUTHPROCESS_BKUSELECTION_INIT = 4110; + public static final int AUTHPROCESS_BKUTYPE_SELECTED = 4111; + public static final int AUTHPROCESS_BKU_URL = 4112; + public static final int AUTHPROCESS_BKU_DATAURL_IP = 4113; + + public static final int AUTHPROCESS_IDL_VALIDATED = 4220; + public static final int AUTHPROCESS_CERTIFICATE_VALIDATED = 4221; + public static final int AUTHPROCESS_AUTHBLOCK_VALIDATED = 4222; + public static final int AUTHPROCESS_FOREIGN_FOUND = 4223; + public static final int AUTHPROCESS_FOREIGN_SZRGW_CONNECTED = 4224; + public static final int AUTHPROCESS_FOREIGN_SZRGW_RECEIVED = 4225; + + public static final int AUTHPROCESS_MANDATE_SERVICE_REQUESTED = 4330; + public static final int AUTHPROCESS_MANDATE_REDIRECT = 4301; + public static final int AUTHPROCESS_MANDATE_RECEIVED = 4302; + + public static final int AUTHPROCESS_PEPS_REQUESTED = 4400; + public static final int AUTHPROCESS_PEPS_RECEIVED = 4401; + + //person information + public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000; + public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE = 5001; + public static final int PERSONAL_INFORMATION_USERNAME_HASH = 5002; + + public static final int PERSONAL_INFORMATION_MANDATE_TYPE = 5100; + public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE = 5101; + public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH = 5102; + public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_BASEID = 5103; + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java new file mode 100644 index 000000000..6e09ea439 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java @@ -0,0 +1,47 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.advancedlogging; + +import at.gv.egiz.components.eventlog.api.Event; +import at.gv.egiz.components.eventlog.api.EventLogFactory; +import at.gv.egiz.components.eventlog.api.EventLoggingException; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class MOAIDEventLog extends EventLogFactory { + + public static void logEvent(Event event) { + try { + getEventLog().logEvent(event); + + } catch (EventLoggingException e) { + Logger.warn("Event logging FAILED!", e); + + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java new file mode 100644 index 000000000..1228a95a4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java @@ -0,0 +1,252 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.advancedlogging; + +import java.security.MessageDigest; +import java.util.Date; +import java.util.List; + +import com.google.common.primitives.Ints; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.egiz.components.eventlog.api.EventLoggingException; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class MOAReversionLogger { + + private static MOAReversionLogger instance = null; + + private static final List<Integer> defaultEventCodes = Ints.asList( + MOAIDEventConstants.SESSION_CREATED, + MOAIDEventConstants.SESSION_DESTROYED, + MOAIDEventConstants.SESSION_ERROR, + MOAIDEventConstants.SESSION_IP, + MOAIDEventConstants.TRANSACTION_CREATED, + MOAIDEventConstants.TRANSACTION_DESTROYED, + MOAIDEventConstants.TRANSACTION_ERROR, + MOAIDEventConstants.TRANSACTION_IP, + MOAIDEventConstants.AUTHPROTOCOL_TYPE, + MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA, + + MOAIDEventConstants.AUTHPROCESS_START, + MOAIDEventConstants.AUTHPROCESS_FINISHED, + MOAIDEventConstants.AUTHPROCESS_BKU_URL, + MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, + MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED, + MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED, + MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED, + MOAIDEventConstants.PERSONAL_INFORMATION_USERNAME_HASH + + ); + + public static synchronized MOAReversionLogger getInstance() { + if (instance == null) { + instance = new MOAReversionLogger(); + MOAIDEventLog.reload(); + + } + + return instance; + } + + + public void logEvent(IOAAuthParameters oaConfig, + int eventCode, String message) { + List<Integer> OASpecificEventCodes = null; + if (oaConfig == null) + OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes(); + else + OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes(); + + if (OASpecificEventCodes.contains(eventCode)) + MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message)); + } + + public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest, + int eventCode) { + List<Integer> OASpecificEventCodes = null; + if (oaConfig == null) + OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes(); + else + OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes(); + + if (OASpecificEventCodes.contains(eventCode)) + MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, + pendingRequest.getSessionIdentifier(), + pendingRequest.getRequestID())); + + } + + public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest, + int eventCode, String message) { + List<Integer> OASpecificEventCodes = null; + if (oaConfig == null) + OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes(); + else + OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes(); + + if (OASpecificEventCodes.contains(eventCode)) + MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, + message, + pendingRequest.getSessionIdentifier(), + pendingRequest.getRequestID() + )); + + } + + /** + * @param sessionCreated + * @param uniqueSessionIdentifier + */ + public void logEvent(int eventCode, String message) { + MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message)); + + } + + /** + * @param sessionCreated + * @param uniqueSessionIdentifier + */ + public void logEvent(String sessionID, String transactionID, int eventCode, String message) { + MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message, sessionID, transactionID)); + + } + + /** + * @param errorRequest + * @param transactionError + */ + public void logEvent(IRequest pendingRequest, int eventCode) { + MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, + pendingRequest.getSessionIdentifier(), + pendingRequest.getRequestID())); + + } + + public void logEvent(IRequest pendingRequest, int eventCode, String message) { + logEvent(pendingRequest.getOnlineApplicationConfiguration(), + pendingRequest, eventCode, message); + + } + + public void logMandateEventSet(IRequest pendingReq, MISMandate mandate) { + if (MiscUtil.isNotEmpty(mandate.getOWbPK())) + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK, + mandate.getOWbPK()); + + if (MiscUtil.isNotEmpty(mandate.getProfRep())) + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE, + mandate.getProfRep()); + + Mandate jaxBMandate = mandate.getMandateJaxB(); + if (jaxBMandate != null) { + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_TYPE, + jaxBMandate.getAnnotation()); + + if (jaxBMandate.getMandator().getCorporateBody() != null) { + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, + "jur"); + try { + String jurBaseID = jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getType() + + "+" + jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getId(); + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_BASEID, + jurBaseID); + + } catch (Throwable e) { + Logger.warn("ReversionsLogger: mandator baseID logging FAILED.", e); + + } + + } else { + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, + "nat"); + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, + buildPersonInformationHash( + jaxBMandate.getMandator().getPhysicalPerson().getName().getGivenName().get(0), + jaxBMandate.getMandator().getPhysicalPerson().getName().getFamilyName().get(0).getValue(), + jaxBMandate.getMandator().getPhysicalPerson().getDateOfBirth())); + } + } + } + + /** + * @param pendingReq + * @param identityLink + */ + public void logPersonalInformationEvent(IRequest pendingReq, + IdentityLink identityLink) { + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_USERNAME_HASH, + buildPersonInformationHash( + identityLink.getGivenName(), + identityLink.getFamilyName(), + identityLink.getDateOfBirth() + )); + + } + + private String buildPersonInformationHash(String givenName, String familyName, String dateofBirth) { + + // {"hash":"hashvalue","salt":"testSalt"} + // {"person":{"givenname":"value","familyname":"value","dateofbirth":"value"},"salt":"saltvalue"} + + String salt = "default"; + String inputData = "{\"person\":{\"givenname\":\"" + + givenName + + "\",\"familyname\":\"" + + familyName + + "\",\"dateofbirth\":\"" + + dateofBirth + +"\"},\"salt\":\"" + + salt + +"\"}"; + + MessageDigest md; + try { + md = MessageDigest.getInstance("SHA-256"); + byte[] hash = md.digest(inputData.getBytes("UTF-8")); + String hashBase64 = Base64Utils.encode(hash); + return "{\"hash\":\"" + hashBase64 + "\",\"salt\":\"" + salt + "\"}"; + + } catch (Throwable e) { + Logger.warn("ReversionsLogger: mandator personalInformationHash logging FAILED.", e); + return null; + + } + + } + + public List<Integer> getDefaulttReversionsLoggingEventCodes() { + return defaultEventCodes; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index f45a16780..67547d8a2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -26,6 +26,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.util.Date; +import java.util.List; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; @@ -43,17 +44,15 @@ import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; -import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; -import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; -import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -91,7 +90,7 @@ public class StatisticLogger { private StatisticLogger() { try { - AuthConfigurationProvider config = AuthConfigurationProvider.getInstance(); + AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); if (config != null) isAktive = config.isAdvancedLoggingActive(); @@ -105,20 +104,27 @@ public class StatisticLogger { if ( isAktive && protocolRequest != null && authData != null) { - OnlineApplication dbOA = ConfigurationDBRead.getOnlineApplication(protocolRequest.getOAURL()); - - if (dbOA == null) { - Logger.warn("Advanced logging failed: OA can not be found in database."); + OAAuthParameter dbOA = null; + try { + dbOA = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); + + if (dbOA == null) { + Logger.warn("Advanced logging failed: OA can not be found in database."); + return; + } + + } catch (ConfigurationException e1) { + Logger.error("Access MOA-ID configuration FAILED.", e1); return; } - + StatisticLog dblog = new StatisticLog(); //set actual date and time dblog.setTimestamp(new Date()); //set OA databaseID - dblog.setOaID(dbOA.getHjid()); + //dblog.setOaID(dbOA.getHjid()); //log basic AuthInformation dblog.setOaurlprefix(protocolRequest.getOAURL()); @@ -257,40 +263,46 @@ public class StatisticLogger { dblog.setProtocoltype(errorRequest.requestedModule()); dblog.setProtocolsubtype(errorRequest.requestedAction()); - OnlineApplication dbOA = ConfigurationDBRead.getOnlineApplication(errorRequest.getOAURL()); - if (dbOA != null) { - dblog.setOafriendlyName(dbOA.getFriendlyName()); - dblog.setOatarget(dbOA.getTarget()); - dblog.setOaID(dbOA.getHjid()); - dblog.setBusinessservice(isBusinessService(dbOA)); - } + try { + OAAuthParameter dbOA = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(errorRequest.getOAURL()); + if (dbOA != null) { + dblog.setOafriendlyName(dbOA.getFriendlyName()); + dblog.setOatarget(dbOA.getTarget()); + //dblog.setOaID(dbOA.getHjid()); + dblog.setBusinessservice(isBusinessService(dbOA)); + - AuthenticationSession moasession = AuthenticationSessionStoreage.getSessionWithPendingRequestID(errorRequest.getRequestID()); - if (moasession != null) { - if (MiscUtil.isNotEmpty(moasession.getBkuURL())) { - dblog.setBkuurl(moasession.getBkuURL()); - dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA)); - } + AuthenticationSession moasession = AuthenticationSessionStoreage.getSessionWithPendingRequestID(errorRequest.getRequestID()); + if (moasession != null) { + if (MiscUtil.isNotEmpty(moasession.getBkuURL())) { + dblog.setBkuurl(moasession.getBkuURL()); + dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA)); + } - dblog.setMandatelogin(moasession.getUseMandate()); - } + dblog.setMandatelogin(moasession.getUseMandate()); + } - generateErrorLogFormThrowable(throwable, dblog); - - ConfigurationDBUtils.closeSession(); + generateErrorLogFormThrowable(throwable, dblog); + + ConfigurationDBUtils.closeSession(); - try { - StatisticLogDBUtils.saveOrUpdate(dblog); + try { + StatisticLogDBUtils.saveOrUpdate(dblog); - } catch (MOADatabaseException e) { - Logger.warn("Statistic Log can not be stored into Database", e); + } catch (MOADatabaseException e) { + Logger.warn("Statistic Log can not be stored into Database", e); + } + } + } catch (ConfigurationException e) { + Logger.error("Access MOA-ID configuration FAILED.", e); + return; } } } - private boolean isBusinessService(OnlineApplication oa) { + private boolean isBusinessService(OAAuthParameter dbOA) { - if (oa.getType().equals("businessService")) + if (dbOA.getOaType().equals("businessService")) return true; else return false; @@ -351,29 +363,23 @@ public class StatisticLogger { } - private String findBKUType(String bkuURL, OnlineApplication dbOA) { + private String findBKUType(String bkuURL, OAAuthParameter dbOA) { if (dbOA != null) { - AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); - if (oaAuth != null) { - BKUURLS bkuurls = oaAuth.getBKUURLS(); - if (bkuurls != null) { - if (bkuURL.equals(bkuurls.getHandyBKU())) - return IOAAuthParameters.HANDYBKU; + if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameter.HANDYBKU))) + return IOAAuthParameters.HANDYBKU; - if (bkuURL.equals(bkuurls.getLocalBKU())) - return IOAAuthParameters.LOCALBKU; + if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameter.LOCALBKU))) + return IOAAuthParameters.LOCALBKU; - if (bkuURL.equals(bkuurls.getOnlineBKU())) - return IOAAuthParameters.ONLINEBKU; - } - } + if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameter.ONLINEBKU))) + return IOAAuthParameters.ONLINEBKU; } Logger.trace("Staticic Log search BKUType from DefaultBKUs"); try { - AuthConfigurationProvider authconfig = AuthConfigurationProvider.getInstance(); + AuthConfiguration authconfig = AuthConfigurationProviderFactory.getInstance(); if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.ONLINEBKU))) return IOAAuthParameters.ONLINEBKU; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java new file mode 100644 index 000000000..7f6f2c6b3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java @@ -0,0 +1,66 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.advancedlogging; + + +import java.util.Date; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class TransactionIDUtils { + + public static void setTransactionId(String pendingRequestID) { + org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID, + "TID-" + pendingRequestID); + org.slf4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID, + "TID-" + pendingRequestID); + + } + + public static void removeTransactionId() { + org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID); + org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID); + + } + + public static void setSessionId(String uniqueSessionId) { + org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, + "TID-" + uniqueSessionId); + org.slf4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, + "TID-" + uniqueSessionId); + + } + + public static void removeSessionId() { + org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_SESSION_ID); + org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_SESSION_ID); + + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index eab7c511e..d7694ac2c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -8,16 +8,9 @@ import iaik.x509.X509ExtensionInitException; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; -import java.io.StringWriter; import java.io.UnsupportedEncodingException; -import java.math.BigInteger; -import java.net.URL; -import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.cert.CertificateException; -import java.text.SimpleDateFormat; -import java.util.ArrayList; -//import java.security.cert.CertificateFactory; import java.util.Calendar; import java.util.Date; import java.util.List; @@ -25,27 +18,20 @@ import java.util.Map; import java.util.Vector; import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; -import org.apache.commons.io.IOUtils; import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.BooleanUtils; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; import org.apache.xpath.XPathAPI; -import org.opensaml.common.IdentifierGenerator; -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; -import org.w3c.dom.DOMException; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; @@ -71,8 +57,6 @@ import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet; -import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet; import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; @@ -80,21 +64,18 @@ import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.client.SZRGWClient; import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; -import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.config.stork.CPEPS; -import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; @@ -112,21 +93,6 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; import at.gv.util.xsd.srzgw.MISType; import at.gv.util.xsd.srzgw.MISType.Filters; -import eu.stork.oasisdss.api.AdditionalProfiles; -import eu.stork.oasisdss.api.ApiUtils; -import eu.stork.oasisdss.api.exceptions.ApiUtilsException; -import eu.stork.oasisdss.api.Profiles; -import eu.stork.oasisdss.api.QualityLevels; -import eu.stork.oasisdss.api.SignatureTypes; -import eu.stork.oasisdss.profile.AnyType; -import eu.stork.oasisdss.profile.DocumentType; -import eu.stork.oasisdss.profile.SignRequest; -import eu.stork.peps.auth.commons.PEPSUtil; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; /** * API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is @@ -136,7 +102,7 @@ import eu.stork.peps.exceptions.STORKSAMLEngineException; * @version $Id: AuthenticationServer.java 1273 2012-02-27 14:50:18Z kstranacher * $ */ -public class AuthenticationServer implements MOAIDAuthConstants { +public class AuthenticationServer extends MOAIDAuthConstants { /** * single instance @@ -216,7 +182,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { //load OnlineApplication configuration OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[]{session.getPublicOAURLPrefix()}); @@ -234,7 +200,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { String infoboxReadRequest = ""; - String domainIdentifier = AuthConfigurationProvider.getInstance().getSSOTagetIdentifier().trim(); + String domainIdentifier = AuthConfigurationProviderFactory.getInstance().getSSOTagetIdentifier().trim(); if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) { //do not use SSO if no Target is set Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); @@ -297,8 +263,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH); appletheigth = StringEscapeUtils.escapeHtml(appletheigth); appletwidth = StringEscapeUtils.escapeHtml(appletwidth); - - + //TODO: cleanup before MOA-ID 2.1 release try { String htmlForm = new GetIdentityLinkFormBuilder().build(template, @@ -338,7 +303,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * link results in an Exception being thrown. * @throws BKUException */ - public String verifyIdentityLink(AuthenticationSession session, + public String verifyIdentityLink(IRequest pendingReq, AuthenticationSession session, Map<String, String> infoboxReadResponseParameters) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException, BKUException { @@ -354,7 +319,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[]{ REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE}); - AuthConfigurationProvider authConf = AuthConfigurationProvider + AuthConfiguration authConf = AuthConfigurationProviderFactory .getInstance(); // check if an identity link was found @@ -396,7 +361,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( domVerifyXMLSignatureResponse).parseData(); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); // validates the <VerifyXMLSignatureResponse> @@ -408,10 +373,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIdentityLink(identityLink); // now validate the extended infoboxes - + //Removed in MOA-ID 2.0 //verifyInfoboxes(session, infoboxReadResponseParameters, false); + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); + return "found!"; } @@ -462,10 +430,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setOW(false); } - AuthConfigurationProvider authConf = AuthConfigurationProvider + AuthConfiguration authConf = AuthConfigurationProviderFactory .getInstance(); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, @@ -484,6 +452,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * containg the authentication block, meant to be returned to the security * layer implementation</li> * </ul> + * @param pendingReq * * @param sessionID ID of associated authentication session data * @param infoboxReadResponseParameters The parameters from the response returned from the BKU @@ -499,7 +468,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[]{ GET_MIS_SESSIONID, PARAM_SESSIONID}); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); try { @@ -536,7 +505,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws ValidateException */ public String getCreateXMLSignatureRequestAuthBlockOrRedirect( - AuthenticationSession session, AuthConfigurationProvider authConf, + AuthenticationSession session, AuthConfiguration authConf, OAAuthParameter oaParam) throws ConfigurationException, BuildException, ValidateException { @@ -545,9 +514,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { // return "Redirect to Input Processor"; if (authConf == null) - authConf = AuthConfigurationProvider.getInstance(); + authConf = AuthConfigurationProviderFactory.getInstance(); if (oaParam == null) - oaParam = AuthConfigurationProvider.getInstance() + oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter( session.getPublicOAURLPrefix()); @@ -583,10 +552,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[]{ REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); - AuthConfigurationProvider authConf = AuthConfigurationProvider + AuthConfiguration authConf = AuthConfigurationProviderFactory .getInstance(); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, @@ -594,7 +563,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } public String getCreateXMLSignatureRequestForeigID( - AuthenticationSession session, AuthConfigurationProvider authConf, + AuthenticationSession session, AuthConfiguration authConf, OAAuthParameter oaParam, X509Certificate cert) throws ConfigurationException { @@ -603,9 +572,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { // return "Redirect to Input Processor"; if (authConf == null) - authConf = AuthConfigurationProvider.getInstance(); + authConf = AuthConfigurationProviderFactory.getInstance(); if (oaParam == null) - oaParam = AuthConfigurationProvider.getInstance() + oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter( session.getPublicOAURLPrefix()); @@ -648,7 +617,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[]{ REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE}); - AuthConfigurationProvider authConf = AuthConfigurationProvider + AuthConfiguration authConf = AuthConfigurationProviderFactory .getInstance(); // parses the <CreateXMLSignatureResponse> @@ -684,13 +653,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { * <li>Verifies signature by calling the MOA SP component</li> * <li>Returns the signer certificate</li> * </ul> + * @param pendingReq * * @param sessionID ID of associated authentication session data * @param readInfoboxResponseParameters The parameters from the response returned from the BKU * including the <code><ReadInfoboxResponse></code> * @throws BKUException */ - public X509Certificate getCertificate(String sessionID, + public X509Certificate getCertificate(IRequest pendingReq, String sessionID, Map<String, String> readInfoboxResponseParameters) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException, BKUException { @@ -711,6 +681,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { xmlReadInfoboxResponse); X509Certificate cert = p.parseCertificate(); + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED); + return cert; } @@ -783,7 +756,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (session.isSsoRequested()) { String oaURL = new String(); try { - oaURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + oaURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); if (MiscUtil.isNotEmpty(oaURL)) oaURL = oaURL.replaceAll("&", "&"); @@ -1102,6 +1075,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * <li>Deletes authentication session</li> * <li><strike>Returns the SAML artifact, encoded BASE64</strike><br/>New id of the authenticated MOA session or {@code null} in case of mandate mode (???)</li> * </ul> + * @param pendingReq * * @param sessionID session ID of the running authentication session * @param xmlCreateXMLSignatureReadResponse String representation of the @@ -1110,7 +1084,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * BASE64</strike><br/>New id of the authenticated MOA session or {@code null} in case of mandate mode (???) * @throws BKUException */ - public String verifyAuthenticationBlock(AuthenticationSession session, + public String verifyAuthenticationBlock(IRequest pendingReq, AuthenticationSession session, String xmlCreateXMLSignatureReadResponse) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException, BKUException { @@ -1122,7 +1096,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[]{ REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); - AuthConfigurationProvider authConf = AuthConfigurationProvider + AuthConfiguration authConf = AuthConfigurationProviderFactory .getInstance(); // parses <CreateXMLSignatureResponse> CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser( @@ -1195,7 +1169,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); // validates the <VerifyXMLSignatureResponse> @@ -1273,6 +1247,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { vsresp.setX509certificate(null); session.setForeigner(false); + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); + + MOAReversionLogger.getInstance().logPersonalInformationEvent(pendingReq, session.getIdentityLink() + ); + if (session.getUseMandate()) { // mandate mode return null; @@ -1601,7 +1581,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, List<String> filters, String PEPSFiscalNumber) throws SZRGWClientException { try { - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + AuthConfiguration authConf = AuthConfigurationProviderFactory.getInstance(); ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); SZRGWClient client = new SZRGWClient(connectionParameters); @@ -1670,287 +1650,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { } /** - * Starts a MOA-ID authentication process using STORK - * - * @param req HttpServletRequest - * @param resp HttpServletResponse - * @param ccc Citizen country code - * @param oaURL URL of the online application - * @param target Target parameter - * @param targetFriendlyName Friendly Name of Target - * @param authURL Authentication URL - * @param sourceID SourceID parameter - * @throws MOAIDException - * @throws AuthenticationException - * @throws WrongParametersException - * @throws ConfigurationException - */ - public static void startSTORKAuthentication( - HttpServletRequest req, - HttpServletResponse resp, - AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { - - if (moasession == null) { - throw new AuthenticationException("auth.18", new Object[]{}); - } - - //read configuration paramters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[]{moasession.getPublicOAURLPrefix()}); - - //Start of STORK Processing - STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - - CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); - - Logger.debug("Preparing to assemble STORK AuthnRequest with the following values:"); - String destination = cpeps.getPepsURL().toExternalForm(); - Logger.debug("C-PEPS URL: " + destination); - - - String issuerValue = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); - // String acsURL = new DataURLBuilder().buildDataURL(issuerValue, - // PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID()); - - - String providerName = oaParam.getFriendlyName(); - Logger.debug("Issuer value: " + issuerValue); - - // prepare collection of required attributes - // - attributes for online application - List<OAStorkAttribute> attributesFromConfig = oaParam.getRequestedAttributes(); - - // - prepare attribute list - PersonalAttributeList attributeList = new PersonalAttributeList(); - - // - fill container - for (OAStorkAttribute current : attributesFromConfig) { - PersonalAttribute newAttribute = new PersonalAttribute(); - newAttribute.setName(current.getName()); - - boolean globallyMandatory = false; - for (StorkAttribute currentGlobalAttribute : storkConfig.getStorkAttributes()) - if (current.getName().equals(currentGlobalAttribute.getName())) { - globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.isMandatory()); - break; - } - - newAttribute.setIsRequired(current.isMandatory() || globallyMandatory); - attributeList.add(newAttribute); - } - - // add sign request - PersonalAttribute newAttribute = new PersonalAttribute(); - newAttribute.setName("signedDoc"); - newAttribute.setIsRequired(true); - List<String> value = new ArrayList<String>(); - - Logger.debug("PEPS supports XMLSignatures:"+cpeps.isXMLSignatureSupported()); - String acsURL; - if(cpeps.isXMLSignatureSupported())//Send SignRequest to PEPS - { - //solve Problem with sessionIDs - acsURL = issuerValue + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; - - value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), - "application/xhtml+xml", moasession.getCcc())); - newAttribute.setValue(value); - attributeList.add(newAttribute); - - // TODO[branch]: STORK AuthReq CPEPS acsURL "/PEPSConnector" - } - else//Process SignRequest locally with MOCCA - { - String target = moasession.getTarget(); - moasession.setTarget("AT"); - String signedDoc = (generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), - "application/xhtml+xml", "AT"));//moasession.getCcc() - moasession.setTarget(target); - Logger.warn("signedDoc to store:"+signedDoc); - //attributeList.add(newAttribute); - - //store SignRequest for later... - moasession.setSignedDoc(signedDoc); - - acsURL = issuerValue + PEPSConnectorWithLocalSigningServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; - // TODO[branch]: STORK AuthReq acsURL "/PEPSConnectorWithLocalSigning" - try { - AuthenticationSessionStoreage.storeSession(moasession); - } catch (MOADatabaseException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - - } - Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL); - - if (Logger.isDebugEnabled()) { - Logger.debug("The following attributes are requested for this OA:"); - for (OAStorkAttribute logReqAttr : attributesFromConfig) - Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isMandatory()); - } - - //TODO: check Target in case of SSO!! - String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); - String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); - String spApplication = spInstitution; - String spCountry = "AT"; // intentionally set AT - the flow is limited on that use case only - - //generate AuthnRquest - STORKAuthnRequest authnRequest = new STORKAuthnRequest(); - authnRequest.setDestination(destination); - authnRequest.setAssertionConsumerServiceURL(acsURL);//PEPSConnectorWithLocalSigning - authnRequest.setProviderName(providerName); - authnRequest.setIssuer(issuerValue); - authnRequest.setQaa(oaParam.getQaaLevel()); - authnRequest.setSpInstitution(spInstitution); - authnRequest.setSpCountry(spCountry); - authnRequest.setSpApplication(spApplication); - authnRequest.setSpSector(spSector); - authnRequest.setPersonalAttributeList(attributeList); - - //TODO change - authnRequest.setEIDCrossBorderShare(true); - authnRequest.setEIDCrossSectorShare(true); - authnRequest.setEIDSectorShare(true); - - authnRequest.setCitizenCountryCode(moasession.getCcc()); - - Logger.debug("STORK AuthnRequest succesfully assembled."); - - STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing"); - - if (samlEngine == null) { - Logger.error("Could not initalize STORK SAML engine."); - throw new MOAIDException("stork.00", null); - } - - try { - authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest); - } catch (STORKSAMLEngineException e) { - Logger.error("Could not sign STORK SAML AuthnRequest.", e); - throw new MOAIDException("stork.00", null); - } - - Logger.info("STORK AuthnRequest successfully signed!"); - - //validate AuthnRequest - try { - samlEngine.validateSTORKAuthnRequest(authnRequest.getTokenSaml()); - } catch (STORKSAMLEngineException e) { - Logger.error("STORK SAML AuthnRequest not valid.", e); - throw new MOAIDException("stork.01", null); - } - - Logger.debug("STORK AuthnRequest successfully internally validated."); - - //send - moasession.setStorkAuthnRequest(authnRequest); - - // do PEPS-conform logging for easier evaluation - try { - // 2015-03-12 16:44:27.144#S-PEPS receives request from SP#spurl#spepsurl#spapp#spdomain#citizen country#qaa#msghash#msg_id id1# - Logger.info(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(new Date()) + "#S-PEPS receives request from SP#" + - moasession.getPublicOAURLPrefix() + "#" + issuerValue + "#" + spApplication + "#" + - new URL(moasession.getPublicOAURLPrefix()).getHost() + "#" + moasession.getCcc() + "#" + oaParam.getQaaLevel() + - "#_hash_#" + moasession.getProcessInstanceId() + "#"); - } catch (Exception e1) { - Logger.info("STORK PEPS conform logging failed because of: " + e1.getMessage()); - } - - AuthenticationSessionStoreage.changeSessionID(moasession, authnRequest.getSamlId()); - - - Logger.info("Preparing to send STORK AuthnRequest."); - Logger.info("prepared STORKAuthnRequest: "); - Logger.info(new String(authnRequest.getTokenSaml())); - - try { - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); - VelocityContext context = new VelocityContext(); - context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml())); - context.put("RelayState", moasession.getSessionID()); - context.put("action", destination); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - - // TODO[branch]: SAML2 Form Submit to CPEPS, response to acsURL Servlet - - resp.setContentType("text/html;charset=UTF-8"); - resp.getOutputStream().write(writer.toString().getBytes("UTF-8")); - - } catch (Exception e) { - Logger.error("Error sending STORK SAML AuthnRequest.", e); - throw new MOAIDException("stork.02", new Object[]{destination}); - - } - - Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); - - // do PEPS-conform logging for easier evaluation - try { - // 2015-03-12 16:44:27.144#S-PEPS generates request to C-PEPS#spepsurl#cpepsurl#spapp#spdomain#citizen country#qaa#msghash#msg_id id1#id2# - Logger.info(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(new Date()) + "#S-PEPS generates request to C-PEPS#" + - issuerValue + "#" + destination + "#" + spApplication + "#" + - new URL(moasession.getPublicOAURLPrefix()).getHost() + "#" + moasession.getCcc() + "#" + oaParam.getQaaLevel() + - "#_hash_#" + moasession.getProcessInstanceId() + "#" + authnRequest.getSamlId() + "#"); - } catch (Exception e1) { - Logger.info("STORK PEPS conform logging failed because of: " + e1.getMessage()); - } - } - - private static String generateDssSignRequest(String text, String mimeType, String citizenCountry) { - IdentifierGenerator idGenerator; - try { - idGenerator = new SecureRandomIdentifierGenerator(); - - DocumentType doc = new DocumentType(); - doc.setBase64XML(text.getBytes("UTF-8")); - doc.setID(idGenerator.generateIdentifier()); - - SignRequest request = new SignRequest(); - request.setInputDocuments(ApiUtils.createInputDocuments(doc)); - - String id = idGenerator.generateIdentifier(); - request.setRequestID(id); - request.setDocUI(id); - - request.setProfile(Profiles.XADES_BES.toString()); - request.setNumberOfSigners(BigInteger.ONE); - request.setTargetCountry(citizenCountry); - - // no, no todo. PEPS will alter this value anyhow. - request.setReturnURL("http://invalid_return"); - - AnyType required = new AnyType(); - required.getAny().add(ApiUtils.createSignatureType(SignatureTypes.XMLSIG_RFC3275.toString())); - required.getAny().add(ApiUtils.createAdditionalProfile(AdditionalProfiles.XADES.toString())); - required.getAny().add(ApiUtils.createQualityRequirements(QualityLevels.QUALITYLEVEL_QUALIFIEDSIG)); - required.getAny().add(ApiUtils.createIncludeObject(doc)); - request.setOptionalInputs(required); - - return IOUtils.toString(ApiUtils.marshalToInputStream(request)); - } catch (NoSuchAlgorithmException e) { - Logger.error("Cannot generate id", e); - throw new RuntimeException(e); - } catch (ApiUtilsException e) { - Logger.error("Could not create SignRequest", e); - throw new RuntimeException(e); - } catch (DOMException e) { - Logger.error("Could not create SignRequest", e); - throw new RuntimeException(e); - } catch (IOException e) { - Logger.error("Could not create SignRequest", e); - throw new RuntimeException(e); - } - } - - /** * Extracts an X509 Certificate out of an XML signagture element * * @param signedXML XML signature element diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 5223a181d..b29e0d9f6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -9,6 +9,9 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; +import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; + import iaik.asn1.ObjectID; @@ -18,7 +21,7 @@ import iaik.asn1.ObjectID; * @author Paul Ivancsics * @version $Id$ */ -public interface MOAIDAuthConstants { +public class MOAIDAuthConstants extends MOAIDConstants{ /** servlet parameter "Target" */ public static final String PARAM_TARGET = "Target"; @@ -113,9 +116,7 @@ public interface MOAIDAuthConstants { // /** the number of the certifcate extension for party organ representatives */ // public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; - - public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+"; - + /** OW */ public static final String OW_ORGANWALTER = PARTY_REPRESENTATION_OID_NUMBER + ".4"; @@ -143,8 +144,6 @@ public interface MOAIDAuthConstants { public static final String PARAM_APPLET_HEIGTH = "heigth"; public static final String PARAM_APPLET_WIDTH = "width"; - public static final String TESTCREDENTIALROOTOID = "1.2.40.0.10.2.4.1"; - public static final Map<String, String> COUNTRYCODE_XX_TO_NAME = Collections.unmodifiableMap(new HashMap<String, String>() { private static final long serialVersionUID = 1L; @@ -168,4 +167,6 @@ public interface MOAIDAuthConstants { public static final String REGEX_PATTERN_TARGET = "^[A-Za-z]{2}(-.*)?$"; + public static final String MDC_TRANSACTION_ID = "transactionId"; + public static final String MDC_SESSION_ID = "sessionId"; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 025c4c652..65e3b10d7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -18,7 +18,9 @@ import javax.net.ssl.SSLSocketFactory; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigLoader; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider; import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -129,43 +131,50 @@ public class MOAIDAuthInitializer { Constants.nSMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); // Loads the configuration - AuthConfigurationProvider authConf = AuthConfigurationProvider.reload(); - - ConnectionParameter moaSPConnParam = authConf - .getMoaSpConnectionParameter(); - - // If MOA-SP API calls: loads MOA-SP configuration and configures IAIK - if (moaSPConnParam == null) { - try { - LoggingContextManager.getInstance().setLoggingContext( - new LoggingContext("startup")); - ConfigurationProvider config = ConfigurationProvider - .getInstance(); - new IaikConfigurator().configure(config); - } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) { - throw new ConfigurationException("config.10", new Object[] { ex - .toString() }, ex); + try { + AuthConfiguration authConf = AuthConfigurationProviderFactory.reload(); + + ConnectionParameter moaSPConnParam = authConf + .getMoaSpConnectionParameter(); + + // If MOA-SP API calls: loads MOA-SP configuration and configures IAIK + if (moaSPConnParam == null) { + try { + LoggingContextManager.getInstance().setLoggingContext( + new LoggingContext("startup")); + ConfigurationProvider config = ConfigurationProvider + .getInstance(); + new IaikConfigurator().configure(config); + } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) { + throw new ConfigurationException("config.10", new Object[] { ex + .toString() }, ex); + } } + + // Initializes IAIKX509TrustManager logging + /* + String log4jConfigURL = System.getProperty("log4j.configuration"); + Logger.info("Log4J Configuration: " + log4jConfigURL); + if (log4jConfigURL != null) { + IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL)); + } + */ + + // Initializes the Axis secure socket factory for use in calling the + // MOA-SP web service + if (moaSPConnParam != null && moaSPConnParam.isHTTPSURL()) { + SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf, + moaSPConnParam); + AxisSecureSocketFactory.initialize(ssf); + } + + + } catch (ConfigurationException e) { + Logger.error("MOA-ID-Auth start-up FAILED. Error during application configuration."); + System.exit(-1); + } - - // Initializes IAIKX509TrustManager logging - /* - String log4jConfigURL = System.getProperty("log4j.configuration"); - Logger.info("Log4J Configuration: " + log4jConfigURL); - if (log4jConfigURL != null) { - IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL)); - } - */ - - // Initializes the Axis secure socket factory for use in calling the - // MOA-SP web service - if (moaSPConnParam != null && moaSPConnParam.isHTTPSURL()) { - SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf, - moaSPConnParam); - AxisSecureSocketFactory.initialize(ssf); - } - - + // Starts the session cleaner thread to remove unpicked authentication data AuthenticationSessionCleaner.start(); AuthConfigLoader.start(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index a6c2cde05..81699bcdf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -50,7 +50,7 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.Random; @@ -265,9 +265,12 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String text = ""; try { - OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText())) + OAAuthParameter oaparam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + if (MiscUtil.isNotEmpty(oaparam.getAditionalAuthBlockText())) { Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix()); + text = oaparam.getAditionalAuthBlockText(); + } + } catch (ConfigurationException e) { Logger.warn("Addional AuthBlock Text can not loaded from OA!", e); } @@ -352,7 +355,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion //BZ.., reading OA parameters OAAuthParameter oaParam; try { - oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter( session.getPublicOAURLPrefix()); } catch (ConfigurationException e) { Logger.error("Error on building AUTH-Block: " + e.getMessage()); @@ -417,9 +420,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String text = ""; try { - OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText())) + OAAuthParameter oaparam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + if (MiscUtil.isNotEmpty(oaparam.getAditionalAuthBlockText())) { Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix()); + text = oaparam.getAditionalAuthBlockText(); + } } catch (ConfigurationException e) { Logger.warn("Addional AuthBlock Text can not loaded from OA!", e); } @@ -525,7 +530,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion //adding friendly name of OA String friendlyname; try { - friendlyname = AuthConfigurationProvider.getInstance().getSSOFriendlyName(); + friendlyname = AuthConfigurationProviderFactory.getInstance().getSSOFriendlyName(); ExtendedSAMLAttribute oaFriendlyNameAttribute = new ExtendedSAMLAttributeImpl("oaFriendlyName", friendlyname, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); @@ -533,7 +538,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion extendedSAMLAttributes.add(oaFriendlyNameAttribute); - String text = AuthConfigurationProvider.getInstance().getSSOSpecialText(); + String text = AuthConfigurationProviderFactory.getInstance().getSSOSpecialText(); if (MiscUtil.isEmpty(text)) text=""; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index cd751ce7f..573f2e09f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -75,7 +75,8 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; @@ -115,7 +116,7 @@ import at.gv.util.xsd.szr.PersonInfoType; * @author tlenz * */ -public class AuthenticationDataBuilder implements MOAIDAuthConstants { +public class AuthenticationDataBuilder extends MOAIDAuthConstants { public static IAuthData buildAuthenticationData(IRequest protocolRequest, AuthenticationSession session, List<Attribute> reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { @@ -176,7 +177,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { IOAAuthParameters oaParam = null; if (reqAttributes == null) { //get OnlineApplication from MOA-ID-Auth configuration - oaParam = AuthConfigurationProvider.getInstance() + oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter(oaID); //build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway @@ -199,7 +200,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { } else { //get attributes from interfederated IDP - OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix()); + OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix()); getAuthDataFromInterfederation(authdata, session, oaParam, protocolRequest, interfIDP, idp, reqAttributes); //mark attribute request as used @@ -484,7 +485,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (MiscUtil.isEmpty(authData.getIdentificationValue())) { Logger.info("No baseID found. Connect SZR to reveive baseID ..."); try { - EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProvider.getInstance().geteGovUtilsConfig(); + EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProviderFactory.getInstance().geteGovUtilsConfig(); if (eGovClientsConfig != null) { SZRClient szrclient = new SZRClient(eGovClientsConfig); @@ -929,7 +930,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { //set max. SSO session time if (authData.isSsoSession()) { - long maxSSOSessionTime = AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionCreated().longValue() * 1000; + long maxSSOSessionTime = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000; Date ssoSessionValidTo = new Date(session.getSessionCreated().getTime() + maxSSOSessionTime); authData.setSsoSessionValidTo(ssoSessionValidTo); @@ -994,7 +995,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); Element resignedilAssertion; - AuthConfigurationProvider config = AuthConfigurationProvider.getInstance(); + AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); if (config.isIdentityLinkResigning()) { resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), config.getIdentityLinkResigningKey()); } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java index 924051e2a..899b0fd15 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -46,6 +46,7 @@ package at.gv.egovernment.moa.id.auth.builder; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; /** @@ -96,7 +97,7 @@ public class DataURLBuilder { dataURL = authBaseURL + authServletName; - dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID); + dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_SESSIONID, sessionID); return dataURL; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java index 49f87122d..bc3645e74 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java @@ -29,7 +29,7 @@ import org.opensaml.saml2.core.Attribute; import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; @@ -77,7 +77,7 @@ public class DynamicOAAuthParameterBuilder { if (interfIDP != null) { //load interfederated IDP informations - OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix()); + OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix()); if (idp == null) { Logger.warn("Interfederated IDP configuration is not loadable."); throw new DynamicOABuildException("Interfederated IDP configuration is not loadable.", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index 54196427e..35717af4d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -25,23 +25,19 @@ package at.gv.egovernment.moa.id.auth.builder; import java.io.ByteArrayInputStream; import java.io.File; import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; import java.net.URI; -import java.net.URISyntaxException; -import java.util.List; import org.apache.commons.io.IOUtils; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; -import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.logging.Logger; @@ -70,7 +66,7 @@ public class LoginFormBuilder { InputStream input = null; try { - String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); + String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; File file = new File(new URI(pathLocation)); input = new FileInputStream(file); @@ -155,26 +151,20 @@ public class LoginFormBuilder { if (oaParam.isShowStorkLogin()) { String pepslist = ""; - List<CPEPS> cpepsList = null; - try { - cpepsList = ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS(); - - for (CPEPS current : oaParam.getPepsList()) - // check if master config has changed... - if(cpepsList != null && cpepsList.contains(current)) { - String countryName = null; - if (MiscUtil.isNotEmpty(MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getCountryCode().toUpperCase()))) - countryName = MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getCountryCode().toUpperCase()); - else - countryName = current.getCountryCode().toUpperCase(); - - pepslist += "<option value=" + current.getCountryCode() + ">" - + countryName - + "</option>\n"; - - } - - value = value.replace(PEPSLIST, pepslist); + try { + for (CPEPS current : oaParam.getPepsList()) { + String countryName = null; + if (MiscUtil.isNotEmpty(MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getCountryCode().toUpperCase()))) + countryName = MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getCountryCode().toUpperCase()); + else + countryName = current.getCountryCode().toUpperCase(); + + pepslist += "<option value=" + current.getCountryCode() + ">" + + countryName + + "</option>\n"; + + value = value.replace(PEPSLIST, pepslist); + } } catch (NullPointerException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index 1e2a4700d..eeca78e60 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -51,7 +51,7 @@ import java.security.MessageDigest; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -94,7 +94,7 @@ public class SAMLArtifactBuilder { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] sourceID; // alternative sourceId - String alternativeSourceID = AuthConfigurationProvider.getInstance().getAlternativeSourceID(); + String alternativeSourceID = AuthConfigurationProviderFactory.getInstance().getAlternativeSourceID(); // if sourceID is given in GET/POST param - use this as source id if (!ParepUtils.isEmpty(sourceIdParam)) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java index 24b848176..253125fe9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java @@ -33,12 +33,11 @@ import java.net.URI; import org.apache.commons.io.IOUtils; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; public class SendAssertionFormBuilder { @@ -63,7 +62,7 @@ public class SendAssertionFormBuilder { String pathLocation; InputStream input = null; try { - String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); + String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java index 9a8372a2d..5c1b12e0d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java @@ -30,10 +30,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.StringUtils; public class StartAuthenticationBuilder { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java new file mode 100644 index 000000000..61b8f7bd3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java @@ -0,0 +1,52 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.data; + +import java.io.Serializable; + +/** + * @author tlenz + * + */ +public class AuthenticationSessionExtensions implements Serializable{ + + private static final long serialVersionUID = 1L; + + private String uniqueSessionId = null; + + /** + * @return the uniqueSessionId + */ + public String getUniqueSessionId() { + return uniqueSessionId; + } + + /** + * @param uniqueSessionId the uniqueSessionId to set + */ + public void setUniqueSessionId(String uniqueSessionId) { + this.uniqueSessionId = uniqueSessionId; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java index 479775dd5..1a311993e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java @@ -59,13 +59,15 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.api.SignatureVerificationService; import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser; import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.util.MiscUtil; /** * Invoker of the <code>SignatureVerification</code> web service of MOA-SPSS.<br> @@ -106,10 +108,10 @@ public class SignatureVerificationInvoker { SOAPBodyElement response; String endPoint; - AuthConfigurationProvider authConfigProvider = AuthConfigurationProvider.getInstance(); + AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance(); authConnParam = authConfigProvider.getMoaSpConnectionParameter(); //If the ConnectionParameter do NOT exist, we try to get the api to work.... - if (authConnParam != null) { + if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) { Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix()); endPoint = authConnParam.getUrl(); call.setTargetEndpointAddress(endPoint); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index ee6f0d5a4..183467d87 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -8,8 +8,12 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.ObjectUtils;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -19,6 +23,8 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
@@ -74,6 +80,7 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { try {
moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+
AuthenticationSessionStoreage.changeSessionID(moasession);
executionContext.remove(PARAM_SESSIONID);
@@ -89,6 +96,15 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
String getIdentityLinkForm = startauth.build(moasession, req, resp);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+
+ if (BooleanUtils.isTrue((Boolean) executionContext.get("useMandate")))
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED);
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL());
+
if (!StringUtils.isEmpty(getIdentityLinkForm)) {
resp.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(resp.getOutputStream());
@@ -114,6 +130,8 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { finally {
ConfigurationDBUtils.closeSession();
+ TransactionIDUtils.removeTransactionId();
+ TransactionIDUtils.removeSessionId();
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index 6bf68e2eb..8f1cd8cfe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -15,6 +15,8 @@ import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils;
import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -29,7 +31,9 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -99,6 +103,11 @@ public class GetForeignIDTask extends AbstractAuthServletTask { pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
session = AuthenticationServer.getSession(sessionID);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+
// change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
@@ -118,7 +127,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask { throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
}
-
+
Element signature = csresp.getDsigSignature();
try {
@@ -128,6 +137,9 @@ public class GetForeignIDTask extends AbstractAuthServletTask { throw new MOAIDException("auth.14", null);
}
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED);
+
// make SZR request to the identity link
CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(signature);
@@ -159,6 +171,9 @@ public class GetForeignIDTask extends AbstractAuthServletTask { // TODO[branch]: Final step back to /dispatcher
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED);
+
try {
AuthenticationSessionStoreage.storeSession(session);
} catch (MOADatabaseException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index 4ff5672bd..67d42e442 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -14,6 +14,8 @@ import javax.xml.parsers.ParserConfigurationException; import org.apache.commons.lang.StringEscapeUtils;
import org.xml.sax.SAXException;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -24,8 +26,11 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -84,17 +89,20 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { session = AuthenticationServer.getSession(sessionID);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+
//change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
String misSessionID = session.getMISSessionID();
- AuthConfigurationProvider authConf = AuthConfigurationProvider
+ AuthConfiguration authConf = AuthConfigurationProviderFactory
.getInstance();
ConnectionParameter connectionParameters = authConf
.getOnlineMandatesConnectionParameter();
SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
- AuthConfigurationProvider.getInstance(),
+ AuthConfigurationProviderFactory.getInstance(),
connectionParameters);
List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest(
@@ -105,6 +113,10 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { throw new AuthenticationException("auth.15", null);
}
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED);
+
+
// for now: list contains only one element
MISMandate mandate = (MISMandate) list.get(0);
@@ -130,6 +142,9 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { session.setAuthenticatedUsed(false);
session.setAuthenticated(true);
+ //log mandate specific set of events
+ MOAReversionLogger.getInstance().logMandateEventSet(pendingReq, mandate);
+
//set QAA Level four in case of card authentifcation
session.setQAALevel(PVPConstants.STORK_QAA_1_4);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index 3ae35bc24..fc5fb6c58 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -14,7 +14,8 @@ import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -75,9 +76,9 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { // TODO[branch]: Default behaviour; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock"
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(
session.getPublicOAURLPrefix());
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ AuthConfiguration authConf = AuthConfigurationProviderFactory.getInstance();
String createXMLSignatureRequest = AuthenticationServer.getInstance()
.getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index 64dcb0f41..fd1400ed1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -17,6 +17,8 @@ import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils;
import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -29,9 +31,12 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -114,17 +119,22 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+
//change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
- String authenticatedMOASessionId = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse);
+ String authenticatedMOASessionId = AuthenticationServer.getInstance().verifyAuthenticationBlock(pendingReq, session, createXMLSignatureResponse);
if (authenticatedMOASessionId == null) {
//mandate Mode
- AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
+ AuthConfiguration authConf= AuthConfigurationProviderFactory.getInstance();
ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
- SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
+ SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProviderFactory.getInstance(), connectionParameters);
// get identitity link as byte[]
Element elem = session.getIdentityLink().getSamlAssertion();
@@ -173,6 +183,9 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
}
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, mandateReferenceValue);
+
MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(
connectionParameters.getUrl(),
idl,
@@ -201,6 +214,9 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { // TODO[branch]: Mandate; redirect to MIS website; website redirects back to "/GetMISSessionID"
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT);
+
resp.setStatus(302);
resp.addHeader("Location", redirectMISGUI);
Logger.debug("REDIRECT TO: " + redirectURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index 607641532..26c10399d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -12,6 +12,8 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -22,6 +24,8 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -86,10 +90,15 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { session = AuthenticationServer.getSession(sessionID);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+
//change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
- X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
+ X509Certificate cert = AuthenticationServer.getInstance().getCertificate(pendingReq, sessionID, parameters);
if (cert == null) {
Logger.error("Certificate could not be read.");
throw new AuthenticationException("auth.14", null);
@@ -113,8 +122,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { }
else {
-
-
+
String countrycode = CertificateUtils.getIssuerCountry(cert);
if (countrycode != null) {
if (countrycode.compareToIgnoreCase("AT") == 0) {
@@ -124,6 +132,9 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { }
// Foreign Identities Modus
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND);
+
String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
// build dataurl (to the GetForeignIDSerlvet)
String dataurl =
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java index 44557453a..821bb572a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java @@ -10,6 +10,8 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -18,6 +20,8 @@ import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -77,7 +81,12 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { }
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters) != null;
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+
+ boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(pendingReq, session, parameters) != null;
AuthenticationSessionStoreage.storeSession(session);
executionContext.put("identityLinkAvailable", identityLinkAvailable);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index f538d2d12..587b641c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -22,12 +22,10 @@ ******************************************************************************/ package at.gv.egovernment.moa.id.auth.parser; -import java.io.UnsupportedEncodingException; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringEscapeUtils; @@ -36,21 +34,17 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; -import at.gv.egovernment.moa.util.URLEncoder; -public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ +public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ public static void parse(AuthenticationSession moasession, String target, @@ -110,7 +104,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ OAAuthParameter oaParam; if (moasession.getPublicOAURLPrefix() != null) { Logger.debug("Loading OA parameters for PublicURLPrefix: " + moasession.getPublicOAURLPrefix()); - oaParam = AuthConfigurationProvider.getInstance() + oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter( moasession.getPublicOAURLPrefix()); @@ -119,7 +113,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ new Object[] { moasession.getPublicOAURLPrefix() }); } else { - oaParam = AuthConfigurationProvider.getInstance() + oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter(oaURL); if (oaParam == null) @@ -170,7 +164,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ //Validate BKU URI List<String> allowedbkus = oaParam.getBKUURL(); - allowedbkus.addAll(AuthConfigurationProvider.getInstance().getDefaultBKUURLs()); + allowedbkus.addAll(AuthConfigurationProviderFactory.getInstance().getDefaultBKUURLs()); if (!ParamValidatorUtils.isValidBKUURI(bkuURL, allowedbkus)) throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); @@ -213,12 +207,12 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ } authURL = authURL.concat(req.getContextPath() + "/"); - if (!authURL.startsWith("https:") && !AuthConfigurationProvider.getInstance().isHTTPAuthAllowed()) + if (!authURL.startsWith("https:") && !AuthConfigurationProviderFactory.getInstance().isHTTPAuthAllowed()) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); //set Auth URL from configuration - moasession.setAuthURL(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/"); + moasession.setAuthURL(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/"); //check and set SourceID if (oaParam.getSAML1Parameter() != null) { @@ -229,21 +223,21 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ if (MiscUtil.isEmpty(templateURL)) { - List<TemplateType> templateURLList = oaParam.getTemplateURL(); + List<String> templateURLList = oaParam.getTemplateURL(); List<String> defaulTemplateURLList = - AuthConfigurationProvider.getInstance().getSLRequestTemplates(); + AuthConfigurationProviderFactory.getInstance().getSLRequestTemplates(); if ( templateURLList != null && templateURLList.size() > 0 - && MiscUtil.isNotEmpty(templateURLList.get(0).getURL()) ) { + && MiscUtil.isNotEmpty(templateURLList.get(0)) ) { templateURL = FileUtils.makeAbsoluteURL( - oaParam.getTemplateURL().get(0).getURL(), - AuthConfigurationProvider.getInstance().getRootConfigFileDir()); + oaParam.getTemplateURL().get(0), + AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir()); Logger.info("No SL-Template in request, load SL-Template from OA configuration (URL: " + templateURL + ")"); } else if ( (defaulTemplateURLList.size() > 0) && MiscUtil.isNotEmpty(defaulTemplateURLList.get(0))) { templateURL = FileUtils.makeAbsoluteURL( defaulTemplateURLList.get(0), - AuthConfigurationProvider.getInstance().getRootConfigFileDir()); + AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir()); Logger.info("No SL-Template in request, load SL-Template from general configuration (URL: " + templateURL + ")"); } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index c4c4b2691..43f4f90ff 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -96,7 +96,7 @@ import at.gv.egovernment.moa.util.URLDecoder; * @author Paul Ivancsics * @version $Id$ */ -public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { +public class AuthServlet extends HttpServlet { /** * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index ad4776a45..1d4b442da 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -31,6 +31,9 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -40,7 +43,7 @@ import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -66,10 +69,10 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { String pendingRequestID = null; try { - String bkuid = req.getParameter(PARAM_BKU); - String useMandate = req.getParameter(PARAM_USEMANDATE); - String ccc = req.getParameter(PARAM_CCC); - String moasessionid = req.getParameter(PARAM_SESSIONID); + String bkuid = req.getParameter(MOAIDAuthConstants.PARAM_BKU); + String useMandate = req.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE); + String ccc = req.getParameter(MOAIDAuthConstants.PARAM_CCC); + String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); moasessionid = StringEscapeUtils.escapeHtml(moasessionid); @@ -98,44 +101,48 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { } //load OA Config - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter(moasession.getOAURLRequested()); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() }); else { - + //get Target from config or from request in case of SAML 1 String target = null; IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); + + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid); + if (MiscUtil.isNotEmpty(pendingReq.getTarget()) && pendingReq.requestedModule().equals(SAML1Protocol.PATH)) target = pendingReq.getTarget(); else target = oaParam.getTarget(); - + String bkuURL = oaParam.getBKUURL(bkuid); if (MiscUtil.isEmpty(bkuURL)) { Logger.info("No OA specific BKU defined. Use BKU from default configuration"); - bkuURL = AuthConfigurationProvider.getInstance().getDefaultBKUURL(bkuid); + bkuURL = AuthConfigurationProviderFactory.getInstance().getDefaultBKUURL(bkuid); } //search for OA specific template String templateURL = null; - List<TemplateType> oaTemplateURLList = oaParam.getTemplateURL(); + List<String> oaTemplateURLList = oaParam.getTemplateURL(); if ( oaTemplateURLList != null && oaTemplateURLList.size() > 0 - && MiscUtil.isNotEmpty(oaTemplateURLList.get(0).getURL()) ) { - templateURL = oaTemplateURLList.get(0).getURL(); + && MiscUtil.isNotEmpty(oaTemplateURLList.get(0)) ) { + templateURL = oaTemplateURLList.get(0); } else { - templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid); + templateURL = AuthConfigurationProviderFactory.getInstance().getSLRequestTemplates(bkuid); } //make url absolut if it is a local url if (MiscUtil.isNotEmpty(templateURL)) templateURL = FileUtils.makeAbsoluteURL(templateURL, - AuthConfigurationProvider.getInstance().getRootConfigFileDir()); + AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir()); if (oaParam.isOnlyMandateAllowed()) useMandate = "true"; @@ -161,6 +168,7 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { ec.put("ccc", moasession.getCcc()); ec.put("useMandate", moasession.getUseMandate()); ec.put("bkuURL", moasession.getBkuURL()); + ec.put("pendingRequestID", pendingRequestID); // select and create process instance String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java deleted file mode 100644 index 41c2a9c6a..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ /dev/null @@ -1,325 +0,0 @@ -/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.ByteArrayInputStream; -import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Map;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.transform.TransformerException;
-
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetForeignIDTask;
-import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; -
-/**
- * Servlet requested for getting the foreign eID
- * provided by the security layer implementation.
- * Utilizes the {@link AuthenticationServer}.
- * @deprecated Use {@link GetForeignIDTask} instead.
- *
- */
-public class GetForeignIDServlet extends AuthServlet {
-
- /**
- *
- */
- private static final long serialVersionUID = -3415644214702379483L;
-
-/**
- * Constructor for GetForeignIDServlet.
- */
- public GetForeignIDServlet() {
- super();
- }
-
- /**
- * GET requested by security layer implementation to verify
- * that data URL resource is available.
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- super.doGet(req, resp);
- }
-
- /**
- * Verifies the identity link and responds with a new
- * <code>CreateXMLSignatureRequest</code>.
- * <br>
- * Request parameters:
- * <ul>
- * <li>MOASessionID: ID of associated authentication session</li>
- * <li>XMLResponse: <code><InfoboxReadResponse></code></li>
- * </ul>
- * Response:
- * <ul>
- * <li>Content type: <code>"text/xml"</code></li>
- * <li>Content: see return value of {@link AuthenticationServer#verifyIdentityLink}</li>
- * <li>Error status: <code>500</code>
- * </ul>
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("POST GetForeignIDServlet");
-
- Logger.warn(getClass().getName() + " is deprecated and should not be used any more.");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
- Map<String, String> parameters;
-
- String pendingRequestID = null;
-
- try
- {
- parameters = getParameters(req);
- } catch (FileUploadException e)
- {
- Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new IOException(e.getMessage());
- }
- String sessionID = req.getParameter(PARAM_SESSIONID);
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
- String redirectURL = null;
- AuthenticationSession session = null;
- try {
- String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("GetForeignID", PARAM_SESSIONID, "auth.12");
- if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse))
- throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12");
-
- session = AuthenticationServer.getSession(sessionID);
-
- //change MOASessionID
- sessionID = AuthenticationSessionStoreage.changeSessionID(session);
-
- Logger.debug(xmlCreateXMLSignatureResponse);
-
- CreateXMLSignatureResponse csresp =
- new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse).parseResponseDsig();
-
- try {
- String serializedAssertion = DOMUtils.serializeNode(csresp
- .getDsigSignature());
- session.setAuthBlock(serializedAssertion);
-
- } catch (TransformerException e) {
- throw new ParseException("parser.04", new Object[] {
- REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
-
- } catch (IOException e) {
- throw new ParseException("parser.04", new Object[] {
- REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
-
- }
-
- Element signature = csresp.getDsigSignature();
-
- try {
- session.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature));
- } catch (CertificateException e) {
- Logger.error("Could not extract certificate from CreateXMLSignatureResponse");
- throw new MOAIDException("auth.14", null);
- }
-
- // make SZR request to the identity link
- CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(signature);
-
-
- if (null != response.getErrorResponse()){ - // TODO fix exception parameter
- throw new SZRGWClientException("service.08", (String)response.getErrorResponse().getErrorCode(),
- (String)response.getErrorResponse().getInfo());
- }
- else {
- IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(response.getIdentityLink()));
- IdentityLink identitylink = ilParser.parseIdentityLink();
- session.setIdentityLink(identitylink);
-
- //set QAA Level four in case of card authentifcation
- session.setQAALevel(PVPConstants.STORK_QAA_1_4);
-
- String samlArtifactBase64 =
- AuthenticationServer.getInstance().getForeignAuthenticationData(session);
-
-
- //session is implicit stored in changeSessionID!!!!
- String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
-
- Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID);
- Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
-
- if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- /*redirectURL = session.getOAURLRequested();
- if (!session.getBusinessService()) {
- redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
- }
- redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = resp.encodeRedirectURL(redirectURL);*/
-
- redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
- ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), newMOASessionID);
- redirectURL = resp.encodeRedirectURL(redirectURL);
-
- } else {
- redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, newMOASessionID);
-
- }
-
- try {
- AuthenticationSessionStoreage.storeSession(session);
- } catch (MOADatabaseException e) {
- throw new MOAIDException("Session store error", null);
- }
-
-
- resp.setContentType("text/html");
- resp.setStatus(302);
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
- }
-
- }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
-
- } catch (Exception e) {
- Logger.error("GetForeignIDServlet has an interal Error.", e);
-
- }
- }
-
-
-
-
-
- /**
- * Builds the szrgw:GetIdentityLinkRequest fuer the SZR-GW
- * @param givenname
- * @param familyname
- * @param birthday
- * @return
- */
-// private static Document buildGetIdentityLinkRequest(X509Certificate cert) {
-//
-// try {
-// byte[] certbyte = cert.getEncoded();
-// String certstring = Base64.encode(certbyte);
-//
-// DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
-// factory.setNamespaceAware(true);
-// DocumentBuilder builder = factory.newDocumentBuilder();
-// Document doc = builder.newDocument();
-//
-// Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest");
-// getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS);
-// doc.appendChild(getIdentityLink);
-//
-// Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate");
-// getIdentityLink.appendChild(x509certificate);
-// Text certbase64 = doc.createTextNode(certstring);
-// x509certificate.appendChild(certbase64);
-//
-// return doc;
-// } catch (ParserConfigurationException e) {
-// e.printStackTrace();
-// } catch (CertificateEncodingException e) {
-// e.printStackTrace();
-// }
-// return null;
-//
-// }
-//
-// /**
-// * Checks a parameter.
-// * @param param parameter
-// * @return true if the parameter is null or empty
-// */
-// private boolean isEmpty(String param) {
-// return param == null || param.length() == 0;
-// }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java deleted file mode 100644 index 043b660c1..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ /dev/null @@ -1,271 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.gv.egovernment.moa.id.auth.servlet; - -import iaik.pki.PKIException; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.util.List; - -import javax.net.ssl.SSLSocketFactory; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.parsers.ParserConfigurationException; - -import org.apache.commons.lang.StringEscapeUtils; -import org.xml.sax.SAXException; - -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.moduls.ModulUtils; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; - -/** - * Servlet requested for getting the foreign eID provided by the security layer - * implementation. Utilizes the {@link AuthenticationServer}. - * @deprecated Use {@link GetMISSessionIDTask} instead. - */ -public class GetMISSessionIDServlet extends AuthServlet { - - /** - * - */ - private static final long serialVersionUID = 4666952867085392597L; - - /** - * Constructor for GetMISSessionIDServlet. - */ - public GetMISSessionIDServlet() { - super(); - } - - /** - * GET requested by security layer implementation to verify that data URL - * resource is available. - * - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, - * HttpServletResponse) - */ - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - doPost(req, resp); - - // Logger.debug("GET GetMISSessionIDServlet"); - // - // resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - // resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - // resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - // resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - } - - /** - * Gets the signer certificate from the InfoboxReadRequest and responds with - * a new <code>CreateXMLSignatureRequest</code>. <br> - * Request parameters: - * <ul> - * <li>MOASessionID: ID of associated authentication session</li> - * <li>XMLResponse: <code><InfoboxReadResponse></code></li> - * </ul> - * - * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, - * HttpServletResponse) - */ - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("POST GetMISSessionIDServlet"); - - Logger.warn(getClass().getName() + " is deprecated and should not be used any more."); - - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, - MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, - MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, - MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, - MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - - // Map parameters; - // try - // { - // parameters = getParameters(req); - // } catch (FileUploadException e) - // { - // Logger.error("Parsing mulitpart/form-data request parameters failed: " - // + e.getMessage()); - // throw new IOException(e.getMessage()); - // } - - String sessionID = req.getParameter(PARAM_SESSIONID); - - // escape parameter strings - sessionID = StringEscapeUtils.escapeHtml(sessionID); - - AuthenticationSession session = null; - String pendingRequestID = null; - try { - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("VerifyCertificate", - PARAM_SESSIONID, "auth.12"); - - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - - session = AuthenticationServer.getSession(sessionID); - - //change MOASessionID - sessionID = AuthenticationSessionStoreage.changeSessionID(session); - - String misSessionID = session.getMISSessionID(); - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - ConnectionParameter connectionParameters = authConf - .getOnlineMandatesConnectionParameter(); - SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( - AuthConfigurationProvider.getInstance(), - connectionParameters); - - List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest( - connectionParameters.getUrl(), misSessionID, sslFactory); - - if (list == null || list.size() == 0) { - Logger.error("Keine Vollmacht gefunden."); - throw new AuthenticationException("auth.15", null); - } - - // for now: list contains only one element - MISMandate mandate = (MISMandate) list.get(0); - - // TODO[tlenz]: UTF-8 ? - String sMandate = new String(mandate.getMandate()); - if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) { - Logger.error("Mandate is empty."); - throw new AuthenticationException("auth.15", - new Object[] { GET_MIS_SESSIONID }); - } - - //check if it is a parsable XML - byte[] byteMandate = mandate.getMandate(); - // TODO[tlenz]: UTF-8 ? - String stringMandate = new String(byteMandate); - DOMUtils.parseDocument(stringMandate, false, - null, null).getDocumentElement(); - - // extract RepresentationType - AuthenticationServer.getInstance().verifyMandate(session, mandate); - - session.setMISMandate(mandate); - session.setAuthenticatedUsed(false); - session.setAuthenticated(true); - - //set QAA Level four in case of card authentifcation - session.setQAALevel(PVPConstants.STORK_QAA_1_4); - - String oldsessionID = session.getSessionID(); - - //Session is implicite stored in changeSessionID!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - - Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); - Logger.info("Daten angelegt zu MOASession " + newMOASessionID); - - String redirectURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), - ModulUtils.buildAuthURL(session.getModul(), - session.getAction(), pendingRequestID), newMOASessionID); - redirectURL = resp.encodeRedirectURL(redirectURL); - - resp.setContentType("text/html"); - resp.setStatus(302); - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - - } catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); - - } catch (GeneralSecurityException ex) { - handleError(null, ex, req, resp, pendingRequestID); - - } catch (PKIException e) { - handleError(null, e, req, resp, pendingRequestID); - - } catch (SAXException e) { - handleError(null, e, req, resp, pendingRequestID); - - } catch (ParserConfigurationException e) { - handleError(null, e, req, resp, pendingRequestID); - - } catch (Exception e) { - Logger.error("MISMandateValidation has an interal Error.", e); - - } - finally { - ConfigurationDBUtils.closeSession(); - } - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index c08d77f12..0a6d30be7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -32,10 +32,11 @@ import org.apache.velocity.VelocityContext; import org.opensaml.saml2.core.LogoutResponse; import org.opensaml.saml2.metadata.SingleLogoutService; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.data.SLOInformationContainer; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.SSOManager; @@ -64,9 +65,9 @@ public class IDPSingleLogOutServlet extends AuthServlet { SSOManager ssomanager = SSOManager.getInstance(); String ssoid = ssomanager.getSSOSessionID(req); - Object restartProcessObj = req.getParameter(PARAM_SLORESTART); + Object restartProcessObj = req.getParameter(MOAIDAuthConstants.PARAM_SLORESTART); - Object tokkenObj = req.getParameter(PARAM_SLOSTATUS); + Object tokkenObj = req.getParameter(MOAIDAuthConstants.PARAM_SLOSTATUS); String tokken = null; String status = null; if (tokkenObj != null && tokkenObj instanceof String) { @@ -78,7 +79,7 @@ public class IDPSingleLogOutServlet extends AuthServlet { } VelocityContext context = new VelocityContext(); - if (SLOSTATUS_SUCCESS.equals(status)) + if (MOAIDAuthConstants.SLOSTATUS_SUCCESS.equals(status)) context.put("successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); else @@ -141,23 +142,23 @@ public class IDPSingleLogOutServlet extends AuthServlet { } else { //print SLO information directly - redirectURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/idpSingleLogout"; + redirectURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/idpSingleLogout"; String artifact = Random.nextRandom(); String statusCode = null; if (sloContainer.getSloFailedOAs() == null || sloContainer.getSloFailedOAs().size() == 0) - statusCode = SLOSTATUS_SUCCESS; + statusCode = MOAIDAuthConstants.SLOSTATUS_SUCCESS; else - statusCode = SLOSTATUS_ERROR; + statusCode = MOAIDAuthConstants.SLOSTATUS_ERROR; AssertionStorage.getInstance().put(artifact, statusCode); - redirectURL = addURLParameter(redirectURL, PARAM_SLOSTATUS, artifact); + redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact); } //redirect to Redirect Servlet - String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet"; + String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(redirectURL, "UTF-8")); url = resp.encodeRedirectURL(url); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index d7de985a4..77675175e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -53,10 +53,9 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.moduls.SSOManager; @@ -86,14 +85,14 @@ public class LogOutServlet extends AuthServlet { if (MiscUtil.isEmpty(redirectUrl)) { //set default redirect Target Logger.debug("Set default RedirectURL back to MOA-ID-Auth"); - redirectUrl = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + redirectUrl = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); } else { //return an error if RedirectURL is not a active Online-Applikation - OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(redirectUrl); + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(redirectUrl); if (oa == null) { Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth"); - redirectUrl = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + redirectUrl = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java deleted file mode 100644 index 24daa76a3..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ /dev/null @@ -1,774 +0,0 @@ -/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import iaik.x509.X509Certificate;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.StringWriter;
-import java.net.URL;
-import java.text.SimpleDateFormat;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Date;
-import java.util.List;
-import java.util.Properties;
-
-import javax.activation.DataSource;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.transform.stream.StreamSource;
-
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.saml2.core.StatusCode;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.auth.stork.STORKException;
-import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-import at.gv.util.xsd.xmldsig.SignatureType;
-import at.gv.util.xsd.xmldsig.X509DataType;
-import eu.stork.oasisdss.api.ApiUtils;
-import eu.stork.oasisdss.api.LightweightSourceResolver;
-import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
-import eu.stork.oasisdss.api.utils.ByteArrayDataSource;
-import eu.stork.oasisdss.profile.DocumentType;
-import eu.stork.oasisdss.profile.DocumentWithSignature;
-import eu.stork.oasisdss.profile.SignRequest;
-import eu.stork.oasisdss.profile.SignResponse;
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.PEPSUtil;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.PersonalAttributeList;
-import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
-import eu.stork.peps.auth.commons.STORKAuthnResponse;
-import eu.stork.peps.auth.engine.STORKSAMLEngine;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-
-import eu.stork.documentservice.DocumentService;
-import eu.stork.documentservice.data.DatabaseConnectorMySQLImpl;
-import javax.xml.namespace.QName;
-import javax.xml.ws.Service;
-import javax.xml.ws.soap.SOAPBinding;
-import javax.xml.ws.BindingProvider;
-
-
-/**
- * Endpoint for receiving STORK response messages
- * @deprecated Use {@link at.gv.egovernment.moa.id.auth.modules.stork.tasks.PepsConnectorTask} instead.
- */
-public class PEPSConnectorServlet extends AuthServlet {
-
- private static final long serialVersionUID = 1L;
-
- public static final String PEPSCONNECTOR_SERVLET_URL_PATTERN = "/PEPSConnector";
-
- private String dtlUrl = null;
-
-
- public PEPSConnectorServlet()
- {
- super();
-
- try {
- AuthConfigurationProvider authConfigurationProvider = AuthConfigurationProvider.getInstance();
- dtlUrl = authConfigurationProvider.getDocumentServiceUrl();
- Logger.info ("PEPSConnectorServlet, using dtlUrl:"+dtlUrl);
- } catch (Exception e) {
- dtlUrl = "http://testvidp.buergerkarte.at/DocumentService/DocumentService";
- e.printStackTrace();
- Logger.error("Loading documentservice url failed, using default value:"+dtlUrl);
- }
-
-// Properties props = new Properties();
-// try {
-// props.load(DatabaseConnectorMySQLImpl.class.getResourceAsStream("docservice.properties"));
-// dtlUrl = props.getProperty("docservice.url");
-// } catch (IOException e) {
-// dtlUrl = "http://testvidp.buergerkarte.at/DocumentService/DocumentService";
-// Logger.error("Loading DTL config failed, using default value:"+dtlUrl);
-// e.printStackTrace();
-// }
- }
- /**
- * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
- */
- protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
- super.doGet(request, response);
- }
-
- /**
- * Handles the reception of a STORK response message
- * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
- */
- protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-
- String pendingRequestID = null;
-
- try {
-
- Logger.warn(getClass().getName() + " is deprecated and should not be used any more.");
-
- Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
- Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request));
-
- super.setNoCachingHeadersInHttpRespone(request, response);
- Logger.trace("No Caching headers set for HTTP response");
-
- //check if https or only http
- super.checkIfHTTPisAllowed(request.getRequestURL().toString());
-
- Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
-
- //extract STORK Response from HTTP Request
- //Decodes SAML Response
- byte[] decSamlToken;
- try {
- decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
- Logger.debug("SAMLResponse: " + new String(decSamlToken));
-
- } catch(NullPointerException e) {
- Logger.error("Unable to retrieve STORK Response", e);
- throw new MOAIDException("stork.04", null);
- }
-
-
-
- //Get SAMLEngine instance
- STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing");
-
- STORKAuthnResponse authnResponse = null;
- try {
- //validate SAML Token
- Logger.debug("Starting validation of SAML response");
- authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
- Logger.info("SAML response succesfully verified!");
- }catch(STORKSAMLEngineException e){
- Logger.error("Failed to verify STORK SAML Response", e);
- throw new MOAIDException("stork.05", null);
- }
-
- Logger.info("STORK SAML Response message succesfully extracted");
- Logger.debug("STORK response: ");
- Logger.debug(authnResponse.toString());
-
- // do PEPS-conform logging for easier evaluation
- try {
- // 2015-03-12 16:44:27.144#S-PEPS receives response from C-PEPS#orig_msg_id id2 (in response to)#orig_msg_id id1 (in response to)#status#msghash#msg_id id3#
- Logger.info(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(new Date()) + "#S-PEPS receives response from C-PEPS#" +
- authnResponse.getInResponseTo() + "#NA#" + authnResponse.getMessage() + "#_hash_#" + authnResponse.getSamlId() + "#");
- } catch (Exception e1) {
- Logger.info("STORK PEPS conform logging failed because of: " + e1.getMessage());
- }
- - Logger.debug("Trying to find MOA Session-ID ...");
- //String moaSessionID = request.getParameter(PARAM_SESSIONID);
- //first use SAML2 relayState
- String moaSessionID = request.getParameter("RelayState");
-
- // escape parameter strings
- moaSessionID= StringEscapeUtils.escapeHtml(moaSessionID);
-
- //check if SAML2 relaystate includes a MOA sessionID
- if (StringUtils.isEmpty(moaSessionID)) {
- //if relaystate is emtpty, use SAML response -> inResponseTo element as session identifier
-
- moaSessionID = authnResponse.getInResponseTo();
- moaSessionID= StringEscapeUtils.escapeHtml(moaSessionID);
-
- if (StringUtils.isEmpty(moaSessionID)) {
- //No authentication session has been started before
- Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
- Logger.debug("PEPSConnectorURL was: " + request.getRequestURL());
- throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
-
- } else
- Logger.trace("Use MOA SessionID " + moaSessionID + " from AuthnResponse->inResponseTo attribute.");
-
- } else
- //Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter.");
- Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState.");
-
- /*INFO!!!!
- * SAML message IDs has an different format then MOASessionIDs
- * This is only a workaround because many PEPS does not support SAML2 relayState or
- * MOASessionID as AttributConsumerServiceURL GET parameter
- */
-// if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
-// throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
-
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
-
- //load MOASession from database
- AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
- //change MOASessionID
- moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
-
- Logger.info("Found MOA sessionID: " + moaSessionID);
-
-
-
- String statusCodeValue = authnResponse.getStatusCode();
-
- if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) {
- Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue);
- throw new MOAIDException("stork.06", new Object[] { statusCodeValue });
- }
-
- Logger.info("Got SAML response with authentication success message.");
-
- Logger.debug("MOA session is still valid");
-
- STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
-
- if (storkAuthnRequest == null) {
- Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
- throw new MOAIDException("stork.07", null);
- }
-
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix());
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
- //================== Check QAA level start ====================
- int reqQaa = -1;
- int authQaa = -1;
- String authQaaStr = null;
- try {
- reqQaa = storkAuthnRequest.getQaa();
-
- //TODO: found better solution, but QAA Level in response could be not supported yet
- try {
-
- authQaaStr = authnResponse.getAssertions().get(0).
- getAuthnStatements().get(0).getAuthnContext().
- getAuthnContextClassRef().getAuthnContextClassRef();
- moaSession.setQAALevel(authQaaStr);
-
- } catch (Throwable e) {
- Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
- moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
- authQaaStr = PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel();
- }
- if(authQaaStr != null)//Check value only if set
- {
- authQaa = Integer.valueOf(authQaaStr.substring(PVPConstants.STORK_QAA_PREFIX.length()));
-// authQaa = Integer.valueOf(authQaaStr);
- if (reqQaa > authQaa) {
- Logger.warn("Requested QAA level does not match to authenticated QAA level");
- throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa});
-
- }
- }
- } catch (MOAIDException e) {
- throw e;
-
- } catch (Exception e) {
- if (Logger.isDebugEnabled())
- Logger.warn("STORK QAA Level evaluation error", e);
-
- else
- Logger.warn("STORK QAA Level evaluation error (ErrorMessage="
- + e.getMessage() + ")");
-
- throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa});
-
- }
- //================== Check QAA level end ====================
-
- Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
-
- ////////////// incorporate gender from parameters if not in stork response
-
- IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
-
- // but first, check if we have a representation case
- if(STORKResponseProcessor.hasAttribute("mandateContent", attributeList) || STORKResponseProcessor.hasAttribute("representative", attributeList) || STORKResponseProcessor.hasAttribute("represented", attributeList)) {
- // in a representation case...
- moaSession.setUseMandate("true");
-
- // and check if we have the gender value
- PersonalAttribute gender = attributeList.get("gender"); // TODO Do we need to check gender value if there is no representation case?
- if(null == gender) {
- String gendervalue = (String) request.getParameter("gender");
- if(null != gendervalue) {
- gender = new PersonalAttribute();
- gender.setName("gender");
- ArrayList<String> tmp = new ArrayList<String>();
- tmp.add(gendervalue);
- gender.setValue(tmp);
-
- authnResponse.getPersonalAttributeList().add(gender);
- }
- }
- }
-
- //////////////////////////////////////////////////////////////////////////
-
- Logger.debug("Starting extraction of signedDoc attribute");
- //extract signed doc element and citizen signature
- String citizenSignature = null;
- try {
- String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0); // TODO ERROR HANDLING
-
- Logger.debug("signatureInfo:"+signatureInfo);
-
- SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(signatureInfo)));
-
- // fetch signed doc
- DataSource ds = null;
- try{
- ds = LightweightSourceResolver.getDataSource(dssSignResponse);
- }catch(Exception e)
- {
- e.printStackTrace();
- }
- if(ds == null){
- //Normal DocumentServices return a http-page, but the SI DocumentService returns HTTP error 500
- //which results in an exception and ds==null
-
- //try to load document from documentservice
- citizenSignature = loadDocumentFromDocumentService(dssSignResponse);
- //throw new ApiUtilsException("No datasource found in response");
- }
- else
- {
- InputStream incoming = ds.getInputStream();
- citizenSignature = IOUtils.toString(incoming);
- incoming.close();
-
- Logger.debug("citizenSignature:"+citizenSignature);
- if(isDocumentServiceUsed(citizenSignature)==true)
- {
- citizenSignature = loadDocumentFromDocumentService(dssSignResponse);
- // Logger.debug("Loading document from DocumentService.");
- // String url = getDtlUrlFromResponse(dssSignResponse);
- // //get Transferrequest
- // String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url);
- // //Load document from DocumentService
- // byte[] data = getDocumentFromDtl(transferRequest, url);
- // citizenSignature = new String(data, "UTF-8");
- // Logger.debug("Overridung citizenSignature with:"+citizenSignature);
- }
- }
- JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName());
- SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(IOUtils.toInputStream(citizenSignature))).getValue();
-
- // memorize signature into authblock
- moaSession.setAuthBlock(citizenSignature);
-
- // extract certificate
- for(Object current : root.getKeyInfo().getContent())
- if(((JAXBElement<?>) current).getValue() instanceof X509DataType) {
- for(Object currentX509Data : ((JAXBElement<X509DataType>) current).getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
- JAXBElement<?> casted = ((JAXBElement<?>) currentX509Data);
- if(casted.getName().getLocalPart().equals("X509Certificate")) {
- moaSession.setSignerCertificate(new X509Certificate(((String)casted.getValue()).getBytes("UTF-8")));
- break;
- }
- }
- }
-
-
- } catch (Throwable e) {
- Logger.error("Could not extract citizen signature from C-PEPS", e);
- throw new MOAIDException("stork.09", null);
- }
- Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
- Logger.debug("Citizen signature will be verified by SZR Gateway!");
-
- Logger.debug("fetching OAParameters from database");
-
-// //read configuration paramters of OA
-// AuthenticationSession moasession;
-// try {
-// moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
-// } catch (MOADatabaseException e2) {
-// Logger.error("could not retrieve moa session");
-// throw new AuthenticationException("auth.01", null);
-// }
-// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix());
-// if (oaParam == null)
-// throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
-
- // retrieve target
- //TODO: check in case of SSO!!!
- String targetType = null;
- if(oaParam.getBusinessService()) {
- String id = oaParam.getIdentityLinkDomainIdentifier();
- if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
- targetType = id;
- else
- targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moaSession.getDomainIdentifier();
- } else {
- targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
- }
-
- IdentityLink identityLink = null;
- try {
- AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
- if(config.isStorkFakeIdLActive() && config.getStorkFakeIdLCountries().contains(storkAuthnRequest.getCitizenCountryCode())) {
- // create fake IdL
- // - fetch IdL template from resources
- InputStream s = PEPSConnectorServlet.class.getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml");
- Element idlTemplate = DOMUtils.parseXmlValidating(s);
-
- identityLink = new IdentityLinkAssertionParser(idlTemplate).parseIdentityLink();
-
- // replace data
- Element idlassertion = identityLink.getSamlAssertion();
- // - set bpk/wpbk;
- Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
- if(!STORKResponseProcessor.hasAttribute("eIdentifier", attributeList))
- throw new STORKException("eIdentifier is missing");
- String eIdentifier = STORKResponseProcessor.getAttributeValue("eIdentifier", attributeList, false);
- prIdentification.getFirstChild().setNodeValue(eIdentifier);
-
- // - set last name
- Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
- if(!STORKResponseProcessor.hasAttribute("surname", attributeList))
- throw new STORKException("surname is missing");
- String familyName = STORKResponseProcessor.getAttributeValue("surname", attributeList, false);
- prFamilyName.getFirstChild().setNodeValue(familyName);
-
- // - set first name
- Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
- if(!STORKResponseProcessor.hasAttribute("givenName", attributeList))
- throw new STORKException("givenName is missing");
- String givenName = STORKResponseProcessor.getAttributeValue("givenName", attributeList, false);
- prGivenName.getFirstChild().setNodeValue(givenName);
-
- // - set date of birth
- Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
- if(!STORKResponseProcessor.hasAttribute("dateOfBirth", attributeList))
- throw new STORKException("dateOfBirth is missing");
- String dateOfBirth = STORKResponseProcessor.getAttributeValue("dateOfBirth", attributeList, false);
- prDateOfBirth.getFirstChild().setNodeValue(dateOfBirth);
-
- identityLink = new IdentityLinkAssertionParser(idlassertion).parseIdentityLink();
-
- //resign IDL
- IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
- Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), config.getStorkFakeIdLResigningKey());
- identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink();
- } else {
- //contact SZR Gateway
- Logger.debug("Starting connecting SZR Gateway");
- identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(),
- oaParam.getFriendlyName(),
- targetType, null,
- oaParam.getMandateProfiles(), citizenSignature);
- }
- } catch (STORKException e) {
- // this is really nasty but we work against the system here. We are supposed to get the gender attribute from
- // stork. If we do not, we cannot register the person in the ERnP - we have to have the
- // gender for the represented person. So here comes the dirty hack.
- if(e.getCause() instanceof STORKException && e.getCause().getMessage().equals("gender not found in response")) {
- try {
- Logger.trace("Initialize VelocityEngine...");
-
- VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
- Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html");
- VelocityContext context = new VelocityContext();
- context.put("SAMLResponse", request.getParameter("SAMLResponse"));
- context.put("action", request.getRequestURL());
-
- StringWriter writer = new StringWriter();
- template.merge(context, writer);
-
- response.getOutputStream().write(writer.toString().getBytes("UTF-8"));
- } catch (Exception e1) {
- Logger.error("Error sending gender retrival form.", e1);
-// httpSession.invalidate();
- throw new MOAIDException("stork.10", null);
- }
-
- return;
- }
-
- Logger.error("Error connecting SZR Gateway", e);
- throw new MOAIDException("stork.10", null);
- }
- Logger.debug("SZR communication was successfull");
-
- if (identityLink == null) {
- Logger.error("SZR Gateway did not return an identity link.");
- throw new MOAIDException("stork.10", null);
- }
- moaSession.setForeigner(true);
-
- Logger.info("Received Identity Link from SZR Gateway");
- moaSession.setIdentityLink(identityLink);
-
- Logger.debug("Adding addtional STORK attributes to MOA session");
- moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList());
-
- Logger.debug("Add full STORK AuthnResponse to MOA session");
- moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));
-
- //We don't have BKUURL, setting from null to "Not applicable"
- moaSession.setBkuURL("Not applicable (STORK Authentication)");
-
- // free for single use
- moaSession.setAuthenticatedUsed(false);
-
- // stork did the authentication step
- moaSession.setAuthenticated(true);
-
- // do PEPS-conform logging for easier evaluation
- try {
- // 2015-03-12 16:44:27.144#S-PEPS generates response to SP#orig_msg_id id1 (in response to)#status#msghash#msg_id id4#
- Logger.info(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(new Date()) + "#S-PEPS generates response to SP#" +
- "#NA#" + authnResponse.getMessage() + "#_hash_#" + moaSession.getProcessInstanceId() + "#");
- } catch (Exception e1) {
- Logger.info("STORK PEPS conform logging failed because of: " + e1.getMessage());
- }
-
-// //TODO: found better solution, but QAA Level in response could be not supported yet
-// try {
-//
-// moaSession.setQAALevel(authnResponse.getAssertions().get(0).
-// getAuthnStatements().get(0).getAuthnContext().
-// getAuthnContextClassRef().getAuthnContextClassRef());
-//
-// } catch (Throwable e) {
-// Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
-// moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
-//
-// }
-
- //session is implicit stored in changeSessionID!!!!
- String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
-
- Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
-
- //redirect
- String redirectURL = null;
- redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
- ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID);
- redirectURL = response.encodeRedirectURL(redirectURL);
-
-// response.setContentType("text/html");
-// response.setStatus(302);
-// response.addHeader("Location", redirectURL);
- response.sendRedirect(redirectURL);
- Logger.info("REDIRECT TO: " + redirectURL);
-
-
-
- } catch (AuthenticationException e) {
- handleError(null, e, request, response, pendingRequestID);
-
- } catch (MOAIDException e) {
- handleError(null, e, request, response, pendingRequestID);
-
- } catch (Exception e) {
- Logger.error("PEPSConnector has an interal Error.", e);
- }
-
-
- finally {
- ConfigurationDBUtils.closeSession();
- }
-
- }
-
- private String loadDocumentFromDocumentService(SignResponse dssSignResponse) throws Exception
- {
- Logger.debug("Loading document from DocumentService.");
- String url = getDtlUrlFromResponse(dssSignResponse);
- Logger.debug("Loading document from DocumentService, url:"+url);
- //get Transferrequest
- String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url);
- //Load document from DocumentService
- byte[] data = getDocumentFromDtl(transferRequest, url);
- String citizenSignature = new String(data, "UTF-8");
- Logger.debug("Overridung citizenSignature with:"+citizenSignature);
- return citizenSignature;
- }
-
- private boolean isDocumentServiceUsed(String citizenSignature) //TODo add better check
- {
- if(citizenSignature.contains("<table border=\"0\"><tr><td>Service Name:</td><td>{http://stork.eu}DocumentService</td></tr><tr><td>Port Name:</td><td>{http://stork.eu}DocumentServicePort</td></tr></table>"))
- {
- Logger.trace("isDocumentServiceUsed => true");
- return true;
- }
- Logger.trace("isDocumentServiceUsed => false");
- return false;
- }
-
- /**
- * Get DTL uril from the oasis sign response
- * @param signRequest The signature response
- * @return The URL of DTL service
- * @throws SimpleException
- */
- private String getDtlUrlFromResponse(SignResponse dssSignResponse) {
- List<DocumentWithSignature> documents = ApiUtils.findNamedElement(dssSignResponse.getOptionalOutputs(),
- ApiUtils.OPTIONAL_OUTPUT_DOCUMENTWITHSIGNATURE, DocumentWithSignature.class);
- DocumentType sourceDocument = documents.get(0).getDocument();
-
- if (sourceDocument.getDocumentURL() != null)
- return sourceDocument.getDocumentURL();
- else
- return null;//throw new Exception("No document url found");
- }
-
-//From DTLPEPSUTIL
-
-
-
- /**
- * Get document from DTL
- * @param transferRequest The transfer request (attribute query)
- * @param eDtlUrl The DTL url of external DTL
- * @return the document data
- * @throws SimpleException
- */
- private byte[] getDocumentFromDtl(String transferRequest, String eDtlUrl) throws Exception
- {
- URL url = null;
- try
- {
- Logger.debug("getDocumentFromDtl, dtlUrl:'"+dtlUrl+"' eDtlUrl:'"+eDtlUrl+"'");
- url = new URL(dtlUrl);
- QName qname = new QName("http://stork.eu",
- "DocumentService");
-
- Service service = Service.create(url, qname);
- DocumentService docservice = service.getPort(DocumentService.class);
-
- BindingProvider bp = (BindingProvider) docservice;
- SOAPBinding binding = (SOAPBinding) bp.getBinding();
- binding.setMTOMEnabled(true);
-
- if (eDtlUrl.equalsIgnoreCase(dtlUrl))
- return docservice.getDocument(transferRequest, "");
- else
- return docservice.getDocument(transferRequest, eDtlUrl);
- }
- catch (Exception e)
- {
- e.printStackTrace();
- throw new Exception("Error in getDocumentFromDtl", e);
- }
- }
-
- /**
- * Get a document transfer request (attribute query)
- * @param docId
- * @return
- * @throws SimpleException
- */
- private String getDocTransferRequest(String docId, String destinationUrl) throws Exception
- {
- String spCountry = docId.substring(0, docId.indexOf("/"));
- final STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
- STORKAttrQueryRequest req = new STORKAttrQueryRequest();
- req.setAssertionConsumerServiceURL(dtlUrl);
- req.setDestination(destinationUrl);
- req.setSpCountry(spCountry);
- req.setQaa(3);//TODO
- PersonalAttributeList pal = new PersonalAttributeList();
- PersonalAttribute attr = new PersonalAttribute();
- attr.setName("docRequest");
- attr.setIsRequired(true);
- attr.setValue(Arrays.asList(docId));
- pal.add(attr);
- req.setPersonalAttributeList(pal);
-
- STORKAttrQueryRequest req1;
- try {
- req1 = engine.generateSTORKAttrQueryRequest(req);
- return PEPSUtil.encodeSAMLTokenUrlSafe(req1.getTokenSaml());
- } catch (STORKSAMLEngineException e) {
- e.printStackTrace();
- throw new Exception("Error in doc request attribute query generation", e);
- }
- }
-
- /**
- * Get mime type of document from DTL
- * @param docId The document id
- * @param dtlUrl The url of dtl
- * @return The mime type
- */
-// private String getDocumentMimeFromDtl(String docId, String eDtlUrl) throws Exception
-// {
-// URL url = null;
-// try
-// {
-// url = new URL(dtlUrl);
-// QName qname = new QName("http://stork.eu",
-// "DocumentService");
-//
-// Service service = Service.create(url, qname);
-// DocumentService docservice = service.getPort(DocumentService.class);
-//
-// BindingProvider bp = (BindingProvider) docservice;
-// SOAPBinding binding = (SOAPBinding) bp.getBinding();
-// binding.setMTOMEnabled(true);
-//
-// if (eDtlUrl.equalsIgnoreCase(dtlUrl))
-// return docservice.getDocumentMime(docId, "");
-// else
-// return docservice.getDocumentMime(docId, eDtlUrl);
-// }
-// catch (Exception e)
-// {
-// e.printStackTrace();
-// throw new Exception("Error in getDocumentFromDtl", e);
-// }
-// }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java deleted file mode 100644 index 337a9ed31..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java +++ /dev/null @@ -1,816 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -package at.gv.egovernment.moa.id.auth.servlet; - -import iaik.x509.X509Certificate; - -import java.io.IOException; -import java.io.InputStream; -import java.io.StringWriter; -import java.io.UnsupportedEncodingException; -import java.security.cert.CertificateException; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; - -import javax.activation.DataSource; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.JAXBException; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.Source; -import javax.xml.transform.TransformerConfigurationException; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactoryConfigurationError; -import javax.xml.transform.stream.StreamSource; - -import org.apache.commons.codec.binary.Base64; -import org.apache.commons.io.IOUtils; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; -import org.opensaml.saml2.core.StatusCode; -import org.xml.sax.SAXException; - -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BKUException; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.ServiceException; -import at.gv.egovernment.moa.id.auth.stork.STORKException; -import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.moduls.ModulUtils; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.VelocityProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.spss.MOAException; -import at.gv.egovernment.moa.spss.api.SPSSFactory; -import at.gv.egovernment.moa.spss.api.SignatureVerificationService; -import at.gv.egovernment.moa.spss.api.common.Content; - -import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo; -import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation; -import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; -import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.util.StringUtils; -import at.gv.util.xsd.xmldsig.SignatureType; -import at.gv.util.xsd.xmldsig.X509DataType; -import eu.stork.oasisdss.api.ApiUtils; -import eu.stork.oasisdss.api.LightweightSourceResolver; -import eu.stork.oasisdss.api.exceptions.ApiUtilsException; -import eu.stork.oasisdss.api.exceptions.UtilsException; -import eu.stork.oasisdss.profile.SignRequest; -import eu.stork.oasisdss.profile.SignResponse; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PEPSUtil; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.commons.STORKAuthnResponse; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; -//import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; - -/** - * Endpoint for receiving STORK response messages - * @deprecated Use {@link at.gv.egovernment.moa.id.auth.modules.stork.tasks.PepsConnectorHandleResponseWithoutSignatureTask} instead. - */ -public class PEPSConnectorWithLocalSigningServlet extends AuthServlet { - private static final long serialVersionUID = 1L; - - public static final String PEPSCONNECTOR_SERVLET_URL_PATTERN = "/PEPSConnectorWithLocalSigning"; - - private String oasisDssWebFormURL = "https://testvidp.buergerkarte.at/oasis-dss/DSSWebFormServlet";//load from config below - - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) - */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - super.doGet(request, response); - } - - /** - * Handles the reception of a STORK response message - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) - */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException - { - Logger.warn(getClass().getName() + " is deprecated and should not be used any more."); - - String moaSessionID1 = request.getParameter("moaSessionID"); - String signResponse = request.getParameter("signresponse"); - Logger.info("moaSessionID1:"+moaSessionID1); - Logger.info("signResponse:"+signResponse); - if(moaSessionID1!=null) - { - if(signResponse!=null) - { - //redirect from oasis with signresponse - handleSignResponse(request, response); - } - else - { - //should not occur - throw new IOException("should not occur"); - } - } - else - { - if(signResponse!=null) - { - //should not occur - throw new IOException("should not occur"); - } - else - { - //normal saml response - handleSAMLResponse(request, response); - } - } - return; - } - - private void handleSignResponse(HttpServletRequest request, HttpServletResponse response) { - Logger.info("handleSignResponse started"); - String moaSessionID = request.getParameter("moaSessionID"); - String signResponse = request.getParameter("signresponse"); - Logger.info("moaSessionID:"+moaSessionID); - Logger.info("signResponse:"+signResponse); - String pendingRequestID = null; - try{ - - - //load MOASession from database - AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID); - //change MOASessionID - moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); - - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); - Logger.info("pendingRequestID:"+pendingRequestID); - String signResponseString = new String(Base64.decodeBase64(signResponse), "UTF8"); - Logger.info("RECEIVED signresponse:"+signResponseString); - //create SignResponse object - Source response1 = new StreamSource(new java.io.StringReader(signResponseString)); - SignResponse dssSignResponse = ApiUtils.unmarshal(response1, SignResponse.class); - - // SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(Base64.signResponse))); - - String citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse); - - // memorize signature into authblock - moaSession.setAuthBlock(citizenSignature); - - X509Certificate cert = getSignerCertificate(citizenSignature); - moaSession.setSignerCertificate(cert); - VerifyXMLSignatureResponse xMLVerifySignatureResponse = verifyXMLSignature(citizenSignature); - at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse tmp = convert(xMLVerifySignatureResponse); - - - moaSession.setXMLVerifySignatureResponse(tmp); - try{ - IPersonalAttributeList personalAttributeList = moaSession.getAuthnResponseGetPersonalAttributeList(); - //Add SignResponse TODO Add signature (extracted from signResponse)? - List<String> values = new ArrayList<String>(); - values.add(signResponseString); -// values.add(citizenSignature); - Logger.debug("Assembling signedDoc attribute"); - PersonalAttribute signedDocAttribute = new PersonalAttribute("signedDoc", false, values, - "Available"); - personalAttributeList.add(signedDocAttribute); - - String authnContextClassRef = moaSession.getAuthnContextClassRef(); - SZRGInsertion(moaSession, personalAttributeList, authnContextClassRef, citizenSignature); - } catch (STORKException e) { - // this is really nasty but we work against the system here. We are supposed to get the gender attribute from - // stork. If we do not, we cannot register the person in the ERnP - we have to have the - // gender for the represented person. So here comes the dirty hack. - if(e.getCause() instanceof STORKException && e.getCause().getMessage().equals("gender not found in response")) { - try { - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html"); - VelocityContext context = new VelocityContext(); - context.put("SAMLResponse", request.getParameter("SAMLResponse")); - context.put("action", request.getRequestURL()); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - - response.getOutputStream().write(writer.toString().getBytes("UTF-8")); - } catch (Exception e1) { - Logger.error("Error sending gender retrival form.", e1); - // httpSession.invalidate(); - throw new MOAIDException("stork.10", null); - } - - return; - } - - Logger.error("Error connecting SZR Gateway", e); - throw new MOAIDException("stork.10", null); - } - - Logger.debug("Add full STORK AuthnResponse to MOA session"); - moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));//TODO ask Florian/Thomas authnResponse? - moaSession.setForeigner(true); - - //session is implicit stored in changeSessionID!!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); - - Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID); - - //redirect - String redirectURL = null; - redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), - ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID); - redirectURL = response.encodeRedirectURL(redirectURL); - - response.sendRedirect(redirectURL); - Logger.info("REDIRECT TO: " + redirectURL); - - } catch (AuthenticationException e) { - handleError(null, e, request, response, pendingRequestID); - - } catch (MOAIDException e) { - handleError(null, e, request, response, pendingRequestID); - - } catch (Exception e) { - Logger.error("PEPSConnector has an interal Error.", e); - } - - finally { - ConfigurationDBUtils.closeSession(); - } - } - - private void handleSAMLResponse(HttpServletRequest request, HttpServletResponse response) { - Logger.info("handleSAMLResponse started"); - String pendingRequestID = null; - - try { - Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message."); - Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request)); - - super.setNoCachingHeadersInHttpRespone(request, response); - Logger.trace("No Caching headers set for HTTP response"); - - //check if https or only http - super.checkIfHTTPisAllowed(request.getRequestURL().toString()); - - Logger.debug("Beginning to extract SAMLResponse out of HTTP Request"); - - //extract STORK Response from HTTP Request - //Decodes SAML Response - byte[] decSamlToken; - try { - decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse")); - Logger.debug("SAMLResponse: " + new String(decSamlToken)); - - } catch(NullPointerException e) { - Logger.error("Unable to retrieve STORK Response", e); - throw new MOAIDException("stork.04", null); - } - - //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing"); - - STORKAuthnResponse authnResponse = null; - try { - //validate SAML Token - Logger.debug("Starting validation of SAML response"); - authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost()); - Logger.info("SAML response succesfully verified!"); - }catch(STORKSAMLEngineException e){ - Logger.error("Failed to verify STORK SAML Response", e); - throw new MOAIDException("stork.05", null); - } - - Logger.info("STORK SAML Response message succesfully extracted"); - Logger.debug("STORK response: "); - Logger.debug(authnResponse.toString()); - - Logger.debug("Trying to find MOA Session-ID ..."); - //String moaSessionID = request.getParameter(PARAM_SESSIONID); - //first use SAML2 relayState - String moaSessionID = request.getParameter("RelayState"); - - // escape parameter strings - moaSessionID= StringEscapeUtils.escapeHtml(moaSessionID); - - //check if SAML2 relaystate includes a MOA sessionID - if (StringUtils.isEmpty(moaSessionID)) { - //if relaystate is emtpty, use SAML response -> inResponseTo element as session identifier - - moaSessionID = authnResponse.getInResponseTo(); - moaSessionID= StringEscapeUtils.escapeHtml(moaSessionID); - - if (StringUtils.isEmpty(moaSessionID)) { - //No authentication session has been started before - Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started"); - Logger.debug("PEPSConnectorURL was: " + request.getRequestURL()); - throw new AuthenticationException("auth.02", new Object[] { moaSessionID }); - - } else - Logger.trace("Use MOA SessionID " + moaSessionID + " from AuthnResponse->inResponseTo attribute."); - - } else - //Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter."); - Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState."); - - /*INFO!!!! - * SAML message IDs has an different format then MOASessionIDs - * This is only a workaround because many PEPS does not support SAML2 relayState or - * MOASessionID as AttributConsumerServiceURL GET parameter - */ - // if (!ParamValidatorUtils.isValidSessionID(moaSessionID)) - // throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12"); - - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); - - //load MOASession from database - AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID); - //change MOASessionID - moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); - - Logger.info("Found MOA sessionID: " + moaSessionID); - - - - String statusCodeValue = authnResponse.getStatusCode(); - - if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) { - Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue); - throw new MOAIDException("stork.06", new Object[] { statusCodeValue }); - } - - Logger.info("Got SAML response with authentication success message."); - - Logger.debug("MOA session is still valid"); - - STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest(); - - if (storkAuthnRequest == null) { - Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); - throw new MOAIDException("stork.07", null); - } - - Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); - - ////////////// incorporate gender from parameters if not in stork response - - IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList(); - - // but first, check if we have a representation case - if(STORKResponseProcessor.hasAttribute("mandateContent", attributeList) || STORKResponseProcessor.hasAttribute("representative", attributeList) || STORKResponseProcessor.hasAttribute("represented", attributeList)) { - // in a representation case... - moaSession.setUseMandate("true"); - - // and check if we have the gender value - PersonalAttribute gender = attributeList.get("gender"); - if(null == gender) { - String gendervalue = (String) request.getParameter("gender"); - if(null != gendervalue) { - gender = new PersonalAttribute(); - gender.setName("gender"); - ArrayList<String> tmp = new ArrayList<String>(); - tmp.add(gendervalue); - gender.setValue(tmp); - - authnResponse.getPersonalAttributeList().add(gender); - } - } - } - - ////////////////////////////////////////////////////////////////////////// - - Logger.debug("Starting extraction of signedDoc attribute"); - //extract signed doc element and citizen signature - String citizenSignature = null; - try { - PersonalAttribute signedDoc = authnResponse.getPersonalAttributeList().get("signedDoc"); - String signatureInfo = null; - if(signedDoc!=null) - { - signatureInfo = signedDoc.getValue().get(0); - //should not occur - } - else - { - - //store SAMLResponse - moaSession.setSAMLResponse(request.getParameter("SAMLResponse")); - //store authnResponse - - //moaSession.setAuthnResponse(authnResponse);//not serializable - moaSession.setAuthnResponseGetPersonalAttributeList(authnResponse.getPersonalAttributeList()); - - String authnContextClassRef = null; - try { - authnContextClassRef = authnResponse.getAssertions().get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef(); - } catch (Throwable e) { - Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level"); - } - - moaSession.setAuthnContextClassRef(authnContextClassRef); - moaSession.setReturnURL(request.getRequestURL()); - - //load signedDoc - String signRequest = moaSession.getSignedDoc(); - - //session is implicit stored in changeSessionID!!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); - - //set return url to PEPSConnectorWithLocalSigningServlet and add newMOASessionID - //signRequest - - String issuerValue = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); - String acsURL = issuerValue + PEPSConnectorWithLocalSigningServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; - - String url = acsURL+"?moaSessionID="+newMOASessionID; - //redirect to OASIS module and sign there - - boolean found = false; - try{ - List<AttributeProviderPlugin> aps = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()).getStorkAPs(); - Logger.info("Found AttributeProviderPlugins:"+aps.size()); - for(AttributeProviderPlugin ap : aps) - { - Logger.info("Found AttributeProviderPlugin attribute:"+ap.getAttributes()); - if(ap.getAttributes().equalsIgnoreCase("signedDoc")) - { - // FIXME[tlenz]: A servlet's class field is not thread safe. - oasisDssWebFormURL = ap.getUrl(); - found = true; - Logger.info("Loaded signedDoc attribute provider url from config:"+oasisDssWebFormURL); - break; - } - } - }catch(Exception e) - { - e.printStackTrace(); - Logger.error("Loading the signedDoc attribute provider url from config failed"); - } - if(!found) - { - Logger.error("Failed to load the signedDoc attribute provider url from config"); - } - performRedirect(url,request,response,signRequest); - - return; - } - SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(signatureInfo))); - - citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse); - - // memorize signature into authblock - moaSession.setAuthBlock(citizenSignature); - - X509Certificate cert = getSignerCertificate(citizenSignature); - moaSession.setSignerCertificate(cert); - moaSession.setForeigner(true); - - - } catch (Throwable e) { - Logger.error("Could not extract citizen signature from C-PEPS", e); - throw new MOAIDException("stork.09", null); - } - - try{ - SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions().get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef(),citizenSignature); - } catch (STORKException e) { - // this is really nasty but we work against the system here. We are supposed to get the gender attribute from - // stork. If we do not, we cannot register the person in the ERnP - we have to have the - // gender for the represented person. So here comes the dirty hack. - if(e.getCause() instanceof STORKException && e.getCause().getMessage().equals("gender not found in response")) { - try { - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html"); - VelocityContext context = new VelocityContext(); - context.put("SAMLResponse", request.getParameter("SAMLResponse")); - context.put("action", request.getRequestURL()); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - - response.getOutputStream().write(writer.toString().getBytes("UTF-8")); - } catch (Exception e1) { - Logger.error("Error sending gender retrival form.", e1); - // httpSession.invalidate(); - throw new MOAIDException("stork.10", null); - } - - return; - } - - Logger.error("Error connecting SZR Gateway", e); - throw new MOAIDException("stork.10", null); - } - - Logger.debug("Add full STORK AuthnResponse to MOA session"); - moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));//TODO ask Florian/Thomas authnResponse? - - //session is implicit stored in changeSessionID!!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); - - Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID); - - //redirect - String redirectURL = null; - redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), - ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID); - redirectURL = response.encodeRedirectURL(redirectURL); - - response.setContentType("text/html"); - response.setStatus(302); - response.addHeader("Location", redirectURL); - Logger.info("REDIRECT TO: " + redirectURL); - - } catch (AuthenticationException e) { - handleError(null, e, request, response, pendingRequestID); - - } catch (MOAIDException e) { - handleError(null, e, request, response, pendingRequestID); - - } catch (Exception e) { - Logger.error("PEPSConnector has an interal Error.", e); - } - - finally { - ConfigurationDBUtils.closeSession(); - } - - } - - private void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, String signRequestString) - throws MOAIDException { - - try { - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/oasis_dss_webform_binding.vm"); - VelocityContext context = new VelocityContext(); - - Logger.debug("performRedirect, signrequest:"+signRequestString); - Source signDoc = new StreamSource(new java.io.StringReader(signRequestString)); - SignRequest signRequest = ApiUtils.unmarshal(signDoc, SignRequest.class); - signRequest.setReturnURL("TODO"); - signRequestString = IOUtils.toString(ApiUtils.marshalToInputStream(signRequest)); - context.put("signrequest", Base64.encodeBase64String(signRequestString.getBytes("UTF8"))); - context.put("clienturl", url); - context.put("action", oasisDssWebFormURL ); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - - resp.getOutputStream().write(writer.toString().getBytes("UTF-8")); - } catch (Exception e) { - Logger.error("Error sending DSS signrequest.", e); - throw new MOAIDException("stork.11", null); - } - } - - private String getCitizienSignatureFromSignResponseFromSAML(STORKAuthnResponse authnResponse) throws ApiUtilsException, IllegalArgumentException, TransformerConfigurationException, UtilsException, TransformerException, TransformerFactoryConfigurationError, IOException, MOAIDException - { - PersonalAttribute signedDoc = authnResponse.getPersonalAttributeList().get("signedDoc"); - String signatureInfo = null; - if(signedDoc==null) - { - Logger.error("SignedDoc = null, failed to extract Signresponse from authnResponse"); - throw new MOAIDException("stork.09", null); - } - signatureInfo = signedDoc.getValue().get(0); - - SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(signatureInfo))); - String citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse); - return citizenSignature; - - } - - private String getCitizienSignatureFromSignResponse(SignResponse dssSignResponse) throws IllegalArgumentException, TransformerConfigurationException, UtilsException, TransformerException, TransformerFactoryConfigurationError, IOException, ApiUtilsException - { - // fetch signed doc - DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse); - if(ds == null){ - throw new ApiUtilsException("No datasource found in response"); - } - - InputStream incoming = ds.getInputStream(); - String citizenSignature = IOUtils.toString(incoming); - incoming.close(); - - return citizenSignature; - } - - private X509Certificate getSignerCertificate(String citizenSignature) throws CertificateException, JAXBException, UnsupportedEncodingException - { - JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName()); - SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(IOUtils.toInputStream(citizenSignature))).getValue(); - - // extract certificate - for(Object current : root.getKeyInfo().getContent()) - if(((JAXBElement<?>) current).getValue() instanceof X509DataType) { - for(Object currentX509Data : ((JAXBElement<X509DataType>) current).getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName()) { - JAXBElement<?> casted = ((JAXBElement<?>) currentX509Data); - if(casted.getName().getLocalPart().equals("X509Certificate")) { - return new X509Certificate(((String)casted.getValue()).getBytes("UTF-8")); - } - } - } - return null; - } - - private void SZRGInsertion(AuthenticationSession moaSession, IPersonalAttributeList personalAttributeList, String authnContextClassRef, String citizenSignature) throws STORKException, MOAIDException - { - Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)"); - Logger.debug("Citizen signature will be verified by SZR Gateway!"); - - Logger.debug("fetching OAParameters from database"); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() }); - - // retrieve target - //TODO: check in case of SSO!!! - String targetType = null; - if(oaParam.getBusinessService()) { - String id = oaParam.getIdentityLinkDomainIdentifier(); - if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) - targetType = id; - else - targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moaSession.getDomainIdentifier(); - } else { - targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); - } - - - - Logger.debug("Starting connecting SZR Gateway"); - //contact SZR Gateway - IdentityLink identityLink = null; - - identityLink = STORKResponseProcessor.connectToSZRGateway(personalAttributeList, - oaParam.getFriendlyName(), - targetType, null, - oaParam.getMandateProfiles(),citizenSignature); - Logger.debug("SZR communication was successfull"); - - if (identityLink == null) { - Logger.error("SZR Gateway did not return an identity link."); - throw new MOAIDException("stork.10", null); - } - Logger.info("Received Identity Link from SZR Gateway"); - moaSession.setIdentityLink(identityLink); - - Logger.debug("Adding addtional STORK attributes to MOA session"); - moaSession.setStorkAttributes(personalAttributeList); - - //We don't have BKUURL, setting from null to "Not applicable" - moaSession.setBkuURL("Not applicable (STORK Authentication)"); - - // free for single use - moaSession.setAuthenticatedUsed(false); - - // stork did the authentication step - moaSession.setAuthenticated(true); - - //TODO: found better solution, but QAA Level in response could be not supported yet - try { - if(authnContextClassRef==null) - authnContextClassRef = PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel(); - moaSession.setQAALevel(authnContextClassRef); - - } catch (Throwable e) { - Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level"); - moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel()); - - } - - } - - private VerifyXMLSignatureResponse verifyXMLSignature(String signature) throws AuthenticationException, ParseException, BKUException, BuildException, ConfigurationException, ServiceException, UnsupportedEncodingException, SAXException, IOException, ParserConfigurationException, MOAException - { - //Based on MOA demo client - // Factory und Service instanzieren - SPSSFactory spssFac = SPSSFactory.getInstance(); - SignatureVerificationService sigVerifyService = SignatureVerificationService.getInstance(); - - Content sigDocContent1 = spssFac.createContent(IOUtils.toInputStream(signature, "UTF-8"), null); - - // Position der zu prüfenden Signatur im Dokument angeben - // (Nachdem im XPath-Ausdruck ein NS-Präfix verwendet wird, muss in einer Lookup-Tabelle - // der damit bezeichnete Namenraum mitgegeben werden) - HashMap nSMap = new HashMap(); - nSMap.put("dsig", "http://www.w3.org/2000/09/xmldsig#"); - VerifySignatureLocation sigLocation = spssFac.createVerifySignatureLocation("//dsig:Signature", nSMap); - - // Zu prüfendes Dokument und Signaturposition zusammenfassen - - VerifySignatureInfo sigInfo = spssFac.createVerifySignatureInfo(sigDocContent1, sigLocation); - - // Prüfrequest zusammenstellen - VerifyXMLSignatureRequest verifyRequest = spssFac.createVerifyXMLSignatureRequest( - null, // Wird Prüfzeit nicht angegeben, wird aktuelle Zeit verwendet - sigInfo, - null, // Keine Ergänzungsobjekte notwendig - null, // Signaturmanifest-Prüfung soll nicht durchgeführt werden - false, // Hash-Inputdaten, d.h. tatsächlich signierte Daten werden nicht zurückgeliefert - "MOAIDBuergerkartePersonenbindungMitTestkarten");//TODO load from config - //"Test-Signaturdienste"); // ID des verwendeten Vertrauensprofils - - VerifyXMLSignatureResponse verifyResponse = null; - try - { - // Aufruf der Signaturprüfung - verifyResponse = sigVerifyService.verifyXMLSignature(verifyRequest); - } - catch (MOAException e) - { - // Service liefert Fehler - System.err.println("Die Signaturprüfung hat folgenden Fehler geliefert:"); - System.err.println("Fehlercode: " + e.getMessageId()); - System.err.println("Fehlernachricht: " + e.getMessage()); - throw e; - } - -// // Auswertung der Response -// System.out.println(); -// System.out.println("Ergebnisse der Signaturprüfung:"); -// System.out.println(); -// -// // Besondere Eigenschaften des Signatorzertifikats -// SignerInfo signerInfo = verifyResponse.getSignerInfo(); -// System.out.println("*** Ist Zertifikat des Signators qualifiziert? " + ((signerInfo.isQualifiedCertificate()) ? "ja" : "nein")); -// System.out.println("*** Ist Zertifikat des Signators von einer Behörde? " + ((signerInfo.isPublicAuthority()) ? "ja" : "nein")); -// -// // Ergebnisse von Signatur- und Zertifikatsprüfung -// System.out.println(); -// System.out.println("Ergebniscode der Signaturprüfung: " + verifyResponse.getSignatureCheck().getCode()); -// System.out.println("Ergebniscode der Zertifikatsprüfung: " + verifyResponse.getCertificateCheck().getCode()); -// -// // Signatorzertifikat -// System.out.println(); -// System.out.println("*** Zertifikat des Signators:"); -// System.out.println("Aussteller: " + signerInfo.getSignerCertificate().getIssuerDN()); -// System.out.println("Subject: " + signerInfo.getSignerCertificate().getSubjectDN()); -// System.out.println("Seriennummer: " + signerInfo.getSignerCertificate().getSerialNumber()); - return verifyResponse; - } - - private at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse convert(VerifyXMLSignatureResponse xMLVerifySignatureResponse) { - at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse response = new at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse(); - response.setCertificateCheckCode(xMLVerifySignatureResponse.getCertificateCheck().getCode()); - response.setPublicAuthority(xMLVerifySignatureResponse.getSignerInfo().isPublicAuthority()); -// response.setPublicAuthorityCode(publicAuthorityCode) - response.setQualifiedCertificate(xMLVerifySignatureResponse.getSignerInfo().isQualifiedCertificate()); - response.setSignatureCheckCode(xMLVerifySignatureResponse.getSignatureCheck().getCode()); - response.setSignatureManifestCheckCode(xMLVerifySignatureResponse.getSignatureManifestCheck().getCode()); -// response.setSigningDateTime() -// response.setX509certificate(x509certificate) - response.setXmlDSIGManifestCheckCode(xMLVerifySignatureResponse.getSignatureManifestCheck().getCode()); -// response.setXmlDSIGManigest(xMLVerifySignatureResponse.getSignatureManifestCheck()) -// response.setXmlDsigSubjectName(xmlDsigSubjectName) - return response; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java index 43b6c03d4..83caaf75a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java @@ -7,10 +7,13 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import org.slf4j.MDC;
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -33,10 +36,10 @@ public class ProcessEngineSignalServlet extends AuthServlet { * The HttpServletResponse.
*/
private void setNoCachingHeaders(HttpServletResponse resp) {
- resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
- resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
- resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
}
/**
@@ -65,8 +68,14 @@ public class ProcessEngineSignalServlet extends AuthServlet { // retrieve moa session
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+ AuthenticationSessionExtensions extendedSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(sessionID);
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ //add transactionID and unique sessionID to Logger
+ if (extendedSessionInformation != null)
+ TransactionIDUtils.setSessionId(extendedSessionInformation.getUniqueSessionId());
+ TransactionIDUtils.setTransactionId(pendingRequestID);
+
// process instance is mandatory
if (session.getProcessInstanceId() == null) {
throw new IllegalStateException("MOA session does not provide process instance id.");
@@ -77,8 +86,12 @@ public class ProcessEngineSignalServlet extends AuthServlet { } catch (Exception ex) {
handleError(null, ex, req, resp, pendingRequestID);
+
} finally {
MOASessionDBUtils.closeSession();
+ TransactionIDUtils.removeTransactionId();
+ TransactionIDUtils.removeSessionId();
+
}
}
@@ -95,7 +108,7 @@ public class ProcessEngineSignalServlet extends AuthServlet { * @return The current MOA session id.
*/
public String getMoaSessionId(HttpServletRequest request) {
- return StringEscapeUtils.escapeHtml(request.getParameter(PARAM_SESSIONID));
+ return StringEscapeUtils.escapeHtml(request.getParameter(MOAIDAuthConstants.PARAM_SESSIONID));
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index 532ccb7ba..431a7e0f7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -29,12 +29,13 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; @@ -55,16 +56,16 @@ public class RedirectServlet extends AuthServlet{ Logger.debug("Receive " + RedirectServlet.class + " Request"); String url = req.getParameter(REDIRCT_PARAM_URL); - String target = req.getParameter(PARAM_TARGET); - String artifact = req.getParameter(PARAM_SAMLARTIFACT); - String interIDP = req.getParameter(INTERFEDERATION_IDP); + String target = req.getParameter(MOAIDAuthConstants.PARAM_TARGET); + String artifact = req.getParameter(MOAIDAuthConstants.PARAM_SAMLARTIFACT); + String interIDP = req.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP); Logger.debug("Check URL against online-applications"); - OnlineApplication oa = null; + OAAuthParameter oa = null; String redirectTarget = DEFAULT_REDIRECTTARGET; try { - oa = ConfigurationDBRead.getActiveOnlineApplication(url); - if (oa == null && !url.startsWith(AuthConfigurationProvider.getInstance().getPublicURLPrefix())) { + oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(url); + if (oa == null && !url.startsWith(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix())) { resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); return; @@ -72,7 +73,7 @@ public class RedirectServlet extends AuthServlet{ //Redirect is a SAML1 send Artifact redirct if (MiscUtil.isNotEmpty(artifact)) { try { - String test = oa.getAuthComponentOA().getTemplates().getBKUSelectionCustomization().getAppletRedirectTarget(); + String test = oa.getFormCustomizaten().get(FormBuildUtils.REDIRECTTARGET); if (MiscUtil.isNotEmpty(test)) redirectTarget = test; @@ -85,12 +86,12 @@ public class RedirectServlet extends AuthServlet{ if (MiscUtil.isNotEmpty(target)) { // redirectURL = addURLParameter(redirectURL, PARAM_TARGET, // URLEncoder.encode(session.getTarget(), "UTF-8")); - url = addURLParameter(url, PARAM_TARGET, + url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, URLEncoder.encode(target, "UTF-8")); } - url = addURLParameter(url, PARAM_SAMLARTIFACT, + url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(artifact, "UTF-8")); url = resp.encodeRedirectURL(url); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java deleted file mode 100644 index a8fe71485..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ /dev/null @@ -1,342 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.servlet; - -import iaik.pki.PKIException; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.util.List; -import java.util.Map; - -import javax.net.ssl.SSLSocketFactory; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.TransformerException; - -import org.apache.commons.fileupload.FileUploadException; -import org.apache.commons.lang.StringEscapeUtils; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyAuthenticationBlockTask; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.moduls.ModulUtils; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; - -/** - * Servlet requested for verifying the signed authentication block - * provided by the security layer implementation. - * Utilizes the {@link AuthenticationServer}. - * - * @author Paul Ivancsics - * @version $Id$ - * @deprecated Use {@link VerifyAuthenticationBlockTask} instead. - */ -public class VerifyAuthenticationBlockServlet extends AuthServlet { - - - /** - * - */ - private static final long serialVersionUID = -2409629495345900542L; - -/** - * Constructor for VerifyAuthenticationBlockServlet. - */ - public VerifyAuthenticationBlockServlet() { - super(); - } - - /** - * GET requested by security layer implementation to verify - * that data URL resource is available. - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - //doPost(req, resp); - - Logger.debug("GET VerifyAuthenticationBlock"); - - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - - } - - /** - * Verifies the signed authentication block and redirects the browser - * to the online application requested, adding a parameter needed for - * retrieving the authentication data. - * <br> - * Request parameters: - * <ul> - * <li>MOASessionID: ID of associated authentication session</li> - * <li>XMLResponse: <code><CreateXMLSignatureResponse></code></li> - * </ul> - * Response: - * <ul> - * <li>Status: <code>302</code></li> - * <li>Header <code>"Location"</code>: URL of the online application requested, with - * parameters <code>"Target"</code>(only if the online application is - * a public service) and <code>"SAMLArtifact"</code> added</li> - * <li>Error status: <code>500</code> - * </ul> - * @see AuthenticationServer#verifyAuthenticationBlock - * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) - */ - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("POST VerifyAuthenticationBlock"); - - Logger.warn(getClass().getName() + " is deprecated and should not be used any more."); - - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - - String pendingRequestID = null; - - Map<String, String> parameters; - try - { - parameters = getParameters(req); - } catch (FileUploadException e) - { - Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); - throw new IOException(e.getMessage()); - - } - String sessionID = req.getParameter(PARAM_SESSIONID); - String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); - - // escape parameter strings - sessionID = StringEscapeUtils.escapeHtml(sessionID); - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - - String redirectURL = null; - try { - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12"); - if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) - throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); - - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - - //change MOASessionID - sessionID = AuthenticationSessionStoreage.changeSessionID(session); - - String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse); - - - - if (samlArtifactBase64 == null) { - //mandate Mode - - AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance(); - ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); - SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters); - - // get identitity link as byte[] - Element elem = session.getIdentityLink().getSamlAssertion(); - String s = DOMUtils.serializeNode(elem); - - //System.out.println("IDL: " + s); - - byte[] idl = s.getBytes("UTF-8"); - - // redirect url - // build redirect(to the GetMISSessionIdSerlvet) - - //change MOASessionID before MIS request - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - - redirectURL = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - GET_MIS_SESSIONID, - newMOASessionID); - - String oaURL = session.getOAURLRequested(); - OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL); - List<String> profiles = oaParam.getMandateProfiles(); - - if (profiles == null) { - Logger.error("No Mandate/Profile for OA configured."); - throw new AuthenticationException("config.21", new Object[] { GET_MIS_SESSIONID}); - } - -// String profilesArray[] = profiles.split(","); -// for(int i = 0; i < profilesArray.length; i++) { -// profilesArray[i] = profilesArray[i].trim(); -// } - - String oaFriendlyName = oaParam.getFriendlyName(); - String mandateReferenceValue = session.getMandateReferenceValue(); - byte[] cert = session.getEncodedSignerCertificate(); - byte[] authBlock = session.getAuthBlock().getBytes("UTF-8"); - - //TODO: check in case of SSO!!! - String targetType = null; - if(oaParam.getBusinessService()) { - String id = oaParam.getIdentityLinkDomainIdentifier(); - if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) - targetType = id; - else - targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); - - } else { - targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); - } - - MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest( - connectionParameters.getUrl(), - idl, - cert, - oaFriendlyName, - redirectURL, - mandateReferenceValue, - profiles, - targetType, - authBlock, - sslFactory); - - if (misSessionID == null) { - Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); - throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service."); - } - - String redirectMISGUI = misSessionID.getRedirectURL(); - session.setMISSessionID(misSessionID.getSessiondId()); - - try { - AuthenticationSessionStoreage.storeSession(session); - } catch (MOADatabaseException e) { - throw new MOAIDException("Session store error", null); - } - - resp.setStatus(302); - resp.addHeader("Location", redirectMISGUI); - Logger.debug("REDIRECT TO: " + redirectURL); - } - else { - - if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - /*redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); - - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL);*/ - - - redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), - ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), samlArtifactBase64); - - } else { - redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); - } - - resp.setContentType("text/html"); - resp.setStatus(302); - - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - - } - - } - - catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); - - } catch (GeneralSecurityException e) { - handleError(null, e, req, resp, pendingRequestID); - - } catch (PKIException e) { - handleError(null, e, req, resp, pendingRequestID); - - } catch (TransformerException e) { - handleError(null, e, req, resp, pendingRequestID); - - } catch (Exception e) { - Logger.error("AuthBlockValidation has an interal Error.", e); - } - - - finally { - ConfigurationDBUtils.closeSession(); - } - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java deleted file mode 100644 index 2aa717a65..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ /dev/null @@ -1,235 +0,0 @@ -/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import iaik.x509.X509Certificate;
-
-import java.io.IOException;
-import java.util.Map;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyCertificateTask;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.ServletUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.spss.util.CertificateUtils; -
-/**
- * Servlet requested for getting the foreign eID
- * provided by the security layer implementation.
- * Utilizes the {@link AuthenticationServer}.
- * @deprecated Use {@link VerifyCertificateTask} instead.
- *
- */
-public class VerifyCertificateServlet extends AuthServlet {
-
- /**
- *
- */
- private static final long serialVersionUID = -4110159749768152538L;
-
-/**
- * Constructor for VerifyCertificateServlet.
- */
- public VerifyCertificateServlet() {
- super();
- }
-
- /**
- * GET requested by security layer implementation to verify
- * that data URL resource is available.
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("GET VerifyCertificateServlet");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
- }
-
- /**
- * Gets the signer certificate from the InfoboxReadRequest and
- * responds with a new
- * <code>CreateXMLSignatureRequest</code>.
- * <br>
- * Request parameters:
- * <ul>
- * <li>MOASessionID: ID of associated authentication session</li>
- * <li>XMLResponse: <code><InfoboxReadResponse></code></li>
- * </ul>
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("POST VerifyCertificateServlet");
-
- Logger.warn(getClass().getName() + " is deprecated and should not be used any more.");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
- String pendingRequestID = null;
-
- Map<String, String> parameters;
- try
- {
- parameters = getParameters(req);
- } catch (FileUploadException e)
- {
- Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new IOException(e.getMessage());
- }
- String sessionID = req.getParameter(PARAM_SESSIONID);
-
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
- AuthenticationSession session = null;
- try {
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
-
- session = AuthenticationServer.getSession(sessionID);
-
- //change MOASessionID
- sessionID = AuthenticationSessionStoreage.changeSessionID(session);
-
- X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
- if (cert == null) {
- Logger.error("Certificate could not be read.");
- throw new AuthenticationException("auth.14", null);
- }
-
- boolean useMandate = session.getUseMandate();
-
-
- if (useMandate) {
-
- // verify certificate for OrganWalter
- String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert);
-
- try {
- AuthenticationSessionStoreage.storeSession(session);
- } catch (MOADatabaseException e) {
- throw new MOAIDException("session store error", null);
- }
-
- ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
-
- }
- else {
-
- - String countrycode = CertificateUtils.getIssuerCountry(cert); - if (countrycode != null) { - if (countrycode.compareToIgnoreCase("AT") == 0) { - Logger.error("Certificate issuer country code is \"AT\". Login not support in foreign identities mode."); - throw new AuthenticationException("auth.22", null); - } - } - - // Foreign Identities Modus
- String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
- // build dataurl (to the GetForeignIDSerlvet)
- String dataurl =
- new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- REQ_GET_FOREIGN_ID,
- session.getSessionID());
-
- try {
- AuthenticationSessionStoreage.storeSession(session);
- } catch (MOADatabaseException e) {
- throw new MOAIDException("session store error", null);
- }
-
- ServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
-
- Logger.debug("Send CreateXMLSignatureRequest to BKU");
- }
- }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
-
- } catch (Exception e) {
- Logger.error("CertificateValidation has an interal Error.", e);
- }
-
-
- finally {
- ConfigurationDBUtils.closeSession();
- }
- }
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java deleted file mode 100644 index b8e57ed43..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ /dev/null @@ -1,278 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; -import java.util.Map; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang.StringEscapeUtils; - -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyIdentityLinkTask; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.ServletUtils; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Servlet requested for verifying the identity link - * provided by the security layer implementation. - * Utilizes the {@link AuthenticationServer}. - * - * @author Paul Ivancsics - * @version $Id$ - * @deprecated Use {@link VerifyIdentityLinkTask} instead. - */ -public class VerifyIdentityLinkServlet extends AuthServlet { - - /** - * - */ - private static final long serialVersionUID = -7074476974026049958L; - -/** - * Constructor for VerifyIdentityLinkServlet. - */ - public VerifyIdentityLinkServlet() { - super(); - } - - /** - * GET requested by security layer implementation to verify - * that data URL resource is available. - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("GET VerifyIdentityLink"); - - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - } - - /** - * Verifies the identity link and responds with a new - * <code>CreateXMLSignatureRequest</code> or a new <code> - * InfoboxReadRequest</code> (in case of a foreign eID card). - * <br> - * Request parameters: - * <ul> - * <li>MOASessionID: ID of associated authentication session</li> - * <li>XMLResponse: <code><InfoboxReadResponse></code></li> - * </ul> - * Response: - * <ul> - * <li>Content type: <code>"text/xml"</code></li> - * <li>Content: see return value of {@link AuthenticationServer#verifyIdentityLink}</li> - * <li>Error status: <code>500</code> - * </ul> - * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) - */ - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("POST VerifyIdentityLink"); - - Logger.warn(getClass().getName() + " is deprecated and should not be used any more."); - - Map<String, String> parameters; - String pendingRequestID = null; - - try - { - parameters = getParameters(req); - - } catch (Exception e) - { - Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); - throw new IOException(e.getMessage()); - } - String sessionID = req.getParameter(PARAM_SESSIONID); - - // escape parameter strings - sessionID = StringEscapeUtils.escapeHtml(sessionID); - - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - - - try { - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12"); - - - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - - //change MOASessionID - sessionID = AuthenticationSessionStoreage.changeSessionID(session); - - String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters); - - Logger.debug(createXMLSignatureRequestOrRedirect); - - - if (createXMLSignatureRequestOrRedirect == null) { - // no identity link found - - boolean useMandate = session.getUseMandate(); - if (useMandate) { - Logger.error("Online-Mandate Mode for foreign citizencs not supported."); - throw new AuthenticationException("auth.13", null); - } - - try { - - Logger.info("Send InfoboxReadRequest to BKU to get signer certificate."); - - // create the InfoboxReadRequest to get the certificate - String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); - - // build dataurl (to the VerifyCertificateSerlvet) - String dataurl = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - REQ_VERIFY_CERTIFICATE, - session.getSessionID()); - - - ServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); - - - } - catch(Exception e) { - handleError(null, e, req, resp, pendingRequestID); - } - - } - else { - boolean useMandate = session.getUseMandate(); - - if (useMandate) { // Mandate modus - // read certificate and set dataurl to - Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); - - - String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); - - // build dataurl (to the GetForeignIDSerlvet) - String dataurl = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - REQ_VERIFY_CERTIFICATE, - session.getSessionID()); - - //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); - //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); - - Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); - ServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); - - } - else { - Logger.info("Normal"); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - - createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance() - .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, - authConf, oaParam); - - ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); - } - } - - try { - AuthenticationSessionStoreage.storeSession(session); - - } catch (MOADatabaseException e) { - Logger.info("No valid MOA session found. Authentification process is abourted."); - throw new AuthenticationException("auth.20", null); - } - } - catch (ParseException ex) { - handleError(null, ex, req, resp, pendingRequestID); - - } catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); - - } catch (Exception e) { - Logger.error("IdentityLinkValidation has an interal Error.", e); - } - - finally { - ConfigurationDBUtils.closeSession(); - } - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 547a86bd9..e1ab0025e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -65,7 +65,7 @@ import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -292,9 +292,11 @@ public class CreateXMLSignatureResponseValidator { String text = ""; try { - OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText())) + OAAuthParameter oaparam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + if (MiscUtil.isNotEmpty(oaparam.getAditionalAuthBlockText())) { Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix()); + text = oaparam.getAditionalAuthBlockText(); + } } catch (ConfigurationException e) { Logger.warn("Addional AuthBlock Text can not loaded from OA!", e); } @@ -418,7 +420,7 @@ public class CreateXMLSignatureResponseValidator { String oaURL; try { - oaURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + oaURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); } catch (ConfigurationException e1) { oaURL = new String(); } @@ -521,8 +523,11 @@ public class CreateXMLSignatureResponseValidator { String text = ""; try { - if (MiscUtil.isNotEmpty(text = AuthConfigurationProvider.getInstance().getSSOSpecialText())) + if (MiscUtil.isNotEmpty(AuthConfigurationProviderFactory.getInstance().getSSOSpecialText())) { + text = AuthConfigurationProviderFactory.getInstance().getSSOSpecialText(); Logger.info("Use addional AuthBlock Text from SSO=" +text); + + } else text = new String(); } catch (ConfigurationException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 284a77126..ac528c89d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -66,7 +66,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; @@ -141,7 +141,7 @@ public class VerifyXMLSignatureResponseValidator { } //check QC - if (AuthConfigurationProvider.getInstance().isCertifiacteQCActive() && + if (AuthConfigurationProviderFactory.getInstance().isCertifiacteQCActive() && !whatToCheck.equals(CHECK_IDENTITY_LINK) && !verifyXMLSignatureResponse.isQualifiedCertificate()) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java index 9e4f3fa36..672d2a35e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java @@ -29,7 +29,7 @@ import javax.net.ssl.SSLSocketFactory; import javax.xml.namespace.QName; import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -104,7 +104,7 @@ public class SZRGWClient { private void initial(ConnectionParameter szrgwconnection) throws at.gv.egovernment.moa.id.client.SZRGWClientException{ try { sslContext = SSLUtils.getSSLSocketFactory( - AuthConfigurationProvider.getInstance(), + AuthConfigurationProviderFactory.getInstance(), szrgwconnection); } catch (Exception e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java index 24def1e02..5ec0a5bc6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java @@ -1,27 +1,5 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ /* - * Copyright 2003 Federal Chancellery Austria + * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * @@ -42,128 +20,47 @@ * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ - - package at.gv.egovernment.moa.id.config; -import java.math.BigInteger; -import java.security.Principal; -import java.security.cert.X509Certificate; -import java.util.Map; - -import at.gv.egovernment.moa.id.data.IssuerAndSerial; - /** - * Base class for <code>AuthConfigurationProvider</code> and <code>ProxyConfigurationProvider</code>, - * providing functions common to both of them. + * @author tlenz * - * @author Paul Ivancsics - * @version $Id$ */ -public class ConfigurationProvider { - - /** - * Constructor - */ - public ConfigurationProvider() { - super(); - } - - /** - * The name of the system property which contains the file name of the - * configuration file. - */ - public static final String CONFIG_PROPERTY_NAME = - "moa.id.configuration"; - - /** - * The name of the system property which contains the file name of the - * configuration file. - */ - public static final String PROXY_CONFIG_PROPERTY_NAME = - "moa.id.proxy.configuration"; - - /** - * The name of the generic configuration property giving the certstore directory path. - */ - public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY = - "DirectoryCertStoreParameters.RootDir"; - - /** - * The name of the generic configuration property switching the ssl revocation checking on/off - */ - public static final String TRUST_MANAGER_REVOCATION_CHECKING = - "TrustManager.RevocationChecking"; - - - /** - * A <code>Map</code> which contains generic configuration information. Maps a - * configuration name (a <code>String</code>) to a configuration value (also a - * <code>String</code>). - */ - protected Map<String, String> genericConfiguration; - - /** The default chaining mode. */ - protected String defaultChainingMode; - - /** - * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to - * chaining mode (a <code>String</code>) mapping. - */ - protected Map<IssuerAndSerial, String> chainingModes; - - /** - * the URL for the trusted CA Certificates - */ - protected String trustedCACertificates; - - /** - * main configuration file directory name used to configure MOA-ID - */ - protected String rootConfigFileDir; - - protected String certstoreDirectory; - - protected boolean trustmanagerrevoationchecking = true; - - /** - * Returns the main configuration file directory used to configure MOA-ID - * - * @return the directory +public interface ConfigurationProvider { + + /** + * The name of the system property which contains the file name of the + * configuration file. + */ + public static final String CONFIG_PROPERTY_NAME = + "moa.id.configuration"; + + /** + * The name of the system property which contains the file name of the + * configuration file. + */ + public static final String PROXY_CONFIG_PROPERTY_NAME = + "moa.id.proxy.configuration"; + + /** + * The name of the generic configuration property giving the certstore directory path. + */ + public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY = + "DirectoryCertStoreParameters.RootDir"; + + /** + * The name of the generic configuration property switching the ssl revocation checking on/off */ - public String getRootConfigFileDir() { - return rootConfigFileDir; - } - - public String getDefaultChainingMode() { - return defaultChainingMode; - } - - - /** - * Returns the trustedCACertificates. - * @return String - */ - public String getTrustedCACertificates() { - - return trustedCACertificates; - } - -/** - * @return the certstoreDirectory - */ -public String getCertstoreDirectory() { - return certstoreDirectory; -} - -/** - * @return the trustmanagerrevoationchecking - */ -public boolean isTrustmanagerrevoationchecking() { - return trustmanagerrevoationchecking; -} - - - - + public static final String TRUST_MANAGER_REVOCATION_CHECKING = + "TrustManager.RevocationChecking"; + + public String getRootConfigFileDir(); + + public String getDefaultChainingMode(); + + public String getTrustedCACertificates(); + + public String getCertstoreDirectory(); + + public boolean isTrustmanagerrevoationchecking(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java new file mode 100644 index 000000000..113e9cdda --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java @@ -0,0 +1,282 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config; + +import java.util.Map; +import java.util.Properties; + +import org.hibernate.cfg.Configuration; + +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; +import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; +import at.gv.egovernment.moa.id.data.IssuerAndSerial; +import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.util.config.EgovUtilPropertiesConfiguration; + + +/** + * Base class for <code>AuthConfigurationProvider</code> and <code>ProxyConfigurationProvider</code>, + * providing functions common to both of them. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public abstract class ConfigurationProviderImpl implements ConfigurationProvider{ + + /** + * Constructor + */ + public ConfigurationProviderImpl() { + + super(); + } + + private EgovUtilPropertiesConfiguration eGovUtilsConfig = null; + + /** + * The name of the system property which contains the file name of the + * configuration file. + */ + public static final String CONFIG_PROPERTY_NAME = + "moa.id.configuration"; + + /** + * The name of the system property which contains the file name of the + * configuration file. + */ + public static final String PROXY_CONFIG_PROPERTY_NAME = + "moa.id.proxy.configuration"; + + /** + * The name of the generic configuration property giving the certstore directory path. + */ + public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY = + "DirectoryCertStoreParameters.RootDir"; + + /** + * The name of the generic configuration property switching the ssl revocation checking on/off + */ + public static final String TRUST_MANAGER_REVOCATION_CHECKING = + "TrustManager.RevocationChecking"; + + + /** + * A <code>Map</code> which contains generic configuration information. Maps a + * configuration name (a <code>String</code>) to a configuration value (also a + * <code>String</code>). + */ + protected Map<String, String> genericConfiguration; + + /** The default chaining mode. */ + protected String defaultChainingMode; + + /** + * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to + * chaining mode (a <code>String</code>) mapping. + */ + protected Map<IssuerAndSerial, String> chainingModes; + + /** + * the URL for the trusted CA Certificates + */ + protected String trustedCACertificates; + + /** + * main configuration file directory name used to configure MOA-ID + */ + protected String rootConfigFileDir; + + protected String certstoreDirectory; + + protected boolean trustmanagerrevoationchecking = true; + + protected Properties configProp = null; + + /** + * Returns the main configuration file directory used to configure MOA-ID + * + * @return the directory + */ + public String getRootConfigFileDir() { + return rootConfigFileDir; + } + + + public String getDefaultChainingMode() { + return defaultChainingMode; + } + + /** + * Get the DB configuration properties from MOA-ID-Auth configuration file + * + * @return + */ + public Properties getDBConnectionConfiguration() { + return this.configProp; + } + + /** + * @param properties + * @throws ConfigurationException + * @throws org.opensaml.xml.ConfigurationException + */ + public void initial(Properties props) throws ConfigurationException, org.opensaml.xml.ConfigurationException { + //Initial Hibernate Framework + Logger.trace("Initializing Hibernate framework."); + try { + // read MOAID Session Hibernate properties + Properties moaSessionProp = new Properties(); + for (Object key : props.keySet()) { + String propPrefix = "moasession."; + if (key.toString().startsWith(propPrefix+"hibernate")) { + String propertyName = key.toString().substring(propPrefix.length()); + moaSessionProp.put(propertyName, props.get(key.toString())); + } + } + + // read Config Hibernate properties + configProp = new Properties(); + for (Object key : props.keySet()) { + String propPrefix = "configuration."; + if (key.toString().startsWith(propPrefix+"hibernate")) { + String propertyName = key.toString().substring(propPrefix.length()); + configProp.put(propertyName, props.get(key.toString())); + } + } + + // read advanced logging properties + Properties statisticProps = new Properties(); + for (Object key : props.keySet()) { + String propPrefix = "advancedlogging."; + if (key.toString().startsWith(propPrefix+"hibernate")) { + String propertyName = key.toString().substring(propPrefix.length()); + statisticProps.put(propertyName, props.get(key.toString())); + } + } + + // initialize hibernate + synchronized (ConfigurationProviderImpl.class) { + + //Initial config Database + // ConfigurationDBUtils.initHibernate(configProp); + + //initial MOAID Session Database + Configuration config = new Configuration(); + config.addAnnotatedClass(AssertionStore.class); + config.addAnnotatedClass(AuthenticatedSessionStore.class); + config.addAnnotatedClass(OASessionStore.class); + config.addAnnotatedClass(OldSSOSessionIDStore.class); + config.addAnnotatedClass(ExceptionStore.class); + config.addAnnotatedClass(InterfederationSessionStore.class); + config.addAnnotatedClass(ProcessInstanceStore.class); + config.addProperties(moaSessionProp); + MOASessionDBUtils.initHibernate(config, moaSessionProp); + + //initial advanced logging + if (Boolean.valueOf(props.getProperty("configuration.advancedlogging.active", "false"))) { + Logger.info("Advanced statistic log is activated, starting initialization process ..."); + Configuration statisticconfig = new Configuration(); + statisticconfig.addAnnotatedClass(StatisticLog.class); + statisticconfig.addProperties(statisticProps); + StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps); + Logger.info("Advanced statistic log is initialized."); + } + + } + Logger.trace("Hibernate initialization finished."); + + } catch (ExceptionInInitializerError e) { + throw new ConfigurationException("config.17", null, e); + + } finally { + + + } + + + //Initialize OpenSAML for STORK + Logger.info("Starting initialization of OpenSAML..."); + MOADefaultBootstrap.bootstrap(); + //DefaultBootstrap.bootstrap(); + Logger.debug("OpenSAML successfully initialized"); + + + //read eGovUtils client configuration + Properties eGovUtilsConfigProp = new Properties(); + for (Object key : props.keySet()) { + String propPrefix = "service."; + if (key.toString().startsWith(propPrefix+"egovutil")) { + String propertyName = key.toString().substring(propPrefix.length()); + eGovUtilsConfigProp.put(propertyName, props.get(key.toString())); + } + } + if (!eGovUtilsConfigProp.isEmpty()) { + Logger.info("Start eGovUtils client implementation configuration ..."); + eGovUtilsConfig = + new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, rootConfigFileDir); + } + + } + + + /** + * @return the eGovUtilsConfig + */ + public EgovUtilPropertiesConfiguration geteGovUtilsConfig() { + return eGovUtilsConfig; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java index 1a2136ebd..d36a4318a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java @@ -27,29 +27,23 @@ import java.io.UnsupportedEncodingException; import java.util.ArrayList; import java.util.List; -import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; public class ConfigurationUtils { - public static List<String> getTransformInfos(List<TransformsInfoType> transformations) { + public static List<String> getTransformInfos(String transform) { List<String> list = new ArrayList<String>(); - - for (TransformsInfoType e1 : transformations) { - - try { - String transform = new String(e1.getTransformation(), "UTF-8"); - String encoded = new String(Base64Utils.decode(transform, false), "UTF-8"); - list.add(encoded); - - } catch (UnsupportedEncodingException e) { - Logger.warn("Transformation can not be loaded. An encoding error ocurs", e); - - } catch (IOException e) { - Logger.warn("Transformation can not be loaded from database.", e); - } - } + try { + String encoded = new String(Base64Utils.decode(transform, false), "UTF-8"); + list.add(encoded); + + } catch (UnsupportedEncodingException e) { + Logger.warn("Transformation can not be loaded. An encoding error ocurs", e); + + } catch (IOException e) { + Logger.warn("Transformation can not be loaded from database.", e); + } return list; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java index ccf2c5a57..e38a4f360 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java @@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.config; import java.util.Properties; -import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +import at.gv.egovernment.moa.util.MiscUtil; public abstract class ConnectionParameter implements ConnectionParameterInterface{ @@ -32,12 +32,12 @@ public abstract class ConnectionParameter implements ConnectionParameterInterfac protected static final String PROP_IDENTIFIER_KEYSTOREPASSWORD = "clientKeyStorePassword"; protected static final String PROP_IDENTIFIER_ACCEPEDSERVERCERTS = "acceptedServerCertificates"; - protected ConnectionParameterClientAuthType database; + protected String url; protected Properties prop; protected String basedirectory; - public ConnectionParameter(ConnectionParameterClientAuthType database, Properties prop, String basedirectory) { - this.database = database; + public ConnectionParameter(String url, Properties prop, String basedirectory) { + this.url = url; this.prop = prop; this.basedirectory = basedirectory; } @@ -62,16 +62,16 @@ public abstract class ConnectionParameter implements ConnectionParameterInterfac public boolean isHTTPSURL() { - if (database==null) + if (MiscUtil.isEmpty(url)) return false; else - return database.getURL().indexOf("https") == 0; + return url.indexOf("https") == 0; } public String getUrl() { - if (database == null) + if (MiscUtil.isEmpty(url)) return null; else - return database.getURL(); + return url; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java index a0b787ec5..27d72f515 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java @@ -24,16 +24,15 @@ package at.gv.egovernment.moa.id.config; import java.util.Properties; -import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; import at.gv.egovernment.moa.util.MiscUtil; public class ConnectionParameterForeign extends ConnectionParameter{ private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.foreignidentities."; - public ConnectionParameterForeign(ConnectionParameterClientAuthType database, + public ConnectionParameterForeign(String url, Properties prop, String basedirectory) { - super(database, prop, basedirectory); + super(url, prop, basedirectory); } public String getAcceptedServerCertificates() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java index 3ba1ec6c3..a96b8a8ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java @@ -24,16 +24,15 @@ package at.gv.egovernment.moa.id.config; import java.util.Properties; -import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; import at.gv.egovernment.moa.util.MiscUtil; public class ConnectionParameterMOASP extends ConnectionParameter{ private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.moasp."; - public ConnectionParameterMOASP(ConnectionParameterClientAuthType database, + public ConnectionParameterMOASP(String url, Properties prop, String basedirectory) { - super(database, prop, basedirectory); + super(url, prop, basedirectory); } public String getAcceptedServerCertificates() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java index f6ca392d1..c25d6826a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java @@ -24,16 +24,15 @@ package at.gv.egovernment.moa.id.config; import java.util.Properties; -import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; import at.gv.egovernment.moa.util.MiscUtil; public class ConnectionParameterMandate extends ConnectionParameter{ private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.onlinemandates."; - public ConnectionParameterMandate(ConnectionParameterClientAuthType database, + public ConnectionParameterMandate(String url, Properties prop, String basedirectory) { - super(database, prop, basedirectory); + super(url, prop, basedirectory); } public String getAcceptedServerCertificates() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index a2e8bab9b..e9019ded4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -36,6 +36,8 @@ package at.gv.egovernment.moa.id.config; +import java.io.Serializable; + import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; @@ -45,8 +47,10 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; * * @author Harald Bratko */ -public class OAParameter { +public class OAParameter implements Serializable { + private static final long serialVersionUID = 1L; + public OAParameter() { } public OAParameter(OnlineApplication oa) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java index 828bf99ca..87e40c1b3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java @@ -22,51 +22,25 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.config.auth; -import java.util.Date; - -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.logging.Logger; public class AuthConfigLoader implements Runnable { - private static final long INTERVAL = 60; // 60 sec + private static final long INTERVAL = 24 * 60 * 60; // 24 hours public void run() { while (true) { try { - Thread.sleep(INTERVAL * 1000); - - Logger.trace("check for new config."); - MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); - - if (moaidconfig != null) { - Date dbdate = moaidconfig.getTimestampItem(); - Date pvprefresh = moaidconfig.getPvp2RefreshItem(); - - Date date = AuthConfigurationProvider.getTimeStamp(); - - if (dbdate != null && dbdate.after(date)) { - AuthConfigurationProvider instance = AuthConfigurationProvider.getInstance(); - instance.reloadDataBaseConfig(); - } + Thread.sleep(INTERVAL * 1000); + Logger.trace("Check consistence of PVP2X metadata"); + MOAMetadataProvider.reInitialize(); - Date pvpdate = MOAMetadataProvider.getTimeStamp(); - if (pvprefresh != null && pvpdate != null && pvprefresh.after(pvpdate)) { - MOAMetadataProvider.reInitialize(); - } - - } else { - Logger.warn("MOA-ID Configuration is actually not found. Reuse old configuration."); - - } - - + } catch (Throwable e) { - Logger.warn("MOA-ID Configuration is actually not loadable. Reuse old configuration.", e); + Logger.warn("MOA-ID Configuration validation is not possible, actually. Reuse old configuration.", e); } finally { ConfigurationDBUtils.closeSession(); @@ -77,8 +51,8 @@ public class AuthConfigLoader implements Runnable { public static void start() { // start the session cleanup thread - Thread configLoader = new Thread(new AuthConfigLoader(), "AuthConfigLoader"); - configLoader.setName("ConfigurationLoader"); + Thread configLoader = new Thread(new AuthConfigLoader(), "ConfigurationChecker"); + configLoader.setName("ConfigurationChecker"); configLoader.setDaemon(true); configLoader.setPriority(Thread.MIN_PRIORITY); configLoader.start(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java new file mode 100644 index 000000000..4f321764a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java @@ -0,0 +1,150 @@ +package at.gv.egovernment.moa.id.config.auth; + +import java.util.List; +import java.util.Map; +import java.util.Properties; + +import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed; +import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.util.config.EgovUtilPropertiesConfiguration; + +public interface AuthConfiguration extends ConfigurationProvider{ + + public static final String DEFAULT_X509_CHAININGMODE = "pkix"; + + public Properties getGeneralPVP2ProperiesConfig(); + + public Properties getGeneralOAuth20ProperiesConfig(); + + public ProtocolAllowed getAllowedProtocols(); + + @Deprecated + public PVP2 getGeneralPVP2DBConfig(); + + public Map<String, String> getConfigurationWithPrefix(final String Prefix); + + public String getConfigurationWithKey(final String key); + + @Deprecated + public TimeOuts getTimeOuts() throws ConfigurationException; + + public int getTransactionTimeOut(); + public int getSSOCreatedTimeOut(); + public int getSSOUpdatedTimeOut(); + + public String getAlternativeSourceID() throws ConfigurationException; + + public List<String> getLegacyAllowedProtocols(); + + public OAAuthParameter getOnlineApplicationParameter(String oaURL); + + public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException; + + public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException; + + public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException; + + public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException; + + public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException; + + public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException; + + public List<String> getTransformsInfos() throws ConfigurationException; + + public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException; + + public List<String> getSLRequestTemplates() throws ConfigurationException; + + public String getSLRequestTemplates(String type) throws ConfigurationException; + + public List<String> getDefaultBKUURLs() throws ConfigurationException; + + public String getDefaultBKUURL(String type) throws ConfigurationException; + + public String getSSOTagetIdentifier() throws ConfigurationException; + + public String getSSOFriendlyName(); + + public String getSSOSpecialText(); + + public String getMOASessionEncryptionKey(); + + public String getMOAConfigurationEncryptionKey(); + + public boolean isIdentityLinkResigning(); + + public String getIdentityLinkResigningKey(); + + public boolean isMonitoringActive(); + + public String getMonitoringTestIdentityLinkURL(); + + public String getMonitoringMessageSuccess(); + + public boolean isAdvancedLoggingActive(); + + public String getPublicURLPrefix(); + + public boolean isPVP2AssertionEncryptionActive(); + + public boolean isCertifiacteQCActive(); + + public STORKConfig getStorkConfig() throws ConfigurationException; + + public EgovUtilPropertiesConfiguration geteGovUtilsConfig(); + + public String getDocumentServiceUrl(); + + /** + * Notify, if the STORK fake IdentityLink functionality is active + * + * @return true/false + */ + public boolean isStorkFakeIdLActive(); + + /** + * Get a list of all STORK countries for which a faked IdentityLink should be created + * + * @return {List<String>} of country codes + */ + public List<String> getStorkFakeIdLCountries(); + + /** + * Get a list of all STORK countries for which no signature is required + * + * @return {List<String>} of country codes + */ + public List<String> getStorkNoSignatureCountries(); + + /** + * Get the MOA-SS key-group identifier for fake IdentityLink signing + * + * @return MOA-SS key-group identifier {String} + */ + public String getStorkFakeIdLResigningKey(); + + + /** + * Notify, if the PVP2x metadata schema validation is active + * + * @return true/false + */ + public boolean isPVPSchemaValidationActive(); + + /** + * Get all configuration values with prefix and wildcard + * + * @param key: Search key. * and % can be used as wildcards + * @return Key/Value pairs {Map<String, String>}, which key maps the search key + */ + Map<String, String> getConfigurationWithWildCard(String key); + + @Deprecated + public boolean isHTTPAuthAllowed(); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 6a2f2db44..03f4a300a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -1,1174 +1,1221 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.config.auth; - -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.math.BigInteger; -import java.net.MalformedURLException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Date; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Properties; - -import javax.xml.bind.JAXBContext; -import javax.xml.bind.Unmarshaller; - -import org.hibernate.cfg.Configuration; - -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; -import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; -import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; -import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; -import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; -import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; -import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; -import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; -import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; -import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; -import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; -import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; -import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; -import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; -import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; -import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; -import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; -import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; -import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; -import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; -import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; -import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; -import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; -import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; -import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; -import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore; -import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; -import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; -import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; -import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.ConfigurationUtils; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.ConnectionParameterForeign; -import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; -import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; -import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed; -import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; -import at.gv.egovernment.moa.id.config.stork.STORKConfig; -import at.gv.egovernment.moa.id.data.IssuerAndSerial; -import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.util.config.EgovUtilPropertiesConfiguration; - -/** - * A class providing access to the Auth Part of the MOA-ID configuration data. - * - * <p>Configuration data is read from an XML file, whose location is given by - * the <code>moa.id.configuration</code> system property.</p> - * <p>This class implements the Singleton pattern. The <code>reload()</code> - * method can be used to update the configuration data. Therefore, it is not - * guaranteed that consecutive calls to <code>getInstance()</code> will return - * the same <code>AuthConfigurationProvider</code> all the time. During the - * processing of a web service request, the current - * <code>TransactionContext</code> should be used to obtain the - * <code>AuthConfigurationProvider</code> local to that request.</p> - * - * @author Patrick Peck - * @author Stefan Knirsch - * - * @version $Id$ - */ -public class AuthConfigurationProvider extends ConfigurationProvider { - -// /** DEFAULT_ENCODING is "UTF-8" */ -// private static final String DEFAULT_ENCODING="UTF-8"; - /** - * The name of the generic configuration property giving the authentication session time out. - */ - public static final String AUTH_SESSION_TIMEOUT_PROPERTY = - "AuthenticationSession.TimeOut"; - /** - * The name of the generic configuration property giving the authentication data time out. - */ - public static final String AUTH_DATA_TIMEOUT_PROPERTY = - "AuthenticationData.TimeOut"; - - /** - * BKUSelectionType HTMLComplete, according to schema type <code>BKUSelectionType</code> - */ - public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE = - "HTMLComplete"; - - /** - * BKUSelectionType HTMLSelect, according to schema type <code>BKUSelectionType</code> - */ - public static final String BKU_SELECTION_TYPE_HTMLSELECT = - "HTMLSelect"; - - /** - * The name of the generic configuration property allowing https connection to - * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets) - */ - public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY = - "FrontendServlets.EnableHTTPConnection"; - - /** - * The name of the generic configuration property allowing to set a individual - * DATA URL used to communicate with the BKU (SecurityLayer) - */ - public static final String INDIVIDUAL_DATA_URL_PREFIX = - "FrontendServlets.DataURLPrefix"; - - /** Singleton instance. <code>null</code>, if none has been created. */ - private static AuthConfigurationProvider instance; - - // - // configuration data - // - private static MOAIDConfiguration moaidconfig = null; - - private static Properties props = null; - - private static STORKConfig storkconfig = null; - - private static TimeOuts timeouts = null; - - private static PVP2 pvp2general = null; - - private static String alternativesourceid = null; - - private static List<String> legacyallowedprotocols = new ArrayList<String>(); - private static ProtocolAllowed allowedProtcols = null; - - private static VerifyAuthBlock verifyidl = null; - - private static ConnectionParameter MoaSpConnectionParameter = null; - private static ConnectionParameter ForeignIDConnectionParameter = null; - private static ConnectionParameter OnlineMandatesConnectionParameter = null; - - private static String MoaSpIdentityLinkTrustProfileID = null; - - private static List<String> TransformsInfos = null; - private static List<String> IdentityLinkX509SubjectNames = new ArrayList<String>(); - - private static Map<String, String> SLRequestTemplates = new HashMap<String, String>(); - private static Map<String, String> DefaultBKUURLs = new HashMap<String, String>(); - - private static SSO ssoconfig = null; - - private EgovUtilPropertiesConfiguration eGovUtilsConfig = null; - - private static Date date = null; - - private String publicURLPreFix = null; - - /** - * Return the single instance of configuration data. - * - * @return AuthConfigurationProvider The current configuration data. - * @throws ConfigurationException - */ - public static synchronized AuthConfigurationProvider getInstance() - throws ConfigurationException { - - if (instance == null) { - reload(); - } - return instance; - } - - public static Date getTimeStamp() { - return date; - } - - /** - * Reload the configuration data and set it if successful. - * - * @return AuthConfigurationProvider The loaded configuration data. - * @throws ConfigurationException Failure to load the configuration data. - */ - public static synchronized AuthConfigurationProvider reload() - throws ConfigurationException { - String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); - if (fileName == null) { - throw new ConfigurationException("config.01", null); - } - Logger.info("Loading MOA-ID-AUTH configuration " + fileName); - - instance = new AuthConfigurationProvider(fileName); - return instance; - } - - - /** - * Constructor for AuthConfigurationProvider. - * @param fileName - * @throws ConfigurationException - */ - public AuthConfigurationProvider(String fileName) - throws ConfigurationException { - - load(fileName); - } - - /** - * Load the configuration data from XML file with the given name and build - * the internal data structures representing the MOA ID configuration. - * - * @param fileName The name of the XML file to load. - * @throws ConfigurationException The MOA configuration could not be - * read/built. - */ - private void load(String fileName) throws ConfigurationException { - - try { - //Initial Hibernate Framework - Logger.trace("Initializing Hibernate framework."); - - //Load MOAID-2.0 properties file - File propertiesFile = new File(fileName); - FileInputStream fis = null; - props = new Properties(); - - // determine the directory of the root config file - rootConfigFileDir = new File(fileName).getParent(); - - try { - rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); - - } catch (MalformedURLException t) { - throw new ConfigurationException("config.03", null, t); - } - - try { - fis = new FileInputStream(propertiesFile); - props.load(fis); - - // read MOAID Session Hibernate properties - Properties moaSessionProp = new Properties(); - for (Object key : props.keySet()) { - String propPrefix = "moasession."; - if (key.toString().startsWith(propPrefix+"hibernate")) { - String propertyName = key.toString().substring(propPrefix.length()); - moaSessionProp.put(propertyName, props.get(key.toString())); - } - } - - // read Config Hibernate properties - Properties configProp = new Properties(); - for (Object key : props.keySet()) { - String propPrefix = "configuration."; - if (key.toString().startsWith(propPrefix+"hibernate")) { - String propertyName = key.toString().substring(propPrefix.length()); - configProp.put(propertyName, props.get(key.toString())); - } - } - - // read advanced logging properties - Properties statisticProps = new Properties(); - for (Object key : props.keySet()) { - String propPrefix = "advancedlogging."; - if (key.toString().startsWith(propPrefix+"hibernate")) { - String propertyName = key.toString().substring(propPrefix.length()); - statisticProps.put(propertyName, props.get(key.toString())); - } - } - - // initialize hibernate - synchronized (AuthConfigurationProvider.class) { - - //Initial config Database - ConfigurationDBUtils.initHibernate(configProp); - - //initial MOAID Session Database - Configuration config = new Configuration(); - config.addAnnotatedClass(AssertionStore.class); - config.addAnnotatedClass(AuthenticatedSessionStore.class); - config.addAnnotatedClass(OASessionStore.class); - config.addAnnotatedClass(OldSSOSessionIDStore.class); - config.addAnnotatedClass(ExceptionStore.class); - config.addAnnotatedClass(InterfederationSessionStore.class); - config.addAnnotatedClass(ProcessInstanceStore.class); - config.addProperties(moaSessionProp); - MOASessionDBUtils.initHibernate(config, moaSessionProp); - - //initial advanced logging - if (isAdvancedLoggingActive()) { - Logger.info("Advanced statistic log is activated, starting initialization process ..."); - Configuration statisticconfig = new Configuration(); - statisticconfig.addAnnotatedClass(StatisticLog.class); - statisticconfig.addProperties(statisticProps); - StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps); - Logger.info("Advanced statistic log is initialized."); - } - - } - Logger.trace("Hibernate initialization finished."); - - } catch (FileNotFoundException e) { - throw new ConfigurationException("config.03", null, e); - - } catch (IOException e) { - throw new ConfigurationException("config.03", null, e); - - } catch (ExceptionInInitializerError e) { - throw new ConfigurationException("config.17", null, e); - - } finally { - if (fis != null) - fis.close(); - - } - - - //Initialize OpenSAML for STORK - Logger.info("Starting initialization of OpenSAML..."); - MOADefaultBootstrap.bootstrap(); - //DefaultBootstrap.bootstrap(); - Logger.debug("OpenSAML successfully initialized"); - - - String legacyconfig = props.getProperty("configuration.xml.legacy"); - String xmlconfig = props.getProperty("configuration.xml"); -// String xmlconfigout = props.getProperty("configuration.xml.out"); - - - //configure eGovUtils client implementations - - //read eGovUtils client configuration - Properties eGovUtilsConfigProp = new Properties(); - for (Object key : props.keySet()) { - String propPrefix = "service."; - if (key.toString().startsWith(propPrefix+"egovutil")) { - String propertyName = key.toString().substring(propPrefix.length()); - eGovUtilsConfigProp.put(propertyName, props.get(key.toString())); - } - } - if (!eGovUtilsConfigProp.isEmpty()) { - Logger.info("Start eGovUtils client implementation configuration ..."); - eGovUtilsConfig = - new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, rootConfigFileDir); - } - - - //check if XML config should be used - if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) { - Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); - moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); - if (moaidconfig != null) - ConfigurationDBUtils.delete(moaidconfig); - - List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications(); - if (oas != null && oas.size() > 0) { - for (OnlineApplication oa : oas) - ConfigurationDBUtils.delete(oa); - } - } - - //load legacy config if it is configured - if (MiscUtil.isNotEmpty(legacyconfig)) { - Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!"); - - MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir, null); - - List<OnlineApplication> oas = moaconfig.getOnlineApplication(); - for (OnlineApplication oa : oas) - ConfigurationDBUtils.save(oa); - - moaconfig.setOnlineApplication(null); - ConfigurationDBUtils.save(moaconfig); - - Logger.info("Legacy Configuration load is completed."); - - - } - - //load MOA-ID 2.x config from XML - if (MiscUtil.isNotEmpty(xmlconfig)) { - Logger.warn("Load configuration from MOA-ID 2.x XML configuration"); - - try { - JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); - Unmarshaller m = jc.createUnmarshaller(); - File file = new File(xmlconfig); - MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file); - //ConfigurationDBUtils.save(moaconfig); - - List<OnlineApplication> importoas = moaconfig.getOnlineApplication(); - for (OnlineApplication importoa : importoas) { - ConfigurationDBUtils.saveOrUpdate(importoa); - } - - moaconfig.setOnlineApplication(null); - ConfigurationDBUtils.saveOrUpdate(moaconfig); - - } catch (Exception e) { - Logger.warn("MOA-ID XML configuration can not be loaded from File.", e); - throw new ConfigurationException("config.02", null); - } - Logger.info("XML Configuration load is completed."); - } - - reloadDataBaseConfig(); - - - } catch (Throwable t) { - throw new ConfigurationException("config.02", null, t); - } - } - - public synchronized void reloadDataBaseConfig() throws ConfigurationException { - - Logger.info("Read MOA-ID 2.0 configuration from database."); - moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); - Logger.info("MOA-ID 2.0 is loaded."); - - if (moaidconfig == null) { - Logger.warn("NO MOA-ID configuration found."); - throw new ConfigurationException("config.18", null); - } - - //build STORK Config - AuthComponentGeneral auth = getAuthComponentGeneral(); - ForeignIdentities foreign = auth.getForeignIdentities(); - if (foreign == null ) { - Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); - } else - storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir); - - //load Chaining modes - ChainingModes cm = moaidconfig.getChainingModes(); - if (cm != null) { - defaultChainingMode = cm.getSystemDefaultMode().value(); - - List<TrustAnchor> tas = cm.getTrustAnchor(); - - chainingModes = new HashMap<IssuerAndSerial, String>(); - for (TrustAnchor ta : tas) { - IssuerAndSerial is = new IssuerAndSerial(ta.getX509IssuerName(), ta.getX509SerialNumber()); - chainingModes.put(is, ta.getMode().value()); - } - } else { - Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found."); - throw new ConfigurationException("config.02", null); - } - - //set Trusted CA certs directory - trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates(); - - //set CertStoreDirectory - setCertStoreDirectory(); - - //set TrustManagerRevocationChecking - setTrustManagerRevocationChecking(); - - //set default timeouts - timeouts = new TimeOuts(); - timeouts.setAssertion(new BigInteger("300")); - timeouts.setMOASessionCreated(new BigInteger("2700")); - timeouts.setMOASessionUpdated(new BigInteger("1200")); - - //search timeouts in config - if (auth.getGeneralConfiguration() != null) { - if (auth.getGeneralConfiguration().getTimeOuts() != null) { - if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() != null) - timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion()); - - if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() != null) - timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated()); - - if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() != null) - timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated()); - - } else { - Logger.info("No TimeOuts defined. Use default values"); - } - } - - // sets the authentication session and authentication data time outs - AuthenticationServer.getInstance() - .setSecondsSessionTimeOutCreated(timeouts.getMOASessionCreated().longValue()); - - AuthenticationServer.getInstance() - .setSecondsSessionTimeOutUpdated(timeouts.getMOASessionUpdated().longValue()); - - AuthenticationServer.getInstance() - .setSecondsAuthDataTimeOut(timeouts.getAssertion().longValue()); - - - - //set PVP2 general config - Protocols protocols = auth.getProtocols(); - if (protocols != null) { - - allowedProtcols = new ProtocolAllowed(); - - if (protocols.getSAML1() != null) { - allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive()); - - //load alternative sourceID - if (MiscUtil.isNotEmpty(protocols.getSAML1().getSourceID())) - alternativesourceid = protocols.getSAML1().getSourceID(); - - } - - if (protocols.getOAuth() != null) { - allowedProtcols.setOAUTHActive(protocols.getOAuth().isIsActive()); - } - - if (protocols.getPVP2() != null) { - PVP2 el = protocols.getPVP2(); - - allowedProtcols.setPVP21Active(el.isIsActive()); - - pvp2general = new PVP2(); - pvp2general.setIssuerName(el.getIssuerName()); - pvp2general.setPublicURLPrefix(el.getPublicURLPrefix()); - - if (el.getOrganization() != null) { - Organization org = new Organization(); - pvp2general.setOrganization(org); - org.setDisplayName(el.getOrganization().getDisplayName()); - org.setName(el.getOrganization().getName()); - org.setURL(el.getOrganization().getURL()); - } - - if (el.getContact() != null) { - List<Contact> cont = new ArrayList<Contact>(); - pvp2general.setContact(cont); - for (Contact e : el.getContact()) { - Contact c = new Contact(); - c.setCompany(e.getCompany()); - c.setGivenName(e.getGivenName()); - c.getMail().addAll(e.getMail()); - c.getPhone().addAll(e.getPhone()); - c.setSurName(e.getSurName()); - c.setType(e.getType()); - cont.add(c); - } - } - } - } else { - Logger.warn("Error in MOA-ID Configuration. No general Protcol configuration found."); - } - - //set alternativeSourceID - if (auth.getGeneralConfiguration() != null) { - - //TODO: can be removed in a further version, because it is moved to SAML1 config - if (MiscUtil.isEmpty(alternativesourceid)) - alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID(); - - if (MiscUtil.isNotEmpty(auth.getGeneralConfiguration().getPublicURLPreFix())) - publicURLPreFix = auth.getGeneralConfiguration().getPublicURLPreFix(); - - else { - Logger.error("No Public URL Prefix configured."); - throw new ConfigurationException("config.05", new Object[]{"Public URL Prefix"}); - } - - } else { - Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined."); - throw new ConfigurationException("config.02", null); - } - - //set LegacyAllowedProtocols - try { - if (auth.getProtocols() != null) { - Protocols procols = auth.getProtocols(); - if (procols.getLegacyAllowed() != null) { - LegacyAllowed legacy = procols.getLegacyAllowed(); - legacyallowedprotocols = new ArrayList<String>(legacy.getProtocolName()); - } - } - } catch (Exception e) { - Logger.info("No protocols found with legacy allowed flag!"); - } - - //set VerifyAuthBlockConfig - MOASP moasp = getMOASPConfig(auth); - - VerifyAuthBlock el = moasp.getVerifyAuthBlock(); - if (el != null) { - verifyidl = new VerifyAuthBlock(); - verifyidl.setTrustProfileID(el.getTrustProfileID()); - verifyidl.setVerifyTransformsInfoProfileID(new ArrayList<String>(el.getVerifyTransformsInfoProfileID())); - } - else { - Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation."); - throw new ConfigurationException("config.02", null); - } - - //set MOASP connection parameters - if (moasp.getConnectionParameter() != null) - MoaSpConnectionParameter = new ConnectionParameterMOASP(moasp.getConnectionParameter(), props, this.rootConfigFileDir); - else - MoaSpConnectionParameter = null; - - //set ForeignIDConnectionParameters - if (foreign != null) { - ForeignIDConnectionParameter = new ConnectionParameterForeign(foreign.getConnectionParameter(), props, this.rootConfigFileDir); - } else { - Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found"); - } - - //set OnlineMandateConnectionParameters - OnlineMandates ovs = auth.getOnlineMandates(); - if (ovs != null) { - OnlineMandatesConnectionParameter = new ConnectionParameterMandate(ovs.getConnectionParameter(), props, this.rootConfigFileDir); - - } else { - Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to OVS Service found"); - } - - //set MOASP IdentityLink Trust-ProfileID - VerifyIdentityLink verifyidl = moasp.getVerifyIdentityLink(); - if (verifyidl != null) - MoaSpIdentityLinkTrustProfileID = verifyidl.getTrustProfileID(); - else { - Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation."); - throw new ConfigurationException("config.02", null); - } - - //set SL transformation infos - SecurityLayer seclayer = auth.getSecurityLayer(); - if (seclayer == null) { - Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found"); - throw new ConfigurationException("config.02", null); - } else { - TransformsInfos = ConfigurationUtils.getTransformInfos(seclayer.getTransformsInfo()); - - if (TransformsInfos == null || TransformsInfos.size() == 0) { - Logger.error("No Security-Layer Transformation found."); - throw new ConfigurationException("config.05", new Object[]{"Security-Layer Transformation"}); - } - - } - - //set IdentityLinkSignerSubjectNames - IdentityLinkX509SubjectNames = new ArrayList<String>(); - IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners(); - if (idlsigners != null) { - Logger.debug("Load own IdentityLinkX509SubjectNames"); - IdentityLinkX509SubjectNames.addAll(new ArrayList<String>(idlsigners.getX509SubjectName())); - } - - // now add the default identity link signers - String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID; - for (int i=0; i<identityLinkSignersWithoutOID.length; i++) { - String identityLinkSigner = identityLinkSignersWithoutOID[i]; - if (!IdentityLinkX509SubjectNames.contains(identityLinkSigner)) { - IdentityLinkX509SubjectNames.add(identityLinkSigner); - } - } - - //set SLRequestTemplates - SLRequestTemplates templ = moaidconfig.getSLRequestTemplates(); - if (templ == null) { - Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found"); - throw new ConfigurationException("config.02", null); - } else { - SLRequestTemplates.put(IOAAuthParameters.ONLINEBKU, templ.getOnlineBKU()); - SLRequestTemplates.put(IOAAuthParameters.LOCALBKU, templ.getLocalBKU()); - SLRequestTemplates.put(IOAAuthParameters.HANDYBKU, templ.getHandyBKU()); - } - - //set Default BKU URLS - DefaultBKUs bkuuls = moaidconfig.getDefaultBKUs(); - if (bkuuls != null) { - DefaultBKUURLs.put(IOAAuthParameters.ONLINEBKU, bkuuls.getOnlineBKU()); - DefaultBKUURLs.put(IOAAuthParameters.LOCALBKU, bkuuls.getLocalBKU()); - DefaultBKUURLs.put(IOAAuthParameters.HANDYBKU, bkuuls.getHandyBKU()); - } - - //set SSO Config - if (auth.getSSO()!= null) { - ssoconfig = new SSO(); - ssoconfig.setFriendlyName(auth.getSSO().getFriendlyName()); - ssoconfig.setPublicURL(auth.getSSO().getPublicURL()); - ssoconfig.setSpecialText(auth.getSSO().getSpecialText()); - ssoconfig.setTarget(auth.getSSO().getTarget()); - - if (auth.getSSO().getIdentificationNumber() != null) { - IdentificationNumber value = new IdentificationNumber(); - value.setType(auth.getSSO().getIdentificationNumber().getType()); - value.setValue(auth.getSSO().getIdentificationNumber().getValue()); - ssoconfig.setIdentificationNumber(value); - } - } else { - Logger.warn("Error in MOA-ID Configuration. No Single Sign-On Config found"); - } - - //close Database - ConfigurationDBUtils.closeSession(); - - date = new Date(); - } - - - private Properties getGeneralProperiesConfig(final String propPrefix) { - Properties configProp = new Properties(); - for (Object key : props.keySet()) { - if (key.toString().startsWith(propPrefix)) { - String propertyName = key.toString().substring(propPrefix.length()); - configProp.put(propertyName, props.get(key.toString())); - } - } - return configProp; - } - - public Properties getGeneralPVP2ProperiesConfig() { - return this.getGeneralProperiesConfig("protocols.pvp2."); - } - - public Properties getGeneralOAuth20ProperiesConfig() { - return this.getGeneralProperiesConfig("protocols.oauth20."); - } - - public ProtocolAllowed getAllowedProtocols() { - return allowedProtcols; - } - - public PVP2 getGeneralPVP2DBConfig() { - return pvp2general; - } - - public TimeOuts getTimeOuts() throws ConfigurationException { - return timeouts; - } - - public String getAlternativeSourceID() throws ConfigurationException { - return alternativesourceid; - } - - public List<String> getLegacyAllowedProtocols() { - return legacyallowedprotocols; - } - - - /** - * Provides configuration information regarding the online application behind - * the given URL, relevant to the MOA-ID Auth component. - * - * @param oaURL URL requested for an online application - * @return an <code>OAAuthParameter</code>, or <code>null</code> - * if none is applicable - */ - public OAAuthParameter getOnlineApplicationParameter(String oaURL) { - - OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(oaURL); - - if (oa == null) { - Logger.warn("Online application with identifier " + oaURL + " is not found."); - return null; - } - - return new OAAuthParameter(oa); - } - - - /** - * Return a string with a url-reference to the VerifyAuthBlock trust - * profile id within the moa-sp part of the authentication component - * - * @return String with a url-reference to the VerifyAuthBlock trust profile ID - * @throws ConfigurationException - */ - public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException { - return verifyidl.getTrustProfileID(); - } - - /** - * Return a string array with references to all verify transform info - * IDs within the moa-sp part of the authentication component - * @return A string array containing all urls to the - * verify transform info IDs - * @throws ConfigurationException - */ - public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { - return verifyidl.getVerifyTransformsInfoProfileID(); - } - - /** - * Return a ConnectionParameter bean containing all information - * of the authentication component moa-sp element - * @return ConnectionParameter of the authentication component moa-sp element - * @throws ConfigurationException - */ - public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException { - return MoaSpConnectionParameter; - } - - /** - * Return a ConnectionParameter bean containing all information - * of the authentication component foreigid element - * @return ConnectionParameter of the authentication component foreignid element - * @throws ConfigurationException - */ - public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException { - return ForeignIDConnectionParameter; - } - - /** - * Return a ConnectionParameter bean containing all information - * of the authentication component OnlineMandates element - * @return ConnectionParameter of the authentication component OnlineMandates element - * @throws ConfigurationException - */ - public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException { - return OnlineMandatesConnectionParameter; - } - - /** - * Return a string with a url-reference to the VerifyIdentityLink trust - * profile id within the moa-sp part of the authentication component - * @return String with a url-reference to the VerifyIdentityLink trust profile ID - * @throws ConfigurationException - */ - public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException { - return MoaSpIdentityLinkTrustProfileID; - } - - /** - * Returns the transformsInfos. - * @return String[] - * @throws ConfigurationException - */ - public List<String> getTransformsInfos() throws ConfigurationException { - return TransformsInfos; - } - - /** - * Returns the identityLinkX509SubjectNames. - * @return List - * @throws ConfigurationException - */ - public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException { - return IdentityLinkX509SubjectNames; - } - - public List<String> getSLRequestTemplates() throws ConfigurationException { - return new ArrayList<String>(SLRequestTemplates.values()); - } - - public String getSLRequestTemplates(String type) throws ConfigurationException { - String el = SLRequestTemplates.get(type); - if (MiscUtil.isNotEmpty(el)) - return el; - else { - Logger.warn("getSLRequestTemplates: BKU Type does not match: " - + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); - return null; - } - } - - public List<String> getDefaultBKUURLs() throws ConfigurationException { - return new ArrayList<String>(DefaultBKUURLs.values()); - } - - public String getDefaultBKUURL(String type) throws ConfigurationException { - String el = DefaultBKUURLs.get(type); - if (MiscUtil.isNotEmpty(el)) - return el; - else { - Logger.warn("getSLRequestTemplates: BKU Type does not match: " - + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); - return null; - } - } - -// public boolean isSSOBusinessService() throws ConfigurationException { +///******************************************************************************* +// * Copyright 2014 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// ******************************************************************************/ +///* +// * Copyright 2003 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// */ +// +// +//package at.gv.egovernment.moa.id.config.auth; +// +//import java.io.File; +//import java.io.FileInputStream; +//import java.io.FileNotFoundException; +//import java.io.IOException; +//import java.math.BigInteger; +//import java.net.MalformedURLException; +//import java.util.ArrayList; +//import java.util.Arrays; +//import java.util.Date; +//import java.util.HashMap; +//import java.util.List; +//import java.util.Map; +//import java.util.Properties; +// +//import javax.xml.bind.JAXBContext; +//import javax.xml.bind.Unmarshaller; +// +//import org.hibernate.cfg.Configuration; +// +//import at.gv.egovernment.moa.id.auth.AuthenticationServer; +//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +//import at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask; +//import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +//import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +//import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +//import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +//import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; +//import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; +//import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; +//import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; +//import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; +//import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; +//import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +//import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; +//import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; +//import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +//import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; +//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; +//import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; +//import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; +//import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +//import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; +//import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; +//import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; +//import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; +//import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; +//import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; +//import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; +//import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +//import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +//import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore; +//import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; +//import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +//import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; +//import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; +//import at.gv.egovernment.moa.id.config.ConfigurationException; +//import at.gv.egovernment.moa.id.config.ConfigurationProvider; +//import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl; +//import at.gv.egovernment.moa.id.config.ConfigurationUtils; +//import at.gv.egovernment.moa.id.config.ConnectionParameter; +//import at.gv.egovernment.moa.id.config.ConnectionParameterForeign; +//import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; +//import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; +//import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed; +//import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; +//import at.gv.egovernment.moa.id.config.stork.STORKConfig; +//import at.gv.egovernment.moa.id.data.IssuerAndSerial; +//import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore; +//import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; +//import at.gv.egovernment.moa.logging.Logger; +//import at.gv.egovernment.moa.util.MiscUtil; +//import at.gv.util.config.EgovUtilPropertiesConfiguration; +// +//import com.fasterxml.jackson.annotation.JsonIgnore; +//import com.fasterxml.jackson.annotation.JsonProperty; +// +///** +// * A class providing access to the Auth Part of the MOA-ID configuration data. +// * +// * <p>Configuration data is read from an XML file, whose location is given by +// * the <code>moa.id.configuration</code> system property.</p> +// * <p>This class implements the Singleton pattern. The <code>reload()</code> +// * method can be used to update the configuration data. Therefore, it is not +// * guaranteed that consecutive calls to <code>getInstance()</code> will return +// * the same <code>AuthConfigurationProvider</code> all the time. During the +// * processing of a web service request, the current +// * <code>TransactionContext</code> should be used to obtain the +// * <code>AuthConfigurationProvider</code> local to that request.</p> +// * +// * @author Patrick Peck +// * @author Stefan Knirsch +// * +// * @version $Id$ +// * +// *@deprecated Use {@link AuthConfigProviderFactory} instead +// */ +//public class AuthConfigurationProvider extends ConfigurationProviderImpl implements AuthConfiguration { +// +//// /** DEFAULT_ENCODING is "UTF-8" */ +//// private static final String DEFAULT_ENCODING="UTF-8"; +// /** +// * The name of the generic configuration property giving the authentication session time out. +// */ +// public static final String AUTH_SESSION_TIMEOUT_PROPERTY = +// "AuthenticationSession.TimeOut"; +// /** +// * The name of the generic configuration property giving the authentication data time out. +// */ +// public static final String AUTH_DATA_TIMEOUT_PROPERTY = +// "AuthenticationData.TimeOut"; +// +// /** +// * BKUSelectionType HTMLComplete, according to schema type <code>BKUSelectionType</code> +// */ +// public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE = +// "HTMLComplete"; +// +// /** +// * BKUSelectionType HTMLSelect, according to schema type <code>BKUSelectionType</code> +// */ +// public static final String BKU_SELECTION_TYPE_HTMLSELECT = +// "HTMLSelect"; +// +// /** +// * The name of the generic configuration property allowing https connection to +// * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets) +// */ +// public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY = +// "FrontendServlets.EnableHTTPConnection"; +// +// /** +// * The name of the generic configuration property allowing to set a individual +// * DATA URL used to communicate with the BKU (SecurityLayer) +// */ +// public static final String INDIVIDUAL_DATA_URL_PREFIX = +// "FrontendServlets.DataURLPrefix"; +// +// /** Singleton instance. <code>null</code>, if none has been created. */ +// private static AuthConfigurationProvider instance; +// +// // +// // configuration data +// // +// private static MOAIDConfiguration moaidconfig = null; +// +// private static Properties props = null; +// +// private static STORKConfig storkconfig = null; +// +// private static TimeOuts timeouts = null; +// +// private static PVP2 pvp2general = null; +// +// private static String alternativesourceid = null; +// +// private static List<String> legacyallowedprotocols = new ArrayList<String>(); +// private static ProtocolAllowed allowedProtcols = null; +// +// private static VerifyAuthBlock verifyidl = null; +// +// private static ConnectionParameter MoaSpConnectionParameter = null; +// private static ConnectionParameter ForeignIDConnectionParameter = null; +// private static ConnectionParameter OnlineMandatesConnectionParameter = null; +// +// private static String MoaSpIdentityLinkTrustProfileID = null; +// +// private static List<String> TransformsInfos = null; +// private static List<String> IdentityLinkX509SubjectNames = new ArrayList<String>(); +// +// private static Map<String, String> SLRequestTemplates = new HashMap<String, String>(); +// private static Map<String, String> DefaultBKUURLs = new HashMap<String, String>(); +// +// private static SSO ssoconfig = null; +// +// private EgovUtilPropertiesConfiguration eGovUtilsConfig = null; +// +// private static Date date = null; +// +// private String publicURLPreFix = null; +// +// /** +// * Return the single instance of configuration data. +// * +// * @return AuthConfigurationProvider The current configuration data. +// * @throws ConfigurationException +// */ +// public static synchronized AuthConfigurationProvider getInstance() +// throws ConfigurationException { +// +// if (instance == null) { +// reload(); +// } +// return instance; +// } +// +// public static Date getTimeStamp() { +// return date; +// } +// +// /** +// * Reload the configuration data and set it if successful. +// * +// * @return AuthConfigurationProvider The loaded configuration data. +// * @throws ConfigurationException Failure to load the configuration data. +// */ +// public static synchronized AuthConfigurationProvider reload() +// throws ConfigurationException { +// String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); +// if (fileName == null) { +// throw new ConfigurationException("config.01", null); +// } +// Logger.info("Loading MOA-ID-AUTH configuration " + fileName); +// +// instance = new AuthConfigurationProvider(fileName); +// return instance; +// } +// +// +// /** +// * Constructor for AuthConfigurationProvider. +// * @param fileName +// * @throws ConfigurationException +// */ +// public AuthConfigurationProvider(String fileName) +// throws ConfigurationException { +// +// load(fileName); +// } +// +// /** +// * Protected constructor. Used by unit tests. +// */ +// protected AuthConfigurationProvider() { +// } +// +// /** +// * Load the configuration data from XML file with the given name and build +// * the internal data structures representing the MOA ID configuration. +// * +// * @param fileName The name of the XML file to load. +// * @throws ConfigurationException The MOA configuration could not be +// * read/built. +// */ +// private void load(String fileName) throws ConfigurationException { +// +// try { +// //Initial Hibernate Framework +// Logger.trace("Initializing Hibernate framework."); +// +// //Load MOAID-2.0 properties file +// File propertiesFile = new File(fileName); +// FileInputStream fis = null; +// props = new Properties(); +// +// // determine the directory of the root config file +// rootConfigFileDir = new File(fileName).getParent(); +// +// try { +// rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); +// +// } catch (MalformedURLException t) { +// throw new ConfigurationException("config.03", null, t); +// } +// +// try { +// fis = new FileInputStream(propertiesFile); +// props.load(fis); +// +// // read MOAID Session Hibernate properties +// Properties moaSessionProp = new Properties(); +// for (Object key : props.keySet()) { +// String propPrefix = "moasession."; +// if (key.toString().startsWith(propPrefix+"hibernate")) { +// String propertyName = key.toString().substring(propPrefix.length()); +// moaSessionProp.put(propertyName, props.get(key.toString())); +// } +// } +// +// // read Config Hibernate properties +// Properties configProp = new Properties(); +// for (Object key : props.keySet()) { +// String propPrefix = "configuration."; +// if (key.toString().startsWith(propPrefix+"hibernate")) { +// String propertyName = key.toString().substring(propPrefix.length()); +// configProp.put(propertyName, props.get(key.toString())); +// } +// } +// +// // read advanced logging properties +// Properties statisticProps = new Properties(); +// for (Object key : props.keySet()) { +// String propPrefix = "advancedlogging."; +// if (key.toString().startsWith(propPrefix+"hibernate")) { +// String propertyName = key.toString().substring(propPrefix.length()); +// statisticProps.put(propertyName, props.get(key.toString())); +// } +// } +// +// // initialize hibernate +// synchronized (AuthConfigurationProvider.class) { +// +// //Initial config Database +// // ConfigurationDBUtils.initHibernate(configProp); +// +// //initial MOAID Session Database +// Configuration config = new Configuration(); +// config.addAnnotatedClass(AssertionStore.class); +// config.addAnnotatedClass(AuthenticatedSessionStore.class); +// config.addAnnotatedClass(OASessionStore.class); +// config.addAnnotatedClass(OldSSOSessionIDStore.class); +// config.addAnnotatedClass(ExceptionStore.class); +// config.addAnnotatedClass(InterfederationSessionStore.class); +// config.addAnnotatedClass(ProcessInstanceStore.class); +// config.addProperties(moaSessionProp); +// MOASessionDBUtils.initHibernate(config, moaSessionProp); +// +// //initial advanced logging +// if (isAdvancedLoggingActive()) { +// Logger.info("Advanced statistic log is activated, starting initialization process ..."); +// Configuration statisticconfig = new Configuration(); +// statisticconfig.addAnnotatedClass(StatisticLog.class); +// statisticconfig.addProperties(statisticProps); +// StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps); +// Logger.info("Advanced statistic log is initialized."); +// } +// +// } +// Logger.trace("Hibernate initialization finished."); +// +// } catch (FileNotFoundException e) { +// throw new ConfigurationException("config.03", null, e); +// +// } catch (IOException e) { +// throw new ConfigurationException("config.03", null, e); +// +// } catch (ExceptionInInitializerError e) { +// throw new ConfigurationException("config.17", null, e); +// +// } finally { +// if (fis != null) +// fis.close(); +// +// } +// +// +// //Initialize OpenSAML for STORK +// Logger.info("Starting initialization of OpenSAML..."); +// MOADefaultBootstrap.bootstrap(); +// //DefaultBootstrap.bootstrap(); +// Logger.debug("OpenSAML successfully initialized"); +// +// +// String legacyconfig = props.getProperty("configuration.xml.legacy"); +// String xmlconfig = props.getProperty("configuration.xml"); +//// String xmlconfigout = props.getProperty("configuration.xml.out"); +// +// +// //configure eGovUtils client implementations +// +// //read eGovUtils client configuration +// Properties eGovUtilsConfigProp = new Properties(); +// for (Object key : props.keySet()) { +// String propPrefix = "service."; +// if (key.toString().startsWith(propPrefix+"egovutil")) { +// String propertyName = key.toString().substring(propPrefix.length()); +// eGovUtilsConfigProp.put(propertyName, props.get(key.toString())); +// } +// } +// if (!eGovUtilsConfigProp.isEmpty()) { +// Logger.info("Start eGovUtils client implementation configuration ..."); +// eGovUtilsConfig = +// new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, rootConfigFileDir); +// } +// +// +// //TODO: removed in MOA-ID 3.x +//// //check if XML config should be used +//// if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) { +//// Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); +//// //moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); +//// moaidconfig = NewConfigurationDBRead.getMOAIDConfiguration(); +//// if (moaidconfig.getAuthComponentGeneral()!= null || moaidconfig.getChainingModes() != null || moaidconfig.getTrustedCACertificates() != null || moaidconfig.getDefaultBKUs() != null +//// || moaidconfig.getSLRequestTemplates() != null || moaidconfig.getTimestampItem() != null || moaidconfig.getPvp2RefreshItem() != null) { +//// +//// // ConfigurationDBUtils.delete(moaidconfig); +//// for(String key : MOAIDConfigurationConstants.getMOAIDConfigurationKeys()){ +//// NewConfigurationDBWrite.delete(key); +//// } +//// } +//// +//// +//// //List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications(); +//// List<OnlineApplication> oas = NewConfigurationDBRead.getAllOnlineApplications(); +//// if (oas != null && oas.size() > 0) { +//// // for (OnlineApplication oa : oas) +//// // ConfigurationDBUtils.delete(oa); +//// NewConfigurationDBWrite.delete(MOAIDConfigurationConstants.ONLINE_APPLICATIONS_KEY); +//// } +//// } +//// +//// //load legacy config if it is configured +//// if (MiscUtil.isNotEmpty(legacyconfig)) { +//// Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!"); +//// +//// MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir, null); +//// +//// List<OnlineApplication> oas = moaconfig.getOnlineApplication(); +//// // for (OnlineApplication oa : oas) +//// // ConfigurationDBUtils.save(oa); +//// NewConfigurationDBWrite.saveOnlineApplications(oas); +//// +//// moaconfig.setOnlineApplication(null); +//// // ConfigurationDBUtils.save(moaconfig); +//// NewConfigurationDBWrite.save(moaconfig); +//// +//// Logger.info("Legacy Configuration load is completed."); +//// +//// +//// } +//// +//// //load MOA-ID 2.x config from XML +//// if (MiscUtil.isNotEmpty(xmlconfig)) { +//// Logger.warn("Load configuration from MOA-ID 2.x XML configuration"); +//// +//// try { +//// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); +//// Unmarshaller m = jc.createUnmarshaller(); +//// File file = new File(xmlconfig); +//// MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file); +//// //ConfigurationDBUtils.save(moaconfig); +//// +//// List<OnlineApplication> importoas = moaconfig.getOnlineApplication(); +//// // for (OnlineApplication importoa : importoas) { +//// // ConfigurationDBUtils.saveOrUpdate(importoa); +//// // } +//// +//// NewConfigurationDBWrite.saveOnlineApplications(importoas); +//// +//// moaconfig.setOnlineApplication(null); +//// //ConfigurationDBUtils.saveOrUpdate(moaconfig); +//// NewConfigurationDBWrite.save(moaconfig); +//// +//// } catch (Exception e) { +//// Logger.warn("MOA-ID XML configuration can not be loaded from File.", e); +//// throw new ConfigurationException("config.02", null); +//// } +//// Logger.info("XML Configuration load is completed."); +//// } +// +// reloadDataBaseConfig(); +// +// +// } catch (Throwable t) { +// throw new ConfigurationException("config.02", null, t); +// } +// } +// +// protected MOAIDConfiguration loadDataBaseConfig() { +// return ConfigurationDBRead.getMOAIDConfiguration(); +// } +// +// public synchronized void reloadDataBaseConfig() throws ConfigurationException { +// +// Logger.info("Read MOA-ID 2.0 configuration from database."); +// moaidconfig = loadDataBaseConfig(); +// Logger.info("MOA-ID 2.0 is loaded."); +// +// if (moaidconfig == null) { +// Logger.warn("NO MOA-ID configuration found."); +// throw new ConfigurationException("config.18", null); +// } +// +// //build STORK Config +// AuthComponentGeneral auth = getAuthComponentGeneral(); +// ForeignIdentities foreign = auth.getForeignIdentities(); +// if (foreign == null ) { +// Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); +// } else +// storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir); +// +// //load Chaining modes +// ChainingModes cm = moaidconfig.getChainingModes(); +// if (cm != null) { +// defaultChainingMode = cm.getSystemDefaultMode().value(); +// +// List<TrustAnchor> tas = cm.getTrustAnchor(); +// +// chainingModes = new HashMap<IssuerAndSerial, String>(); +// for (TrustAnchor ta : tas) { +// IssuerAndSerial is = new IssuerAndSerial(ta.getX509IssuerName(), ta.getX509SerialNumber()); +// chainingModes.put(is, ta.getMode().value()); +// } +// } else { +// Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found."); +// throw new ConfigurationException("config.02", null); +// } +// +// //set Trusted CA certs directory +// trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates(); +// +// //set CertStoreDirectory +// setCertStoreDirectory(); +// +// //set TrustManagerRevocationChecking +// setTrustManagerRevocationChecking(); +// +// //set default timeouts +// timeouts = new TimeOuts(); +// timeouts.setAssertion(new BigInteger("300")); +// timeouts.setMOASessionCreated(new BigInteger("2700")); +// timeouts.setMOASessionUpdated(new BigInteger("1200")); +// +// //search timeouts in config +// if (auth.getGeneralConfiguration() != null) { +// if (auth.getGeneralConfiguration().getTimeOuts() != null) { +// if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() != null) +// timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion()); +// +// if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() != null) +// timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated()); +// +// if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() != null) +// timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated()); +// +// } else { +// Logger.info("No TimeOuts defined. Use default values"); +// } +// } +// +// // sets the authentication session and authentication data time outs +// AuthenticationServer.getInstance() +// .setSecondsSessionTimeOutCreated(timeouts.getMOASessionCreated().longValue()); +// +// AuthenticationServer.getInstance() +// .setSecondsSessionTimeOutUpdated(timeouts.getMOASessionUpdated().longValue()); +// +// AuthenticationServer.getInstance() +// .setSecondsAuthDataTimeOut(timeouts.getAssertion().longValue()); +// +// +// +// //set PVP2 general config +// Protocols protocols = auth.getProtocols(); +// if (protocols != null) { +// +// allowedProtcols = new ProtocolAllowed(); +// +// if (protocols.getSAML1() != null) { +// allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive()); +// +// //load alternative sourceID +// if (MiscUtil.isNotEmpty(protocols.getSAML1().getSourceID())) +// alternativesourceid = protocols.getSAML1().getSourceID(); +// +// } +// +// if (protocols.getOAuth() != null) { +// allowedProtcols.setOAUTHActive(protocols.getOAuth().isIsActive()); +// } +// +// if (protocols.getPVP2() != null) { +// PVP2 el = protocols.getPVP2(); +// +// allowedProtcols.setPVP21Active(el.isIsActive()); +// +// pvp2general = new PVP2(); +// pvp2general.setIssuerName(el.getIssuerName()); +// pvp2general.setPublicURLPrefix(el.getPublicURLPrefix()); +// +// if (el.getOrganization() != null) { +// Organization org = new Organization(); +// pvp2general.setOrganization(org); +// org.setDisplayName(el.getOrganization().getDisplayName()); +// org.setName(el.getOrganization().getName()); +// org.setURL(el.getOrganization().getURL()); +// } +// +// if (el.getContact() != null) { +// List<Contact> cont = new ArrayList<Contact>(); +// pvp2general.setContact(cont); +// for (Contact e : el.getContact()) { +// Contact c = new Contact(); +// c.setCompany(e.getCompany()); +// c.setGivenName(e.getGivenName()); +// c.getMail().addAll(e.getMail()); +// c.getPhone().addAll(e.getPhone()); +// c.setSurName(e.getSurName()); +// c.setType(e.getType()); +// cont.add(c); +// } +// } +// } +// } else { +// Logger.warn("Error in MOA-ID Configuration. No general Protcol configuration found."); +// } +// +// //set alternativeSourceID +// if (auth.getGeneralConfiguration() != null) { +// +// //TODO: can be removed in a further version, because it is moved to SAML1 config +// if (MiscUtil.isEmpty(alternativesourceid)) +// alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID(); +// +// if (MiscUtil.isNotEmpty(auth.getGeneralConfiguration().getPublicURLPreFix())) +// publicURLPreFix = auth.getGeneralConfiguration().getPublicURLPreFix(); +// +// else { +// Logger.error("No Public URL Prefix configured."); +// throw new ConfigurationException("config.05", new Object[]{"Public URL Prefix"}); +// } +// +// } else { +// Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined."); +// throw new ConfigurationException("config.02", null); +// } +// +// //set LegacyAllowedProtocols +// try { +// if (auth.getProtocols() != null) { +// Protocols procols = auth.getProtocols(); +// if (procols.getLegacyAllowed() != null) { +// LegacyAllowed legacy = procols.getLegacyAllowed(); +// legacyallowedprotocols = new ArrayList<String>(legacy.getProtocolName()); +// } +// } +// } catch (Exception e) { +// Logger.info("No protocols found with legacy allowed flag!"); +// } +// +// //set VerifyAuthBlockConfig +// MOASP moasp = getMOASPConfig(auth); +// +// VerifyAuthBlock el = moasp.getVerifyAuthBlock(); +// if (el != null) { +// verifyidl = new VerifyAuthBlock(); +// verifyidl.setTrustProfileID(el.getTrustProfileID()); +// verifyidl.setVerifyTransformsInfoProfileID(new ArrayList<String>(el.getVerifyTransformsInfoProfileID())); +// } +// else { +// Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation."); +// throw new ConfigurationException("config.02", null); +// } +// +// //set MOASP connection parameters +// if (moasp.getConnectionParameter() != null) +// MoaSpConnectionParameter = new ConnectionParameterMOASP(moasp.getConnectionParameter(), props, this.rootConfigFileDir); +// else +// MoaSpConnectionParameter = null; +// +// //set ForeignIDConnectionParameters +// if (foreign != null) { +// ForeignIDConnectionParameter = new ConnectionParameterForeign(foreign.getConnectionParameter(), props, this.rootConfigFileDir); +// } else { +// Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found"); +// } +// +// //set OnlineMandateConnectionParameters +// OnlineMandates ovs = auth.getOnlineMandates(); +// if (ovs != null) { +// OnlineMandatesConnectionParameter = new ConnectionParameterMandate(ovs.getConnectionParameter(), props, this.rootConfigFileDir); +// +// } else { +// Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to OVS Service found"); +// } +// +// //set MOASP IdentityLink Trust-ProfileID +// VerifyIdentityLink verifyidl = moasp.getVerifyIdentityLink(); +// if (verifyidl != null) +// MoaSpIdentityLinkTrustProfileID = verifyidl.getTrustProfileID(); +// else { +// Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation."); +// throw new ConfigurationException("config.02", null); +// } +// +// //set SL transformation infos +// SecurityLayer seclayer = auth.getSecurityLayer(); +// if (seclayer == null) { +// Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found"); +// throw new ConfigurationException("config.02", null); +// } else { +// TransformsInfos = ConfigurationUtils.getTransformInfos(seclayer.getTransformsInfo()); +// +// if (TransformsInfos == null || TransformsInfos.size() == 0) { +// Logger.error("No Security-Layer Transformation found."); +// throw new ConfigurationException("config.05", new Object[]{"Security-Layer Transformation"}); +// } +// +// } +// +// //set IdentityLinkSignerSubjectNames +// IdentityLinkX509SubjectNames = new ArrayList<String>(); +// IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners(); +// if (idlsigners != null) { +// Logger.debug("Load own IdentityLinkX509SubjectNames"); +// IdentityLinkX509SubjectNames.addAll(new ArrayList<String>(idlsigners.getX509SubjectName())); +// } +// +// // now add the default identity link signers +// String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID; +// for (int i=0; i<identityLinkSignersWithoutOID.length; i++) { +// String identityLinkSigner = identityLinkSignersWithoutOID[i]; +// if (!IdentityLinkX509SubjectNames.contains(identityLinkSigner)) { +// IdentityLinkX509SubjectNames.add(identityLinkSigner); +// } +// } +// +// //set SLRequestTemplates +// SLRequestTemplates templ = moaidconfig.getSLRequestTemplates(); +// if (templ == null) { +// Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found"); +// throw new ConfigurationException("config.02", null); +// } else { +// SLRequestTemplates.put(IOAAuthParameters.ONLINEBKU, templ.getOnlineBKU()); +// SLRequestTemplates.put(IOAAuthParameters.LOCALBKU, templ.getLocalBKU()); +// SLRequestTemplates.put(IOAAuthParameters.HANDYBKU, templ.getHandyBKU()); +// } +// +// //set Default BKU URLS +// DefaultBKUs bkuuls = moaidconfig.getDefaultBKUs(); +// if (bkuuls != null) { +// DefaultBKUURLs.put(IOAAuthParameters.ONLINEBKU, bkuuls.getOnlineBKU()); +// DefaultBKUURLs.put(IOAAuthParameters.LOCALBKU, bkuuls.getLocalBKU()); +// DefaultBKUURLs.put(IOAAuthParameters.HANDYBKU, bkuuls.getHandyBKU()); +// } +// +// //set SSO Config +// if (auth.getSSO()!= null) { +// ssoconfig = new SSO(); +// ssoconfig.setFriendlyName(auth.getSSO().getFriendlyName()); +// ssoconfig.setPublicURL(auth.getSSO().getPublicURL()); +// ssoconfig.setSpecialText(auth.getSSO().getSpecialText()); +// ssoconfig.setTarget(auth.getSSO().getTarget()); +// +// if (auth.getSSO().getIdentificationNumber() != null) { +// IdentificationNumber value = new IdentificationNumber(); +// value.setType(auth.getSSO().getIdentificationNumber().getType()); +// value.setValue(auth.getSSO().getIdentificationNumber().getValue()); +// ssoconfig.setIdentificationNumber(value); +// } +// } else { +// Logger.warn("Error in MOA-ID Configuration. No Single Sign-On Config found"); +// } +// +// //close Database +// // ConfigurationDBUtils.closeSession(); +// +// date = new Date(); +// } +// +// +// private Properties getGeneralProperiesConfig(final String propPrefix) { +// Properties configProp = new Properties(); +// for (Object key : props.keySet()) { +// if (key.toString().startsWith(propPrefix)) { +// String propertyName = key.toString().substring(propPrefix.length()); +// configProp.put(propertyName, props.get(key.toString())); +// } +// } +// return configProp; +// } +// +// public Properties getGeneralPVP2ProperiesConfig() { +// return this.getGeneralProperiesConfig("protocols.pvp2."); +// } +// +// public Properties getGeneralOAuth20ProperiesConfig() { +// return this.getGeneralProperiesConfig("protocols.oauth20."); +// } +// +// public ProtocolAllowed getAllowedProtocols() { +// return allowedProtcols; +// } +// +// public PVP2 getGeneralPVP2DBConfig() { +// return pvp2general; +// } +// +// public TimeOuts getTimeOuts() throws ConfigurationException { +// return timeouts; +// } +// +// public String getAlternativeSourceID() throws ConfigurationException { +// return alternativesourceid; +// } +// +// public List<String> getLegacyAllowedProtocols() { +// return legacyallowedprotocols; +// } +// +// +// /** +// * Provides configuration information regarding the online application behind +// * the given URL, relevant to the MOA-ID Auth component. +// * +// * @param oaURL URL requested for an online application +// * @return an <code>OAAuthParameter</code>, or <code>null</code> +// * if none is applicable +// */ +// public OAAuthParameter getOnlineApplicationParameter(String oaURL) { +// +// OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(oaURL); // -// if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null) -// return true; -// else -// return false; +// if (oa == null) { +// Logger.warn("Online application with identifier " + oaURL + " is not found."); +// return null; +// } +// +// return new OAAuthParameter(oa); +// } +// +// +// /** +// * Return a string with a url-reference to the VerifyAuthBlock trust +// * profile id within the moa-sp part of the authentication component +// * +// * @return String with a url-reference to the VerifyAuthBlock trust profile ID +// * @throws ConfigurationException +// */ +// public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException { +// return verifyidl.getTrustProfileID(); +// } +// +// /** +// * Return a string array with references to all verify transform info +// * IDs within the moa-sp part of the authentication component +// * @return A string array containing all urls to the +// * verify transform info IDs +// * @throws ConfigurationException +// */ +// public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { +// return verifyidl.getVerifyTransformsInfoProfileID(); +// } +// +// /** +// * Return a ConnectionParameter bean containing all information +// * of the authentication component moa-sp element +// * @return ConnectionParameter of the authentication component moa-sp element +// * @throws ConfigurationException +// */ +// public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException { +// return MoaSpConnectionParameter; +// } +// +// /** +// * Return a ConnectionParameter bean containing all information +// * of the authentication component foreigid element +// * @return ConnectionParameter of the authentication component foreignid element +// * @throws ConfigurationException +// */ +// public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException { +// return ForeignIDConnectionParameter; +// } +// +// /** +// * Return a ConnectionParameter bean containing all information +// * of the authentication component OnlineMandates element +// * @return ConnectionParameter of the authentication component OnlineMandates element +// * @throws ConfigurationException +// */ +// public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException { +// return OnlineMandatesConnectionParameter; +// } +// +// /** +// * Return a string with a url-reference to the VerifyIdentityLink trust +// * profile id within the moa-sp part of the authentication component +// * @return String with a url-reference to the VerifyIdentityLink trust profile ID +// * @throws ConfigurationException +// */ +// public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException { +// return MoaSpIdentityLinkTrustProfileID; +// } +// +// /** +// * Returns the transformsInfos. +// * @return String[] +// * @throws ConfigurationException +// */ +// public List<String> getTransformsInfos() throws ConfigurationException { +// return TransformsInfos; +// } +// +// /** +// * Returns the identityLinkX509SubjectNames. +// * @return List +// * @throws ConfigurationException +// */ +// public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException { +// return IdentityLinkX509SubjectNames; +// } +// +// public List<String> getSLRequestTemplates() throws ConfigurationException { +// return new ArrayList<String>(SLRequestTemplates.values()); +// } +// +// public String getSLRequestTemplates(String type) throws ConfigurationException { +// String el = SLRequestTemplates.get(type); +// if (MiscUtil.isNotEmpty(el)) +// return el; +// else { +// Logger.warn("getSLRequestTemplates: BKU Type does not match: " +// + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); +// return null; +// } +// } +// +// public List<String> getDefaultBKUURLs() throws ConfigurationException { +// return new ArrayList<String>(DefaultBKUURLs.values()); +// } +// +// public String getDefaultBKUURL(String type) throws ConfigurationException { +// String el = DefaultBKUURLs.get(type); +// if (MiscUtil.isNotEmpty(el)) +// return el; +// else { +// Logger.warn("getSLRequestTemplates: BKU Type does not match: " +// + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); +// return null; +// } // } - - public String getSSOTagetIdentifier() throws ConfigurationException { - if (ssoconfig != null) - return ssoconfig.getTarget(); - else - return null; - } - -// public String getSSOTarget() throws ConfigurationException { -// if (ssoconfig!= null) +// +//// public boolean isSSOBusinessService() throws ConfigurationException { +//// +//// if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null) +//// return true; +//// else +//// return false; +//// } +// +// public String getSSOTagetIdentifier() throws ConfigurationException { +// if (ssoconfig != null) // return ssoconfig.getTarget(); +// else +// return null; +// } +// +//// public String getSSOTarget() throws ConfigurationException { +//// if (ssoconfig!= null) +//// return ssoconfig.getTarget(); +//// +//// return null; +//// } +// +// public String getSSOFriendlyName() { +// if (ssoconfig!= null) { +// if (MiscUtil.isNotEmpty(ssoconfig.getFriendlyName())) +// return ssoconfig.getFriendlyName(); +// } +// +// return "Default MOA-ID friendly name for SSO"; +// } +// +// public String getSSOSpecialText() { +// if (ssoconfig!= null) { +// String text = ssoconfig.getSpecialText(); +// if (MiscUtil.isEmpty(text)) +// text = new String(); +// +// return text; +// } +// return new String(); +// } +// +// public String getMOASessionEncryptionKey() { +// +// String prop = props.getProperty("configuration.moasession.key"); +// if (MiscUtil.isEmpty(prop)) +// return null; +// else +// return prop; +// } +// +// /** +// * @return +// */ +// public String getMOAConfigurationEncryptionKey() { +// String prop = props.getProperty("configuration.moaconfig.key"); +// if (MiscUtil.isEmpty(prop)) +// return null; +// else +// return prop; +// } +// +// public boolean isIdentityLinkResigning() { +// String prop = props.getProperty("configuration.resignidentitylink.active", "false"); +// return Boolean.valueOf(prop); +// } +// +// public String getIdentityLinkResigningKey() { +// String prop = props.getProperty("configuration.resignidentitylink.keygroup"); +// if (MiscUtil.isNotEmpty(prop)) +// return prop; +// else +// return null; +// } +// +// /** +// * Checks if is fakeIdL is activated. +// * +// * @return true, if fake IdLs are available for stork +// */ +// public boolean isStorkFakeIdLActive() { +// String prop = props.getProperty("stork.fakeIdL.active", "false"); +// return Boolean.valueOf(prop); +// } +// +// /** +// * Gets the countries which will receive a fake IdL +// * +// * @return the countries +// */ +// public List<String> getStorkFakeIdLCountries() { +// String prop = props.getProperty("stork.fakeIdL.countries", ""); +// return Arrays.asList(prop.replaceAll(" ", "").split(",")); +// } +// +// /** +// * Gets the resigning key (group) for the stork fake IdL. +// * +// * @return the resigning key +// */ +// public String getStorkFakeIdLResigningKey() { +// String prop = props.getProperty("stork.fakeIdL.keygroup"); +// if (MiscUtil.isNotEmpty(prop)) +// return prop; +// else +// return null; +// } +// +// /** +// * Gets the countries for which it is configured to require no signature +// * +// * @return the stork no signature countries +// */ +// public List<String> getStorkNoSignatureCountries() { +// String prop = props.getProperty("stork.fakeIdL.noSignatureCountries", ""); +// return Arrays.asList(prop.replaceAll(" ", "").split(",")); +// } +// +// @JsonProperty("isMonitoringActive") +// public boolean isMonitoringActive() { +// String prop = props.getProperty("configuration.monitoring.active", "false"); +// return Boolean.valueOf(prop); +// } +// +// public String getMonitoringTestIdentityLinkURL() { +// String prop = props.getProperty("configuration.monitoring.test.identitylink.url"); +// if (MiscUtil.isNotEmpty(prop)) +// return prop; +// else +// return null; +// } +// +// public String getMonitoringMessageSuccess() { +// String prop = props.getProperty("configuration.monitoring.message.success"); +// if (MiscUtil.isNotEmpty(prop)) +// return prop; +// else +// return null; +// } +// +// public boolean isAdvancedLoggingActive() { +// String prop = props.getProperty("configuration.advancedlogging.active", "false"); +// return Boolean.valueOf(prop); +// } +// +// public String getPublicURLPrefix() { +// return publicURLPreFix; +// } +// +// public boolean isPVP2AssertionEncryptionActive() { +// String prop = props.getProperty("protocols.pvp2.assertion.encryption.active", "true"); +// return Boolean.valueOf(prop); +// } +// +// public boolean isCertifiacteQCActive() { +// String prop = props.getProperty("configuration.validation.certificate.QC.ignore", "false"); +// return !Boolean.valueOf(prop); +// } +// +// +// //Load document service url from moa properties +// public String getDocumentServiceUrl() { +// String prop = props.getProperty("stork.documentservice.url", "false"); +// return prop; +// } +// +// +// public boolean isPVPSchemaValidationActive() { +// String prop = props.getProperty("protocols.pvp2.schemavalidation", "true"); +// return Boolean.valueOf(prop); +// } +// +// /** +// * Returns the STORK Configuration +// * @return STORK Configuration +// * @throws ConfigurationException +// */ +// public STORKConfig getStorkConfig() throws ConfigurationException { +// +// return storkconfig; +// } +// +// /** +// * @return the eGovUtilsConfig +// */ +//@JsonIgnore +//public EgovUtilPropertiesConfiguration geteGovUtilsConfig() { +// return eGovUtilsConfig; +//} +// +//private void setCertStoreDirectory() throws ConfigurationException { +// AuthComponentGeneral auth = getAuthComponentGeneral(); +// +// if (auth.getGeneralConfiguration() != null) +// certstoreDirectory = rootConfigFileDir + auth.getGeneralConfiguration().getCertStoreDirectory(); +// else { +// Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined."); +// throw new ConfigurationException("config.02", null); +// } +// } +// +// private void setTrustManagerRevocationChecking() throws ConfigurationException { +// AuthComponentGeneral auth = getAuthComponentGeneral(); +// +// if (auth.getGeneralConfiguration() != null && +// auth.getGeneralConfiguration().isTrustManagerRevocationChecking() != null) +// trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking(); +// else { +// Logger.warn("No TrustMangerRevoationChecking defined. Use default value = TRUE"); +// throw new ConfigurationException("config.02", null); +// } +// } +// +// private static AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException { +// AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral(); +// if (authgeneral == null) { +// Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found"); +// throw new ConfigurationException("config.02", null); +// } +// return authgeneral; +// } +// +// private static MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException { +// MOASP moasp = authgeneral.getMOASP(); // -// return null; +// if (moasp == null) { +// Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found"); +// throw new ConfigurationException("config.02", null); +// } +// return moasp; // } - - public String getSSOFriendlyName() { - if (ssoconfig!= null) { - if (MiscUtil.isNotEmpty(ssoconfig.getFriendlyName())) - return ssoconfig.getFriendlyName(); - } - - return "Default MOA-ID friendly name for SSO"; - } - - public String getSSOSpecialText() { - if (ssoconfig!= null) { - String text = ssoconfig.getSpecialText(); - if (MiscUtil.isEmpty(text)) - text = new String(); - - return text; - } - return new String(); - } - - public String getMOASessionEncryptionKey() { - - String prop = props.getProperty("configuration.moasession.key"); - if (MiscUtil.isEmpty(prop)) - return null; - else - return prop; - } - - /** - * @return - */ - public String getMOAConfigurationEncryptionKey() { - String prop = props.getProperty("configuration.moaconfig.key"); - if (MiscUtil.isEmpty(prop)) - return null; - else - return prop; - } - - public boolean isIdentityLinkResigning() { - String prop = props.getProperty("configuration.resignidentitylink.active", "false"); - return Boolean.valueOf(prop); - } - - public String getIdentityLinkResigningKey() { - String prop = props.getProperty("configuration.resignidentitylink.keygroup"); - if (MiscUtil.isNotEmpty(prop)) - return prop; - else - return null; - } - - /** - * Checks if is fakeIdL is activated. - * - * @return true, if fake IdLs are available for stork - */ - public boolean isStorkFakeIdLActive() { - String prop = props.getProperty("stork.fakeIdL.active", "false"); - return Boolean.valueOf(prop); - } - - /** - * Gets the countries which will receive a fake IdL - * - * @return the countries - */ - public List<String> getStorkFakeIdLCountries() { - String prop = props.getProperty("stork.fakeIdL.countries", ""); - return Arrays.asList(prop.replaceAll(" ", "").split(",")); - } - - /** - * Gets the resigning key (group) for the stork fake IdL. - * - * @return the resigning key - */ - public String getStorkFakeIdLResigningKey() { - String prop = props.getProperty("stork.fakeIdL.keygroup"); - if (MiscUtil.isNotEmpty(prop)) - return prop; - else - return null; - } - - /** - * Gets the countries for which it is configured to require no signature - * - * @return the stork no signature countries - */ - public List<String> getStorkNoSignatureCountries() { - String prop = props.getProperty("stork.fakeIdL.noSignatureCountries", ""); - return Arrays.asList(prop.replaceAll(" ", "").split(",")); - } - - public boolean isMonitoringActive() { - String prop = props.getProperty("configuration.monitoring.active", "false"); - return Boolean.valueOf(prop); - } - - public String getMonitoringTestIdentityLinkURL() { - String prop = props.getProperty("configuration.monitoring.test.identitylink.url"); - if (MiscUtil.isNotEmpty(prop)) - return prop; - else - return null; - } - - public String getMonitoringMessageSuccess() { - String prop = props.getProperty("configuration.monitoring.message.success"); - if (MiscUtil.isNotEmpty(prop)) - return prop; - else - return null; - } - - // allow http to be used in call, used in systems proxied on the same instance - public boolean isHTTPAuthAllowed() { - String prop = props.getProperty("configuration.localhttpallowed.active", "false"); - return Boolean.valueOf(prop); - } - - - public boolean isAdvancedLoggingActive() { - String prop = props.getProperty("configuration.advancedlogging.active", "false"); - return Boolean.valueOf(prop); - } - - public String getPublicURLPrefix() { - return publicURLPreFix; - } - - public boolean isPVP2AssertionEncryptionActive() { - String prop = props.getProperty("protocols.pvp2.assertion.encryption.active", "true"); - return Boolean.valueOf(prop); - } - - public boolean isCertifiacteQCActive() { - String prop = props.getProperty("configuration.validation.certificate.QC.ignore", "false"); - return !Boolean.valueOf(prop); - } - - - //Load document service url from moa properties - public String getDocumentServiceUrl() { - String prop = props.getProperty("stork.documentservice.url", "false"); - return prop; - } - - - public boolean isPVPSchemaValidationActive() { - String prop = props.getProperty("protocols.pvp2.schemavalidation", "true"); - return Boolean.valueOf(prop); - } - - /** - * Returns the STORK Configuration - * @return STORK Configuration - * @throws ConfigurationException - */ - public STORKConfig getStorkConfig() throws ConfigurationException { - - return storkconfig; - } - - /** - * @return the eGovUtilsConfig - */ -public EgovUtilPropertiesConfiguration geteGovUtilsConfig() { - return eGovUtilsConfig; -} - -private void setCertStoreDirectory() throws ConfigurationException { - AuthComponentGeneral auth = getAuthComponentGeneral(); - - if (auth.getGeneralConfiguration() != null) - certstoreDirectory = rootConfigFileDir + auth.getGeneralConfiguration().getCertStoreDirectory(); - else { - Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined."); - throw new ConfigurationException("config.02", null); - } - } - - private void setTrustManagerRevocationChecking() throws ConfigurationException { - AuthComponentGeneral auth = getAuthComponentGeneral(); - - if (auth.getGeneralConfiguration() != null && - auth.getGeneralConfiguration().isTrustManagerRevocationChecking() != null) - trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking(); - else { - Logger.warn("No TrustMangerRevoationChecking defined. Use default value = TRUE"); - throw new ConfigurationException("config.02", null); - } - } - - private static AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException { - AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral(); - if (authgeneral == null) { - Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found"); - throw new ConfigurationException("config.02", null); - } - return authgeneral; - } - - private static MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException { - MOASP moasp = authgeneral.getMOASP(); - - if (moasp == null) { - Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found"); - throw new ConfigurationException("config.02", null); - } - return moasp; - } - -} +// +///* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getConfigurationWithPrefix(java.lang.String) +// */ +//@Override +//public Properties getConfigurationWithPrefix(String Prefix) { +// // TODO Auto-generated method stub +// return null; +//} +// +///* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getConfigurationWithKey(java.lang.String) +// */ +//@Override +//public String getConfigurationWithKey(String key) { +// // TODO Auto-generated method stub +// return null; +//} +// +//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java new file mode 100644 index 000000000..38135b028 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java @@ -0,0 +1,74 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.auth; + +import java.net.URI; +import java.net.URISyntaxException; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class AuthConfigurationProviderFactory { + + /** Singleton instance. <code>null</code>, if none has been created. */ + private static AuthConfiguration instance = null;; + + + public static synchronized AuthConfiguration getInstance() + throws ConfigurationException { + + if (instance == null) { + reload(); + } + return instance; + } + + /** + * @return + * @throws ConfigurationException + */ + public static AuthConfiguration reload() throws ConfigurationException { + String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); + if (fileName == null) { + throw new ConfigurationException("config.01", null); + } + Logger.info("Loading MOA-ID-AUTH configuration " + fileName); + + try { + URI fileURI = new URI(fileName); + instance = new PropertyBasedAuthConfigurationProvider(fileURI); + + } catch (URISyntaxException e){ + Logger.error("MOA-ID-Auth configuration file does not starts with file:/ as prefix."); + throw new ConfigurationException("config24", new Object[]{MOAIDAuthConstants.FILE_URI_PREFIX, fileName}); + + } + return instance; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/ConfigurationToJSONConverter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/ConfigurationToJSONConverter.java new file mode 100644 index 000000000..e1c1ac49e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/ConfigurationToJSONConverter.java @@ -0,0 +1,155 @@ +//package at.gv.egovernment.moa.id.config.auth; +// +//import java.beans.IntrospectionException; +//import java.beans.Introspector; +//import java.beans.PropertyDescriptor; +//import java.lang.reflect.InvocationTargetException; +//import java.lang.reflect.Method; +//import java.util.Arrays; +//import java.util.List; +// +//import org.springframework.beans.factory.annotation.Autowired; +//import org.springframework.beans.factory.config.AutowireCapableBeanFactory; +//import org.springframework.context.ApplicationContext; +//import org.springframework.context.support.ClassPathXmlApplicationContext; +// +//import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; +//import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +//import at.gv.egovernment.moa.id.config.ConfigurationException; +//import at.gv.egovernment.moa.id.config.ConfigurationProvider; +// +//import com.fasterxml.jackson.annotation.JsonIgnore; +//import com.fasterxml.jackson.annotation.JsonProperty; +// +//public class ConfigurationToJSONConverter { +// +// @Autowired +// NewAuthConfigurationProvider configProvider; +// +// @Autowired +// MOAIDConfiguration configDataBase; +// +// public static void main(String[] args) { +// +// try { +// ConfigurationToJSONConverter converter = new ConfigurationToJSONConverter(args[0]); +// converter.writeConfigToJSONDB(); +// System.out.println("====================================="); +// System.out.println("====================================="); +// converter.readConfigFromDB(); +// System.out.println("====================================="); +// System.out.println("====================================="); +// +// // otherwise the database connection is not initialized +// JaxBAuthConfigurationProvider.getInstance(); +// List<String> methodNames = Arrays.asList("getAllOnlineApplications", "getAllUsers", "getMOAIDConfiguration"); +// converter.extractDataViaConfigurationDBRead(methodNames); +// converter.readExtractedConfigurationDBReadData(methodNames); +// +// } catch (ConfigurationException e) { +// e.printStackTrace(); +// System.out.println("Problems reading the configuration file in: " + System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME)); +// System.exit(1); +// } +// +// } +// +// public ConfigurationToJSONConverter(String pathToDBConfigPropertiesFile) throws ConfigurationException { +// +// System.getProperties().setProperty("location", "file:" + pathToDBConfigPropertiesFile); +// ApplicationContext context = new ClassPathXmlApplicationContext("configuration.beans.xml"); +// AutowireCapableBeanFactory acbFactory = context.getAutowireCapableBeanFactory(); +// acbFactory.autowireBean(this); +// +// } +// +// public void extractDataViaConfigurationDBRead(List<String> methodNames) { +// System.out.println("Start extracting"); +// // read objects from db and write to key-value +// for (String name : methodNames) { +// try { +// Method method = ConfigurationDBRead.class.getMethod(name); +// Object tmp = method.invoke(null, new Object[] {}); +// JsonProperty annotation = method.getAnnotation(JsonProperty.class); +// if (annotation != null) { +// configDataBase.set(annotation.value(), tmp); +// } else { +// System.out.println("Annotate Method with name: " + name); +// } +// } catch (NoSuchMethodException | SecurityException | IllegalAccessException | IllegalArgumentException +// | InvocationTargetException e) { +// System.out.println("Problems while extracting ConfigurationDBRead data."); +// } +// } +// } +// +// public void readExtractedConfigurationDBReadData(List<String> methodNames) { +// for (String name : methodNames) { +// Object tmp = configDataBase.get(name); +// System.out.println(">>> OBJECT: " + tmp); +// } +// } +// +// public void writeConfigToJSONDB() { +// +// try { +// // find all getter methods +// for (PropertyDescriptor pd : Introspector.getBeanInfo(NewAuthConfigurationProvider.class).getPropertyDescriptors()) { +// // check if correct methods, and not annotated with @JsonIgnore +// if ((pd.getReadMethod() != null) +// && (!"class".equals(pd.getName())) +// && (pd.getReadMethod().getAnnotation(JsonIgnore.class) == null)) { +// +// JsonProperty name = pd.getReadMethod().getAnnotation(JsonProperty.class); +// // get result of get method +// Object tmp; +// try { +// tmp = pd.getReadMethod().invoke(configProvider); +// // convert result to JSON +// if (name != null) { +// configDataBase.set(name.value(), tmp); +// } else { +// System.out.println("CHECK if '" + pd.getDisplayName() + "' is NOT ANNOTATED"); +// } +// } catch (IllegalAccessException | InvocationTargetException e) { +// System.out.println("Problems while writing the configuration to the database."); +// } +// } +// } +// +// // no static method handling needed +// +// } catch (IllegalArgumentException e) { +// System.out.println("Problems while using reflection to get all getter methods."); +// } catch (IntrospectionException e) { +// System.out.println("Problems while using reflection to get all getter methods."); +// } +// +// } +// +// public void readConfigFromDB() { +// try { +// // find all getter methods +// for (PropertyDescriptor pd : Introspector.getBeanInfo(NewAuthConfigurationProvider.class) +// .getPropertyDescriptors()) { +// // check if correct methods, and not annotated with @JsonIgnore +// if ((pd.getReadMethod() != null) +// && (!"class".equals(pd.getName())) +// && (pd.getReadMethod().getAnnotation(JsonIgnore.class) == null)) { +// JsonProperty name = pd.getReadMethod().getAnnotation(JsonProperty.class); +// // get result of get method +// if (name != null) { +// System.out.println(">>> OBJECT: " + configDataBase.get(name.value())); +// } else { +// System.out.println("CHECK if '" + pd.getDisplayName() + "' is NOT ANNOTATED"); +// } +// } +// } +// } catch (IllegalArgumentException e) { +// System.out.println("Problems while using reflection to get all getter methods."); +// } catch (IntrospectionException e) { +// System.out.println("Problems while using reflection to get all getter methods."); +// } +// } +// +//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java index c336eb316..92d0856ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java @@ -23,16 +23,14 @@ package at.gv.egovernment.moa.id.config.auth; import java.security.PrivateKey; +import java.util.Collection; import java.util.List; import java.util.Map; -import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; -import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; -import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; -import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; -import at.gv.egovernment.moa.id.config.auth.data.BPKDecryptionParameters; +import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.config.stork.CPEPS; +import at.gv.egovernment.moa.id.config.stork.StorkAttribute; +import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin; /** * @author tlenz @@ -45,13 +43,33 @@ public interface IOAAuthParameters { public static final String LOCALBKU = "local"; public static final String INDERFEDERATEDIDP = "interfederated"; + /** + * Get the full key/value configuration for this online application + * + * @return an unmodifiable map of key/value pairs + */ + public Map<String, String> getFullConfiguration(); + + /** + * Get a configuration value from online application key/value configuration + * + * @param key: The key identifier of a configuration value * + * @return The configuration value {String} or null if the key does not exist + */ + public String getConfigurationValue(String key); + + public String getFriendlyName(); public String getPublicURLPrefix(); + + public String getOaType(); public boolean getBusinessService(); public String getTarget(); + public String getTargetFriendlyName(); + public boolean isInderfederationIDP(); public boolean isSTORKPVPGateway(); @@ -66,34 +84,46 @@ public interface IOAAuthParameters { */ public String getKeyBoxIdentifier(); + public SAML1ConfigurationParameters getSAML1Parameter(); + /** - * @return the transformsInfos + * Get a list of online application specific trusted security layer templates + * + * @return a {List<String>} with template URLs, maybe empty but never null */ - public List<String> getTransformsInfos(); - - public OASAML1 getSAML1Parameter(); - - public OAPVP2 getPVP2Parameter(); + public List<String> getTemplateURL(); + /** - * @return the templateURL + * Return the additional AuthBlock text for this online application + * + * @return authblock text {String} or null if no text is configured */ - public List<TemplateType> getTemplateURL(); - public String getAditionalAuthBlockText(); + /** + * Return an online application specific BKU URL for a requested BKU type + * + * @param bkutype: defines the type of BKU + * @return BKU URL {String} or null if no BKU URL is configured + */ public String getBKUURL(String bkutype); + /** + * Return a list of all configured BKU URLs for this online application + * + * @return List<String> of BKU URLs or an empty list if no BKU is configured + */ public List<String> getBKUURL(); public boolean useSSO(); public boolean useSSOQuestion(); - public String getSingleLogOutURL(); - /** - * @return the mandateProfiles + * Return all mandate-profile types configured for this online application + * + * @return the mandateProfiles {List<String>} or null if no profile is defined */ public List<String> getMandateProfiles(); @@ -117,20 +147,25 @@ public interface IOAAuthParameters { public Integer getQaaLevel(); - /** - * @return the requestedAttributes - */ - public List<OAStorkAttribute> getRequestedAttributes(); - public boolean isRequireConsentForStorkAttributes(); - public List<AttributeProviderPlugin> getStorkAPs(); + /** + * Return a {Collection} of requested STORK attributes + * + * @return {Collection<StorkAttribute>} maybe empty but never null + */ + public Collection<StorkAttribute> getRequestedSTORKAttributes(); public byte[] getBKUSelectionTemplate(); public byte[] getSendAssertionTemplate(); - public List<CPEPS> getPepsList(); + /** + * Return a {Collection} of configured STORK CPEPS + * + * @return {Collection<CPEPS>} maybe empty but never null + */ + public Collection<CPEPS> getPepsList(); public String getIDPAttributQueryServiceURL(); @@ -164,5 +199,14 @@ public interface IOAAuthParameters { * @return */ boolean isPerformLocalAuthenticationOnInterfederationError(); + + /** + * Get a {Collection} of configured STORK attribute provider plug-ins + * + * @return {Collection<StorkAttributeProviderPlugins>} maybe empty but never null + */ + public Collection<StorkAttributeProviderPlugin> getStorkAPs(); + + public List<Integer> getReversionsLoggingEventCodes(); }
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 933dddb31..d3292b021 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -49,134 +49,197 @@ package at.gv.egovernment.moa.id.config.auth; import java.io.IOException; import java.security.PrivateKey; import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Set; import org.apache.commons.lang.SerializationUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; -import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; -import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationType; -import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; -import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; -import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; -import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationGatewayType; -import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationIDPType; -import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; -import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; -import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; -import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; -import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; -import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; -import at.gv.egovernment.moa.id.commons.db.dao.config.TestCredentials; -import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; -import at.gv.egovernment.moa.id.config.ConfigurationUtils; -import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.commons.validation.TargetValidator; +import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.data.BPKDecryptionParameters; +import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.config.stork.CPEPS; +import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.id.config.stork.StorkAttribute; +import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin; import at.gv.egovernment.moa.id.data.EncryptedData; import at.gv.egovernment.moa.id.util.ConfigurationEncrytionUtil; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; + + /** * Configuration parameters belonging to an online application, * to use with the MOA ID Auth component. * - * @author Stefan Knirsch - * @version $Id$ + * @author Thomas Lenz */ -/** - * - * - * @author Harald Bratko - */ -public class OAAuthParameter extends OAParameter implements IOAAuthParameters { - - private AuthComponentOA oa_auth; - private String keyBoxIdentifier; - private InterfederationIDPType inderfederatedIDP = null; - private InterfederationGatewayType interfederatedGateway = null; +public class OAAuthParameter implements IOAAuthParameters { - public OAAuthParameter(OnlineApplication oa) { - super(oa); + final public static String DEFAULT_KEYBOXIDENTIFIER = "SecureSignatureKeypair"; - this.oa_auth = oa.getAuthComponentOA(); + private Map<String, String> oaConfiguration; - this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value(); - this.inderfederatedIDP = oa.getInterfederationIDP(); - - this.interfederatedGateway = oa.getInterfederationGateway(); + public OAAuthParameter(final Map<String, String> oa) { + this.oaConfiguration = oa; } + public Map<String, String> getFullConfiguration() { + return Collections.unmodifiableMap(this.oaConfiguration); + } + + public String getConfigurationValue(String key) { + return this.oaConfiguration.get(key); + } + + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier() */ @Override public String getIdentityLinkDomainIdentifier() { + String type = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE); + String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE); + if (MiscUtil.isNotEmpty(type) && MiscUtil.isNotEmpty(value)) { + if (MOAIDConstants.IDENIFICATIONTYPE_STORK.equals(type)) { + return MOAIDConstants.PREFIX_STORK + "AT" + "+" + value; + + } else { + return MOAIDConstants.PREFIX_WPBK + type + "+" + value; + + } + } - IdentificationNumber idnumber = oa_auth.getIdentificationNumber(); - if (idnumber != null) - return idnumber.getValue(); - return null; } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier() + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType() */ @Override -public String getKeyBoxIdentifier() { +public String getIdentityLinkDomainIdentifierType() { + String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE); + if (MiscUtil.isNotEmpty(value)) + return MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(value); - return keyBoxIdentifier; + else + return null; +} + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget() + */ +@Override +public String getTarget() { + if (Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN))) + return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET); + + else { + if (Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_SUB))) { + return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET) + + "-" + + oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB); + + } else { + return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET); + } + } +} + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTargetFriendlyName() + */ +@Override +public String getTargetFriendlyName() { + if (Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN))) + return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME); + + else + return TargetValidator.getTargetFriendlyName(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET)); + } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTransformsInfos() + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier() */ @Override -public List<String> getTransformsInfos() { +public String getKeyBoxIdentifier() { + String keyBoxId = oaConfiguration.get( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_KEYBOXIDENTIFIER); + if (MiscUtil.isNotEmpty(keyBoxId)) + return keyBoxId; + else + return DEFAULT_KEYBOXIDENTIFIER; - List<TransformsInfoType> transformations = oa_auth.getTransformsInfo(); - return ConfigurationUtils.getTransformInfos(transformations); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter() */ @Override - public OASAML1 getSAML1Parameter() { - return oa_auth.getOASAML1(); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPVP2Parameter() - */ - @Override - public OAPVP2 getPVP2Parameter() { - return oa_auth.getOAPVP2(); + public SAML1ConfigurationParameters getSAML1Parameter() { + SAML1ConfigurationParameters returnValue = new SAML1ConfigurationParameters(); + if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_ENABLED)) + returnValue.setActive( + Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_ENABLED))); + + if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_AUTHBLOCK)) + returnValue.setProvideAuthBlock( + Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_AUTHBLOCK))); + + if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_IDL)) + returnValue.setProvideIdl( + Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_IDL))); + + if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID)) + returnValue.setProvideBaseId( + Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID))); + + if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_CERTIFICATE)) + returnValue.setProvideCertificate( + Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_CERTIFICATE))); + + if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_MANDATE)) + returnValue.setProvideMandate( + Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_MANDATE))); + + if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR)) + returnValue.setProvideAllErrors( + Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR))); + + return returnValue; } - + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL() */ @Override - public List<TemplateType> getTemplateURL() { - TemplatesType templates = oa_auth.getTemplates(); - - if (templates != null) { - if (templates.getTemplate() != null) { - return templates.getTemplate(); - } - } - return null; + public List<String> getTemplateURL() { + List<String> list = new ArrayList<String>(); + + if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE)) + list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE)); + + if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE)) + list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE)); + + if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE)) + list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE)); + + return list; } /* (non-Javadoc) @@ -184,12 +247,8 @@ public List<String> getTransformsInfos() { */ @Override public String getAditionalAuthBlockText() { - TemplatesType templates = oa_auth.getTemplates(); - - if (templates != null) { - return templates.getAditionalAuthBlockText(); - } - return null; + return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT); + } /* (non-Javadoc) @@ -197,16 +256,17 @@ public List<String> getTransformsInfos() { */ @Override public String getBKUURL(String bkutype) { - BKUURLS bkuurls = oa_auth.getBKUURLS(); - if (bkuurls != null) { - if (bkutype.equals(ONLINEBKU)) - return bkuurls.getOnlineBKU(); - else if (bkutype.equals(HANDYBKU)) - return bkuurls.getHandyBKU(); - else if (bkutype.equals(LOCALBKU)) - return bkuurls.getLocalBKU(); + if (bkutype.equals(ONLINEBKU)) { + return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE); + + } else if (bkutype.equals(HANDYBKU)) { + return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY); + + } else if (bkutype.equals(LOCALBKU)) { + return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL); } + Logger.warn("BKU Type does not match: " + ONLINEBKU + " or " + HANDYBKU + " or " + LOCALBKU); return null; @@ -216,19 +276,18 @@ public List<String> getTransformsInfos() { * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL() */ @Override - public List<String> getBKUURL() { - BKUURLS bkuurls = oa_auth.getBKUURLS(); - + public List<String> getBKUURL() { List<String> list = new ArrayList<String>(); - if (bkuurls == null) { - Logger.warn("BKU Type does not match: " - + ONLINEBKU + " or " + HANDYBKU + " or " + LOCALBKU); - } else { - list.add(bkuurls.getOnlineBKU()); - list.add(bkuurls.getHandyBKU()); - list.add(bkuurls.getLocalBKU()); - } + if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE)) + list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE)); + + if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY)) + list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY)); + + if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL)) + list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL)); + return list; } @@ -238,11 +297,14 @@ public List<String> getTransformsInfos() { */ @Override public boolean useSSO() { - OASSO sso = oa_auth.getOASSO(); - if (sso != null) - return sso.isUseSSO(); - else + try { + return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_SSO_ENABLED)); + + } catch (Exception e) { + Logger.warn("Use SSO configuration parameter is not parseable.", e); return false; + } + } /* (non-Javadoc) @@ -250,86 +312,48 @@ public List<String> getTransformsInfos() { */ @Override public boolean useSSOQuestion() { - OASSO sso = oa_auth.getOASSO(); - if (sso != null) - return sso.isAuthDataFrame(); - else + try { + return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_SSO_USERREQUEST)); + + } catch (Exception e) { + Logger.warn("SSO user question configuration parameter is not parseable.", e); return true; - + } } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSingleLogOutURL() - */ - @Override - public String getSingleLogOutURL() { - OASSO sso = oa_auth.getOASSO(); - if (sso != null) - return sso.getSingleLogOutURL(); - else - return null; - } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles() */ @Override public List<String> getMandateProfiles() { + String profileConfig = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_PROFILES); + + if (MiscUtil.isNotEmpty(profileConfig)) { + List<String> list = new ArrayList<String>(); + String profilesArray[] = profileConfig.split(","); + for(int i = 0; i < profilesArray.length; i++) { + list.add(profilesArray[i].trim()); + + } + return list; + + } - Mandates mandates = oa_auth.getMandates(); - - List<String> list = new ArrayList<String>(); - - if (mandates != null) { - String oldProfilList = mandates.getProfiles(); - - List<MandatesProfileNameItem> profileList = mandates.getProfileNameItems(); - for (MandatesProfileNameItem el : profileList) { - list.add(el.getItem()); - - } - - //only for RC1 - if (MiscUtil.isNotEmpty(oldProfilList)) { - String profilesArray[] = oldProfilList.split(","); - for(int i = 0; i < profilesArray.length; i++) { - list.add(profilesArray[i].trim()); - } - } - - return list; - - } else - return null; -} - -/* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType() - */ -@Override -public String getIdentityLinkDomainIdentifierType() { - IdentificationNumber idnumber = oa_auth.getIdentificationNumber(); - if (idnumber != null) - return idnumber.getType(); - return null; } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowMandateCheckBox() */ @Override public boolean isShowMandateCheckBox() { - TemplatesType templates = oa_auth.getTemplates(); - if (templates != null) { - BKUSelectionCustomizationType bkuselection = templates.getBKUSelectionCustomization(); - if (bkuselection != null) { - if (bkuselection.isMandateLoginButton() != null) - return bkuselection.isMandateLoginButton(); - } + try { + return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_USE)); + + } catch (Exception e) { + Logger.warn("Enable mandates configuration parameter is not parseable.", e); + return true; } - return true; } /* (non-Javadoc) @@ -337,15 +361,13 @@ public boolean isShowMandateCheckBox() { */ @Override public boolean isOnlyMandateAllowed() { - TemplatesType templates = oa_auth.getTemplates(); - if (templates != null) { - BKUSelectionCustomizationType bkuselection = templates.getBKUSelectionCustomization(); - if (bkuselection != null) { - if (bkuselection.isOnlyMandateLoginAllowed() != null) - return bkuselection.isOnlyMandateLoginAllowed(); - } + try { + return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_ONLY)); + + } catch (Exception e) { + Logger.warn("Use ONLY mandates configuration parameter is not parseable.", e); + return false; } - return false; } /* (non-Javadoc) @@ -354,9 +376,10 @@ public boolean isOnlyMandateAllowed() { @Override public boolean isShowStorkLogin() { try { - return oa_auth.getOASTORK().isStorkLogonEnabled(); - - } catch (NullPointerException e) { + return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED)); + + } catch (Exception e) { + Logger.warn("Enable STORK login configuration parameter is not parseable.", e); return false; } } @@ -365,54 +388,46 @@ public boolean isOnlyMandateAllowed() { * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten() */ @Override -public Map<String, String> getFormCustomizaten() { - TemplatesType templates = oa_auth.getTemplates(); - +public Map<String, String> getFormCustomizaten() { Map<String, String> map = new HashMap<String, String>(); map.putAll(FormBuildUtils.getDefaultMap()); - if (templates != null) { - BKUSelectionCustomizationType bkuselection = templates.getBKUSelectionCustomization(); - if (bkuselection != null) { - if (MiscUtil.isNotEmpty(bkuselection.getBackGroundColor())) - map.put(FormBuildUtils.MAIN_BACKGROUNDCOLOR, bkuselection.getBackGroundColor()); - - if (MiscUtil.isNotEmpty(bkuselection.getButtonBackGroundColor())) - map.put(FormBuildUtils.BUTTON_BACKGROUNDCOLOR, bkuselection.getButtonBackGroundColor()); - - if (MiscUtil.isNotEmpty(bkuselection.getButtonBackGroundColorFocus())) - map.put(FormBuildUtils.BUTTON_BACKGROUNDCOLOR_FOCUS, bkuselection.getButtonBackGroundColorFocus()); - - if (MiscUtil.isNotEmpty(bkuselection.getButtonFontColor())) - map.put(FormBuildUtils.BUTTON_COLOR, bkuselection.getButtonFontColor()); - - if (MiscUtil.isNotEmpty(bkuselection.getFontType())) - map.put(FormBuildUtils.FONTFAMILY, bkuselection.getFontType()); - - if (MiscUtil.isNotEmpty(bkuselection.getFrontColor())) - map.put(FormBuildUtils.MAIN_COLOR, bkuselection.getFrontColor()); - - if (MiscUtil.isNotEmpty(bkuselection.getHeaderBackGroundColor())) - map.put(FormBuildUtils.HEADER_BACKGROUNDCOLOR, bkuselection.getHeaderBackGroundColor()); - - if (MiscUtil.isNotEmpty(bkuselection.getHeaderFrontColor())) - map.put(FormBuildUtils.HEADER_COLOR, bkuselection.getHeaderFrontColor()); - - if (MiscUtil.isNotEmpty(bkuselection.getHeaderText())) - map.put(FormBuildUtils.HEADER_TEXT, bkuselection.getHeaderText()); - - if (MiscUtil.isNotEmpty(bkuselection.getAppletRedirectTarget())) - map.put(FormBuildUtils.REDIRECTTARGET, bkuselection.getAppletRedirectTarget()); - - if (MiscUtil.isNotEmpty(bkuselection.getAppletHeight())) - map.put(FormBuildUtils.APPLET_HEIGHT, bkuselection.getAppletHeight()); - - if (MiscUtil.isNotEmpty(bkuselection.getAppletWidth())) - map.put(FormBuildUtils.APPLET_WIDTH, bkuselection.getAppletWidth()); - - } - } + if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR))) + map.put(FormBuildUtils.MAIN_BACKGROUNDCOLOR, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR)); + + if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR))) + map.put(FormBuildUtils.BUTTON_BACKGROUNDCOLOR, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR)); + + if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS))) + map.put(FormBuildUtils.BUTTON_BACKGROUNDCOLOR_FOCUS, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS)); + + if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR))) + map.put(FormBuildUtils.BUTTON_COLOR, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR)); + + if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE))) + map.put(FormBuildUtils.FONTFAMILY, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE)); + + if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR))) + map.put(FormBuildUtils.MAIN_COLOR, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR)); + + if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR))) + map.put(FormBuildUtils.HEADER_BACKGROUNDCOLOR, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR)); + if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR))) + map.put(FormBuildUtils.HEADER_COLOR, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR)); + + if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT))) + map.put(FormBuildUtils.HEADER_TEXT, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT)); + + if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET))) + map.put(FormBuildUtils.REDIRECTTARGET, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET)); + + if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT))) + map.put(FormBuildUtils.APPLET_HEIGHT, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT)); + + if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH))) + map.put(FormBuildUtils.APPLET_WIDTH, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH)); + return map; } @@ -421,21 +436,75 @@ public Map<String, String> getFormCustomizaten() { */ @Override public Integer getQaaLevel() { - if (oa_auth.getOASTORK() != null && - oa_auth.getOASTORK().getQaa() != null && - oa_auth.getOASTORK().getQaa() >= 1 && - oa_auth.getOASTORK().getQaa() <= 4) - return oa_auth.getOASTORK().getQaa(); - else + try { + Integer storkQAALevel = Integer.parseInt(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL)); + + if (storkQAALevel >= 1 && + storkQAALevel <= 4) + return storkQAALevel; + + else { + Logger.info("STORK minimal QAA level is not in a valid range. Use minimal QAA 4"); return 4; + + } + + } catch (NumberFormatException e) { + Logger.warn("STORK minimal QAA level is not a number.", e); + return 4; + + } } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedAttributes() */ @Override -public List<OAStorkAttribute> getRequestedAttributes() { - return oa_auth.getOASTORK().getOAAttributes(); +public Collection<StorkAttribute> getRequestedSTORKAttributes() { + Map<String, Integer> attrMap = new HashMap<String, Integer>(); + Map<String, StorkAttribute> resultMap = new HashMap<String, StorkAttribute>(); + + Set<String> configKeys = oaConfiguration.keySet(); + for (String el : configKeys) { + if (el.startsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST)) { + String index = KeyValueUtils.getFirstChildAfterPrefix(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST); + if (!attrMap.containsKey(index)) { + String isRequested = oaConfiguration.get( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + index + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_REQUESTED); + + if (MiscUtil.isNotEmpty(isRequested) && Boolean.parseBoolean(isRequested)) { + StorkAttribute attr = new StorkAttribute( + oaConfiguration.get( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + index + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME), + Boolean.valueOf(oaConfiguration.get( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + index + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY))); + attrMap.put(index, 0); + resultMap.put(attr.getName(), attr); + } + } + } + } + + //add mandatory attributes from general config + try { + for (StorkAttribute el : AuthConfigurationProviderFactory.getInstance().getStorkConfig().getStorkAttributes()) { + if (el.getMandatory()) + resultMap.put(el.getName(), el); + + } + + } catch (Exception e) { + Logger.warn("Mandatory STORK attributes can not added.", e); + + } + + return resultMap.values(); } /* (non-Javadoc) @@ -446,12 +515,17 @@ public boolean isRequireConsentForStorkAttributes() { try{ if (isSTORKPVPGateway()) return false; + + if (MiscUtil.isEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_REQUIRECONSENT))) { + Logger.info("isRequireConsentForStorkAttributes() is empty, returning default value 'true'"); + return true; + + } - return oa_auth.getOASTORK().isRequireConsent(); + return Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_REQUIRECONSENT)); }catch(Exception e) { - e.printStackTrace(); - Logger.warn("isRequireConsentForStorkAttributes() failed, returning default value 'true'"); + Logger.warn("isRequireConsentForStorkAttributes() failed, returning default value 'true'", e); return true; } } @@ -460,14 +534,32 @@ public boolean isRequireConsentForStorkAttributes() { * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs() */ @Override -public List<AttributeProviderPlugin> getStorkAPs() { - if (oa_auth.getOASTORK() != null && - oa_auth.getOASTORK().getAttributeProviders() != null) - return oa_auth.getOASTORK().getAttributeProviders(); - - else - return new ArrayList<AttributeProviderPlugin>(); - +public Collection<StorkAttributeProviderPlugin> getStorkAPs() { + Map<String, StorkAttributeProviderPlugin> pluginMap = new HashMap<String, StorkAttributeProviderPlugin>(); + Set<String> configKeys = oaConfiguration.keySet(); + for (String el : configKeys) { + if (el.startsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST)) { + String index = KeyValueUtils.getFirstChildAfterPrefix(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST); + if (!pluginMap.containsKey(index)) { + StorkAttributeProviderPlugin attr = new StorkAttributeProviderPlugin( + oaConfiguration.get( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + "." + index + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME), + oaConfiguration.get( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + "." + index + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_URL), + oaConfiguration.get( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + "." + index + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_ATTRIBUTES)); + pluginMap.put(index, attr); + } + } + } + + return pluginMap.values(); } /* (non-Javadoc) @@ -475,11 +567,16 @@ public List<AttributeProviderPlugin> getStorkAPs() { */ @Override public byte[] getBKUSelectionTemplate() { - - TemplatesType templates = oa_auth.getTemplates(); - if (templates != null && templates.getBKUSelectionTemplate() != null) { - return templates.getBKUSelectionTemplate().getTransformation(); - + try { + String bkuSelectionTemplateBase64 = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA); + if (MiscUtil.isNotEmpty(bkuSelectionTemplateBase64)) { + return Base64Utils.decode(bkuSelectionTemplateBase64, false); + + } + + } catch (Exception e) { + Logger.warn("OA specific BKU selection template is not decodeable", e); + } return null; @@ -490,11 +587,16 @@ public byte[] getBKUSelectionTemplate() { */ @Override public byte[] getSendAssertionTemplate() { - - TemplatesType templates = oa_auth.getTemplates(); - if (templates != null && templates.getSendAssertionTemplate() != null) { - return templates.getSendAssertionTemplate().getTransformation(); - + try { + String bkuSelectionTemplateBase64 = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA); + if (MiscUtil.isNotEmpty(bkuSelectionTemplateBase64)) { + return Base64Utils.decode(bkuSelectionTemplateBase64, false); + + } + + } catch (Exception e) { + Logger.warn("OA specific BKU selection template is not decodeable", e); + } return null; @@ -504,8 +606,41 @@ public byte[] getSendAssertionTemplate() { * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList() */ @Override -public List<CPEPS> getPepsList() { - return new ArrayList<CPEPS>(oa_auth.getOASTORK().getCPEPS()); +public Collection<CPEPS> getPepsList() { + Map<String, CPEPS> cPEPSMap = new HashMap<String, CPEPS>(); + try { + STORKConfig availableSTORKConfig = AuthConfigurationProviderFactory.getInstance().getStorkConfig(); + if (availableSTORKConfig != null) { + Set<String> configKeys = oaConfiguration.keySet(); + + for (String el : configKeys) { + if (el.startsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST)) { + String index = KeyValueUtils.getFirstChildAfterPrefix(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST); + if (!cPEPSMap.containsKey(index)) { + if (Boolean.parseBoolean(oaConfiguration.get( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + index + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_ENABLED))) { + CPEPS availableCPEPS = availableSTORKConfig.getCPEPS( + oaConfiguration.get( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + index + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE)); + + if (availableCPEPS != null) + cPEPSMap.put(index, availableCPEPS); + } + } + } + } + } + + } catch (ConfigurationException e) { + Logger.error("MOA-ID configuration is not accessable.", e); + + } + + return cPEPSMap.values(); } /* (non-Javadoc) @@ -513,52 +648,53 @@ public List<CPEPS> getPepsList() { */ @Override public String getIDPAttributQueryServiceURL() { - if (inderfederatedIDP != null) - return inderfederatedIDP.getAttributeQueryURL(); - - else - return null; - + return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_ATTRIBUTQUERY_URL); + } @Override public boolean isInboundSSOInterfederationAllowed() { - if (inderfederatedIDP != null) - return inderfederatedIDP.isInboundSSO(); + String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_INBOUND); + if (MiscUtil.isNotEmpty(value)) + return Boolean.parseBoolean(value); else return false; } @Override public boolean isOutboundSSOInterfederationAllowed() { - if (inderfederatedIDP != null) - return inderfederatedIDP.isOutboundSSO(); + String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_OUTBOUND); + if (MiscUtil.isNotEmpty(value)) + return Boolean.parseBoolean(value); else return false; } @Override public boolean isPassivRequestUsedForInterfederation() { - if (inderfederatedIDP != null) - return inderfederatedIDP.isPerformPassivRequest().booleanValue(); + String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_PASSIVEREQUEST); + if (MiscUtil.isNotEmpty(value)) + return Boolean.parseBoolean(value); else - return false; + return false; } @Override public boolean isPerformLocalAuthenticationOnInterfederationError() { - if (inderfederatedIDP != null) - return inderfederatedIDP.isPerformLocalAuthenticationOnError().booleanValue(); + String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_LOCALAUTHONERROR); + if (MiscUtil.isNotEmpty(value)) + return Boolean.parseBoolean(value); else return false; } @Override public boolean isInterfederationSSOStorageAllowed() { - if (inderfederatedIDP != null) - return inderfederatedIDP.isStoreSSOSession().booleanValue(); + String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_STORE); + if (MiscUtil.isNotEmpty(value)) + return Boolean.parseBoolean(value); else - return false; + return false; } public boolean isIDPPublicService() { @@ -568,11 +704,7 @@ public boolean isIDPPublicService() { public String getSTORKPVPForwardEntity() { - if (interfederatedGateway != null) { - return interfederatedGateway.getForwardIDPIdentifier(); - - } else - return null; + return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER); } @@ -581,11 +713,11 @@ public String getSTORKPVPForwardEntity() { */ @Override public boolean isTestCredentialEnabled() { - TestCredentials testing = oa_auth.getTestCredentials(); - if (testing != null && testing.isEnableTestCredentials()) - return true; + String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_ENABLED); + if (MiscUtil.isNotEmpty(value)) + return Boolean.parseBoolean(value); else - return false; + return false; } @@ -594,10 +726,17 @@ public boolean isTestCredentialEnabled() { */ @Override public List<String> getTestCredentialOIDs() { - TestCredentials testing = oa_auth.getTestCredentials(); - if (testing != null && testing.getCredentialOID().size() > 0) - return testing.getCredentialOID(); - else + String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_ENABLED); + if (MiscUtil.isNotEmpty(value)) { + List<String> list = new ArrayList<String>(); + String profilesArray[] = value.split(","); + for(int i = 0; i < profilesArray.length; i++) { + list.add(profilesArray[i].trim()); + + } + return list; + + } else return null; } @@ -610,8 +749,11 @@ public PrivateKey getBPKDecBpkDecryptionKey() { try { EncryptedData encdata = new EncryptedData( - oa_auth.getEncBPKInformation().getBPKDecryption().getKeyInformation(), - oa_auth.getEncBPKInformation().getBPKDecryption().getIv()); + Base64Utils.decode( + oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_FOREIGNBPK_DECRYPT_BLOB), false), + Base64Utils.decode( + oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_FOREIGNBPK_DECRYPT_IV), false)); + byte[] serializedData = ConfigurationEncrytionUtil.getInstance().decrypt(encdata); BPKDecryptionParameters data = (BPKDecryptionParameters) SerializationUtils.deserialize(serializedData); @@ -619,15 +761,106 @@ public PrivateKey getBPKDecBpkDecryptionKey() { return data.getPrivateKey(); } catch (BuildException e) { - // TODO Auto-generated catch block Logger.error("Can not decrypt key information for bPK decryption", e); } catch (NullPointerException e) { Logger.error("No keyInformation found for bPK decryption"); - } + } catch (IOException e) { + Logger.error("Can not decode key information for bPK decryption.", e); + } + return null; } + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPublicURLPrefix() + */ +@Override +public String getPublicURLPrefix() { + return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); +} + + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBusinessService() + */ +@Override +public boolean getBusinessService() { + String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); + if (MiscUtil.isNotEmpty(value)) + return Boolean.parseBoolean(value); + else + return true; +} + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInderfederationIDP() + */ +@Override +public boolean isInderfederationIDP() { + String value = oaConfiguration.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); + return MOAIDConfigurationConstants.PREFIX_IIDP.equals(value); + +} + + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isSTORKPVPGateway() + */ +@Override +public boolean isSTORKPVPGateway() { + String value = oaConfiguration.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); + return MOAIDConfigurationConstants.PREFIX_GATEWAY.equals(value); +} + + + + + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFriendlyName() + */ +@Override +public String getFriendlyName() { + return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME); +} + + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getOaType() + */ +@Override +public String getOaType() { + if (getBusinessService()) + return "businessService"; + else + return "publicService"; +} + + +/** + * + * @return true/false if bPK or wbPK should not be visible in AuthBlock + */ +public boolean isRemovePBKFromAuthBlock() { + String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCK_REMOVEBPK); + if (MiscUtil.isNotEmpty(value)) + return Boolean.parseBoolean(value); + else + return false; +} + + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getReversionsLoggingEventCodes() + */ +@Override +public List<Integer> getReversionsLoggingEventCodes() { + // TODO Auto-generated method stub + return null; +} + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java new file mode 100644 index 000000000..f706bb376 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -0,0 +1,1089 @@ +package at.gv.egovernment.moa.id.config.auth; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.math.BigInteger; +import java.net.MalformedURLException; +import java.net.URI; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Properties; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.config.AutowireCapableBeanFactory; +import org.springframework.context.ApplicationContext; +import org.springframework.context.support.ClassPathXmlApplicationContext; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl; +import at.gv.egovernment.moa.id.config.ConfigurationUtils; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.ConnectionParameterForeign; +import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; +import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; +import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed; +import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * A class providing access to the Auth Part of the MOA-ID configuration data. + */ +public class PropertyBasedAuthConfigurationProvider extends ConfigurationProviderImpl implements AuthConfiguration { + + + private static final boolean TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT = true; + + private MOAIDConfiguration configuration; + private final Properties properties = new Properties(); + private ApplicationContext context = null; + + public PropertyBasedAuthConfigurationProvider() { + + } + + /** + * The constructor with path to a properties file as argument. + * + * @param fileName the path to the properties file + * @throws ConfigurationException if an error occurs during loading the properties file. + */ + public PropertyBasedAuthConfigurationProvider(URI fileName) throws ConfigurationException { + File propertiesFile = new File(fileName); + rootConfigFileDir = propertiesFile.getParent(); + try { + rootConfigFileDir = new File(rootConfigFileDir).toURI().toURL().toString(); + + } catch (MalformedURLException t) { + throw new ConfigurationException("config.03", null, t); + + } + + FileInputStream in = null; + try { + in = new FileInputStream(propertiesFile); + properties.load(in); + super.initial(properties); + +// JPAPropertiesWithJavaConfig.setLocalProperties(configProp); +// System.getProperties().setProperty("location", "file:" + fileName); + context = new ClassPathXmlApplicationContext( + new String[] { "moaid.configuration.beans.xml", + "configuration.beans.xml" + }); + AutowireCapableBeanFactory acbFactory = context.getAutowireCapableBeanFactory(); + acbFactory.autowireBean(this); + + } catch (FileNotFoundException e) { + throw new ConfigurationException("config.03", null, e); + + } catch (IOException e) { + throw new ConfigurationException("config.03", null, e); + + } catch (org.opensaml.xml.ConfigurationException e) { + Logger.error("OpenSAML initilalization FAILED. ", e); + throw new ConfigurationException("config.23", null, e); + + } catch (Exception e) { + Logger.error("General error during start-up process.", e); + throw new ConfigurationException("init.02", null, e); + + + } finally { + if (in != null) + try { + in.close(); + + } catch (IOException e) { + Logger.warn("Close MOA-ID-Auth configuration file FAILED.", e); + + } + } + } + + /** + * Set the {@link Configuration} for this class. + * @param configuration the configuration + */ + @Autowired + public void setConfiguration(MOAIDConfiguration configuration) { + this.configuration = configuration; + } + + /** + * Get the properties. + * @return the properties + */ + private Properties getProperties() { + return properties; + } + + /** + * Method that avoids iterating over a {@link Collection} of type {@code T} which is actual {@code null}. + * @param item the collection + * @return the given {@link Collection} {@code item} if it is not {@code null}, or an empty {@link List} otherwise. + */ + @SuppressWarnings("unchecked") + public static <T extends Iterable<?>> T nullGuard(T item) { + if (item == null) { + return (T) Collections.emptyList(); + } else { + return item; + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getPropertiesWithPrefix(java.lang.String) + */ + @Override + public Map<String, String> getConfigurationWithPrefix(String Prefix) { + try { + return configuration.getPropertySubset(Prefix); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Loading property with Prefix " + Prefix + " FAILED.", e); + return new HashMap<String, String>(); + + } + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getPropertiesWithPrefix(java.lang.String) + */ + @Override + public Map<String, String> getConfigurationWithWildCard(String key) { + try { + return configuration.searchPropertiesWithWildcard(key); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Loading property with searchKey " + key + " FAILED.", e); + return new HashMap<String, String>(); + + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getPropertyWithKey(java.lang.String) + */ + @Override + public String getConfigurationWithKey(String key) { + try { + return configuration.getStringValue(key); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + return null; + } + } + + /** + * Returns the general pvp2 properties config. NOTE: may be empty but never {@code null}. + * @return the general pvp2 properties config. + */ + public Properties getGeneralPVP2ProperiesConfig() { + return this.getGeneralProperiesConfig("protocols.pvp2."); + } + + /** + * Returns the general oauth20 properties config. NOTE: may be empty but never {@code null}. + * @return the general oauth20 properties config. + */ + public Properties getGeneralOAuth20ProperiesConfig() { + return this.getGeneralProperiesConfig("protocols.oauth20."); + } + + /** + * Returns the allowed protocols. NOTE: may return {@code null}. + * + * @return the allowed protocols or {@code null}. + */ + public ProtocolAllowed getAllowedProtocols() { + try { + ProtocolAllowed allowedProtcols = new ProtocolAllowed(); + + allowedProtcols.setOAUTHActive( + configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_OPENID_ENABLED, true)); + allowedProtcols.setSAML1Active( + configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_ENABLED, false)); + allowedProtcols.setPVP21Active( + configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_ENABLED, true)); + + return allowedProtcols; + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.error("Can not load protocol enabled information from configuration.", e); + return null; + } + + + } + + + /** + * Returns the general PVP2 configuration. NOTE: may return {@code null}. + * + * @return the general PVP2 configuration or {@code null}. + * + * @deprecated + */ + public PVP2 getGeneralPVP2DBConfig() { + return null; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getTransactionTimeOut() + */ + @Override + public int getTransactionTimeOut() { + try { + return configuration.getIntegerValue( + MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUTS_TRANSACTION, 300); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("No transaction timeout defined. Use default values", e); + return 300; + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getSSOCreatedTimeOut() + */ + @Override + public int getSSOCreatedTimeOut() { + try { + return configuration.getIntegerValue( + MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUS_SSO_CREATE, 2700); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("No SSO created timeout defined. Use default values", e); + return 2700; + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getSSOUpdatedTimeOut() + */ + @Override + public int getSSOUpdatedTimeOut() { + try { + return configuration.getIntegerValue( + MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUS_SSO_UPDATE, 1200); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("No SSO updated timeout defined. Use default values", e); + return 1200; + } + } + + + /** + * Returns the configured timeouts, or a default timeout. + * + * @return the configured timeout, or the default (never {@code null}). + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}. + * + * @deprecated + */ + public TimeOuts getTimeOuts() throws ConfigurationException { + + TimeOuts timeouts = new TimeOuts(); + + // set default timeouts + timeouts.setAssertion(new BigInteger("300")); + timeouts.setMOASessionCreated(new BigInteger("2700")); + timeouts.setMOASessionUpdated(new BigInteger("1200")); + +// AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); +// // search timeouts in config +// GeneralConfiguration generalConfiguration = authComponentGeneral.getGeneralConfiguration(); +// if (generalConfiguration != null) { +// if (generalConfiguration.getTimeOuts() != null) { +// if (generalConfiguration.getTimeOuts().getAssertion() != null) { +// timeouts.setAssertion(generalConfiguration.getTimeOuts().getAssertion()); +// } +// +// if (generalConfiguration.getTimeOuts().getMOASessionCreated() != null) { +// timeouts.setMOASessionCreated(generalConfiguration.getTimeOuts().getMOASessionCreated()); +// } +// +// if (generalConfiguration.getTimeOuts().getMOASessionUpdated() != null) { +// timeouts.setMOASessionUpdated(generalConfiguration.getTimeOuts().getMOASessionUpdated()); +// } +// +// } else { +// Logger.info("No TimeOuts defined. Use default values"); +// } +// } + return timeouts; + } + + /** + * Returns an alternative source ID. NOTE: may return {@code null}. + * + * @return an alternative source ID or {@code null}. + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} + */ + public String getAlternativeSourceID() throws ConfigurationException { + try { + return configuration.getStringValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_SOURCEID); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("SAML1 SourceID can not be read from configuration.", e); + return null; + } + } + + /** + * Returns a list of legacy allowed protocols. NOTE: may return an empty list but never {@code null}. + * + * @return the list of protocols. + */ + public List<String> getLegacyAllowedProtocols() { + + List<String> legacy = new ArrayList<String>(); + try { + if (configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_LEGACY, false)) + legacy.add(SAML1Protocol.PATH); + + if (configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_LEGACY, false)) + legacy.add(PVP2XProtocol.PATH); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Load legacy protocol configuration property FAILED.", e); + + } + return legacy; + } + + /** + * Provides configuration information regarding the online application behind the given URL, relevant to the MOA-ID Auth component. + * + * @param oaURL URL requested for an online application + * @return an <code>OAAuthParameter</code>, or <code>null</code> if none is applicable + */ + public OAAuthParameter getOnlineApplicationParameter(String oaURL) { + Map<String, String> oa = getActiveOnlineApplication(oaURL); + if (oa == null) { + Logger.warn("Online application with identifier " + oaURL + " is not found."); + return null; + } + + return new OAAuthParameter(oa); + } + + /** + * Returns a string with a url-reference to the VerifyAuthBlock trust profile id within the moa-sp part of the authentication component. + * + * @return a string with a url-reference to the VerifyAuthBlock trust profile ID. + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}. + */ + public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException { + try { + return configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("AuthBlock validation trustprofile can not be read from configuration.", e); + return null; + } + } + + /** + * Returns a list of strings with references to all verify transform info IDs within the moa-sp part of the authentication component. + * + * @return a list of strings containing all urls to the verify transform info IDs. + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}. + */ + public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { + try { + return Arrays.asList(configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_AUTHBLOCK_TRANSFORM)); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("AuthBlock transformation can not be read from configuration.", e); + return null; + } + } + + /** + * Returns a ConnectionParameter bean containing all information of the authentication component moa-sp element. + * + * @return ConnectionParameter of the authentication component moa-sp element. + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}. + */ + public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException { + ConnectionParameter result = null; + String moaspURL; + try { + moaspURL = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_URL); + if (moaspURL != null) { + result = + new ConnectionParameterMOASP(moaspURL, this.getProperties(), this.getRootConfigFileDir()); + + } + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Loading MOA-SP Service URL from configuration FAILED.", e); + + } + + return result; + } + + /** + * Returns the {@link ConnectionParameter} for the ForeignID. NOTE: may return {@code null}. + * + * @return the connection parameter. + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}. + */ + public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException { + ConnectionParameter result = null; + String serviceURL; + try { + serviceURL = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL); + if (serviceURL != null) { + result = + new ConnectionParameterForeign(serviceURL, this.getProperties(), this.getRootConfigFileDir()); + + } + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Loading SZRGW Service URL from configuration FAILED.", e); + + } + + return result; + } + + /** + * Returns the {@link ConnectionParameter} for the OnlineMandates. NOTE: may return {@code null}. + * + * @return the connection parameter. + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} + */ + public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException { + ConnectionParameter result = null; + String serviceURL; + try { + serviceURL = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL); + if (serviceURL != null) { + result = + new ConnectionParameterMandate(serviceURL, this.getProperties(), this.getRootConfigFileDir()); + + } + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Loading SZRGW Service URL from configuration FAILED.", e); + + } + + return result; + } + + /** + * Returns a string with a url-reference to the VerifyIdentityLink trust profile id within the moa-sp part of the authentication component + * + * @return String with a url-reference to the VerifyIdentityLink trust profile ID + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link VerifyIdentityLink}. + */ + public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException { + try { + return configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("IdentityLink validation trustprofile can not be read from configuration.", e); + return null; + } + } + + /** + * Returns a non-empty list of transform infos. NOTE: list is never {@code empty} or {@code null}. + * + * @return a list of transform infos. + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link SecurityLayer}. + */ + public List<String> getTransformsInfos() throws ConfigurationException { + try { + String securityLayer = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64); + if (securityLayer != null) { + List<String> result = ConfigurationUtils.getTransformInfos(securityLayer); + + if (result == null || result.isEmpty()) { + Logger.error("No Security-Layer Transformation found."); + throw new ConfigurationException("config.05", new Object[] { "Security-Layer Transformation" }); + } + return result; + + } else { + Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found"); + throw new ConfigurationException("config.02", null); + } + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.error("No Security-Layer Transformation found."); + throw new ConfigurationException("config.05", new Object[] { "Security-Layer Transformation" }); + + } + } + + /** + * Returns a list of IdentityLinkX509SubjectNames. NOTE: may return an empty list but never {@code null}. + * + * @return the list of IdentityLinkX509SubjectNames. + * + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} + */ + public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException { + + ArrayList<String> identityLinkX509SubjectNames = new ArrayList<String>(); + + String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID; + for (int i = 0; i < identityLinkSignersWithoutOID.length; i++) { + String identityLinkSigner = identityLinkSignersWithoutOID[i]; + if (!identityLinkX509SubjectNames.contains(identityLinkSigner)) { + identityLinkX509SubjectNames.add(identityLinkSigner); + } + } + + return identityLinkX509SubjectNames; + } + + /** + * Returns a list of default SLRequestTemplates. NOTE: may return an empty list but never {@code null}. + * + * @return list of default SLRequestTemplates. + * @throws ConfigurationException is never thrown + */ + public List<String> getSLRequestTemplates() throws ConfigurationException { + List<String> templatesList = new ArrayList<String>(); + + try { + templatesList.add(configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL)); + templatesList.add(configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_ONLINE)); + templatesList.add(configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY)); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("SecurtiyLayer request templates are not loadable from configuration.", e); + + } + return templatesList; + } + + /** + * Returns the type's default SLRequestTemplate. NOTE: may return {@code null}. + * + * @param type the type of BKU. + * @return the default SLRequestTemplate for the given type. + * + * @throws ConfigurationException is never thrown + */ + public String getSLRequestTemplates(String type) throws ConfigurationException { + String slRequestTemplate = null; + + try { + switch (type) { + case IOAAuthParameters.ONLINEBKU: + slRequestTemplate = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_ONLINE); + break; + case IOAAuthParameters.LOCALBKU: + slRequestTemplate = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL); + break; + case IOAAuthParameters.HANDYBKU: + slRequestTemplate = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY); + break; + default: + Logger.warn("getSLRequestTemplates: BKU Type does not match: " + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + + IOAAuthParameters.LOCALBKU); + } + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("SecurtiyLayer request templates are not loadable from configuration.", e); + + } + return slRequestTemplate; + } + + /** + * Returns a list of default BKUURLs. NOTE: may return an empty list but never {@code null}. + * + * @return list of default BKUURLs. + * @throws ConfigurationException is never thrown + */ + public List<String> getDefaultBKUURLs() throws ConfigurationException { + List<String> bkuurlsList = new ArrayList<String>(); + try { + bkuurlsList.add(configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_ONLINE)); + bkuurlsList.add(configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_LOCAL)); + bkuurlsList.add(configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_HANDY)); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("BKU URLs are not loadable from configuration.", e); + + } + return bkuurlsList; + } + + /** + * Returns the type's default BKUURL. NOTE: may return {@code null}. + * + * @param type the type of BKU. + * @return the default BKUURL for the given type. + * + * @throws ConfigurationException is never thrown + */ + public String getDefaultBKUURL(String type) throws ConfigurationException { + String defaultBKUUrl = null; + try { + switch (type) { + case IOAAuthParameters.ONLINEBKU: + defaultBKUUrl = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_ONLINE); + break; + case IOAAuthParameters.LOCALBKU: + defaultBKUUrl = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_LOCAL); + break; + case IOAAuthParameters.HANDYBKU: + defaultBKUUrl = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_HANDY); + break; + default: + Logger.warn("getDefaultBKUURL: BKU Type does not match: " + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + + IOAAuthParameters.LOCALBKU); + } + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("BKU URLs are not loadable from configuration.", e); + + } + return defaultBKUUrl; + } + + /** + * Returns the SSOTagetIdentifier. NOTE: returns {@code null} if no SSOTargetIdentifier is set. + * + * @return the SSOTagetIdentifier or {@code null} + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} + */ + public String getSSOTagetIdentifier() throws ConfigurationException { + try { + return configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Single Sign-On Target can not be read from configuration.", e); + return null; + } + } + + /** + * Returns the SSOFriendlyName. NOTE: never returns {@code null}, if no SSOFriendlyName is set, a default String is returned. + * + * @return the SSOFriendlyName or a default String + */ + public String getSSOFriendlyName() { + try { + return configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, "Default MOA-ID friendly name for SSO"); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Single Sign-On FriendlyName can not be read from configuration.", e); + return "Default MOA-ID friendly name for SSO"; + } + } + + /** + * Returns the SSOSpecialText. NOTE: never returns {@code null}, if no SSOSpecialText is set, an empty String is returned. + * + * @return the SSOSpecialText or an empty String + */ + public String getSSOSpecialText() { + try { + String text = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_SSO_AUTHBLOCK_TEXT); + return MiscUtil.isEmpty(text) ? new String() : text; + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Single Sign-On AuthBlockText can not be read from configuration.", e); + return new String(); + } + } + + /** + * Returns the MOASessionEncryptionKey NOTE: returns {@code null} if no MOASessionEncryptionKey is set. + * + * @return the MOASessionEncryptionKey or {@code null} + */ + public String getMOASessionEncryptionKey() { + String prop = properties.getProperty("configuration.moasession.key"); + return MiscUtil.isNotEmpty(prop) ? prop : null; + } + + /** + * Returns the MOAConfigurationEncryptionKey NOTE: returns {@code null} if no MOAConfigurationEncryptionKey is set. + * + * @return the MOAConfigurationEncryptionKey or {@code null} + */ + public String getMOAConfigurationEncryptionKey() { + String prop = properties.getProperty("configuration.moaconfig.key"); + return MiscUtil.isNotEmpty(prop) ? prop : null; + } + + /** + * @return {@code true} if IdentityLinkResigning is set, {@code false} otherwise. + */ + public boolean isIdentityLinkResigning() { + String prop = properties.getProperty("configuration.resignidentitylink.active", "false"); + return Boolean.valueOf(prop); + } + + /** + * Returns the IdentityLinkResigningKey. NOTE: returns {@code null} if no IdentityLinkResigningKey is set. + * + * @return the IdentityLinkResigningKey or {@code null} + */ + public String getIdentityLinkResigningKey() { + String prop = properties.getProperty("configuration.resignidentitylink.keygroup"); + return MiscUtil.isNotEmpty(prop) ? prop : null; + } + + /** + * @return {@code true} if MonitoringActive is set, {@code false} otherwise. + */ + public boolean isMonitoringActive() { + String prop = properties.getProperty("configuration.monitoring.active", "false"); + return Boolean.valueOf(prop); + } + + /** + * Returns the MonitoringTestIdentityLinkURL. NOTE: returns {@code null} if no MonitoringTestIdentityLinkURL is set. + * + * @return the MonitoringTestIdentityLinkURL or {@code null} + */ + public String getMonitoringTestIdentityLinkURL() { + String prop = properties.getProperty("configuration.monitoring.test.identitylink.url"); + return MiscUtil.isNotEmpty(prop) ? prop : null; + } + + /** + * Returns the MonitoringMessageSuccess. NOTE: returns {@code null} if no MonitoringMessageSuccess is set. + * + * @return the MonitoringMessageSuccess or {@code null} + */ + public String getMonitoringMessageSuccess() { + String prop = properties.getProperty("configuration.monitoring.message.success"); + return MiscUtil.isNotEmpty(prop) ? prop : null; + } + + /** + * @return {@code true} if AdvancedLoggingActive is set, {@code false} otherwise. + */ + public boolean isAdvancedLoggingActive() { + String prop = properties.getProperty("configuration.advancedlogging.active", "false"); + return Boolean.valueOf(prop); + } + + /** + * Returns the PublicURLPrefix. NOTE: returns {@code null} if no PublicURLPrefix is set. + * + * @return the PublicURLPrefix or {@code null} + */ + public String getPublicURLPrefix() { + try { + return configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("MOA-ID PublicURLPrefix can not be read from configuration.", e); + return null; + } + } + + /** + * @return {@code true} if PVP2AssertionEncryptionActive is set, {@code false} otherwise. + */ + public boolean isPVP2AssertionEncryptionActive() { + String prop = this.getProperties().getProperty("protocols.pvp2.assertion.encryption.active", "true"); + return Boolean.valueOf(prop); + } + + /** + * @return {@code true} if CertifiacteQCActive is set, {@code false} otherwise. + */ + public boolean isCertifiacteQCActive() { + String prop = this.getProperties().getProperty("configuration.validation.certificate.QC.ignore", "false"); + return !Boolean.valueOf(prop); + } + + /** + * Returns a STORK Configuration, NOTE: may return {@code null}. + * + * @return a new STORK Configuration or {@code null} + * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} + */ + public STORKConfig getStorkConfig() throws ConfigurationException { + STORKConfig result = null; + try { + Map<String, String> storkProps = configuration.getPropertySubset( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK + "."); + if (storkProps == null) { + Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); + + } else { + result = new STORKConfig(this.getProperties(), this.getRootConfigFileDir()); + + } + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("MOA-ID PublicURLPrefix can not be read from configuration.", e); + + } + + return result; + } + +// /** +// * Small helper method. +// * +// * @return the {@link AuthComponentGeneral} from the database +// * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} +// */ +// private AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException { +// +// AuthComponentGeneral authComponentGeneral = configuration.get(MOAIDConfigurationConstants.AUTH_COMPONENT_GENERAL_KEY, AuthComponentGeneral.class); +// if (authComponentGeneral == null) { +// Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found"); +// throw new ConfigurationException("config.02", null); +// } +// return authComponentGeneral; +// } + +// /** +// * Returns the {@link VerifyAuthBlock}. +// * +// * @return the {@link VerifyAuthBlock}. +// * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}. +// */ +// private VerifyAuthBlock getVerifyAuthBlock() throws ConfigurationException { +// +// AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); +// MOASP moasp = authComponentGeneral.getMOASP(); +// if (moasp != null) { +// VerifyAuthBlock vab = moasp.getVerifyAuthBlock(); +// if (vab != null) { +// VerifyAuthBlock verifyIdl = new VerifyAuthBlock(); +// verifyIdl.setTrustProfileID(vab.getTrustProfileID()); +// verifyIdl.setVerifyTransformsInfoProfileID(new ArrayList<String>(vab.getVerifyTransformsInfoProfileID())); +// return verifyIdl; +// } else { +// Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation."); +// throw new ConfigurationException("config.02", null); +// } +// } else { +// Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found"); +// throw new ConfigurationException("config.02", null); +// } +// } + + /** + * Small helper method. NOTE: may return empty properties, but never {@code null}. + * @param propPrefix the prefix of the desired property. + * @return the {@link Properties} + */ + private Properties getGeneralProperiesConfig(final String propPrefix) { + + Properties configProp = new Properties(); + for (Object key : this.getProperties().keySet()) { + if (key.toString().startsWith(propPrefix)) { + String propertyName = key.toString().substring(propPrefix.length()); + configProp.put(propertyName, this.getProperties().get(key.toString())); + } + } + return configProp; + } + + /** + * Returns whether the trust-manager revocation checking is enabled or not. + * + * @return {@code true} if enable, {@code false} if disabled + */ + @Override + public boolean isTrustmanagerrevoationchecking() { + + try { + return configuration.getBooleanValue( + MOAIDConfigurationConstants.GENERAL_AUTH_REVOCATIONCHECKING, + TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + return TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT; + } + } + + /** + * Returns the path to the certificate-store directory or {@code null} if there is no certificate-store directory defined. + * + * @return the path to the certstore directory or {@code null} + */ + @Override + public String getCertstoreDirectory() { + try { + String path = rootConfigFileDir + configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL); + if (MiscUtil.isNotEmpty(path)) + return path; + + else { + Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined."); + return null; + + } + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined.", e); + return null; + } + } + + @Override + public String getTrustedCACertificates() { + try { + String path = rootConfigFileDir + configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_TRUSTSTORE_URL); + if (MiscUtil.isNotEmpty(path)) + return path; + + else { + Logger.warn("Error in MOA-ID Configuration. No TrustStoreDirectory defined."); + return null; + + } + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Error in MOA-ID Configuration. No TrustStoreDirectory defined.", e); + return null; + } + } + + /** + * Returns the active {@link OnlineApplication} with the given ID or {@code null} if either no matching online application is found or if the {@code id} + * matches more than one entry. + * + * @param id the id of the requested online application + * @return the requested online application or {@code null} + */ + public Map<String, String> getActiveOnlineApplication(String id) { + Logger.trace("Get active OnlineApplication with ID " + id + " from database."); + try { + Map<String, String> oaConfig = configuration.getOnlineApplication(id); + if (oaConfig != null) { + String isActiveString = oaConfig.get(MOAIDConfigurationConstants.SERVICE_ISACTIVE); + if (isActiveString != null && Boolean.valueOf(isActiveString)) + return oaConfig; + + } + + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.error("Error during OnlineApplication load operationen (oaId=." + + id + ")" , e); + + } + return null; + + } + + //Load document service url from moa properties + public String getDocumentServiceUrl() { + String prop = properties.getProperty("stork.documentservice.url", "false"); + return prop; + } + + + public boolean isPVPSchemaValidationActive() { + String prop = properties.getProperty("protocols.pvp2.schemavalidation", "true"); + return Boolean.valueOf(prop); + } + + /** + * Checks if is fakeIdL is activated. + * + * @return true, if fake IdLs are available for stork + */ + public boolean isStorkFakeIdLActive() { + String prop = properties.getProperty("stork.fakeIdL.active", "false"); + return Boolean.valueOf(prop); + } + + /** + * Gets the countries which will receive a fake IdL + * + * @return the countries + */ + public List<String> getStorkFakeIdLCountries() { + String prop = properties.getProperty("stork.fakeIdL.countries", ""); + return Arrays.asList(prop.replaceAll(" ", "").split(",")); + } + + /** + * Gets the resigning key (group) for the stork fake IdL. + * + * @return the resigning key + */ + public String getStorkFakeIdLResigningKey() { + String prop = properties.getProperty("stork.fakeIdL.keygroup"); + if (MiscUtil.isNotEmpty(prop)) + return prop; + else + return null; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getStorkNoSignatureCountries() + */ + @Override + public List<String> getStorkNoSignatureCountries() { + String prop = properties.getProperty("stork.fakeIdL.noSignatureCountries", ""); + return Arrays.asList(prop.replaceAll(" ", "").split(",")); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#isHTTPAuthAllowed() + */ + @Override + @Deprecated + public boolean isHTTPAuthAllowed() { + String prop = properties.getProperty("configuration.localhttpallowed.active", "false"); + return Boolean.valueOf(prop); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index e576522bf..44f4da027 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -23,27 +23,31 @@ package at.gv.egovernment.moa.id.config.auth.data; import java.security.PrivateKey; +import java.util.Collection; import java.util.List; import java.util.Map; -import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; -import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; -import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; -import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; -import at.gv.egovernment.moa.id.config.OAParameter; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.config.stork.StorkAttribute; +import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin; /** * @author tlenz * */ -public class DynamicOAAuthParameters extends OAParameter implements IOAAuthParameters { +public class DynamicOAAuthParameters implements IOAAuthParameters { + + private String publicURLPrefix; private String businessTarget; + private boolean businessService; + + private boolean isInderfederationIDP; + private String IDPQueryURL; + + private String target; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget() @@ -79,28 +83,10 @@ public class DynamicOAAuthParameters extends OAParameter implements IOAAuthParam } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTransformsInfos() - */ - @Override - public List<String> getTransformsInfos() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter() */ @Override - public OASAML1 getSAML1Parameter() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPVP2Parameter() - */ - @Override - public OAPVP2 getPVP2Parameter() { + public SAML1ConfigurationParameters getSAML1Parameter() { // TODO Auto-generated method stub return null; } @@ -109,7 +95,7 @@ public class DynamicOAAuthParameters extends OAParameter implements IOAAuthParam * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL() */ @Override - public List<TemplateType> getTemplateURL() { + public List<String> getTemplateURL() { // TODO Auto-generated method stub return null; } @@ -160,15 +146,6 @@ public class DynamicOAAuthParameters extends OAParameter implements IOAAuthParam } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSingleLogOutURL() - */ - @Override - public String getSingleLogOutURL() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles() */ @Override @@ -232,15 +209,6 @@ public class DynamicOAAuthParameters extends OAParameter implements IOAAuthParam } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedAttributes() - */ - @Override - public List<OAStorkAttribute> getRequestedAttributes() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRequireConsentForStorkAttributes() */ @Override @@ -253,7 +221,7 @@ public class DynamicOAAuthParameters extends OAParameter implements IOAAuthParam * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs() */ @Override - public List<AttributeProviderPlugin> getStorkAPs() { + public Collection<StorkAttributeProviderPlugin> getStorkAPs() { // TODO Auto-generated method stub return null; } @@ -280,7 +248,7 @@ public class DynamicOAAuthParameters extends OAParameter implements IOAAuthParam * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList() */ @Override - public List<CPEPS> getPepsList() { + public Collection<at.gv.egovernment.moa.id.config.stork.CPEPS> getPepsList() { // TODO Auto-generated method stub return null; } @@ -398,4 +366,100 @@ public class DynamicOAAuthParameters extends OAParameter implements IOAAuthParam // TODO Auto-generated method stub return false; } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFullConfiguration() + */ + @Override + public Map<String, String> getFullConfiguration() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getConfigurationValue(java.lang.String) + */ + @Override + public String getConfigurationValue(String key) { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFriendlyName() + */ + @Override + public String getFriendlyName() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPublicURLPrefix() + */ + @Override + public String getPublicURLPrefix() { + return this.publicURLPrefix; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getOaType() + */ + @Override + public String getOaType() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBusinessService() + */ + @Override + public boolean getBusinessService() { + return this.businessService; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTargetFriendlyName() + */ + @Override + public String getTargetFriendlyName() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInderfederationIDP() + */ + @Override + public boolean isInderfederationIDP() { + return this.isInderfederationIDP; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isSTORKPVPGateway() + */ + @Override + public boolean isSTORKPVPGateway() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedSTORKAttributes() + */ + @Override + public Collection<StorkAttribute> getRequestedSTORKAttributes() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getReversionsLoggingEventCodes() + */ + @Override + public List<Integer> getReversionsLoggingEventCodes() { + // TODO Auto-generated method stub + return null; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/SAML1ConfigurationParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/SAML1ConfigurationParameters.java new file mode 100644 index 000000000..8ff64f188 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/SAML1ConfigurationParameters.java @@ -0,0 +1,276 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.auth.data; + +/** + * @author tlenz + * + */ +public class SAML1ConfigurationParameters { + + private boolean isActive = false; + private boolean provideBaseId = false; + private boolean provideAuthBlock = false; + private boolean provideIdl = false; + private boolean provideCertificate = false; + private boolean provideMandate = false; + private boolean provideAllErrors = true; + private boolean useCondition = false; + private String sourceID = null; + private String condition = new String(); + + + /** + * + */ + public SAML1ConfigurationParameters(boolean isActive, + boolean provideBaseId, boolean provideAuthBlock, + boolean provideIdl, boolean provideCertificate, + boolean provideMandate, boolean provideAllErrors, + boolean useCondition, String condition, + String sourceID) { + this.condition = condition; + this.isActive = isActive; + this.provideAllErrors = provideAllErrors; + this.provideAuthBlock = provideAuthBlock; + this.provideBaseId = provideBaseId; + this.provideCertificate = provideCertificate; + this.provideIdl = provideIdl; + this.provideMandate = provideMandate; + this.useCondition = useCondition; + this.sourceID = sourceID; + + } + + + /** + * + */ + public SAML1ConfigurationParameters() { + + } + + + /** + * Gets the value of the isActive property. + * + * @return + * possible object is + * {@link String } + * + */ + public Boolean isIsActive() { + return this.isActive; + } + + /** + * @param isActive the isActive to set + */ + public void setActive(boolean isActive) { + this.isActive = isActive; + } + + + /** + * @param provideBaseId the provideBaseId to set + */ + public void setProvideBaseId(boolean provideBaseId) { + this.provideBaseId = provideBaseId; + } + + + /** + * @param provideAuthBlock the provideAuthBlock to set + */ + public void setProvideAuthBlock(boolean provideAuthBlock) { + this.provideAuthBlock = provideAuthBlock; + } + + + /** + * @param provideIdl the provideIdl to set + */ + public void setProvideIdl(boolean provideIdl) { + this.provideIdl = provideIdl; + } + + + /** + * @param provideCertificate the provideCertificate to set + */ + public void setProvideCertificate(boolean provideCertificate) { + this.provideCertificate = provideCertificate; + } + + + /** + * @param provideMandate the provideMandate to set + */ + public void setProvideMandate(boolean provideMandate) { + this.provideMandate = provideMandate; + } + + + /** + * @param provideAllErrors the provideAllErrors to set + */ + public void setProvideAllErrors(boolean provideAllErrors) { + this.provideAllErrors = provideAllErrors; + } + + + /** + * @param useCondition the useCondition to set + */ + public void setUseCondition(boolean useCondition) { + this.useCondition = useCondition; + } + + + /** + * @param sourceID the sourceID to set + */ + public void setSourceID(String sourceID) { + this.sourceID = sourceID; + } + + + /** + * @param condition the condition to set + */ + public void setCondition(String condition) { + this.condition = condition; + } + + + /** + * Gets the value of the provideStammzahl property. + * + * @return + * possible object is + * {@link String } + * + */ + public Boolean isProvideStammzahl() { + return this.provideBaseId; + } + + /** + * Gets the value of the provideAUTHBlock property. + * + * @return + * possible object is + * {@link String } + * + */ + public Boolean isProvideAUTHBlock() { + return this.provideAuthBlock; + } + + /** + * Gets the value of the provideIdentityLink property. + * + * @return + * possible object is + * {@link String } + * + */ + public Boolean isProvideIdentityLink() { + return this.provideIdl; + } + + /** + * Gets the value of the provideCertificate property. + * + * @return + * possible object is + * {@link String } + * + */ + public Boolean isProvideCertificate() { + return this.provideCertificate; + } + + /** + * Gets the value of the provideFullMandatorData property. + * + * @return + * possible object is + * {@link String } + * + */ + public Boolean isProvideFullMandatorData() { + return this.provideMandate; + } + + /** + * Gets the value of the useCondition property. + * + * @return + * possible object is + * {@link String } + * + */ + public Boolean isUseCondition() { + return this.useCondition; + } + + /** + * Gets the value of the conditionLength property. + * + * @return + * possible object is + * {@link BigInteger } + * + */ + + public int getConditionLength() { + return condition.length(); + } + + /** + * Gets the value of the sourceID property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getSourceID() { + return this.sourceID; + } + + /** + * Gets the value of the provideAllErrors property. + * + * @return + * possible object is + * {@link String } + * + */ + public Boolean isProvideAllErrors() { + return this.provideAllErrors; + } + +} + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index 3d4b53f7c..54156330f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -80,7 +80,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.logging.Logger; @@ -97,6 +96,15 @@ public class BuildFromLegacyConfig { private static final String SEARCHBKUTEMPLATE_HANDY = "https://www.handy-signatur.at"; private static final String SEARCHBKUTEMPLATE_ONLINE = "bkuonline/http-security-layer-request"; + public static final String AUTH_SESSION_TIMEOUT_PROPERTY = + "AuthenticationSession.TimeOut"; + /** + * The name of the generic configuration property giving the authentication data time out. + */ + public static final String AUTH_DATA_TIMEOUT_PROPERTY = + "AuthenticationData.TimeOut"; + + public static MOAIDConfiguration build(File fileName, String rootConfigFileDir, MOAIDConfiguration oldconfig) throws ConfigurationException { InputStream stream = null; Element configElem; @@ -163,13 +171,13 @@ public class BuildFromLegacyConfig { //Load Assertion and Session timeouts TimeOuts timeOuts = new TimeOuts(); - if (genericConfiguration.containsKey(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY)) - timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY)))); + if (genericConfiguration.containsKey(AUTH_DATA_TIMEOUT_PROPERTY)) + timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AUTH_DATA_TIMEOUT_PROPERTY)))); else timeOuts.setAssertion(BigInteger.valueOf(2*60)); //default 2min - if (genericConfiguration.containsKey(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY)) - timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY)))); + if (genericConfiguration.containsKey(AUTH_SESSION_TIMEOUT_PROPERTY)) + timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AUTH_SESSION_TIMEOUT_PROPERTY)))); else timeOuts.setAssertion(BigInteger.valueOf(30*60)); //default 30min diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java deleted file mode 100644 index e077e096f..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java +++ /dev/null @@ -1,219 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.config.proxy; - -import java.util.HashMap; -import java.util.Map; - -/** - * Holds configuration data concerning an online application for use by the MOA-ID Proxy component. - * These include the login type (stateful or stateless), the HTTP authentication type, - * and information needed to add authentication parameters or headers for a URL connection - * to the remote online application. - * @see <code>MOAIDConfiguration-1.1.xsd</code>, element <code>Configuration</code> - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class OAConfiguration { - - /** Constant for an login method */ - public static final String LOGINTYPE_STATEFUL = "stateful"; - /** Constant for an login method */ - public static final String LOGINTYPE_STATELESS = "stateless"; - - /** Constant for an auth method */ - public static final String BASIC_AUTH = "basic"; - /** Constant for an auth method */ - public static final String HEADER_AUTH = "header"; - /** Constant for an auth method */ - public static final String PARAM_AUTH = "param"; - - - /** Constant for binding */ - public static final String BINDUNG_USERNAME = "userName"; - /** Constant for binding */ - public static final String BINDUNG_FULL = "full"; - /** Constant for binding */ - public static final String BINDUNG_NONE = "none"; - /** Constant for binding */ - public static final String BINDUNG_NOMATCH = "noMatch"; - - /** login type: stateful or stateless */ - String loginType; - /** authentication type: basic, header, or param */ - String authType; - /** - * mapping of parameter names to AuthenticationData field names - * in case of authentication type <code>"header-auth"</code> - */ - Map paramAuthMapping; - /** - * mapping of parameter names to AuthenticationData field names - * in case of authentication type <code>"param-auth"</code> - */ - Map headerAuthMapping; - /** mapping for user ID to be used in case of authentication type <code>"basic-auth"</code> */ - String basicAuthUserIDMapping; - /** mapping for password to be used in case of authentication type <code>"basic-auth"</code> */ - String basicAuthPasswordMapping; - /** Binding for basic authentication */ - String binding; - - /** - * Returns the basicAuthPasswordMapping. - * @return String - */ - public String getBasicAuthPasswordMapping() { - return basicAuthPasswordMapping; - } - - /** - * Returns the basicAuthUserIDMapping. - * @return String - */ - public String getBasicAuthUserIDMapping() { - return basicAuthUserIDMapping; - } - - /** - * Returns the headerAuthMapping. - * @return HashMap - */ - public Map getHeaderAuthMapping() { - return headerAuthMapping; - } - - /** - * Returns the loginType. - * @return String - */ - public String getLoginType() { - return loginType; - } - - /** - * Returns the paramAuthMapping. - * @return HashMap - */ - public Map getParamAuthMapping() { - return paramAuthMapping; - } - - /** - * Returns the binding. - * @return String - */ - public String getBinding() { - return binding; - } - - /** - * Sets the basicAuthPasswordMapping. - * @param basicAuthPassword The basicAuthPasswordMapping to set - */ - public void setBasicAuthPasswordMapping(String basicAuthPassword) { - this.basicAuthPasswordMapping = basicAuthPassword; - } - - /** - * Sets the basicAuthUserIDMapping. - * @param basicAuthUserID The basicAuthUserIDMapping to set - */ - public void setBasicAuthUserIDMapping(String basicAuthUserID) { - this.basicAuthUserIDMapping = basicAuthUserID; - } - - /** - * Sets the headerAuthMapping. - * @param headerAuth The headerAuthMapping to set - */ - public void setHeaderAuthMapping(HashMap headerAuth) { - this.headerAuthMapping = headerAuth; - } - - /** - * Sets the loginType. - * @param loginType The loginType to set - */ - public void setLoginType(String loginType) { - this.loginType = loginType; - } - - /** - * Sets the paramAuthMapping. - * @param paramAuth The paramAuthMapping to set - */ - public void setParamAuthMapping(HashMap paramAuth) { - this.paramAuthMapping = paramAuth; - } - - /** - * Returns the authType. - * @return String - */ - public String getAuthType() { - return authType; - } - - /** - * Sets the authType. - * @param authLoginType The authType to set - */ - public void setAuthType(String authLoginType) { - this.authType = authLoginType; - } - - /** - * Sets the binding. - * @param binding The binding to be set. - */ - public void setBinding (String binding) { - this.binding = binding; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java deleted file mode 100644 index 00ca5ad57..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java +++ /dev/null @@ -1,248 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.config.proxy; - -import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; -import at.gv.egovernment.moa.id.config.legacy.OAParameter; - -/** - * Configuration parameters belonging to an online application, - * to use with the MOA ID Proxy component. - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class OAProxyParameter extends OAParameter { - -// /** -// * public URL prefix of the online application -// */ -// private String publicURLPrefix; - /** - * URL of online application configuration file; - * defaults to relative URL <code>/moaconfig.xml</code> - */ - private String configFileURL; - /** - * implementation of {@link at.gv.egovernment.moa.id.proxy.LoginParameterResolver} interface - * to be used for authenticating the online application; - * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver} - */ - private String loginParameterResolverImpl; - - /** - * Configuration Parameter of LoginParameterResolver - */ - private String loginParameterResolverConfiguration; - - /** - * implementation of {@link at.gv.egovernment.moa.id.proxy.ConnectionBuilder} interface - * to be used for connecting to the online application; - * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder} - */ - private String connectionBuilderImpl; - /** - * session time out to be used in case of a stateless online application - */ - private int sessionTimeOut; - /** - * parameters regarding the connection from the proxy to the online application - */ - private ConnectionParameter connectionParameter; - /** - * parameters for logging into the online application - */ - private OAConfiguration oaConfiguration; - - private String errorRedirctURL; - - - /** - * Returns the configFileURL. - * @return String - */ - public String getConfigFileURL() { - return configFileURL; - } - - /** - * Returns the sessionTimeOut. - * @return int - */ - public int getSessionTimeOut() { - return sessionTimeOut; - } - - /** - * Returns the connectionParameter. - * @return ConnectionParameter - */ - public ConnectionParameter getConnectionParameter() { - return connectionParameter; - } - - /** - * Sets the configFileURL for the proxy. - * @param oaProxyConfigFileURL The configFileURL to set - */ - public void setConfigFileURL(String oaProxyConfigFileURL) { - this.configFileURL = oaProxyConfigFileURL; - } - - /** - * Sets the sessionTimeOut for the proxy. - * @param oaProxySessionTimeOut The sessionTimeOut to set - */ - public void setSessionTimeOut(int oaProxySessionTimeOut) { - this.sessionTimeOut = oaProxySessionTimeOut; - } - - /** - * Sets the connectionParameter for the proxy. - * @param proxyConnectionParameter The connectionParameter to set - */ - public void setConnectionParameter(ConnectionParameter proxyConnectionParameter) { - this.connectionParameter = proxyConnectionParameter; - } - -// /** -// * Returns the publicURLPrefix. -// * @return String -// */ -// public String getPublicURLPrefix() { -// return publicURLPrefix; -// } -// -// /** -// * Sets the publicURLPrefix. -// * @param publicURLPrefix The publicURLPrefix to set -// */ -// public void setPublicURLPrefix(String url) { -// this.publicURLPrefix = url; -// } - - /** - * Returns the connectionBuilderImpl. - * @return String - */ - public String getConnectionBuilderImpl() { - return connectionBuilderImpl; - } - - /** - * Returns the loginParameterResolverImpl. - * @return String - */ - public String getLoginParameterResolverImpl() { - return loginParameterResolverImpl; - } - - /** - * Returns the loginParameterResolverConfiguration. - * @return String - */ - public String getLoginParameterResolverConfiguration() { - return loginParameterResolverConfiguration; - } - - /** - * Sets the connectionBuilderImpl for the proxy. - * @param connectionBuilderImpl The connectionBuilderImpl to set - */ - public void setConnectionBuilderImpl(String connectionBuilderImpl) { - this.connectionBuilderImpl = connectionBuilderImpl; - } - - /** - * Sets the loginParameterResolverImpl for the proxy. - * @param loginParameterResolverImpl The loginParameterResolverImpl to set - */ - public void setLoginParameterResolverImpl(String loginParameterResolverImpl) { - this.loginParameterResolverImpl = loginParameterResolverImpl; - } - - /** - * Sets the loginParameterResolverConfiguration for the proxy. - * @param loginParameterResolverConfiguration The loginParameterResolverImpl to set - */ - public void setLoginParameterResolverConfiguration(String loginParameterResolverConfiguration) { - this.loginParameterResolverConfiguration = loginParameterResolverConfiguration; - } - - /** - * Returns the oaConfiguration. - * @return OAConfiguration - */ - public OAConfiguration getOaConfiguration() { - return oaConfiguration; - } - - /** - * Sets the oaConfiguration. - * @param oaConfiguration The oaConfiguration to set - */ - public void setOaConfiguration(OAConfiguration oaConfiguration) { - this.oaConfiguration = oaConfiguration; - } - -/** - * @return the errorRedirctURL - */ -public String getErrorRedirctURL() { - return errorRedirctURL; -} - -/** - * @param errorRedirctURL the errorRedirctURL to set - */ -public void setErrorRedirctURL(String errorRedirctURL) { - this.errorRedirctURL = errorRedirctURL; -} - - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java deleted file mode 100644 index 3220dc90c..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java +++ /dev/null @@ -1,290 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.config.proxy; - -import java.io.ByteArrayInputStream; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; - -import org.w3c.dom.Element; -import org.w3c.dom.NodeList; -import org.w3c.dom.traversal.NodeIterator; - -import at.gv.egovernment.moa.id.config.legacy.ConfigurationBuilder; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Builds the configuration for MOA-ID Proxy. - */ -public class ProxyConfigurationBuilder extends ConfigurationBuilder { - - /** - * Default online application configuration file name - * (used when <code>/OnlineApplication/ProxyComponent@configFileURL</code> is <code>null</code>). - */ - public static final String DEFAULT_OA_CONFIG_FILENAME = "MOAConfig.xml"; - - /** an XPATH-Expression */ - private static final String PROXY_AUTH_XPATH = - ROOT + CONF + "ProxyComponent/" + CONF + "AuthComponent"; - /** an XPATH-Expression */ - protected static final String ROOTOA = "/" + CONF + "Configuration/"; - /** an XPATH-Expression */ - private static final String OA_PROXY_COMPONENT_XPATH = CONF + "ProxyComponent"; - /** an XPATH-Expression */ - private static final String OA_PROXY_COMPONENT_ABSOLUTE_XPATH = ROOT + CONF + "OnlineApplication/" + CONF + "ProxyComponent"; - /** an XPATH-Expression */ - private static final String OA_PROXY_URL_XPATH = CONF + "ProxyComponent/@configFileURL"; - /** an XPATH-Expression */ - private static final String OA_PROXY_SESSION_TIMEOUT_XPATH = CONF + "ProxyComponent/@sessionTimeOut"; - /** an XPATH-Expression */ - private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl"; - /** an XPATH-Expression */ - private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration"; - - private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl"; - /** an XPATH-Expression */ - private static final String OA_PROXY_ERROR_REDIRECT_URL_XPATH = CONF + "ProxyComponent/@errorRedirectURL"; - /** an XPATH-Expression */ - protected static final String OACONF_LOGIN_TYPE_XPATH = - ROOTOA + CONF + "LoginType"; - /** an XPATH-Expression */ - protected static final String OACONF_BINDING_TYPE_XPATH = - ROOTOA + CONF + "Binding"; - /** an XPATH-Expression */ - protected static final String OACONF_PARAM_AUTH_PARAMETER_XPATH = - ROOTOA + CONF + "ParamAuth/" + CONF + "Parameter"; - /** an XPATH-Expression */ - protected static final String OACONF_USER_ID_XPATH = - ROOTOA + CONF + "BasicAuth/" + CONF + "UserID"; - /** an XPATH-Expression */ - protected static final String OACONF_PASSWORD_XPATH = - ROOTOA + CONF + "BasicAuth/" + CONF + "Password"; - /** an XPATH-Expression */ - protected static final String OACONF_HEADER_AUTH_HEADER_XPATH = - ROOTOA + CONF + "HeaderAuth/" + CONF + "Header"; - - /** - * Creates a new <code>MOAConfigurationProvider</code>. - * - * @param configElem The root element of the MOA-ID configuration. - */ - public ProxyConfigurationBuilder(Element configElem, String rootConfigDir) { - super(configElem, rootConfigDir); - } - - /** - * Method buildOAConfiguration. - * - * Build an {@link OAConfiguration} Object from the given configuration DOM element - * - * @param root - * @return OAConfiguration - * @throws ConfigurationException - */ - public OAConfiguration buildOAConfiguration(Element root) throws ConfigurationException{ - - OAConfiguration oaConfiguration = new OAConfiguration(); - - //The LoginType hast to be "stateless" or "stateful" to be valid - - oaConfiguration.setLoginType( - XPathUtils.getElementValue(root, OACONF_LOGIN_TYPE_XPATH, null)); - - oaConfiguration.setBinding( - XPathUtils.getElementValue(root, OACONF_BINDING_TYPE_XPATH, OAConfiguration.BINDUNG_FULL)); - - //Try to build the Parameter Auth Parameters - NodeIterator paramAuthIter = - XPathUtils.selectNodeIterator( - root, - OACONF_PARAM_AUTH_PARAMETER_XPATH); - Element paramAuthElem; - HashMap paramAuthMap = new HashMap(); - while ((paramAuthElem = (Element) paramAuthIter.nextNode()) != null) { - String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null); - String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null); - if (paramAuthMap.containsKey(name)) - throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); - paramAuthMap.put(name, value); - } - oaConfiguration.setParamAuthMapping(paramAuthMap); - // Try to build the BasicAuthParameters - oaConfiguration.setBasicAuthUserIDMapping( - XPathUtils.getElementValue(root, OACONF_USER_ID_XPATH, null)); - oaConfiguration.setBasicAuthPasswordMapping( - XPathUtils.getElementValue(root, OACONF_PASSWORD_XPATH, null)); - - //Try to build the Parameter Auth Parameters - NodeIterator headerAuthIter = XPathUtils.selectNodeIterator(root,OACONF_HEADER_AUTH_HEADER_XPATH); - - Element headerAuthElem; - HashMap headerAuthMap = new HashMap(); - while ((headerAuthElem = (Element) headerAuthIter.nextNode()) != null) { - String name = - XPathUtils.getAttributeValue(headerAuthElem, "@Name", null); - String value = - XPathUtils.getAttributeValue(headerAuthElem, "@Value", null); - // Contains Key (Neue Config-Exception: doppelte werte) - if (headerAuthMap.containsKey(name)) - throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); - headerAuthMap.put(name, value); - } - oaConfiguration.setHeaderAuthMapping(headerAuthMap); - - if (paramAuthMap.size() == 0) { - if (oaConfiguration.getBasicAuthUserIDMapping() == null) { - oaConfiguration.setAuthType(OAConfiguration.HEADER_AUTH); - } - else - oaConfiguration.setAuthType(OAConfiguration.BASIC_AUTH); - } - else - oaConfiguration.setAuthType(OAConfiguration.PARAM_AUTH); - - return oaConfiguration; - } - - - /** - * Build an array of OnlineApplication Parameter Beans containing information - * about the proxy component - * @return An OAProxyParameter array containing beans - * with all relevant information for the proxy component of the online - * application - */ - public OAProxyParameter[] buildOnlineApplicationProxyParameters() throws ConfigurationException{ - - List oA_list = new ArrayList(); - NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH); - - for (int i = 0; i < OAIter.getLength(); i++) { - Element oAElem = (Element) OAIter.item(i); - - Element proxyComponentElem = (Element) XPathUtils.selectSingleNode(oAElem,OA_PROXY_COMPONENT_XPATH); - if (proxyComponentElem != null) { - OAProxyParameter oap = new OAProxyParameter(); - - oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix")); - oap.setOaType(oAElem.getAttribute("type")); - oap.setConfigFileURL(XPathUtils.getAttributeValue(oAElem, OA_PROXY_URL_XPATH, null)); - oap.setConfigFileURL(FileUtils.makeAbsoluteURL(oap.getConfigFileURL(), rootConfigFileDir_)); - // default session time out: 3600 sec = 1 h - oap.setSessionTimeOut(new Integer(XPathUtils.getAttributeValue(oAElem,OA_PROXY_SESSION_TIMEOUT_XPATH,"3600")).intValue()); - oap.setLoginParameterResolverImpl(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_XPATH, null)); - oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null)); - oap.setLoginParameterResolverConfiguration(FileUtils.makeAbsoluteURL(oap.getLoginParameterResolverConfiguration(), rootConfigFileDir_)); - oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null)); - oap.setErrorRedirctURL(XPathUtils.getAttributeValue(oAElem,OA_PROXY_ERROR_REDIRECT_URL_XPATH, null)); - - ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem); - oap.setConnectionParameter(conPara); - - OAConfiguration oaConf = buildOAConfiguration(getOAConfigElement(oap)); - oap.setOaConfiguration(oaConf); - - oA_list.add(oap); - } - } - OAProxyParameter[] result = - new OAProxyParameter[oA_list.size()]; - oA_list.toArray(result); - - return result; - - } - - /** - * Reads the configuration file of the online application, and creates a DOM tree from it. - * If <code>/OnlineApplication/ProxyComponent@configFileURL</code> is not given, - * uses default configuration file location. - * - * @param oap configuration data of online application, meant for use by MOA-ID-PROXY - * @return Element DOM tree root element - * @throws ConfigurationException on any exception thrown - */ - private Element getOAConfigElement(OAProxyParameter oap) throws ConfigurationException - { - try { - String configFileURL = oap.getConfigFileURL(); - if (configFileURL == null) { - // use default config file URL, when config file URL is not given - configFileURL = oap.getConnectionParameter().getUrl(); - if (configFileURL.charAt(configFileURL.length() - 1) != '/') - configFileURL += "/"; - configFileURL += DEFAULT_OA_CONFIG_FILENAME; - } - Logger.info("Loading MOA-OA configuration " + configFileURL); - Element configElem = DOMUtils.parseXmlValidating( - new ByteArrayInputStream(FileUtils.readURL(configFileURL))); - return configElem; - } - catch (Throwable t) { - throw new ConfigurationException("config.03", new Object[] {"OAConfiguration"} , t); - } - } - - /** - * Build a bean containing all information about the ProxyComponent - * @return The ConnectionParameter for the Proxy Component - */ - public ConnectionParameter buildAuthComponentConnectionParameter() - { - - Element connectionParameter = (Element) XPathUtils.selectSingleNode(configElem_, PROXY_AUTH_XPATH); - if (connectionParameter==null) return null; - return buildConnectionParameter(connectionParameter); - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java deleted file mode 100644 index 66d330d20..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java +++ /dev/null @@ -1,260 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.config.proxy; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.net.MalformedURLException; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.FileUtils; - -/** - * A class providing access to the Proxy Part of the MOA-ID configuration data. - * - * <p>Configuration data is read from an XML file, whose location is given by - * the <code>moa.id.configuration</code> system property.</p> - * <p>This class implements the Singleton pattern. The <code>reload()</code> - * method can be used to update the configuration data. Therefore, it is not - * guaranteed that consecutive calls to <code>getInstance()</code> will return - * the same <code>ProxyConfigurationProvider</code> all the time. During the - * processing of a web service request, the current - * <code>TransactionContext</code> should be used to obtain the - * <code>ProxyConfigurationProvider</code> local to that request.</p> - * - * @author Stefan Knirsch - */ -public class ProxyConfigurationProvider extends ConfigurationProvider { - - /** Singleton instance. <code>null</code>, if none has been created. */ - private static ProxyConfigurationProvider instance; - - - // - // configuration data - // - /** - * connection parameters for connection to MOA ID Auth component - */ - private ConnectionParameter authComponentConnectionParameter; - /** - * configuration parameters for online applications - */ - private OAProxyParameter[] onlineApplicationProxyParameter; - - /** - * Return the single instance of configuration data. - * - * @return ProxyConfigurationProvider The current configuration data. - * @throws ConfigurationException - */ - public static synchronized ProxyConfigurationProvider getInstance() - throws ConfigurationException { - - if (instance == null) { - reload(); - } - return instance; - } - - /** - * Reload the configuration data and set it if successful. - * - * @return ProxyConfigurationProvider The loaded configuration data. - * @throws ConfigurationException Failure to load the configuration data. - */ - public static synchronized ProxyConfigurationProvider reload() - throws ConfigurationException { - String fileName = System.getProperty(PROXY_CONFIG_PROPERTY_NAME); - if (fileName == null) { - throw new ConfigurationException("config.20", null); - } - Logger.info("Loading MOA-ID-PROXY configuration " + fileName); - - instance = new ProxyConfigurationProvider(fileName); - return instance; - } - - /** - * Constructor for ProxyConfigurationProvider. - */ - public ProxyConfigurationProvider(String fileName) - throws ConfigurationException { - - load(fileName); - } - - /** - * Load the configuration data from XML file with the given name and build - * the internal data structures representing the MOA configuration. - * - * @param fileName The name of the XML file to load. - * @throws ConfigurationException The MOA configuration could not be - * read/built. - */ - private void load(String fileName) throws ConfigurationException { - FileInputStream stream = null; - Element configElem; - ProxyConfigurationBuilder builder; - - try { - // load the main config file - stream = new FileInputStream(fileName); - configElem = DOMUtils.parseXmlValidating(stream); - } - catch (Throwable t) { - throw new ConfigurationException("config.03", null, t); - } - finally { - try { - if (stream != null) { - stream.close(); - } - } - catch (IOException e) { - } - } - try { - // determine the directory of the root config file - rootConfigFileDir = new File(fileName).getParent(); - try { - rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); - } catch (MalformedURLException t) { - throw new ConfigurationException("config.03", null, t); - } - - // build the internal datastructures - builder = new ProxyConfigurationBuilder(configElem, rootConfigFileDir); - authComponentConnectionParameter = builder.buildAuthComponentConnectionParameter(); - - onlineApplicationProxyParameter = builder.buildOnlineApplicationProxyParameters(); - for(int i = 0; i < onlineApplicationProxyParameter.length; i++) { - onlineApplicationProxyParameter[i].setConfigFileURL(FileUtils.makeAbsoluteURL(onlineApplicationProxyParameter[i].getConfigFileURL(), rootConfigFileDir)); - } - - genericConfiguration = builder.buildGenericConfiguration(); - defaultChainingMode = builder.getDefaultChainingMode(); - chainingModes = builder.buildChainingModes(); - trustedCACertificates = builder.getTrustedCACertificates(); - trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); - - } - catch (Throwable t) { - throw new ConfigurationException("config.02", null, t); - } - } - - public String getTrustedCACertificates() { - - return trustedCACertificates; - } - - /** - * @return the certstoreDirectory - */ - public String getCertstoreDirectory() { - if (genericConfiguration.containsKey(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY)) - return (String)genericConfiguration.get(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY); - else - return null; - } - - /** - * @return the trustmanagerrevoationchecking - */ - public boolean isTrustmanagerrevoationchecking() { - if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)) - return Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)); - else - return true; - } - - - /** - * Return a bean containing all information about the ProxyComponent - * @return The ConnectionParameter for the Proxy Component - */ - public ConnectionParameter getAuthComponentConnectionParameter() { - return authComponentConnectionParameter; - } - - /** - * Build an array of OnlineApplication Parameter Beans containing all - * information about the proxy component of the online application - * @return An OAProxyParameter array containing beans - * with all relevant information for the proxy component of the online - * application - */ - public OAProxyParameter[] getOnlineApplicationParameters() { - return onlineApplicationProxyParameter; - } - /** - * Provides configuration information regarding the online application behind - * the given URL, relevant to the MOA-ID Proxy component. - * - * @param oaURL URL requested for an online application - * @return an <code>OAProxyParameter</code>, or <code>null</code> - * if none is applicable - */ - public OAProxyParameter getOnlineApplicationParameter(String oaURL) { - OAProxyParameter[] oaParams = getOnlineApplicationParameters(); - for (int i = 0; i < oaParams.length; i++) { - OAProxyParameter oaParam = oaParams[i]; - if (oaURL.startsWith(oaParam.getPublicURLPrefix())) - return oaParam; - } - return null; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 136b40295..9532aa9ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -25,7 +25,6 @@ */
package at.gv.egovernment.moa.id.config.stork;
-import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
@@ -33,16 +32,14 @@ import java.util.HashMap; import java.util.List;
import java.util.Map;
import java.util.Properties;
+import java.util.Set;
-import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter;
-import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
-import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.xml.sax.SAXException;
-
-import javax.xml.parsers.ParserConfigurationException;
/**
* Encapsulates several STORK configuration parameters according MOA configuration
@@ -54,63 +51,71 @@ public class STORKConfig { /** STORK SAML signature creation parameters */
private Properties props = null;
- private Map<String, CPEPS> cpepsMap = null;
+ private Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
private String basedirectory = null;
private SignatureVerificationParameter sigverifyparam = null;
private List<StorkAttribute> attr = null;
- public STORKConfig(STORK stork, Properties props, String basedirectory) {
+ public STORKConfig(Properties props, String basedirectory) throws ConfigurationException {
this.basedirectory = basedirectory;
this.props = props;
//create CPEPS map
- //List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = stork.getCPEPS();
- List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = new ArrayList<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS>(); // TODO Change this
-
- try {
- cpeps = stork.getCPEPS();
-
- } catch (NullPointerException ex) {
- Logger.error("CPEPS not configured!");
+ List<CPEPS> cpeps = new ArrayList<CPEPS>();
+
+ Map<String, String> storkCPEPSProps =
+ AuthConfigurationProviderFactory.getInstance().getConfigurationWithPrefix(
+ MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + ".");
+ if (storkCPEPSProps != null) {
+ Set<String> keyValues = storkCPEPSProps.keySet();
+ for (Object elObj : keyValues) {
+ if (elObj instanceof String) {
+ String el = (String) elObj;
+ if (el.endsWith(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY)) {
+ int index = el.indexOf(".");
+ String listCounter = el.substring(0, index);
+
+ if (MiscUtil.isNotEmpty(storkCPEPSProps.get(listCounter + "." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY))) {
+ try {
+ CPEPS moacpep =
+ new CPEPS(storkCPEPSProps.get(listCounter + "." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY),
+ new URL(storkCPEPSProps.get(listCounter + "." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL)),
+ Boolean.valueOf(storkCPEPSProps.get(listCounter + "." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_SUPPORT_XMLDSIG)));
+ cpepsMap.put(moacpep.getCountryCode(), moacpep);
+
+ } catch (MalformedURLException e) {
+ Logger.warn("CPEPS URL " +
+ storkCPEPSProps.get(listCounter + "." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL) +
+ " are not parseable.", e);
+
+ }
+ }
+ }
+ }
+ }
+ }
+
+ attr = new ArrayList<StorkAttribute>();
+ Map<String, String> storkAttributeProps =
+ AuthConfigurationProviderFactory.getInstance().getConfigurationWithPrefix(
+ MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST);
+ if (storkAttributeProps != null) {
+ Set<String> keyValues = storkAttributeProps.keySet();
+ for (Object elObj : keyValues) {
+ if (elObj instanceof String) {
+ String el = (String) elObj;
+ if (el.endsWith(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME)) {
+ int index = el.indexOf(".");
+ String listCounter = el.substring(0, index);
+ StorkAttribute moaStorkAttr =
+ new StorkAttribute(storkAttributeProps.get(listCounter + "." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME),
+ Boolean.valueOf(storkAttributeProps.get(listCounter + "." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY)));
+ attr.add(moaStorkAttr);
+ }
+ }
+ }
}
-
- cpepsMap = new HashMap<String, CPEPS>();
-
- if (cpeps != null) {
- for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) {
-
- try {
- CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL()), cpep.isSupportsXMLSignature());
-
- cpepsMap.put(cpep.getCountryCode(), moacpep);
-
- } catch (MalformedURLException e) {
- Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
- + cpep.getCountryCode() + " has an invalid URL and is ignored.");
- }
- }
- /*catch (ParserConfigurationException e) {
- Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
- + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
- } catch (SAXException e) {
- Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
- + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
- } catch (IOException e) {
- Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
- + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
- } catch (MessageEncodingException e) {
- Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
- + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
- }*/
- }
- attr = new ArrayList<StorkAttribute>();
- if (stork != null && stork.getAttributes() != null) {
- for(StorkAttribute current : stork.getAttributes()) {
- attr.add(current);
- }
- }
-
}
public SignatureCreationParameter getSignatureCreationParameter() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttribute.java new file mode 100644 index 000000000..87ec7fb0c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttribute.java @@ -0,0 +1,27 @@ +package at.gv.egovernment.moa.id.config.stork; + +public class StorkAttribute { + + protected Boolean mandatory; + protected String name; + + public StorkAttribute(String name, boolean mandatory) { + this.name = name; + this.mandatory = mandatory; + } + + public Boolean getMandatory() { + return mandatory; + } + public void setMandatory(Boolean mandatory) { + this.mandatory = mandatory; + } + public String getName() { + return name; + } + public void setName(String name) { + this.name = name; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttributeProviderPlugin.java new file mode 100644 index 000000000..619af2358 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttributeProviderPlugin.java @@ -0,0 +1,81 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.stork; + +/** + * @author tlenz + * + */ +public class StorkAttributeProviderPlugin { + private String name = null; + private String url = null; + private String attributes = null; + + /** + * + */ + public StorkAttributeProviderPlugin(String name, String url, String attributes) { + this.name = name; + this.url = url; + this.attributes = attributes; + } + + /** + * @return the name + */ + public String getName() { + return name; + } + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + /** + * @return the url + */ + public String getUrl() { + return url; + } + /** + * @param url the url to set + */ + public void setUrl(String url) { + this.url = url; + } + /** + * @return the attributes + */ + public String getAttributes() { + return attributes; + } + /** + * @param attributes the attributes to set + */ + public void setAttributes(String attributes) { + this.attributes = attributes; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index e3b7524ae..0b45bb461 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -31,6 +31,9 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; + +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -41,7 +44,7 @@ import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; @@ -279,7 +282,7 @@ public class DispatcherServlet extends AuthServlet{ //create interfederated MOASession String sessionID = AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId); - req.getParameterMap().put(PARAM_SESSIONID, new String[]{ sessionID }); + req.getParameterMap().put(MOAIDAuthConstants.PARAM_SESSIONID, new String[]{ sessionID }); Logger.info("PreProcessing of SSO interfederation response complete. "); @@ -287,7 +290,7 @@ public class DispatcherServlet extends AuthServlet{ } else if (protocolRequest != null && MiscUtil.isNotEmpty(protocolRequest.getRequestID())) { - OAAuthParameter oaParams = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); + OAAuthParameter oaParams = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); if (oaParams.isSTORKPVPGateway() || !oaParams.isPerformLocalAuthenticationOnInterfederationError()) { // -> send end error to service provider Logger.info("Federated authentication for entity " + protocolRequest.getOAURL() @@ -397,7 +400,7 @@ public class DispatcherServlet extends AuthServlet{ } //load Parameters from OnlineApplicationConfiguration - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter(protocolRequest.getOAURL()); if (oaParam == null) { @@ -459,7 +462,7 @@ public class DispatcherServlet extends AuthServlet{ } } else { - moasessionID = (String) req.getParameter(PARAM_SESSIONID); + moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); moasession = AuthenticationSessionStoreage.getSession(moasessionID); } @@ -475,7 +478,7 @@ public class DispatcherServlet extends AuthServlet{ } } else { - moasessionID = (String) req.getParameter(PARAM_SESSIONID); + moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); moasession = AuthenticationSessionStoreage.getSession(moasessionID); moasessionID = AuthenticationSessionStoreage.changeSessionID(moasession); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 49f3df25c..06b55fb66 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -61,10 +61,13 @@ import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -73,7 +76,7 @@ import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.SLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationImpl; @@ -103,7 +106,7 @@ import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -public class AuthenticationManager implements MOAIDAuthConstants { +public class AuthenticationManager extends MOAIDAuthConstants { private static final AuthenticationManager INSTANCE = new AuthenticationManager(); @@ -148,7 +151,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { authSession.setAuthenticatedUsed(true); AuthenticationSessionStoreage.storeSession(authSession); - + return true; // got authenticated } } @@ -191,7 +194,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { } catch (MOADatabaseException e) { Logger.warn("Delete MOASession FAILED."); - sloContainer.putFailedOA(AuthConfigurationProvider.getInstance().getPublicURLPrefix()); + sloContainer.putFailedOA(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()); } @@ -254,7 +257,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { AssertionStorage.getInstance().put(relayState, sloContainer); - String timeOutURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + String timeOutURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/idpSingleLogout" + "?restart=" + relayState; @@ -335,6 +338,10 @@ public class AuthenticationManager implements MOAIDAuthConstants { authSession.setAuthenticated(false); //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session + + //log Session_Destroy to reversionslog + AuthenticationSessionExtensions sessionExtensions = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID); + MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); AuthenticationSessionStoreage.destroySession(moaSessionID); @@ -351,13 +358,17 @@ public class AuthenticationManager implements MOAIDAuthConstants { HttpServletResponse response, IRequest target) throws ServletException, IOException, MOAIDException { - Logger.info("Starting authentication ..."); + Logger.info("Starting authentication ..."); + MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), + target, MOAIDEventConstants.AUTHPROCESS_START); if (MiscUtil.isEmpty(target.getRequestedIDP())) { perfomLocalAuthentication(request, response, target); } else { Logger.info("Use IDP " + target.getRequestedIDP() + " for authentication ..."); + MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), + target, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION); buildPVP21AuthenticationRequest(request, response, target); } @@ -369,8 +380,11 @@ public class AuthenticationManager implements MOAIDAuthConstants { String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), target.requestedAction(), target.getRequestID(), oaParam, - AuthConfigurationProvider.getInstance().getPublicURLPrefix()); - + AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()); + + MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), + target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); + response.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(response.getOutputStream()); out.print(form); @@ -387,8 +401,8 @@ public class AuthenticationManager implements MOAIDAuthConstants { //get IDP metadata try { - OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(target.getRequestedIDP()); - OAAuthParameter sp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(target.getOAURL()); + OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getRequestedIDP()); + OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getOAURL()); if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) { Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation."); @@ -557,7 +571,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - List<String> legacyallowed_prot = AuthConfigurationProvider.getInstance().getLegacyAllowedProtocols(); + List<String> legacyallowed_prot = AuthConfigurationProviderFactory.getInstance().getLegacyAllowedProtocols(); //is legacy allowed boolean legacyallowed = legacyallowed_prot.contains(target.requestedModule()); @@ -569,7 +583,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { try { //check if an MOASession exists and if not create an new MOASession //moasession = getORCreateMOASession(request); - moasession = AuthenticationSessionStoreage.createSession(target.getRequestID()); + moasession = AuthenticationSessionStoreage.createSession(target); } catch (MOADatabaseException e1) { Logger.error("Database Error! MOASession can not be created!"); @@ -592,6 +606,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { executionContext.put("useMandate", moasession.getUseMandate()); executionContext.put("bkuURL", moasession.getBkuURL()); executionContext.put(PARAM_SESSIONID, moasession.getSessionID()); + executionContext.put("pendingRequestID", target.getRequestID()); // create process instance String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext); @@ -620,8 +635,11 @@ public class AuthenticationManager implements MOAIDAuthConstants { processEngine.start(processInstanceId); } else { + MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), + target, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT); + //load Parameters from OnlineApplicationConfiguration - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter(target.getOAURL()); if (oaParam == null) { @@ -642,7 +660,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { //Build authentication form - String publicURLPreFix = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + String publicURLPreFix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), target.requestedAction(), oaParam, publicURLPreFix, moasession.getSessionID()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java index 529e2ab81..fda92d71a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java @@ -31,7 +31,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; -public interface IAction extends MOAIDAuthConstants { +public interface IAction { public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException; public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java index aaeb84f92..8f3ed9fdd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -22,10 +22,12 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.moduls; +import java.util.Date; import java.util.List; import org.opensaml.saml2.core.Attribute; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; public interface IRequest { @@ -40,9 +42,11 @@ public interface IRequest { public String getTarget(); public void setRequestID(String id); public String getRequestID(); + public String getSessionIdentifier(); public String getRequestedIDP(); public MOAResponse getInterfederationResponse(); public List<Attribute> getRequestedAttributes(); + public IOAAuthParameters getOnlineApplicationConfiguration(); //public void setTarget(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index 4a54a516b..26fb7bd29 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -27,6 +27,7 @@ import java.util.List; import org.opensaml.saml2.core.Attribute; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; public abstract class RequestImpl implements IRequest, Serializable{ @@ -41,6 +42,8 @@ public abstract class RequestImpl implements IRequest, Serializable{ private String action = null; private String target = null; private String requestID; + private String sessionIdentifier; + private IOAAuthParameters OAConfiguration = null; //MOA-ID interfederation private String requestedIDP = null; @@ -147,6 +150,23 @@ public abstract class RequestImpl implements IRequest, Serializable{ this.response = response; } + public String getSessionIdentifier() { + return this.sessionIdentifier; + + } + + public void setSessionIdentifier(String sessionIdentifier) { + this.sessionIdentifier = sessionIdentifier; + + } + public IOAAuthParameters getOnlineApplicationConfiguration() { + return this.OAConfiguration; + } + + public void setOnlineApplicationConfiguration(IOAAuthParameters oaConfig) { + this.OAConfiguration = oaConfig; + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java index 21b4e2b65..f0b12431a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java @@ -22,6 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.moduls; +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.storage.AssertionStorage; @@ -34,6 +35,11 @@ public class RequestStorage { try { AssertionStorage storage = AssertionStorage.getInstance(); IRequest pendingRequest = storage.get(pendingReqID, IRequest.class); + + //set transactionID and sessionID to Logger + TransactionIDUtils.setTransactionId(((IRequest)pendingRequest).getRequestID()); + TransactionIDUtils.setSessionId(((IRequest)pendingRequest).getSessionIdentifier()); + return pendingRequest; } catch (MOADatabaseException e) { @@ -49,7 +55,7 @@ public class RequestStorage { if (pendingRequest instanceof IRequest) { storage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest); - + } else { throw new MOAIDException("auth.20", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 68545e1c2..5fc1f3c4d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -25,10 +25,8 @@ package at.gv.egovernment.moa.id.moduls; import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; -import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; -import java.io.Reader; import java.io.StringWriter; import java.net.URI; import java.util.Date; @@ -38,23 +36,19 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.Velocity; import org.apache.velocity.app.VelocityEngine; import org.hibernate.Query; import org.hibernate.Session; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.VelocityProvider; @@ -74,21 +68,11 @@ public class SSOManager { private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec private static SSOManager instance = null; - private static int sso_timeout; public static SSOManager getInstance() { if (instance == null) { instance = new SSOManager(); - - try { - sso_timeout = (int) AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionUpdated().longValue(); - - } - catch (ConfigurationException e) { - Logger.info("SSO Timeout can not be loaded from MOA-ID configuration. Use default Timeout with " + DEFAULTSSOTIMEOUT); - sso_timeout = DEFAULTSSOTIMEOUT; - } - + } return instance; @@ -151,7 +135,7 @@ public class SSOManager { //check if session is out of lifetime Date now = new Date(); - long maxSSOSessionTime = AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionCreated().longValue() * 1000; + long maxSSOSessionTime = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000; Date ssoSessionValidTo = new Date(storedSession.getCreated().getTime() + maxSSOSessionTime); if (now.after(ssoSessionValidTo)) { Logger.info("Found outdated SSO session information. Start reauthentication process ... "); @@ -249,7 +233,15 @@ public class SSOManager { } public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) { - setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, sso_timeout); + int ssoTimeOut; + try { + ssoTimeOut = (int) AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut(); + + } catch (ConfigurationException e) { + Logger.info("SSO Timeout can not be loaded from MOA-ID configuration. Use default Timeout with " + DEFAULTSSOTIMEOUT); + ssoTimeOut = DEFAULTSSOTIMEOUT; + } + setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, ssoTimeOut); } @@ -305,7 +297,7 @@ public class SSOManager { InputStream is = null; String pathLocation = null; try { - String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); + String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; File file = new File(new URI(pathLocation)); is = new FileInputStream(file); @@ -347,7 +339,7 @@ public class SSOManager { BufferedReader reader = new BufferedReader(new InputStreamReader(is )); //set default elements to velocity context - context.put("contextpath", AuthConfigurationProvider.getInstance().getPublicURLPrefix()); + context.put("contextpath", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()); StringWriter writer = new StringWriter(); //velocityEngine.evaluate(context, writer, "SLO_Template", reader); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java index 93a2f7d6d..8eddd7833 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java @@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.protocols.oauth20; import java.util.Properties; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.util.FileUtils; public class OAuth20Configuration { @@ -49,8 +49,8 @@ public class OAuth20Configuration { private OAuth20Configuration() { try { - props = AuthConfigurationProvider.getInstance().getGeneralOAuth20ProperiesConfig(); - rootDir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); + props = AuthConfigurationProviderFactory.getInstance().getGeneralOAuth20ProperiesConfig(); + rootDir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); } catch (ConfigurationException e) { e.printStackTrace(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java index 75501d812..b0736ff2e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java @@ -48,6 +48,7 @@ public final class OAuth20Constants { public static final String PARAM_RESPONSE_TYPE = "response_type"; public static final String PARAM_REDIRECT_URI = "redirect_uri"; public static final String PARAM_STATE = "state"; + public static final String PARAM_NONCE = "nonce"; public static final String PARAM_GRANT_TYPE = "grant_type"; public static final String PARAM_GRANT_TYPE_VALUE_AUTHORIZATION_CODE = "authorization_code"; public static final String PARAM_CLIENT_ID = "client_id"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index 583120a86..439d08e0b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -30,6 +30,7 @@ import org.apache.commons.lang.StringUtils; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.oauth20.Pair; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDAuthBlock; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCcsURL; @@ -116,6 +117,7 @@ public final class OAuth20AttributeBuilder { buildersOpenId.add(new OpenIdIssueInstantAttribute()); buildersOpenId.add(new OpenIdAuthenticationTimeAttribute()); buildersOpenId.add(new OpenIdAudiencesAttribute()); + buildersOpenId.add(new OpenIdNonceAttribute()); // profile buildersProfile.add(new ProfileGivenNameAttribute()); @@ -173,10 +175,18 @@ public final class OAuth20AttributeBuilder { } private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData) { + final OAAuthParameter oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) { for (IAttributeBuilder b : builders) { try { - Pair<String, JsonPrimitive> attribute = b.build(oaParam, authData, generator); + //TODO: better solution requires more refactoring :( + Pair<String, JsonPrimitive> attribute = null; + if (b instanceof OpenIdNonceAttribute) { + OpenIdNonceAttribute nonceBuilder = (OpenIdNonceAttribute) b; + attribute = nonceBuilder.build(oaParam, authData, oAuthRequest, generator); + + } else + attribute = b.build(oaParam, authData, generator); + if (attribute != null && !StringUtils.isEmpty(attribute.getSecond().getAsString())) { jsonObject.add(attribute.getFirst(), attribute.getSecond()); } @@ -188,33 +198,34 @@ public final class OAuth20AttributeBuilder { } public static void addScopeOpenId(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData) { - addAttibutes(buildersOpenId, jsonObject, oaParam, authData); + final OAAuthParameter oaParam, final IAuthData authData, + final OAuth20AuthRequest oAuthRequest) { + addAttibutes(buildersOpenId, jsonObject, oaParam, authData, oAuthRequest); } public static void addScopeProfile(final JsonObject jsonObject, final OAAuthParameter oaParam, final IAuthData authData) { - addAttibutes(buildersProfile, jsonObject, oaParam, authData); + addAttibutes(buildersProfile, jsonObject, oaParam, authData, null); } public static void addScopeEID(final JsonObject jsonObject, final OAAuthParameter oaParam, final IAuthData authData) { - addAttibutes(buildersEID, jsonObject, oaParam, authData); + addAttibutes(buildersEID, jsonObject, oaParam, authData, null); } public static void addScopeEIDGov(final JsonObject jsonObject, final OAAuthParameter oaParam, final IAuthData authData) { - addAttibutes(buildersEIDGov, jsonObject, oaParam, authData); + addAttibutes(buildersEIDGov, jsonObject, oaParam, authData, null); } public static void addScopeMandate(final JsonObject jsonObject, final OAAuthParameter oaParam, final IAuthData authData) { - addAttibutes(buildersMandate, jsonObject, oaParam, authData); + addAttibutes(buildersMandate, jsonObject, oaParam, authData, null); } public static void addScopeSTORK(final JsonObject jsonObject, final OAAuthParameter oaParam, final IAuthData authData) { - addAttibutes(buildersSTORK, jsonObject, oaParam, authData); + addAttibutes(buildersSTORK, jsonObject, oaParam, authData, null); } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java new file mode 100644 index 000000000..6baa69b1e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java @@ -0,0 +1,57 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.protocols.oauth20.attributes; + +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.util.MiscUtil; + +public class OpenIdNonceAttribute implements IAttributeBuilder { + + public String getName() { + return "nonce"; + } + + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + return g.buildStringAttribute(this.getName(), "", null); + } + + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest, + IAttributeGenerator<ATT> g) throws AttributeException { + if (MiscUtil.isNotEmpty(oAuthRequest.getNonce())) + return g.buildStringAttribute(this.getName(), "", oAuthRequest.getNonce()); + else + return null; + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(this.getName(), ""); + } + +} + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index 4c70ce995..d90df51e7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -30,8 +30,10 @@ import java.util.UUID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; @@ -52,6 +54,7 @@ import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; class OAuth20AuthAction implements IAction { @@ -61,8 +64,10 @@ class OAuth20AuthAction implements IAction { OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req; String responseType = oAuthRequest.getResponseType(); - String code = Random.nextRandom(); + MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST); + String code = Random.nextRandom(); + try { String accessToken = UUID.randomUUID().toString(); @@ -126,8 +131,7 @@ class OAuth20AuthAction implements IAction { Map<String, Object> params = new HashMap<String, Object>(); params.put(OAuth20Constants.RESPONSE_ACCESS_TOKEN, accessToken); params.put(OAuth20Constants.RESPONSE_TOKEN_TYPE, OAuth20Constants.RESPONSE_TOKEN_TYPE_VALUE_BEARER); - params.put(OAuth20Constants.RESPONSE_EXPIRES_IN, OpenIdExpirationTimeAttribute.expirationTime); - + params.put(OAuth20Constants.RESPONSE_EXPIRES_IN, OpenIdExpirationTimeAttribute.expirationTime); // build id token and scope Pair<String, String> pair = buildIdToken(auth20SessionObject.getScope(), oAuthRequest, authData); @@ -142,14 +146,14 @@ class OAuth20AuthAction implements IAction { private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData) throws MOAIDException, SignatureException { - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL()); + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL()); OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer()); OAuthJsonToken token = new OAuthJsonToken(signer); StringBuilder resultScopes = new StringBuilder(); // always fill with open id - OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), oaParam, authData); + OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), oaParam, authData, oAuthRequest); resultScopes.append("openId"); for (String s : scope.split(" ")) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index c47e366a1..b5baa6a05 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -30,9 +30,9 @@ import javax.servlet.http.HttpServletRequest; import org.opensaml.saml2.core.Attribute; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; @@ -46,7 +46,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.logging.Logger; -class OAuth20AuthRequest extends OAuth20BaseRequest { +public class OAuth20AuthRequest extends OAuth20BaseRequest { private static final long serialVersionUID = 1L; @@ -55,6 +55,7 @@ class OAuth20AuthRequest extends OAuth20BaseRequest { private String redirectUri; private String scope; private String clientID; + private String nonce; /** * @return the responseType @@ -131,6 +132,22 @@ class OAuth20AuthRequest extends OAuth20BaseRequest { this.clientID = clientID; } + + + /** + * @return the nonce + */ + public String getNonce() { + return nonce; + } + + /** + * @param nonce the nonce to set + */ + public void setNonce(String nonce) { + this.nonce = nonce; + } + @Override protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception { this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true)); @@ -138,6 +155,7 @@ class OAuth20AuthRequest extends OAuth20BaseRequest { this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true)); this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true)); this.setScope(this.getParam(request, OAuth20Constants.PARAM_SCOPE, false)); + this.setNonce(this.getParam(request, OAuth20Constants.PARAM_NONCE, false)); // check for response type if (!this.responseType.equals(OAuth20Constants.RESPONSE_CODE)) { @@ -152,11 +170,10 @@ class OAuth20AuthRequest extends OAuth20BaseRequest { // check if client id and redirect uri are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - OAOAUTH20 oAuthConfig = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(this.getOAURL()) - .getoAuth20Config(); - - if (!this.getClientID().equals(oAuthConfig.getOAuthClientId()) - || !this.getRedirectUri().equals(oAuthConfig.getOAuthRedirectUri())) { + OAAuthParameter oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); + + if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) + || !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) { throw new OAuth20AccessDeniedException(); } } @@ -176,7 +193,7 @@ class OAuth20AuthRequest extends OAuth20BaseRequest { reqAttr.put(el, ""); try { - OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL()); for (String s : scope.split(" ")) { if (s.equalsIgnoreCase("profile")) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index d08bd593a..844cfa815 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -31,16 +31,15 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringUtils; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidRequestException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; -import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -77,19 +76,16 @@ abstract class OAuth20BaseRequest extends RequestImpl { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } this.setOAURL(oaURL); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL); if (oaParam == null) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } this.setTarget(oaParam.getTarget()); - OAOAUTH20 config = oaParam.getoAuth20Config(); - if (config == null) { - throw new OAuth20InvalidRequestException(); - } - if (StringUtils.isEmpty(config.getOAuthClientSecret()) || StringUtils.isEmpty(config.getOAuthClientId()) - || StringUtils.isEmpty(config.getOAuthRedirectUri())) { + if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) + || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) + || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) { throw new OAuth20OANotSupportedException(); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 182f07675..98d46d424 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -11,7 +11,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -103,7 +103,7 @@ public class OAuth20Protocol implements IModulInfo { // get error code and description String errorCode; String errorDescription; - String errorUri = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + String errorUri = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() +"/" + OAuth20Constants.ERRORPAGE; String moaError = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java index 944da38d0..2238a25e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -26,6 +26,8 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.data.IAuthData; @@ -51,6 +53,8 @@ class OAuth20TokenAction implements IAction { try { OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req; + MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST); + try { Logger.debug("Loaded OAuth20SessionObject from session: " + oAuthRequest.getCode()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index 3c90a5773..1b6d93fdd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -28,9 +28,10 @@ import javax.servlet.http.HttpServletRequest; import org.opensaml.saml2.core.Attribute; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; @@ -121,14 +122,13 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { // check if client id and secret are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - OAOAUTH20 oAuthConfig = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(this.getOAURL()) - .getoAuth20Config(); + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); - if (!this.getClientID().equals(oAuthConfig.getOAuthClientId())) { + if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) { throw new OAuth20AccessDeniedException(); } - if (!this.getClientSecret().equals(oAuthConfig.getOAuthClientSecret())) { + if (!this.getClientSecret().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))) { throw new OAuth20AccessDeniedException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index 0a8a6a581..1b187d82e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -64,6 +64,8 @@ import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.Signer; import org.w3c.dom.Document; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.data.IAuthData; @@ -85,6 +87,8 @@ public class MetadataAction implements IAction { HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { try { + MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA); + EntitiesDescriptor idpEntitiesDescriptor = SAML2Utils.createSAMLObject(EntitiesDescriptor.class); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index cf20db7d9..5440e7138 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -57,12 +57,15 @@ import org.opensaml.xml.signature.SignableXMLObject; import java.util.Arrays; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; @@ -99,7 +102,7 @@ import at.gv.egovernment.moa.id.util.VelocityLogAdapter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { +public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { public static final String NAME = PVP2XProtocol.class.getName(); public static final String PATH = "id_pvp2x"; @@ -197,7 +200,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { HttpServletResponse response, String action) throws MOAIDException { - if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isPVP21Active()) { + if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) { Logger.info("PVP2.1 is deaktivated!"); throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); @@ -253,10 +256,19 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { if (obj instanceof RequestImpl) { RequestImpl iReqSP = (RequestImpl) obj; + MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE); + MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); if ( processedMsg != null ) { - iReqSP.setInterfederationResponse(processedMsg); + iReqSP.setInterfederationResponse(processedMsg); + + MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED); + + Logger.info("Receive a valid assertion from IDP " + msg.getEntityID() + + ". Switch to original transaction with ID " + iReqSP.getRequestID()); + TransactionIDUtils.setTransactionId(iReqSP.getRequestID()); + TransactionIDUtils.setSessionId(iReqSP.getSessionIdentifier()); } else { Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session." @@ -461,11 +473,15 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { String oaURL = metadata.getEntityID(); oaURL = StringEscapeUtils.escapeHtml(oaURL); + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL); Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding()); - config.setOAURL(oaURL); - config.setBinding(msg.getRequestBinding()); + config.setOAURL(oaURL); + config.setOnlineApplicationConfiguration(oa); + config.setBinding(msg.getRequestBinding()); + + MOAReversionLogger.getInstance().logEvent(config, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO); } else if (inMsg instanceof MOAResponse && @@ -524,7 +540,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaRequest.getEntityID()); + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(moaRequest.getEntityID()); if (!oa.isInderfederationIDP()) { Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs."); throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null); @@ -540,8 +556,11 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { PVPTargetConfiguration config = new PVPTargetConfiguration(); config.setRequest(moaRequest); config.setOAURL(moaRequest.getEntityID()); + config.setOnlineApplicationConfiguration(oa); config.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); + MOAReversionLogger.getInstance().logEvent(config, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY); + return config; } @@ -628,11 +647,13 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { String oaURL = moaRequest.getEntityMetadata().getEntityID(); oaURL = StringEscapeUtils.escapeHtml(oaURL); + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL); Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding()); PVPTargetConfiguration config = new PVPTargetConfiguration(); config.setOAURL(oaURL); + config.setOnlineApplicationConfiguration(oa); config.setBinding(consumerService.getBinding()); config.setRequest(moaRequest); config.setConsumerURL(consumerService.getLocation()); @@ -640,7 +661,9 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { //parse AuthRequest config.setPassiv(authReq.isPassive()); config.setForce(authReq.isForceAuthn()); - + + MOAReversionLogger.getInstance().logEvent(config, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST); + return config; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java index 65da23565..74b20356e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java @@ -34,7 +34,7 @@ import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.saml2.metadata.SPSSODescriptor; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; @@ -88,7 +88,7 @@ public class PVPTargetConfiguration extends RequestImpl { reqAttr.put(el, ""); try { - OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL()); SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata().getSPSSODescriptor(SAMLConstants.SAML20P_NS); if (spSSODescriptor.getAttributeConsumingServices() != null && diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index aa154b84b..b567798fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -60,6 +60,7 @@ import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.x509.X509Credential; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -69,7 +70,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationImpl; @@ -258,23 +259,23 @@ public class SingleLogOutAction implements IAction { } else { //print SLO information directly - redirectURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/idpSingleLogout"; + redirectURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/idpSingleLogout"; String artifact = Random.nextRandom(); String statusCode = null; if (sloContainer.getSloFailedOAs() == null || sloContainer.getSloFailedOAs().size() == 0) - statusCode = SLOSTATUS_SUCCESS; + statusCode = MOAIDAuthConstants.SLOSTATUS_SUCCESS; else - statusCode = SLOSTATUS_ERROR; + statusCode = MOAIDAuthConstants.SLOSTATUS_ERROR; AssertionStorage.getInstance().put(artifact, statusCode); - redirectURL = addURLParameter(redirectURL, PARAM_SLOSTATUS, artifact); + redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact); } //redirect to Redirect Servlet - String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet"; + String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(redirectURL, "UTF-8")); url = httpResp.encodeRedirectURL(url); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index 1a268c812..5402e3dce 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -62,6 +62,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public class PostBinding implements IDecoder, IEncoder { @@ -170,10 +171,12 @@ public class PostBinding implements IDecoder, IEncoder { RequestAbstractType inboundMessage = (RequestAbstractType) messageContext .getInboundMessage(); msg = new MOARequest(inboundMessage, getSAML2BindingName()); + msg.setEntityID(inboundMessage.getIssuer().getValue()); } else if (messageContext.getInboundMessage() instanceof StatusResponseType){ - StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage(); + StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage(); msg = new MOAResponse(inboundMessage); + msg.setEntityID(inboundMessage.getIssuer().getValue()); } else //create empty container if request type is unknown @@ -182,8 +185,10 @@ public class PostBinding implements IDecoder, IEncoder { if (messageContext.getPeerEntityMetadata() != null) msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); - else - Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer()); + else { + if (MiscUtil.isEmpty(msg.getEntityID())) + Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer()); + } msg.setVerified(false); msg.setRelayState(messageContext.getRelayState()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 587d8e935..81863f48f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -33,7 +33,6 @@ import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule; import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule; import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; @@ -48,7 +47,6 @@ import org.opensaml.ws.transport.http.HttpServletRequestAdapter; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.x509.X509Credential; import at.gv.egovernment.moa.id.config.ConfigurationException; @@ -63,7 +61,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.MiscUtil; public class RedirectBinding implements IDecoder, IEncoder { @@ -173,11 +171,32 @@ public class RedirectBinding implements IDecoder, IEncoder { else messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - decode.decode(messageContext); + try { + decode.decode(messageContext); - //check signature - signatureRule.evaluate(messageContext); + //check signature + signatureRule.evaluate(messageContext); + + } catch (SecurityException e) { + if (MiscUtil.isEmpty(messageContext.getInboundMessageIssuer())) { + throw e; + + } + Logger.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + messageContext.getPeerEntityId()); + if (!MOAMetadataProvider.getInstance().refreshMetadataProvider(messageContext.getInboundMessageIssuer())) + throw e; + + else { + Logger.trace("PVP2X metadata reload finished. Check validate message again."); + decode.decode(messageContext); + //check signature + signatureRule.evaluate(messageContext); + + } + Logger.trace("Second PVP2X message validation finished"); + } + InboundMessage msg = null; if (messageContext.getInboundMessage() instanceof RequestAbstractType) { RequestAbstractType inboundMessage = (RequestAbstractType) messageContext diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java index 4ef09184d..4959df16c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java @@ -52,7 +52,7 @@ import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory; import org.opensaml.xml.security.x509.X509Credential; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException; @@ -106,7 +106,7 @@ public class AuthResponseBuilder { } - boolean isEncryptionActive = AuthConfigurationProvider.getInstance().isPVP2AssertionEncryptionActive(); + boolean isEncryptionActive = AuthConfigurationProviderFactory.getInstance().isPVP2AssertionEncryptionActive(); if (encryptionCredentials != null && isEncryptionActive) { //encrypt SAML2 assertion diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index b301b6e5e..61bc51565 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -64,7 +64,7 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; @@ -153,7 +153,7 @@ public class PVP2AssertionBuilder implements PVPConstants { AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter( peerEntity.getEntityID()); @@ -265,7 +265,7 @@ public class PVP2AssertionBuilder implements PVPConstants { } catch (PVP2Exception e) { - Logger.warn( + Logger.info( "Attribute generation failed! for " + reqAttribut.getFriendlyName()); if (reqAttribut.isRequired()) { @@ -274,7 +274,7 @@ public class PVP2AssertionBuilder implements PVPConstants { } } catch (Exception e) { - Logger.error( + Logger.warn( "General Attribute generation failed! for " + reqAttribut.getFriendlyName(), e); if (reqAttribut.isRequired()) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java index 8adf5cad9..72775ec02 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -interface IPVPAttributeBuilder extends PVPConstants, MOAIDAuthConstants, IAttributeBuilder { +interface IPVPAttributeBuilder extends PVPConstants, IAttributeBuilder { } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index d3a9ad3e7..de58c34a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -24,11 +24,12 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.config; import iaik.x509.X509Certificate; -import java.io.File; +import java.io.IOException; import java.net.URL; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.List; +import java.util.Map; import java.util.Properties; import java.util.jar.Attributes; import java.util.jar.Manifest; @@ -46,14 +47,14 @@ import org.opensaml.saml2.metadata.OrganizationURL; import org.opensaml.saml2.metadata.SurName; import org.opensaml.saml2.metadata.TelephoneNumber; -import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; @@ -90,31 +91,19 @@ public class PVPConfiguration { public static final String IDP_KEYALIASENCRYTPION = "sp.ks.assertion.encryption.alias"; public static final String IDP_KEY_PASSENCRYTPION = "sp.ks.assertion.encryption.keypassword"; - public static final String IDP_ISSUER_NAME = "idp.issuer.name"; - - public static final String METADATA_FILE = "md.dir"; - public static final String METADATA_EXTENSION = "md.ext"; - - public static final String IDP_ENTITY = "idp.entityid"; - public static final String IDP_ORG_NAME = "idp.org.name"; - public static final String IDP_ORG_DISPNAME = "idp.org.dispname"; - public static final String IDP_ORG_URL = "idp.org.url"; - - public static final String IDP_PUBLIC_URL = "idp.public.url"; - - public static final String IDP_TRUST_STORE = "idp.truststore"; - public static final String SP_TARGET_PREFIX = "sp.target."; - - public static final String IDP_CONTACT_PREFIX = "idp.contact"; - public static final String IDP_CONTACT_LIST = "idp.contact_list"; + public static final String IDP_ISSUER_NAME = "servicename"; + + public static final String IDP_ORG_NAME = "name.short"; + public static final String IDP_ORG_DISPNAME = "name.full"; + public static final String IDP_ORG_URL = "url"; - public static final String IDP_CONTACT_SURNAME = "surname"; + public static final String IDP_CONTACT_SURNAME = "familyname"; public static final String IDP_CONTACT_GIVENNAME = "givenname"; public static final String IDP_CONTACT_MAIL = "mail"; public static final String IDP_CONTACT_TYPE = "type"; public static final String IDP_CONTACT_COMPANY = "company"; - public static final String IDP_CONTACT_PHONE = "phone"; - + public static final String IDP_CONTACT_PHONE = "phone"; + private static String moaIDVersion = null; //PVP2 generalpvpconfigdb; @@ -124,8 +113,11 @@ public class PVPConfiguration { private PVPConfiguration() { try { //generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig(); - props = AuthConfigurationProvider.getInstance().getGeneralPVP2ProperiesConfig(); - rootDir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); + props = AuthConfigurationProviderFactory.getInstance().getGeneralPVP2ProperiesConfig(); + rootDir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); + + //load PVP2X metadata for all active online applications + MOAMetadataProvider.getInstance(); } catch (ConfigurationException e) { e.printStackTrace(); @@ -133,7 +125,7 @@ public class PVPConfiguration { } public String getIDPPublicPath() throws ConfigurationException { - String publicPath = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + String publicPath = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); if(publicPath != null) { if(publicPath.endsWith("/")) { int length = publicPath.length(); @@ -209,75 +201,42 @@ public class PVPConfiguration { moaIDVersion = parseMOAIDVersionFromManifest(); } - return AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig().getIssuerName() + moaIDVersion; + return AuthConfigurationProviderFactory.getInstance().getConfigurationWithKey( + MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_SERVICENAMME) + moaIDVersion; } - - public List<String> getMetadataFiles() { - String filter = props.getProperty(METADATA_EXTENSION); - - if (filter == null) { - filter = ".mdxml"; - } - - List<String> files = new ArrayList<String>(); - - File[] faFiles = new File(props.getProperty(METADATA_FILE)).listFiles(); - for (File file : faFiles) { - if (!file.isDirectory()) { - if (file.getName().endsWith(filter)) { - files.add(file.getAbsolutePath()); - } - } - } - - return files; - } - - //TODO: - public String getTargetForSP(String sp) { - - try { - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(sp); - - if (oaParam != null) - return oaParam.getTarget(); - - Logger.warn("OnlineApplication with ID "+ sp + " is not found."); - return null; - - } catch (ConfigurationException e) { - Logger.warn("OnlineApplication with ID "+ sp + " is not found."); - return null; - } - - } - public iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) { + + try { + Logger.trace("Load metadata signing certificate for online application " + entityID); + IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID); + if (oaParam == null) { + Logger.info("Online Application with ID " + entityID + " not found!"); + return null; + } - try { - IOAAuthParameters oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(entityID); - - if (oaParam == null) { - Logger.warn("Online Application with ID " + entityID + " not found!"); - return null; - } - - OAPVP2 pvp2param = oaParam.getPVP2Parameter(); - - if (pvp2param == null) { - return null; - } - - Logger.info("Load TrustEntityCertificate ("+entityID+") from Database."); - return new X509Certificate(pvp2param.getCertificate()); + String pvp2MetadataCertificateString = + oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + if (MiscUtil.isEmpty(pvp2MetadataCertificateString)) { + Logger.info("Online Application with ID " + entityID + " include not PVP2X metadata signing certificate!"); + return null; + + } + + X509Certificate cert = new X509Certificate(Base64Utils.decode(pvp2MetadataCertificateString, false)); + Logger.debug("Metadata signing certificate is loaded for ("+entityID+") is loaded."); + return cert; } catch (CertificateException e) { - Logger.warn("Signer certificate can not be loaded from session database!", e); + Logger.warn("Metadata signer certificate is not parsed.", e); return null; } catch (ConfigurationException e) { - e.printStackTrace(); + Logger.error("Configuration is not accessable.", e); + return null; + + } catch (IOException e) { + Logger.warn("Metadata signer certificate is not decodeable.", e); return null; } } @@ -285,112 +244,101 @@ public class PVPConfiguration { public List<ContactPerson> getIDPContacts() throws ConfigurationException { List<ContactPerson> list = new ArrayList<ContactPerson>(); - List<Contact> contacts = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig().getContact(); + Map<String, String> contacts = AuthConfigurationProviderFactory.getInstance().getConfigurationWithPrefix( + MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT + "."); - if (contacts != null) { + ContactPerson person = SAML2Utils + .createSAMLObject(ContactPerson.class); + + String type = contacts.get(IDP_CONTACT_TYPE); + + if (type == null) { + Logger.error("IDP Contact with SurName " + contacts.get(IDP_CONTACT_SURNAME) + + " has no type defined!"); + type = "unknown"; + } + + ContactPersonTypeEnumeration enumType = null; + + if (type.equals(ContactPersonTypeEnumeration.ADMINISTRATIVE + .toString())) { + enumType = ContactPersonTypeEnumeration.ADMINISTRATIVE; + } else if (type.equals(ContactPersonTypeEnumeration.BILLING + .toString())) { + enumType = ContactPersonTypeEnumeration.BILLING; + } else if (type.equals(ContactPersonTypeEnumeration.OTHER + .toString())) { + enumType = ContactPersonTypeEnumeration.OTHER; + } else if (type.equals(ContactPersonTypeEnumeration.SUPPORT + .toString())) { + enumType = ContactPersonTypeEnumeration.SUPPORT; + } else if (type.equals(ContactPersonTypeEnumeration.TECHNICAL + .toString())) { + enumType = ContactPersonTypeEnumeration.TECHNICAL; + } + + if (enumType == null) { + Logger.error("IDP Contact with SurName " + contacts.get(IDP_CONTACT_SURNAME) + + " has invalid type defined: " + type); + } + + person.setType(enumType); + + String givenName = contacts.get(IDP_CONTACT_GIVENNAME); + + if (givenName != null) { + GivenName name = SAML2Utils + .createSAMLObject(GivenName.class); + name.setName(givenName); + person.setGivenName(name); + } + + String company = contacts.get(IDP_CONTACT_COMPANY); + + if (company != null) { + Company comp = SAML2Utils.createSAMLObject(Company.class); + comp.setName(company); + person.setCompany(comp); + } + + String surname = contacts.get(IDP_CONTACT_SURNAME); + + if (surname != null) { + SurName name = SAML2Utils.createSAMLObject(SurName.class); + name.setName(surname); + person.setSurName(name); + } + + String phone = contacts.get(IDP_CONTACT_PHONE); + if (phone != null) { + TelephoneNumber telePhone = SAML2Utils + .createSAMLObject(TelephoneNumber.class); + telePhone.setNumber(phone); + person.getTelephoneNumbers().add(telePhone); + } - for (Contact contact : contacts) { - - ContactPerson person = SAML2Utils - .createSAMLObject(ContactPerson.class); - - String type = contact.getType(); - - if (type == null) { - Logger.error("IDP Contact with SurName " + contact.getSurName() - + " has no type defined!"); - break; - } - - ContactPersonTypeEnumeration enumType = null; - - if (type.equals(ContactPersonTypeEnumeration.ADMINISTRATIVE - .toString())) { - enumType = ContactPersonTypeEnumeration.ADMINISTRATIVE; - } else if (type.equals(ContactPersonTypeEnumeration.BILLING - .toString())) { - enumType = ContactPersonTypeEnumeration.BILLING; - } else if (type.equals(ContactPersonTypeEnumeration.OTHER - .toString())) { - enumType = ContactPersonTypeEnumeration.OTHER; - } else if (type.equals(ContactPersonTypeEnumeration.SUPPORT - .toString())) { - enumType = ContactPersonTypeEnumeration.SUPPORT; - } else if (type.equals(ContactPersonTypeEnumeration.TECHNICAL - .toString())) { - enumType = ContactPersonTypeEnumeration.TECHNICAL; - } - - if (enumType == null) { - Logger.error("IDP Contact with SurName " + contact.getSurName() - + " has invalid type defined: " + type); - break; - } - - person.setType(enumType); - - String givenName = contact.getGivenName(); - - if (givenName != null) { - GivenName name = SAML2Utils - .createSAMLObject(GivenName.class); - name.setName(givenName); - person.setGivenName(name); - } - - String company = contact.getCompany(); - - if (company != null) { - Company comp = SAML2Utils.createSAMLObject(Company.class); - comp.setName(company); - person.setCompany(comp); - } - - String surname = contact.getSurName(); - - if (surname != null) { - SurName name = SAML2Utils.createSAMLObject(SurName.class); - name.setName(surname); - person.setSurName(name); - } - - List<String> phones = contact.getPhone(); - for (String phone : phones) { - TelephoneNumber telePhone = SAML2Utils - .createSAMLObject(TelephoneNumber.class); - telePhone.setNumber(phone); - person.getTelephoneNumbers().add(telePhone); - } - - List<String> mails = contact.getMail(); - for (String mail : mails) { - EmailAddress mailAddress = SAML2Utils - .createSAMLObject(EmailAddress.class); - mailAddress.setAddress(mail); - person.getEmailAddresses().add(mailAddress); - } - - list.add(person); - } + String mail = contacts.get(IDP_CONTACT_MAIL); + if (mail != null) { + EmailAddress mailAddress = SAML2Utils + .createSAMLObject(EmailAddress.class); + mailAddress.setAddress(mail); + person.getEmailAddresses().add(mailAddress); } + + list.add(person); return list; } public Organization getIDPOrganisation() throws ConfigurationException { Organization org = SAML2Utils.createSAMLObject(Organization.class); - at.gv.egovernment.moa.id.commons.db.dao.config.Organization organisation = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig().getOrganization(); - - String org_name = null; - String org_dispname = null; - String org_url = null; - - if (organisation != null) { - org_name = organisation.getName(); - org_dispname = organisation.getDisplayName(); - org_url = organisation.getURL(); - } + Map<String, String> organisation = AuthConfigurationProviderFactory.getInstance().getConfigurationWithPrefix( + MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG + "."); + String org_name = organisation.get(IDP_ORG_NAME); + String org_dispname = organisation.get(IDP_ORG_DISPNAME); + String org_url = organisation.get(IDP_ORG_URL); + if (org_name == null || org_dispname == null || org_url == null) { return null; } @@ -416,6 +364,7 @@ public class PVPConfiguration { private String parseMOAIDVersionFromManifest() { try { + @SuppressWarnings("rawtypes") Class clazz = PVPConfiguration.class; String className = clazz.getSimpleName() + ".class"; String classPath = clazz.getResource(className).toString(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index d493ef9e0..389b9825f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -22,14 +22,18 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.metadata; +import java.io.IOException; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Collection; +import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; +import java.util.Map.Entry; +import java.util.concurrent.CopyOnWriteArrayList; import java.util.Timer; import javax.net.ssl.SSLHandshakeException; @@ -44,16 +48,18 @@ import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider; +import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider.Observer; import org.opensaml.xml.XMLObject; import org.opensaml.xml.parse.BasicParserPool; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; -import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; -import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; @@ -61,14 +67,15 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.Interfeder import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; -public class MOAMetadataProvider implements MetadataProvider { +public class MOAMetadataProvider implements ObservableMetadataProvider{ private static MOAMetadataProvider instance = null; - private static Object mutex = new Object(); - private static Date timestamp = null; + private List<ObservableMetadataProvider.Observer> observers; + public static MOAMetadataProvider getInstance() { if (instance == null) { @@ -80,18 +87,19 @@ public class MOAMetadataProvider implements MetadataProvider { } return instance; } - - public static Date getTimeStamp() { - return timestamp; - } public static void reInitialize() { synchronized (mutex) { /**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/ if (instance != null) - instance.addAndRemoveMetadataProvider(); - + try { + instance.addAndRemoveMetadataProvider(); + + } catch (ConfigurationException e) { + Logger.error("Access to MOA-ID configuration FAILED.", e); + + } else Logger.info("MOAMetadataProvider is not loaded."); } @@ -108,90 +116,168 @@ public class MOAMetadataProvider implements MetadataProvider { MetadataProvider internalProvider; + public boolean refreshMetadataProvider(String entityID) { + try { + OAAuthParameter oaParam = + AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID); + if (oaParam != null) { + String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); + if (MiscUtil.isNotEmpty(metadataURL)) { + Map<String, HTTPMetadataProvider> actuallyLoadedProviders = getAllActuallyLoadedProviders(); + + // check if MetadataProvider is actually loaded + if (actuallyLoadedProviders.containsKey(metadataURL)) { + actuallyLoadedProviders.get(metadataURL).refresh(); + Logger.info("PVP2X metadata for onlineApplication: " + + entityID + " is refreshed."); + return true; + + } else { + //load new Metadata Provider + String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + if (MiscUtil.isNotEmpty(certBase64)) { + byte[] cert = Base64Utils.decode(certBase64, false); + String oaFriendlyName = oaParam.getFriendlyName(); + + ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider; + HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL, + cert, oaFriendlyName, + buildMetadataFilterChain(oaParam, metadataURL, + cert)); + + chainProvider.addMetadataProvider(newMetadataProvider); + + emitChangeEvent(); + + Logger.info("PVP2X metadata for onlineApplication: " + + entityID + " is added."); + return true; + + } else + Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata certificate for OA with Id: " + entityID); + + } + + } else + Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata URL for OA with Id: " + entityID); + + } else + Logger.debug("Can not refresh PVP2X metadata: NO onlineApplication with Id: " + entityID); + + + } catch (ConfigurationException e) { + Logger.warn("Access MOA-ID configuration FAILED.", e); + + } catch (MetadataProviderException e) { + Logger.warn("Refresh PVP2X metadata for onlineApplication: " + + entityID + " FAILED.", e); + + } catch (IOException e) { + Logger.warn("Refresh PVP2X metadata for onlineApplication: " + + entityID + " FAILED.", e); + + } catch (CertificateException e) { + Logger.warn("Refresh PVP2X metadata for onlineApplication: " + + entityID + " FAILED.", e); + + } + + return false; + + } + + private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() { + Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>(); + ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider; + + //make a Map of all actually loaded HTTPMetadataProvider + List<MetadataProvider> providers = chainProvider.getProviders(); + for (MetadataProvider provider : providers) { + if (provider instanceof HTTPMetadataProvider) { + HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider; + loadedproviders.put(httpprovider.getMetadataURI(), httpprovider); + + } + } + + return loadedproviders; + } - private void addAndRemoveMetadataProvider() { + + private void addAndRemoveMetadataProvider() throws ConfigurationException { if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) { Logger.info("Relaod MOAMetaDataProvider."); /*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException) *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/ Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>(); - - Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>(); ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider; - //make a Map of all actually loaded HTTPMetadataProvider - List<MetadataProvider> providers = chainProvider.getProviders(); - for (MetadataProvider provider : providers) { - if (provider instanceof HTTPMetadataProvider) { - HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider; - loadedproviders.put(httpprovider.getMetadataURI(), httpprovider); - } - } - - //set Timestamp - Date oldTimeStamp = timestamp; - timestamp = new Date(); + //get all actually loaded metadata providers + Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders(); //load all PVP2 OAs form ConfigurationDatabase and //compare actually loaded Providers with configured PVP2 OAs - List<OnlineApplication> oaList = ConfigurationDBRead - .getAllActiveOnlineApplications(); - - Iterator<OnlineApplication> oaIt = oaList.iterator(); - while (oaIt.hasNext()) { - HTTPMetadataProvider httpProvider = null; - - try { - OnlineApplication oa = oaIt.next(); - OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2(); - if (pvp2Config != null && MiscUtil.isNotEmpty(pvp2Config.getMetadataURL())) { - - String metadataurl = pvp2Config.getMetadataURL(); + Map<String, String> allOAs = AuthConfigurationProviderFactory.getInstance().getConfigurationWithWildCard( + MOAIDConfigurationConstants.PREFIX_SERVICES + + ".%." + + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + + if (allOAs != null) { + Iterator<Entry<String, String>> oaInterator = allOAs.entrySet().iterator(); + while (oaInterator.hasNext()) { + Entry<String, String> oaKeyPair = oaInterator.next(); + + OAAuthParameter oaParam = + AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaKeyPair.getValue()); + if (oaParam != null) { + String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); - if (loadedproviders.containsKey(metadataurl)) { + HTTPMetadataProvider httpProvider = null; + try { + if (MiscUtil.isNotEmpty(metadataurl)) { + if (loadedproviders.containsKey(metadataurl)) { + // PVP2 OA is actually loaded, to nothing + providersinuse.put(metadataurl, loadedproviders.get(metadataurl)); + loadedproviders.remove(metadataurl); - if (pvp2Config.getUpdateRequiredItem() != null && - pvp2Config.getUpdateRequiredItem().after(oldTimeStamp)) { - //PVP2 OA is actually loaded, but update is requested - Logger.info("Reload metadata for: " + oa.getFriendlyName()); - loadedproviders.get(metadataurl).refresh(); - - } - - // PVP2 OA is actually loaded, to nothing - providersinuse.put(metadataurl, loadedproviders.get(metadataurl)); - loadedproviders.remove(metadataurl); + } else if ( MiscUtil.isNotEmpty(metadataurl) && + !providersinuse.containsKey(metadataurl) ) { + //PVP2 OA is new, add it to MOAMetadataProvider + String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + if (MiscUtil.isNotEmpty(certBase64)) { + byte[] cert = Base64Utils.decode(certBase64, false); + String oaFriendlyName = oaParam.getFriendlyName(); + + + Logger.info("Loading metadata for: " + oaFriendlyName); + httpProvider = createNewHTTPMetaDataProvider( + metadataurl, + cert, + oaFriendlyName, + buildMetadataFilterChain(oaParam, metadataurl, + cert)); - } else if ( MiscUtil.isNotEmpty(metadataurl) && - !providersinuse.containsKey(metadataurl) ) { - //PVP2 OA is new, add it to MOAMetadataProvider - - Logger.info("Loading metadata for: " + oa.getFriendlyName()); - httpProvider = createNewHTTPMetaDataProvider( - pvp2Config.getMetadataURL(), - pvp2Config.getCertificate(), - oa.getFriendlyName(), - buildMetadataFilterChain(oa, pvp2Config.getMetadataURL(), - pvp2Config.getCertificate())); - - if (httpProvider != null) - providersinuse.put(metadataurl, httpProvider); + if (httpProvider != null) + providersinuse.put(metadataurl, httpProvider); + } - } - } - } catch (Throwable e) { - Logger.error( + } + } + } catch (Throwable e) { + Logger.error( "Failed to add Metadata (unhandled reason: " + e.getMessage(), e); - if (httpProvider != null) { - Logger.debug("Destroy failed Metadata provider"); - httpProvider.destroy(); - } + if (httpProvider != null) { + Logger.debug("Destroy failed Metadata provider"); + httpProvider.destroy(); + } - } + } + } + } } //remove all actually loaded MetadataProviders with are not in ConfigurationDB any more @@ -220,6 +306,8 @@ public class MOAMetadataProvider implements MetadataProvider { try { chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values())); + emitChangeEvent(); + } catch (MetadataProviderException e) { Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e); @@ -249,7 +337,9 @@ public class MOAMetadataProvider implements MetadataProvider { } else { Logger.warn("MetadataProvider can not be destroyed."); } - } + } + + this.observers = Collections.emptyList(); instance = null; } else { Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy"); @@ -258,80 +348,95 @@ public class MOAMetadataProvider implements MetadataProvider { private MOAMetadataProvider() { ChainingMetadataProvider chainProvider = new ChainingMetadataProvider(); - Logger.info("Loading metadata"); + this.observers = new CopyOnWriteArrayList<Observer>(); + Logger.info("Loading metadata"); Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>(); - - List<OnlineApplication> oaList = ConfigurationDBRead - .getAllActiveOnlineApplications(); - - if (oaList.size() == 0) - Logger.info("No Online-Application configuration found. PVP 2.1 metadata provider initialization failed!"); - - Iterator<OnlineApplication> oaIt = oaList.iterator(); - while (oaIt.hasNext()) { - HTTPMetadataProvider httpProvider = null; + try { + //TODO: database search does not work!!!!! + Map<String, String> allOAs = AuthConfigurationProviderFactory.getInstance().getConfigurationWithWildCard( + MOAIDConfigurationConstants.PREFIX_SERVICES + + ".%." + + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); - try { - OnlineApplication oa = oaIt.next(); - Logger.info("Loading metadata for: " + oa.getFriendlyName()); - OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2(); - if (pvp2Config != null && MiscUtil.isNotEmpty(pvp2Config.getMetadataURL())) { - String metadataURL = pvp2Config.getMetadataURL(); + if (allOAs != null) { + Iterator<Entry<String, String>> oaInterator = allOAs.entrySet().iterator(); + while (oaInterator.hasNext()) { + Entry<String, String> oaKeyPair = oaInterator.next(); - if (!providersinuse.containsKey(metadataURL)) { - - httpProvider = createNewHTTPMetaDataProvider( - metadataURL, - pvp2Config.getCertificate(), - oa.getFriendlyName(), - buildMetadataFilterChain(oa, metadataURL, - pvp2Config.getCertificate())); - - if (httpProvider != null) - providersinuse.put(metadataURL, httpProvider); + OAAuthParameter oaParam = + AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaKeyPair.getValue()); + if (oaParam != null) { + String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); + String oaFriendlyName = oaParam.getFriendlyName(); + HTTPMetadataProvider httpProvider = null; + + try { + String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + if (MiscUtil.isNotEmpty(certBase64) || MiscUtil.isNotEmpty(metadataurl)) { + byte[] cert = Base64Utils.decode(certBase64, false); + + + Logger.info("Loading metadata for: " + oaFriendlyName); + if (!providersinuse.containsKey(metadataurl)) { + httpProvider = createNewHTTPMetaDataProvider( + metadataurl, + cert, + oaFriendlyName, + buildMetadataFilterChain(oaParam, metadataurl, + cert)); - } else { - Logger.info(metadataURL + " are already added."); - } + if (httpProvider != null) + providersinuse.put(metadataurl, httpProvider); + + } else { + Logger.info(metadataurl + " are already added."); + } + + } else { + Logger.info(oaFriendlyName + + " is not a PVP2 Application skipping"); + } + } catch (Throwable e) { + Logger.error( + "Failed to add Metadata (unhandled reason: " + + e.getMessage(), e); - } else { - Logger.info(oa.getFriendlyName() - + " is not a PVP2 Application skipping"); + if (httpProvider != null) { + Logger.debug("Destroy failed Metadata provider"); + httpProvider.destroy(); + } + } + } } - } catch (Throwable e) { + + } else + Logger.info("No Online-Application configuration found. PVP 2.1 metadata provider initialization failed!"); + + try { + chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values())); + + } catch (MetadataProviderException e) { Logger.error( "Failed to add Metadata (unhandled reason: " + e.getMessage(), e); - - if (httpProvider != null) { - Logger.debug("Destroy failed Metadata provider"); - httpProvider.destroy(); - } - } - } - - - try { - chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values())); + } + + } catch (ConfigurationException e) { + Logger.error("Access MOA-ID configuration FAILED.", e); - } catch (MetadataProviderException e) { - Logger.error( - "Failed to add Metadata (unhandled reason: " - + e.getMessage(), e); } internalProvider = chainProvider; - timestamp = new Date(); } - private MetadataFilterChain buildMetadataFilterChain(OnlineApplication oa, String metadataURL, byte[] certificate) throws CertificateException { + private MetadataFilterChain buildMetadataFilterChain(OAAuthParameter oaParam, String metadataURL, byte[] certificate) throws CertificateException { MetadataFilterChain filterChain = new MetadataFilterChain(metadataURL, certificate); filterChain.getFilters().add(new SchemaValidationFilter()); - if (oa.isIsInterfederationIDP() != null && oa.isIsInterfederationIDP()) { + if (oaParam.isInderfederationIDP()) { Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies"); - filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oa.getType())); + filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oaParam.getBusinessService())); } @@ -349,11 +454,11 @@ public class MOAMetadataProvider implements MetadataProvider { try { MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( PVPConstants.SSLSOCKETFACTORYNAME, - AuthConfigurationProvider.getInstance().getCertstoreDirectory(), - AuthConfigurationProvider.getInstance().getTrustedCACertificates(), + AuthConfigurationProviderFactory.getInstance().getCertstoreDirectory(), + AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(), null, - ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()), - AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking()); + AuthConfiguration.DEFAULT_X509_CHAININGMODE, + AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking()); httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); @@ -458,4 +563,23 @@ public class MOAMetadataProvider implements MetadataProvider { return internalProvider.getRole(entityID, roleName, supportedProtocol); } + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers() + */ + @Override + public List<Observer> getObservers() { + return ((ChainingMetadataProvider) internalProvider).getObservers(); + } + + protected void emitChangeEvent() { + if ((getObservers() == null) || (getObservers().size() == 0)) { + return; + } + + List<Observer> tempObserverList = new ArrayList<Observer>(getObservers()); + for (ObservableMetadataProvider.Observer observer : tempObserverList) + if (observer != null) + observer.onEvent(this); + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java index 12de97a3f..2915ff683 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java @@ -39,7 +39,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; @@ -65,11 +65,11 @@ public class MOASAMLSOAPClient { SecureProtocolSocketFactory sslprotocolsocketfactory = new MOAHttpProtocolSocketFactory( PVPConstants.SSLSOCKETFACTORYNAME, - AuthConfigurationProvider.getInstance().getCertstoreDirectory(), - AuthConfigurationProvider.getInstance().getTrustedCACertificates(), + AuthConfigurationProviderFactory.getInstance().getCertstoreDirectory(), + AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(), null, - ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()), - AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking()); + AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), + AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking()); clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory ); } catch (MOAHttpProtocolSocketFactoryException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java index 550643da1..69c760f19 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java @@ -22,6 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.verification; +import java.io.IOException; import java.util.List; import org.opensaml.saml2.metadata.EntitiesDescriptor; @@ -32,36 +33,39 @@ import org.opensaml.xml.signature.SignatureValidator; import org.opensaml.xml.validation.ValidationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; -import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; public class EntityVerifier { public static byte[] fetchSavedCredential(String entityID) { // List<OnlineApplication> oaList = ConfigurationDBRead // .getAllActiveOnlineApplications(); + try { + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID); - OnlineApplication oa = ConfigurationDBRead - .getActiveOnlineApplication(entityID); - -// Iterator<OnlineApplication> oaIt = oaList.iterator(); -// while (oaIt.hasNext()) { -// OnlineApplication oa = oaIt.next(); -// if (oa.getPublicURLPrefix().equals(entityID)) { - - if (oa != null && oa.getAuthComponentOA() != null) { - - OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2(); - if (pvp2Config != null) { - return pvp2Config.getCertificate(); - } + String certBase64 = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + if (MiscUtil.isNotEmpty(certBase64)) { + return Base64Utils.decode(certBase64, false); + } -// } + + } catch (ConfigurationException e) { + Logger.error("Access MOA-ID configuration FAILED.", e); + + } catch (IOException e) { + Logger.warn("Decoding PVP2X metadata certificate FAILED.", e); + + } + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java index 257f9dac4..70b778c49 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java @@ -38,7 +38,6 @@ import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.StatusCode; import org.opensaml.saml2.core.StatusResponseType; -import org.opensaml.saml2.core.validator.AuthnRequestSchemaValidator; import org.opensaml.saml2.encryption.Decrypter; import org.opensaml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver; import org.opensaml.saml2.metadata.IDPSSODescriptor; @@ -68,25 +67,50 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationExcep import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public class SAMLVerificationEngine { public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { - if (msg instanceof MOARequest && - ((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType) - verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine); - - else - verifyResponse(((MOAResponse)msg).getResponse(), sigTrustEngine); + try { + if (msg instanceof MOARequest && + ((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType) + verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine); + else + verifyResponse(((MOAResponse)msg).getResponse(), sigTrustEngine); + + } catch (InvalidProtocolRequestException e) { + if (MiscUtil.isEmpty(msg.getEntityID())) { + throw e; + + } + Logger.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + msg.getEntityID()); + if (!MOAMetadataProvider.getInstance().refreshMetadataProvider(msg.getEntityID())) + throw e; + + else { + Logger.trace("PVP2X metadata reload finished. Check validate message again."); + + if (msg instanceof MOARequest && + ((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType) + verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine); + + else + verifyResponse(((MOAResponse)msg).getResponse(), sigTrustEngine); + + } + Logger.trace("Second PVP2X message validation finished"); + } } - public void verifyResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { + public void verifyResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException{ SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); try { profileValidator.validate(samlObj.getSignature()); @@ -110,13 +134,13 @@ public class SAMLVerificationEngine { if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) { throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } - } catch (SecurityException e) { - e.printStackTrace(); + } catch (org.opensaml.xml.security.SecurityException e) { + Logger.warn("PVP2x message signature validation FAILED.", e); throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } } - public void verifyRequest(RequestAbstractType samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { + public void verifyRequest(RequestAbstractType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException { SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); try { profileValidator.validate(samlObj.getSignature()); @@ -140,8 +164,8 @@ public class SAMLVerificationEngine { if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) { throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } - } catch (SecurityException e) { - e.printStackTrace(); + } catch (org.opensaml.xml.security.SecurityException e) { + Logger.warn("PVP2x message signature validation FAILED.", e); throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java index 885de6805..942fab4f3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java @@ -38,7 +38,7 @@ import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; @@ -52,7 +52,7 @@ public class SAMLVerifierMOASP implements ISAMLVerifier { try { if (request.isSigned()) { - String trustProfileID = AuthConfigurationProvider.getInstance() + String trustProfileID = AuthConfigurationProviderFactory.getInstance() .getStorkConfig().getSignatureVerificationParameter() .getTrustProfileID(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java index 4d9b97a52..918863d05 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java @@ -41,14 +41,10 @@ public class InterfederatedIDPPublicServiceFilter implements MetadataFilter { /** * */ - public InterfederatedIDPPublicServiceFilter(String metadataURL, String oaType) { + public InterfederatedIDPPublicServiceFilter(String metadataURL, boolean isBusinessService) { Logger.debug("Add " + this.getClass().getName() + " to metadata policy"); this.metadataURL = metadataURL; - - if (oaType.equals("businessService")) - this.isPublicService = false; - else - this.isPublicService = true; + this.isPublicService = !isBusinessService; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java index f73b541bf..1aca587c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java @@ -35,7 +35,7 @@ import org.opensaml.common.xml.SAMLSchemaBuilder; import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; import at.gv.egovernment.moa.logging.Logger; @@ -49,7 +49,7 @@ public class SchemaValidationFilter implements MetadataFilter { public SchemaValidationFilter() { try { - isActive = AuthConfigurationProvider.getInstance().isPVPSchemaValidationActive(); + isActive = AuthConfigurationProviderFactory.getInstance().isPVPSchemaValidationActive(); } catch (ConfigurationException e) { e.printStackTrace(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 4cdd1db01..2019b0d20 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -27,11 +27,12 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; @@ -65,7 +66,7 @@ public class GetArtifactAction implements IAction { } try { - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter(oaURL); SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); @@ -80,11 +81,11 @@ public class GetArtifactAction implements IAction { String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID); if (authData.isSsoSession()) { - String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet"; + String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8")); if (!oaParam.getBusinessService()) - url = addURLParameter(url, PARAM_TARGET, URLEncoder.encode(req.getTarget(), "UTF-8")); - url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, URLEncoder.encode(req.getTarget(), "UTF-8")); + url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = httpResp.encodeRedirectURL(url); httpResp.setContentType("text/html"); @@ -94,12 +95,12 @@ public class GetArtifactAction implements IAction { } else { String redirectURL = oaURL; if (!oaParam.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, + redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_TARGET, URLEncoder.encode(req.getTarget(), "UTF-8")); } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, + redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); redirectURL = httpResp.encodeRedirectURL(redirectURL); httpResp.setContentType("text/html"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index c8a480cac..e70e71d49 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -51,10 +51,10 @@ import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; -import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; @@ -173,10 +173,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer { throws ConfigurationException, BuildException, AuthenticationException { //Load SAML1 Parameter from OA config - OASAML1 saml1parameter = oaParam.getSAML1Parameter(); + SAML1ConfigurationParameters saml1parameter = oaParam.getSAML1Parameter(); boolean useCondition = saml1parameter.isUseCondition(); - int conditionLength = saml1parameter.getConditionLength().intValue(); + int conditionLength = saml1parameter.getConditionLength(); try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 9934c339d..f75293ef0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -32,15 +32,14 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; -import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -50,7 +49,7 @@ import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; -public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { +public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { public static final String NAME = SAML1Protocol.class.getName(); public static final String PATH = "id_saml1"; @@ -101,7 +100,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { HttpServletResponse response, String action) throws MOAIDException { SAML1RequestImpl config = new SAML1RequestImpl(); - if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isSAML1Active()) { + if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) { Logger.info("SAML1 is deaktivated!"); throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" }); @@ -142,21 +141,22 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { //load Target only from OA config - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter(oaURL); if (oaParam == null) throw new InvalidProtocolRequestException("auth.00", new Object[] { null }); - OASAML1 saml1 = oaParam.getSAML1Parameter(); + SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter(); if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) { Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication."); throw new InvalidProtocolRequestException("auth.00", new Object[] { null }); } - + config.setOnlineApplicationConfiguration(oaParam); config.setSourceID(sourceID); + if (MiscUtil.isNotEmpty(target)) config.setTarget(target); @@ -172,7 +172,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { IRequest protocolRequest) throws Throwable{ - OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); if (!oa.getSAML1Parameter().isProvideAllErrors()) return false; @@ -180,7 +180,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace(); String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest); - String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet"; + String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = response.encodeRedirectURL(url); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java index 9bf88534f..5370573a7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java @@ -27,10 +27,10 @@ import java.util.List; import org.opensaml.saml2.core.Attribute; -import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; @@ -70,8 +70,8 @@ public class SAML1RequestImpl extends RequestImpl { reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION); try { - OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); - OASAML1 saml1 = oa.getSAML1Parameter(); + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL()); + SAML1ConfigurationParameters saml1 = oa.getSAML1Parameter(); if (saml1 != null) { if (saml1.isProvideAUTHBlock()) reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 42e9bf25d..25cb952d7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -29,7 +29,7 @@ import java.util.List; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; @@ -140,7 +140,7 @@ public class AttributeCollector implements IAction { // read configuration parameters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(container.getRequest().getAssertionConsumerServiceURL()); + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(container.getRequest().getAssertionConsumerServiceURL()); if (oaParam == null) throw new AuthenticationException("stork.12", new Object[]{container.getRequest().getAssertionConsumerServiceURL()}); @@ -297,7 +297,7 @@ public class AttributeCollector implements IAction { Logger.info(e.getAp().getClass().getSimpleName() + " is going to ask an external service provider for the requested attributes"); // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, request, response, oaParam); + e.getAp().performRedirect(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, request, response, oaParam); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index 10b325234..de1924ba1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -22,7 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.stork2; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; +import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin; import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider; import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.EHvdAttributeProviderPlugin; import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.EHvdAttribute_deprecatedProviderPlugin; @@ -33,6 +35,7 @@ import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.StorkAttribu import at.gv.egovernment.moa.logging.Logger; import java.util.ArrayList; +import java.util.Collection; import java.util.Iterator; import java.util.List; import java.util.PriorityQueue; @@ -48,14 +51,7 @@ public class AttributeProviderFactory { * @return the available plugins */ public static List<String> getAvailablePlugins() { - List<String> result = new ArrayList<String>(); - result.add("StorkAttributeRequestProvider"); - result.add("EHvdAttributeProvider_deprecated"); - result.add("EHvdAttributeProvider"); - result.add("SignedDocAttributeRequestProvider"); - result.add("MandateAttributeRequestProvider"); - result.add("PVPAuthenticationProvider"); - return result; + return MOAIDConstants.ALLOWED_STORKATTRIBUTEPROVIDERS; } /** @@ -91,14 +87,14 @@ public class AttributeProviderFactory { /** * Gets fresh instances of the configured plugins. * - * @param configuredAPs the configured a ps + * @param collection the configured a ps * @return the configured plugins */ public static Iterator<AttributeProvider> getConfiguredPlugins( - List<AttributeProviderPlugin> configuredAPs) { + Collection<StorkAttributeProviderPlugin> collection) { PriorityQueue<AttributeProvider> result = new PriorityQueue<AttributeProvider>(); - for (AttributeProviderPlugin current : configuredAPs) { + for (StorkAttributeProviderPlugin current : collection) { result.add(create(current.getName(), current.getUrl(), current.getAttributes())); Logger.debug("Adding configured attribute provider: " + current.getClass().getName() + current.getName() + " at " + current.getUrl()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 01f84125f..59db5797d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; @@ -81,7 +81,7 @@ public class AuthenticationRequest implements IAction { httpResp.reset(); //TODO: CHECK: req.getOAURL() should return the unique OA identifier - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL()); + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(req.getOAURL()); if (oaParam == null) throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()}); @@ -205,7 +205,7 @@ public class AuthenticationRequest implements IAction { //TODO: in case of Single LogOut -> SLO information has to be stored // check if citizen country is configured in the system - if (!(AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode))) { + if (!(AuthConfigurationProviderFactory.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode))) { Logger.error("Citizen country PEPS not configured in MOA instance: " + citizenCountryCode); throw new MOAIDException("stork.05", null); // TODO } @@ -217,12 +217,12 @@ public class AuthenticationRequest implements IAction { String destinationURL = null; try { - issuer = new URL(AuthConfigurationProvider.getInstance().getPublicURLPrefix()).toString(); - destinationURL = AuthConfigurationProvider.getInstance().getStorkConfig().getCPEPS(citizenCountryCode).getPepsURL().toString(); - publicURLPrefix = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + issuer = new URL(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()).toString(); + destinationURL = AuthConfigurationProviderFactory.getInstance().getStorkConfig().getCPEPS(citizenCountryCode).getPepsURL().toString(); + publicURLPrefix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); assertionConsumerURL = publicURLPrefix + "/stork2/SendPEPSAuthnRequest"; } catch (MalformedURLException ex) { - Logger.error("Wrong PublicURLPrefix setting of MOA instance: " + AuthConfigurationProvider.getInstance().getPublicURLPrefix(), ex); + Logger.error("Wrong PublicURLPrefix setting of MOA instance: " + AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(), ex); throw new MOAIDException("stork.05", null); // TODO } catch (Exception ex) { Logger.error("Problem with PEPS configuration of MOA instance.", ex); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index 3acd1039f..30c59af6d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -32,7 +32,7 @@ import java.util.Map.Entry; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; @@ -145,7 +145,7 @@ public class ConsentEvaluator implements IAction { Template template = velocityEngine.getTemplate("/resources/templates/stork2_consent.html"); VelocityContext context = new VelocityContext(); - context.put("action", AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/GetConsent?" + ARTIFACT_ID + "=" + newArtifactId); + context.put("action", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/stork2/CompleteAuthentication?" + ARTIFACT_ID + "=" + newArtifactId); // assemble table String table = ""; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index a92d02e08..e9a1c2f1d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -30,7 +30,7 @@ import org.opensaml.saml2.core.Attribute; import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; @@ -235,7 +235,7 @@ public class MOASTORKRequest extends RequestImpl { //TODO: only for testing with MOA-ID as PVP Stammportal IOAAuthParameters oa; try { - oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); + oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL()); oa = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oa, this); DynamicOAAuthParameters tmp = (DynamicOAAuthParameters) oa; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java index c529a8465..e58fe804f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java @@ -27,7 +27,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; @@ -88,7 +88,7 @@ public class MandateRetrievalRequest implements IAction { Logger.debug("Removing personal identification value and type from original mandate "); originalContent = StringUtils.getBytesUtf8(originalMandate); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL()); + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(req.getOAURL()); if (oaParam == null) throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()}); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 57531992d..843b519a6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; @@ -45,7 +45,7 @@ import java.util.HashMap; * * @author bsuzic */ -public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { +public class STORKProtocol extends MOAIDAuthConstants implements IModulInfo { public static final String NAME = STORKProtocol.class.getName(); public static final String PATH = "id_stork2"; @@ -187,11 +187,12 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { STORK2Request.setSTORKAttrRequest(attrRequest); //check if OA is instance of VIDP or STORKPVPGateway - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(STORK2Request.getOAURL()); + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(STORK2Request.getOAURL()); if (oaParam == null) throw new AuthenticationException("stork.12", new Object[]{STORK2Request.getOAURL()}); else { + STORK2Request.setOnlineApplicationConfiguration(oaParam); if (oaParam.isSTORKPVPGateway()) { if (MiscUtil.isNotEmpty(oaParam.getSTORKPVPForwardEntity())) { Logger.info("Received request for STORK->PVP gateway. " + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java index 2c77db94e..ea0062620 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java @@ -56,7 +56,8 @@ import org.apache.velocity.app.VelocityEngine; import org.bouncycastle.util.encoders.UrlBase64; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; @@ -110,7 +111,7 @@ public class SignedDocAttributeRequestProvider extends AttributeProvider { this.oasisDssWebFormURL = oasisDssWebFormURL; try { - AuthConfigurationProvider authConfigurationProvider = AuthConfigurationProvider.getInstance(); + AuthConfiguration authConfigurationProvider = AuthConfigurationProviderFactory.getInstance(); dtlUrl = authConfigurationProvider.getDocumentServiceUrl(); Logger.info ("SignedDocAttributeRequestProvider, using dtlUrl:"+dtlUrl); } catch (Exception e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java deleted file mode 100644 index 708eb3f2c..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java +++ /dev/null @@ -1,110 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy; - -import java.io.IOException; -import java.net.HttpURLConnection; -import java.util.Vector; - -import javax.net.ssl.SSLSocketFactory; -import javax.servlet.http.HttpServletRequest; - -/** - * Builder for {@link java.net.URLConnection} objects used to forward requests - * to the remote online application. - * - * @author Paul Ivancsics - * @version $Id$ - */ - -public interface ConnectionBuilder { - - /** - * Builds an HttpURLConnection to a {@link java.net.URL} which is derived - * from an {@link HttpServletRequest} URL, by substitution of a - * public URL prefix for the real URL prefix.<br> - * The HttpURLConnection has been created by {@link java.net.URL#openConnection}, but - * it has not yet been connected to by {@link java.net.URLConnection#connect}.<br> - * The field settings of the HttpURLConnection are: - * <ul> - * <li><code>allowUserInteraction = false</code></li> - * <li><code>doInput = true</code></li> - * <li><code>doOutput = true</code></li> - * <li><code>requestMethod = request.getMethod()</code></li> - * <li><code>useCaches = false</code></li> - * </ul> - * - * @param request the incoming request which shall be forwarded - * @param publicURLPrefix the public URL prefix to be substituted by the real URL prefix - * @param realURLPrefix the URL prefix to substitute the public URL prefix - * @param sslSocketFactory factory to be used for creating an SSL socket in case - * of a URL for scheme <code>"https:"</code>; - * <br>if <code>null</code>, the default SSL socket factory would be used - * @param parameters parameters to be forwarded - * @return a URLConnection created by {@link java.net.URL#openConnection}, connecting to - * the requested URL with <code>publicURLPrefix</code> substituted by <code>realURLPrefix</code> - * @throws IOException if an I/O exception occurs during opening the connection - * @see java.net.URL#openConnection() - * @see com.sun.net.ssl.HttpsURLConnection#getDefaultSSLSocketFactory() - */ - public HttpURLConnection buildConnection( - HttpServletRequest request, - String publicURLPrefix, - String realURLPrefix, - SSLSocketFactory sslSocketFactory, - Vector parameters) throws IOException; - - - /** - * Disconnects the HttpURLConnection if necessary. - * The implementation of the Connectionbuilder decides wether - * if this should be happen or not. - * - * @param con the HttpURLConnection which is normaly to be closed - */ - public void disconnect(HttpURLConnection con); -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java deleted file mode 100644 index 6a268b061..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java +++ /dev/null @@ -1,114 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy; - -import java.util.HashMap; -import java.util.Map; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; - -/** - * Factory delivering a {@link ConnectionBuilder} implementation for - * an online application, initialized from configuration data. - * @author Paul Ivancsics - * @version $Id$ - */ -public class ConnectionBuilderFactory { - - /** default connection builder to be used for online application - * where no special implementation of the <code>ConnectionBuilder</code> - * interface is configured - */ - private static ConnectionBuilder defaultConnectionBuilder; - /** mapping from online application public URL prefix to an implementation - * of the <code>ConnectionBuilder</code> interface to be used; - * if no mapping is given for an online application, the - * <code>DefaultConnectionBuilder</code> will be used */ - private static Map connectionBuilderMap; - - /** - * Initializes the <code>ConnectionBuilder</code> map from the configuration data. - * @throws ConfigurationException when the configuration cannot be read, - * or when a class name configured cannot be instantiated - */ - public static void initialize() throws ConfigurationException { - defaultConnectionBuilder = new DefaultConnectionBuilder(); - connectionBuilderMap = new HashMap(); - ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); - for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) { - OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i]; - String publicURLPrefix = oaParam.getPublicURLPrefix(); - String className = oaParam.getConnectionBuilderImpl(); - if (className != null) { - try { - ConnectionBuilder cb = (ConnectionBuilder)Class.forName(className).newInstance(); - connectionBuilderMap.put(publicURLPrefix, cb); - } - catch (Throwable ex) { - throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex); - } - } - } - } - - /** - * Gets the <code>ConnectionBuilder</code> implementation to be used for the given - * online application. - * @param publicURLPrefix public URL prefix of the online application - * @return <code>ConnectionBuilder</code> implementation - */ - public static ConnectionBuilder getConnectionBuilder(String publicURLPrefix) { - ConnectionBuilder cb = (ConnectionBuilder) connectionBuilderMap.get(publicURLPrefix); - if (cb == null) - return defaultConnectionBuilder; - else - return cb; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java deleted file mode 100644 index 59ef64357..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java +++ /dev/null @@ -1,229 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy; - -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.net.HttpURLConnection; -import java.net.MalformedURLException; -import java.net.URI; -import java.net.URISyntaxException; -import java.net.URL; -import java.util.Iterator; -import java.util.Vector; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocketFactory; -import javax.servlet.http.HttpServletRequest; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.BoolUtils; -import at.gv.egovernment.moa.util.URLEncoder; - - - -/** - * Defaultimplementierung von <code>ConnectionBuilder</code>. - * @author Paul Ivancsics - * @version $Id$ - */ -public class DefaultConnectionBuilder implements ConnectionBuilder { - - /** a boolean to disable the HostnameVerification (default = false)*/ - private static boolean cbDisableHostnameVerification = false; - - /** - * Constructor for DefaultConnectionBuilder. - * @throws ConfigurationException on any config error - */ - public DefaultConnectionBuilder() throws ConfigurationException { - //INFO: removed from MOA-ID 2.0 config - cbDisableHostnameVerification = false; -// cbDisableHostnameVerification = BoolUtils.valueOf( -// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( -// "ProxyComponent.DisableHostnameVerification")); - //TODO MOA-ID BRZ undocumented feature - if (cbDisableHostnameVerification) - Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); - } - - /** - * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection - */ - public HttpURLConnection buildConnection( - HttpServletRequest req, - String publicURLPrefix, - String realURLPrefix, - SSLSocketFactory sslSocketFactory, - Vector parameters) - throws IOException { - - // Bug [#540] - //String requestedURL = req.getRequestURL().toString(); - String requestedURL = escapeUrl(req.getRequestURL().toString()); - - // check whether requested URL starts with publicURLPrefix - - //Temporary allow http:// urls instead of the https:// in publicURLPrefix - //if (req.getSession().getAttribute("authorizationkey")==null) { - // if (! requestedURL.startsWith(publicURLPrefix)) - // throw new IOException(MOAIDMessageProvider.getInstance().getMessage( - // "proxy.01", new Object[] {requestedURL, publicURLPrefix})); - //} - - // in case of GET request, append query string to requested URL; - // otherwise, HttpURLConnection would perform a POST request - if ("get".equalsIgnoreCase(req.getMethod()) && ! parameters.isEmpty()) { - requestedURL = appendQueryString(requestedURL, parameters); - } - // build real URL in online application - String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length()); - URL url = new URL(realURLString); - Logger.debug("OA Request: " + req.getMethod() + " " + url.toString()); - - HttpURLConnection conn = (HttpURLConnection)url.openConnection(); - conn.setRequestMethod(req.getMethod()); - conn.setDoInput(true); - conn.setDoOutput(true); - //conn.setUseCaches(false); - //conn.setAllowUserInteraction(true); - conn.setInstanceFollowRedirects(false); - - // JSSE Abhängigkeit - if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { - HttpsURLConnection httpsConn = (HttpsURLConnection) conn; - httpsConn.setSSLSocketFactory(sslSocketFactory); - if (cbDisableHostnameVerification) - httpsConn.setHostnameVerifier(new HostnameNonVerifier()); - } - - return conn; - } - - private static String escapeUrl(String unescapedUrlString) throws RuntimeException { - try { - URL unescapedUrl = new URL(unescapedUrlString); - String protocol = unescapedUrl.getProtocol(); - String fragment = unescapedUrl.getRef(); - String ssp = unescapedUrlString.substring(protocol.length() + 1, unescapedUrlString.length() - ((fragment == null) ? 0 : fragment.length() + 1)); - - URL url2 = new URI(protocol, ssp, fragment).toURL(); - return url2.toExternalForm(); - } catch (MalformedURLException e) { - throw new RuntimeException(e); - } catch (URISyntaxException e) { - throw new RuntimeException(e); - } - } - - - /** - * Disconnects the HttpURLConnection if necessary. - * The implementation of the Connectionbuilder decides wether - * if this should be happen or not. - * - * @param conn the HttpURLConnection which is normaly to be closed - */ - public void disconnect(HttpURLConnection conn) { - conn.disconnect(); - } - - - /** - * @param requestedURL - * @param parameters - * @return - */ - private String appendQueryString(String requestedURL, Vector parameters) { - String newURL = requestedURL; - String parameter[] = new String[2]; - String paramValue =""; - String paramName =""; - String paramString =""; - for (Iterator iter = parameters.iterator(); iter.hasNext();) { - try { - parameter = (String[]) iter.next(); - //next two lines work not with OWA-SSL-Login-form - paramName = URLEncoder.encode((String) parameter[0], "UTF-8"); - paramValue = URLEncoder.encode((String) parameter[1], "UTF-8"); - - } catch (UnsupportedEncodingException e) { - //UTF-8 should be supported - } - paramString = "&" + paramName + "=" + paramValue + paramString; - } - if (paramString.length()>0) newURL = newURL + "?" + paramString.substring(1); - return newURL; - } - - /** - * @author Stefan Knirsch - * @version $Id$ - * A private class to change the standard HostName verifier to disable the - * Hostname Verification Check - */ - - // JSSE Abhängigkeit - private class HostnameNonVerifier implements HostnameVerifier { - - public boolean verify(String hostname, SSLSession session) { - return true; - } - - /** - * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) - */ - /*public boolean verify(String arg0, String arg1) { - return true; - }*/ - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java deleted file mode 100644 index f094dfabf..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java +++ /dev/null @@ -1,187 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy; - -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Map; - -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.URLEncoder; - -/** - * Implementation of interface <code>LoginParameterResolver</code> - * @author Paul Ivancsics - * @version $Id$ - */ -public class DefaultLoginParameterResolver implements LoginParameterResolver { - - - - /** - * Configuration mehtod (not used) - */ - public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException { - } - - - /** - * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(OAConfiguration, AuthenticationData, String, boolean, String) - */ - public Map getAuthenticationHeaders( - OAConfiguration oaConf, - SAML1AuthenticationData authData, - String clientIPAddress, - boolean businessService, - String publicURLPrefix) { - - Map result = new HashMap(); - - if (oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH)) { - String useridPredicate = oaConf.getBasicAuthUserIDMapping(); - String userid = resolveValue(useridPredicate, authData, clientIPAddress); - String passwordPredicate = oaConf.getBasicAuthPasswordMapping(); - String password = resolveValue(passwordPredicate, authData, clientIPAddress); - - try { - String userIDPassword = userid + ":" + password; - String credentials = Base64Utils.encode(userIDPassword.getBytes()); - result.put("Authorization", "Basic " + credentials); - } - catch (IOException ignore) { - } - } - else if (oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH)) { - for (Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); iter.hasNext();) { - String key = (String) iter.next(); - String predicate = (String) oaConf.getHeaderAuthMapping().get(key); - String resolvedValue = resolveValue(predicate, authData, clientIPAddress); - result.put(key, resolvedValue); - } - } - - return result; - } - - /** - * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationParameters(OAConfiguration, AuthenticationData, String, boolean, String) - */ - public Map getAuthenticationParameters( - OAConfiguration oaConf, - SAML1AuthenticationData authData, - String clientIPAddress, - boolean businessService, - String publicURLPrefix) { - - Map result = new HashMap(); - - if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) { - for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext();) { - String key = (String) iter.next(); - String predicate = (String) oaConf.getParamAuthMapping().get(key); - String resolvedValue; - try { - resolvedValue = - URLEncoder.encode(resolveValue(predicate, authData, clientIPAddress), "ISO-8859-1"); - } catch (UnsupportedEncodingException e) { - //ISO-8859-1 is supported - resolvedValue = null; - } - result.put(key, resolvedValue); - } - } - - return result; - } - - /** - * Resolves a login header or parameter value. - * @param predicate header or parameter predicate name from online application configuration - * @param authData authentication data for current login - * @param clientIPAddress client IP address - * @return header or parameter value resolved; <code>null</code> if unknown name is given - */ - private static String resolveValue(String predicate, SAML1AuthenticationData authData, String clientIPAddress) { - if (predicate.equals(MOAGivenName)) - return authData.getGivenName(); - if (predicate.equals(MOAFamilyName)) - return authData.getFamilyName(); - if (predicate.equals(MOADateOfBirth)) - return authData.getFormatedDateOfBirth(); - if (predicate.equals(MOABPK)) - return authData.getBPK(); - - //AuthData holdes the correct BPK/WBPK - if (predicate.equals(MOAWBPK)) - return authData.getBPK(); - if (predicate.equals(MOAPublicAuthority)) - if (authData.isPublicAuthority()) - return "true"; - else - return "false"; - if (predicate.equals(MOABKZ)) - return authData.getPublicAuthorityCode(); - if (predicate.equals(MOAQualifiedCertificate)) - if (authData.isQualifiedCertificate()) - return "true"; - else - return "false"; - if (predicate.equals(MOAStammzahl)) - return authData.getIdentificationValue(); - if (predicate.equals(MOAIdentificationValueType)) - return authData.getIdentificationType(); - if (predicate.equals(MOAIPAddress)) - return clientIPAddress; - else return null; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java deleted file mode 100644 index 4d5511ef8..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java +++ /dev/null @@ -1,303 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy; - -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.net.HttpURLConnection; -import java.net.URL; -import java.net.URLStreamHandler; -import java.util.Iterator; -import java.util.StringTokenizer; -import java.util.Vector; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocketFactory; -import javax.servlet.http.HttpServletRequest; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.BoolUtils; -import at.gv.egovernment.moa.util.URLEncoder; - -import com.ibm.webdav.protocol.http.WebDAVURLConnection; - - -/** - * Defaultimplementierung von <code>ConnectionBuilder</code>. - * @author Paul Ivancsics - * @version $Id$ - */ -public class ElakConnectionBuilder implements ConnectionBuilder { - - /** a boolean to disable the HostnameVerification (default = false)*/ - private static boolean cbDisableHostnameVerification = false; - - /** a boolean to indicat if webdav protocol handler was already set */ - private static boolean webdavPHSet = false; - - /** - * The system property name used to register a protocol handler. - */ - public final static String PROTOCOL_HANDLER_PROPERTY_NAME = "java.protocol.handler.pkgs"; - - /** - * The package providing the ldap protocol handler. - */ - public final static String WEBDAV_PROTOCOL_HANDLER = "com.ibm.webdav.protocol"; - - /** - * The pipe character used to sepearte different protocol handlers. - */ - public final static char PIPE_CHAR = '|'; - - - - - - /** - * Constructor for ElakConnectionBuilder. - * @throws ConfigurationException on any config error - */ - public ElakConnectionBuilder() throws ConfigurationException { - - //INFO: removed from MOA-ID 2.0 config - cbDisableHostnameVerification = false; -// cbDisableHostnameVerification = BoolUtils.valueOf( -// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( -// "ProxyComponent.DisableHostnameVerification")); - //TODO MOA-ID BRZ undocumented feature - if (cbDisableHostnameVerification) - Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); - } - - /** - * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection - */ - public HttpURLConnection buildConnection( - HttpServletRequest req, - String publicURLPrefix, - String realURLPrefix, - SSLSocketFactory sslSocketFactory, - Vector parameters) - throws IOException { - - String requestedURL = req.getRequestURL().toString(); - // check whether requested URL starts with publicURLPrefix - if (! requestedURL.startsWith(publicURLPrefix)) - throw new IOException(MOAIDMessageProvider.getInstance().getMessage( - "proxy.01", new Object[] {requestedURL, publicURLPrefix})); - - - - // in case of GET request, append query string to requested URL; - // otherwise, HttpURLConnection would perform a POST request - //FIXME right parameters - /* - if ("get".equalsIgnoreCase(req.getMethod()) && ! parameters.isEmpty()) { - requestedURL = appendQueryString(requestedURL, parameters); - } - */ - //TODO RSCH check functionality - if (null != req.getQueryString() && 0 != req.getQueryString().length() ) { - String query = req.getQueryString(); - requestedURL = requestedURL + "?" + query; - - String parameter[] = new String[2]; - for (Iterator iter = parameters.iterator(); iter.hasNext();) { - parameter = (String[]) iter.next(); - - if(query.indexOf(parameter[0]) >= 0) iter.remove(); - } - } - - // build real URL in online application - String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length()); - - - Logger.info("Registering WebDAV protocol handler"); - String protocolHandlers = System.getProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME); - if (protocolHandlers == null) { - protocolHandlers = ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER; - System.setProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME, protocolHandlers); - } else { - // check, if WEBDAV protocol handler is already configured - boolean isConfigured = false; - StringTokenizer tokenizer = new StringTokenizer(protocolHandlers, "| "); - while (tokenizer.hasMoreTokens()) { - String protocolHandler = tokenizer.nextToken(); - if (protocolHandler.equals(ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER)) { - isConfigured = true; - break; - } - } - // if it has not been configured yet, configure it - if (!isConfigured) { - protocolHandlers = ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER + ElakConnectionBuilder.PIPE_CHAR + protocolHandlers; - System.setProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME, protocolHandlers); - } - } - Logger.info("Registered protocol handlers: " + protocolHandlers); - Class webdavSH = null; - try - { - webdavSH = Class.forName(ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER + ".http.Handler"); - } - catch (ClassNotFoundException e) - { - e.printStackTrace(); - } - URLStreamHandler urlStreamHandler = null; - try - { - urlStreamHandler = (URLStreamHandler) webdavSH.newInstance(); - } - catch (InstantiationException e1) - { - e1.printStackTrace(); - } - catch (IllegalAccessException e1) - { - e1.printStackTrace(); - } - //URL testURL = new URL("http", realURLString.substring("http://localhost:82".length()), 82, "", urlStreamHandler); - //WebDAVURLConnection webDavTest = (WebDAVURLConnection) testURL.openConnection(); - - - URL testURL = new URL(realURLString); - Logger.debug("TEST URL ist von der Klasse: " + testURL.getClass().getName()); - - //URL url = new URL(realURLString); - URL testURL2 = new URL(realURLString); - - URL url = new URL("http", "localhost", 82, realURLString.substring("http://localhost:82".length()), urlStreamHandler); - - Logger.debug("OA Request: " + req.getMethod() + " " + url.toString()); - WebDAVURLConnection webDavConn = (WebDAVURLConnection) url.openConnection(); - HttpURLConnection conn = (HttpURLConnection)webDavConn; - webDavConn.setRequestMethod(req.getMethod()); - webDavConn.setDoInput(true); - webDavConn.setDoOutput(true); - //conn.setUseCaches(false); - webDavConn.setAllowUserInteraction(true); - webDavConn.setInstanceFollowRedirects(false); - // JSSE Abhängigkeit - if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { - HttpsURLConnection httpsConn = (HttpsURLConnection) conn; - httpsConn.setSSLSocketFactory(sslSocketFactory); - if (cbDisableHostnameVerification) - httpsConn.setHostnameVerifier(new HostnameNonVerifier()); - } - return conn; - } - - /** - * Disconnects the HttpURLConnection if necessary. - * The implementation of the Connectionbuilder decides wether - * if this should be happen or not. - * - * @param conn the HttpURLConnection which is normaly to be closed - */ - public void disconnect(HttpURLConnection conn) { - conn.disconnect(); - } - - /** - * @param requestedURL - * @param parameters - * @return - */ - private String appendQueryString(String requestedURL, Vector parameters) { - String newURL = requestedURL; - String parameter[] = new String[2]; - String paramValue =""; - String paramName =""; - String paramString =""; - for (Iterator iter = parameters.iterator(); iter.hasNext();) { - try { - parameter = (String[]) iter.next(); - //Following two lines do not work with OWA-SSL-Login-form - paramName = URLEncoder.encode((String) parameter[0], "UTF-8"); - paramValue = URLEncoder.encode((String) parameter[1], "UTF-8"); - - } catch (UnsupportedEncodingException e) { - //UTF-8 should be supported - } - paramString = "&" + paramName + "=" + paramValue + paramString; - } - if (paramString.length()>0) newURL = newURL + "?" + paramString.substring(1); - return newURL; - } - - /** - * @author Stefan Knirsch - * @version $Id$ - * A private class to change the standard HostName verifier to disable the - * Hostname Verification Check - */ -//JSSE Abhängigkeit - private class HostnameNonVerifier implements HostnameVerifier { - - - public boolean verify(String hostname, SSLSession session) { - return true; - } - /** - * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) - */ -// public boolean verify(String arg0, String arg1) { -// return true; -// } - - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java deleted file mode 100644 index 2bc0fe131..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java +++ /dev/null @@ -1,266 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy; - -import java.io.IOException; -import java.net.URL; -import java.net.URLStreamHandler; -import java.util.Iterator; -import java.util.Vector; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocketFactory; -import javax.servlet.http.HttpServletRequest; - -import HTTPClient.HTTPConnection; -import HTTPClient.HttpURLConnection; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.BoolUtils; - - -/** - * Outlook Web Access (OWA) Implementierung von <code>ConnectionBuilder</code>. - * uses the HTTP(s)Client from Ronald Tschalär. - * origin version (without https support) is available at http://www.innovation.ch/java/HTTPClient/ - * - * @author pdanner - */ -public class EnhancedConnectionBuilder implements ConnectionBuilder { - - /** a boolean to disable the HostnameVerification (default = false)*/ - private static boolean cbDisableHostnameVerification = false; - /** Name of the Parameter for the Target */ - private static final String PARAM_TARGET = "Target"; - /** Name of the Parameter for the SAMLArtifact */ - private static final String PARAM_SAMLARTIFACT = "SAMLArtifact"; - /** Name of the Attribute for marking the session as authenticated*/ - private static final String ATT_AUTHDATAFETCHED = "AuthDataFetched"; - - static { - HTTPConnection.setDefaultTimeout(0); - try { - HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.AuthorizationModule")); - HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.RedirectionModule")); - HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.CookieModule")); - //HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.RetryModule")); - } catch (ClassNotFoundException e) { - - } - } - - /** - * Constructor for OWAConnectionBuilder. - * @throws ConfigurationException on any config error - */ - public EnhancedConnectionBuilder() throws ConfigurationException { - - //INFO: removed from MOA-ID 2.0 config - cbDisableHostnameVerification = false; -// cbDisableHostnameVerification = BoolUtils.valueOf( -// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( -// "ProxyComponent.DisableHostnameVerification")); - //TODO MOA-ID BRZ undocumented feature - if (cbDisableHostnameVerification) - Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); - } - - /** - * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection - */ - public java.net.HttpURLConnection buildConnection(HttpServletRequest req, String publicURLPrefix, String realURLPrefix, SSLSocketFactory sslSocketFactory, Vector parameters) throws IOException { - - String requestedURL = req.getRequestURL().toString(); - // check whether requested URL starts with publicURLPrefix - - if (! requestedURL.startsWith(publicURLPrefix.substring(0,5))) - throw new IOException(MOAIDMessageProvider.getInstance().getMessage( - "proxy.01", new Object[] {requestedURL, publicURLPrefix})); - - String query = req.getQueryString(); - if (req.getSession().getAttribute(ATT_AUTHDATAFETCHED)!=null) { - query = removeParameter(query, PARAM_SAMLARTIFACT); - query = removeParameter(query, PARAM_TARGET); - req.getSession().removeAttribute(ATT_AUTHDATAFETCHED); - } - if (null != query && 0 != query.length() ) { - requestedURL = requestedURL + "?" + query; - - String parameter[] = new String[2]; - for (Iterator iter = parameters.iterator(); iter.hasNext();) { - parameter = (String[]) iter.next(); - if(query.indexOf(parameter[0]) >= 0) iter.remove(); - } - } - - // build real URL in online application - String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length()); - - // build real URL in online application - URLStreamHandler urlStreamHandler = null; - - //URL url = new URL(realURLString); - if (realURLString.startsWith("https")) { - urlStreamHandler = new HTTPClient.https.Handler(); - } else{ - urlStreamHandler = new HTTPClient.http.Handler(); - } - URL url = new URL(null, realURLString, urlStreamHandler); - Logger.debug("OA Request: " + req.getMethod() + " " + url.toString()); - - HttpURLConnection conn = (HttpURLConnection)url.openConnection(); - - conn.setRequestMethod(req.getMethod()); - conn.setDoInput(true); - conn.setDoOutput(true); - //conn.setUseCaches(false); - //conn.setAllowUserInteraction(true); - conn.setInstanceFollowRedirects(false); - - if (realURLString.startsWith("https") && sslSocketFactory != null) { - conn.setSSLSocketFactory(sslSocketFactory); - //Not available in HTTPClient - //if (cbDisableHostnameVerification) - // conn.setHostnameVerifier(new HostnameNonVerifier()); - } - - return conn; - - } - - /** - * Disconnects the HttpURLConnection if necessary. - * The implementation of the Connectionbuilder decides wether - * if this should be happen or not. - * - * @param conn the HttpURLConnection which is normaly to be closed - */ - public void disconnect(java.net.HttpURLConnection conn) { - // In HTTPClient there must not be an diconnect! - // conn.disconnect(); - } - - /** - * @author Stefan Knirsch - * @version $Id$ - * A private class to change the standard HostName verifier to disable the - * Hostname Verification Check - */ - // JSSE Abhängigkeit - private class HostnameNonVerifier implements HostnameVerifier { - - - public boolean verify(String hostname, SSLSession session) { - return true; - } - - /** - * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) - */ -// public boolean verify(String arg0, String arg1) { -// return true; -// } - - } - - /** - * Removes parameters from the query-URL recursively - * - * @param query the query from which the parameter is to be removed - * @param parameter the parameter to be removed - * @return the parameterclean query - */ - private String removeParameter(String query, String parameter) { - return removeParameter(query, parameter, true); - } - - /** - * Removes one parameter from the query-URL recursively - * - * @param query the query from which the parameter is to be removed - * @param parameter the parameter to be removed - * @param remove. Boolean value wether a parameter was removed in last call or not. In initial call set to true to check for new occurrences - * @return the parameterclean query - */ - private String removeParameter(String query, String parameter, boolean remove) { - String result = query; - if (remove && query!=null && !query.equals("") && parameter!=null && !parameter.equals("")) { - String param = parameter; - int capEnd=0; - if (!param.endsWith("=")) param=param+"="; - if (query.startsWith(param)) { - //remove leading - result=""; - } else { - if (!param.startsWith("&")) param="&"+param; - capEnd = query.indexOf(param); - if (capEnd!=-1) { - //leading part - result=query.substring(0, capEnd); - } - } - if (capEnd!=-1) { - //trailing part - capEnd += param.length(); - int capBegin = -1; - if (capEnd <query.length()) capBegin = query.indexOf("&", capEnd); - if (capBegin!=-1) { - if (capBegin<query.length()) { - result=result + query.substring(capBegin); - if (result.startsWith("&")) result = result.substring(1); //if now is leading part - } - } - } - result = removeParameter(result, parameter, !query.equals(result)); - } - return result; - } - - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java deleted file mode 100644 index d432f8c41..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java +++ /dev/null @@ -1,133 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy; - -import java.util.Map; - -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; - -/** - * Determines authentication parameters and headers to be added to a {@link java.net.URLConnection} - * to the remote online application. - * Utilizes {@link OAConfiguration} and {@link AuthenticationData}. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public interface LoginParameterResolver { - - /** Constants used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>, - * naming predicates used by the <code>LoginParameterResolver</code>. */ - public static final String MOAGivenName = "MOAGivenName"; - /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAFamilyName = "MOAFamilyName"; - /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOADateOfBirth = "MOADateOfBirth"; - /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOABPK = "MOABPK"; - /** Constant used in <code>MOAIDConfiguration-1.3.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAWBPK = "MOAWBPK"; - /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAPublicAuthority = "MOAPublicAuthority"; - /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOABKZ = "MOABKZ"; - /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAQualifiedCertificate = "MOAQualifiedCertificate"; - /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAStammzahl = "MOAStammzahl"; - /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAIdentificationValueType = "MOAIdentificationValueType"; - /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAIPAddress = "MOAIPAddress"; - - /** - * Returns authentication headers to be added to a URLConnection. - * - * @param oaConf configuration data - * @param authData authentication data - * @param clientIPAddress client IP address - * @param businessService boolean value for recognizing (w)bPK-mode - * @param publicURLPrefix to distinguish different online applications - * @return A map, the keys being header names and values being corresponding header values. - * <br>In case of authentication type <code>"basic-auth"</code>, header fields - * <code>username</code> and <code>password</code>. - * <br>In case of authentication type <code>"header-auth"</code>, header fields - * derived from parameter mapping and authentication data provided. - * <br>Otherwise, an empty map. - */ - public Map getAuthenticationHeaders( - OAConfiguration oaConf, - SAML1AuthenticationData authData, - String clientIPAddress, - boolean businessService, - String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException; - - /** - * Returns request parameters to be added to a URLConnection. - * - * @param oaConf configuration data - * @param authData authentication data - * @param clientIPAddress client IP address - * @param businessService boolean value for recognizing (w)bPK-mode - * @param publicURLPrefix to distinguish different online applications - * @return A map, the keys being parameter names and values being corresponding parameter values. - * <br>In case of authentication type <code>"param-auth"</code>, parameters - * derived from parameter mapping and authentication data provided. - * <br>Otherwise, an empty map. - */ - public Map getAuthenticationParameters( - OAConfiguration oaConf, - SAML1AuthenticationData authData, - String clientIPAddress, - boolean businessService, - String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException; - - public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java deleted file mode 100644 index 1767185c8..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java +++ /dev/null @@ -1,88 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy; - -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; - -/** - * Exception thrown while proxying a request to the online application - * - * @author Rudolf Schamberger - * @version $Id$ - */ -public class LoginParameterResolverException extends MOAIDException { - - /** - * - */ - private static final long serialVersionUID = 3924645289077681081L; - - /** - * Constructor for LoginParameterResolverException. - * @param messageId - * @param parameters - */ - public LoginParameterResolverException( - String messageId, - Object[] parameters) { - super(messageId, parameters); - } - - /** - * Constructor for LoginParameterResolverException. - * @param messageId - * @param parameters - * @param wrapped - */ - public LoginParameterResolverException( - String messageId, - Object[] parameters, - Throwable wrapped) { - super(messageId, parameters, wrapped); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java deleted file mode 100644 index 0b43630ee..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java +++ /dev/null @@ -1,128 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy; - -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; -import java.util.HashMap; -import java.util.Map; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; - -/** - * Factory delivering a {@link LoginParameterResolver} implementation for - * an online application, initialized from configuration data. - * @author Paul Ivancsics - * @version $Id$ - */ -public class LoginParameterResolverFactory { - - /** default login parameter resolver to be used for online application - * where no special implementation of the <code>LoginParameterResolver</code> - * interface is configured - */ - private static LoginParameterResolver defaultLoginParameterResolver; - /** mapping from online application public URL prefix to an implementation - * of the <code>LoginParameterResolver</code> interface to be used; - * if no mapping is given for an online application, the - * <code>DefaultLoginParameterResolver</code> will be used */ - private static Map loginParameterResolverMap; - - /** - * Initializes the <code>LoginParameterResolver</code> map from the configuration data. - * @throws ConfigurationException when the configuration cannot be read, - * or when a class name configured cannot be instantiated - */ - public static void initialize() throws ConfigurationException { - defaultLoginParameterResolver = new DefaultLoginParameterResolver(); - loginParameterResolverMap = new HashMap(); - ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); - for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) { - OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i]; - String publicURLPrefix = oaParam.getPublicURLPrefix(); - String className = oaParam.getLoginParameterResolverImpl(); - String configuration = oaParam.getLoginParameterResolverConfiguration(); - if (className != null) { - try { - Class lprClass = Class.forName(className); - LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance(); - - Class[] argumentTypes = { String.class, Boolean.class }; - Method confMethod = lprClass.getMethod( "configure", argumentTypes ); - - Object[] arguments = { new String(configuration), new Boolean(oaParam.getBusinessService()) }; - confMethod.invoke( lpr, arguments ); - - loginParameterResolverMap.put(publicURLPrefix, lpr); - } - catch (InvocationTargetException lpex) { - throw new ConfigurationException("config.11", new Object[] {className}, lpex); - } - catch (Throwable ex) { - throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex); - } - } - } - } - - /** - * Gets the <code>LoginParameterResolver</code> implementation to be used for the given - * online application. - * @param publicURLPrefix public URL prefix of the online application - * @return <code>LoginParameterResolver</code> implementation - */ - public static LoginParameterResolver getLoginParameterResolver(String publicURLPrefix) { - LoginParameterResolver lpr = (LoginParameterResolver) loginParameterResolverMap.get(publicURLPrefix); - if (lpr == null) - return defaultLoginParameterResolver; - else - return lpr; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java deleted file mode 100644 index 91df96027..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java +++ /dev/null @@ -1,141 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy; - -import iaik.pki.PKIException; -import iaik.pki.jsse.IAIKX509TrustManager; - -import java.io.IOException; -import java.security.GeneralSecurityException; - -import javax.net.ssl.SSLSocketFactory; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; -import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Web application initializer - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class MOAIDProxyInitializer { - - /** - * Initializes the web application components which need initialization: - * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner. - */ - public static void initialize() - throws ConfigurationException, IOException, GeneralSecurityException, PKIException { - - Logger.setHierarchy("moa.id.proxy"); - - // Restricts TLS cipher suites - System.setProperty("https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA"); - - // load some jsse classes so that the integrity of the jars can be verified - // before the iaik jce is installed as the security provider - // this workaround is only needed when sun jsse is used in conjunction with - // iaik-jce (on jdk1.3) - ClassLoader cl = MOAIDProxyInitializer.class.getClassLoader(); - try { - cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar - } - catch (ClassNotFoundException e) { - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("init.01", null), e); - } - - // Initializes the SSLSocketFactory store - SSLUtils.initialize(); - - // Initializes IAIKX509TrustManager logging - String log4jConfigURL = System.getProperty("log4j.configuration"); - if (log4jConfigURL != null) { - IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL)); - } - - // Loads the configuration - ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.reload(); - - // Initializes the Axis secure socket factory for use in calling the MOA-Auth web service, - // using configuration data - ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter(); - if (connParamAuth!=null) { - if (connParamAuth.isHTTPSURL()) { - SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth); - AxisSecureSocketFactory.initialize(ssf); - } - } else { - throw new ConfigurationException("config.16", null); - } - - // Initializes the Axis secure socket factories for use in calling the online applications, - // using configuration data - OAProxyParameter[] oaParams = proxyConf.getOnlineApplicationParameters(); - for (int i = 0; i < oaParams.length; i++) { - OAProxyParameter oaParam = oaParams[i]; - ConnectionParameter oaConnParam = oaParam.getConnectionParameter(); - if (oaConnParam.isHTTPSURL()); - SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); - } - - // Initializes the ConnectionBuilderFactory from configuration data - ConnectionBuilderFactory.initialize(); - - // Initializes the LoginParameterResolverFactory from configuration data - LoginParameterResolverFactory.initialize(); - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java deleted file mode 100644 index df8a9bd4e..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java +++ /dev/null @@ -1,90 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy; - -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; - -/** - * Exception thrown while proxying a request to the online application - * Reason for this exception: the dedicated LoginParameterResolver does - * not allow access to the desired ressource. - * - * @author Rudolf Schamberger - * @version $Id$ - */ -public class NotAllowedException extends MOAIDException { - - /** - * - */ - private static final long serialVersionUID = -265024674370936886L; - - /** - * Constructor for NotAllowedException. - * @param messageId - * @param parameters - */ - public NotAllowedException( - String messageId, - Object[] parameters) { - super(messageId, parameters); - } - - /** - * Constructor for NotAllowedException. - * @param messageId - * @param parameters - * @param wrapped - */ - public NotAllowedException( - String messageId, - Object[] parameters, - Throwable wrapped) { - super(messageId, parameters, wrapped); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java deleted file mode 100644 index a5c632077..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java +++ /dev/null @@ -1,727 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy; - -import iaik.security.provider.IAIK; - -import java.io.BufferedInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.UnsupportedEncodingException; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Security; -import java.util.HashMap; -import java.util.Map; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.spec.IvParameterSpec; -import javax.xml.parsers.ParserConfigurationException; - -import org.w3c.dom.Element; -import org.w3c.dom.NodeList; -import org.xml.sax.SAXException; - -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.URLEncoder; - -/** - * XMLLoginParameterResolver an implementation of implementation of interface - * <code>LoginParameterResolver</code> - * This implementation used to map identities stored in an XML file to parameters - * which are given to OAs. - * - * @author Rudolf Schamberger - * @version $Id$ - */ -public class XMLLoginParameterResolverEncryptedData implements LoginParameterResolver { - - //file which is parsed and interpreted for paremeter resolving. - private String identityFile; - - private Cipher blowfishCipher; - private Key key; - /** - * inner class used to store mapped parameters - */ - class LPRParams { - - /** - * getter method for parameter Enabled. - * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver - */ - public boolean getEnabled() { - return enabled.booleanValue(); - } - - /** - * getter method for parameter UN (username) - * @return Parameter UN or <code>null</code> not set. - */ - public String getUN() { - return UN; - } - - /** - * getter method for parameter UN (username) - * @return Parameter UN or <code>null</code> not set. - */ - //TODO XMLLPR decrypt - public String getPlainUN() { - //Security.addProvider(); - - - return UN; - } - - - /** - * getter method for parameter PW (password) - * @return Parameter PW or <code>null</code> not set. - */ - public String getPW() { - return PW; - } - - /** - * getter method for generic parameter Param1 - * @return Parameter Param1 or <code>null</code> not set. - */ - public String getParam1() { - return Param1; - } - - /** - * getter method for generic parameter Param2 - * @return Parameter Param2 or <code>null</code> not set. - */ - public String getParam2() { - return Param2; - } - - /** - * getter method for generic parameter Param3 - * @return Parameter Param3 or <code>null</code> not set. - */ - public String getParam3() { - return Param3; - } - - /** - * Returns a string representation of LPRParams - * - * @return a <code>String</code> representation of this object. - * @see XMLLoginParameterResolver.LPRParams - */ - public String toString() { - return "Enabled: " - + enabled.toString() - + "UN: '" - + UN - + "' PW: '" - + PW - + "' Param1: '" - + Param1 - + "' Param2: '" - + Param2 - + "' Param3: '" - + Param3 - + "'\n"; - } - - //private member variables used to store the parameters - private Boolean enabled = null; - private String UN = null; - private String PW = null; - private String Param1 = null; - private String Param2 = null; - private String Param3 = null; - - /** - * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object. - * - * @param enabled enable user mapping to parameter set for the parameter set. - * @param UN username used in HTTP 401 - BasicAuthentication - * @param PW password used in HTTP 401 - BasicAuthentication - * @param Param1 generic parameter1 used in HeaderAuthentication and ParameterAuthentication - * @param Param2 generic parameter2 used in HeaderAuthentication and ParameterAuthentication - * @param Param3 generic parameter3 used in HeaderAuthentication and ParameterAuthentication - **/ - LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) { - this.enabled = new Boolean(enabled); - this.UN = UN; - this.PW = PW; - this.Param1 = Param1; - this.Param2 = Param2; - this.Param3 = Param3; - } - - /** - * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object. - * - * @param enabled enable user mapping to parameter set for the parameter set. - * @param UN username used in HTTP 401 - BasicAuthentication - * @param PW password used in HTTP 401 - BasicAuthentication - **/ - LPRParams(boolean enabled, String UN, String PW) { - this(enabled, UN, PW, null, null, null); - } - } - - /** - * Constructs a newly allocated <code>XMLLoginParameterResolver</code> object. - **/ - public XMLLoginParameterResolverEncryptedData() { - bPKMap = new HashMap(); - namedMap = new HashMap(); - } - - /** - * configuration method - * @param configuration enabled enable user mapping to parameter set for the parameter set. - */ - public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException { - File idFile; - Element rootElement; - - Security.addProvider(new IAIK()); - try { - blowfishCipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding", "IAIK"); - - } catch (NoSuchPaddingException e) { - throw new LoginParameterResolverException("config.11", - new Object[] { "XMLLoginParameterResolver: NoSuchPaddingException \n" + e.toString()}); - } catch (NoSuchProviderException e) { - throw new LoginParameterResolverException("config.11", - new Object[] { "XMLLoginParameterResolver: NoSuchProviderException \n" + e.toString()}); - } catch (NoSuchAlgorithmException e) { - throw new LoginParameterResolverException("config.11", - new Object[] { "XMLLoginParameterResolver: NoSuchAlgorithmException \n" + e.toString()}); - } - - String plaintext = "start"; - String encrypted = encryptData(plaintext, "1234567890123456", "123hochgeheim"); - String decrypted = decryptData(encrypted, "1234567890123456", "123hochgeheim"); - Logger.debug("plaintext: " + plaintext); - Logger.debug("encrypted: " + encrypted); - Logger.debug("decrypted: " + decrypted); - - //make file name absolut (if it is relative to main config file) - //TODO MOAID XMLLPR check - String moaIDConfigFileName = System.getProperty(ConfigurationProvider.PROXY_CONFIG_PROPERTY_NAME); - String rootConfigFileDir = new File(moaIDConfigFileName).getParent(); - this.identityFile = FileUtils.makeAbsoluteURL(configuration, rootConfigFileDir); - - if (null == identityFile || false == (idFile = new File(identityFile)).canRead()) { - throw new LoginParameterResolverException("config.11", - new Object[] { "XMLLoginParameterResolver: could not read '" + identityFile + "' " }); - } - try { - rootElement = readXMLFile(identityFile); - } catch (IOException lex) { - Logger.error(lex.toString()); - throw new LoginParameterResolverException("config.11", - new Object[] { "XMLLoginParameterResolver: could not read '" + identityFile + "' " }); - - } catch (SAXException sex) { - Logger.error(sex.toString()); - throw new LoginParameterResolverException("config.11", - new Object[] { "XMLLoginParameterResolver: parsing problem in file:'" + identityFile + "' ", sex.toString() }); - } catch (ParserConfigurationException e) { - // TODO XMLPR Auto-generated catch block - Logger.error(e.toString()); - throw new LoginParameterResolverException("config.11", - new Object[] { "XMLLoginParameterResolver: parsing problem in file:'" + identityFile + "' ", e.toString() }); - } - buildInfo(rootElement, businessService.booleanValue()); - isConfigured = true; - } - - /** - * encryptData method uses parameters masterSecret and bPK as key information to encrypt plaintext - * @param plaintext - * @param bPK - * @param masterSecret - * @return encrypted data (blowfish encrypted, base64 encoded) - * @throws LoginParameterResolverException - */ - public String encryptData(String plaintext, String bPK, String masterSecret) throws LoginParameterResolverException - { - try { - String keyString = bPK + masterSecret; - key = new iaik.security.cipher.SecretKey(keyString.getBytes("UTF-8"), "Blowfish"); - IvParameterSpec param = new IvParameterSpec(new byte [] {0,0,0,0,0,0,0,0}); - - blowfishCipher.init(Cipher.ENCRYPT_MODE, key, param); - byte [] cipherText = blowfishCipher.doFinal(plaintext.getBytes("UTF-8")); - return Base64Utils.encode(cipherText); - } catch (UnsupportedEncodingException e) { - throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); - } catch (InvalidKeyException e) { - throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); - } catch (BadPaddingException e) { - throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); - } catch (IllegalBlockSizeException e) { - throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); - } catch (IllegalStateException e) { - throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); - } catch (InvalidAlgorithmParameterException e) { - throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); - } catch (IOException e) { - throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); - } - } - - - /** - * encryptData method uses parameters masterSecret and bPK as key information to decrypt ciphertext - * @param ciphertext (blowfish encrypted, base64encoded) - * @param bPK - * @param masterSecret - * @return decrypted Data (plaintext) - * @throws LoginParameterResolverException - */ - public String decryptData(String ciphertext, String bPK, String masterSecret) throws LoginParameterResolverException - { - try { - String keyString = bPK + masterSecret; - key = new iaik.security.cipher.SecretKey(keyString.getBytes("UTF-8"), "Blowfish"); - IvParameterSpec param = new IvParameterSpec(new byte [] {0,0,0,0,0,0,0,0}); - blowfishCipher.init(Cipher.DECRYPT_MODE, key, param); - byte [] plaintext = blowfishCipher.doFinal(Base64Utils.decode(ciphertext, true)); - return new String(plaintext); - } catch (UnsupportedEncodingException e) { - throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); - } catch (InvalidKeyException e) { - throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); - } catch (BadPaddingException e) { - throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); - } catch (IllegalBlockSizeException e) { - throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); - } catch (IllegalStateException e) { - throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); - } catch (InvalidAlgorithmParameterException e) { - throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); - } catch (IOException e) { - throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); - } - } - - - - /** - * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(OAConfiguration, AuthenticationData, String, boolean, String) - */ - public Map getAuthenticationHeaders( - OAConfiguration oaConf, - SAML1AuthenticationData authData, - String clientIPAddress, - boolean businessService, - String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException { - Map result = new HashMap(); - - if (!isConfigured) { - //TODO XMLLPR - throw new LoginParameterResolverException("XMLLoginParameterResolver with configuration '" + - identityFile + "' is not configured!", null); - } - - //get the Identity of the user - String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); - String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); - String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); - String bPK =""; - String wType= ""; - if (businessService) { - bPK = resolveValue(MOAWBPK, authData, clientIPAddress); - wType = "w"; - } else { - bPK = resolveValue(MOABPK, authData, clientIPAddress); - } - String userid = ""; - String password = ""; - LPRParams params = null; - boolean userFound = false; - - //try (w)bPK and named search - params = bPKIdentitySearch(bPK, wType); - - if (null == params) - params = namedIdentitySearch(famName, givenName, dateOfBirth); - - //if both searches failed, report error. - if(null == params) - throw new NotAllowedException("User:_" + wType + "bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null); - - //HTTP 401 - Basic Authentication - if (oaConf.getAuthType().equals("basic")) { - userid = (null != params.getUN()) ? params.getUN() : ""; - password = (null != params.getPW()) ? params.getPW() : ""; - - try { - String userIDPassword = userid + ":" + password; - String credentials = Base64Utils.encode(userIDPassword.getBytes("UTF-8")); - Logger.debug("XMLLoginParameterResolver: calculated credentials: " + credentials); - result.put("Authorization", "Basic " + credentials); - } catch (IOException ignore) { - throw new LoginParameterResolverException("config.14", new Object[] {"internal error while encoding in Base64"}); - } - } else if (oaConf.getAuthType().equals("header")) { //HTTP Authentication - String key; - String resolvedValue; - //TODO MOAID XMLLPR select value through OA-ConfigFile; - if(null != params.getUN()) result.put("UN", params.getUN()); - if(null != params.getPW()) result.put("UN", params.getPW()); - if(null != params.getParam1()) result.put("UN", params.getParam1()); - if(null != params.getParam2()) result.put("UN", params.getParam2()); - if(null != params.getParam3()) result.put("UN", params.getParam3()); - - } else { - throw new LoginParameterResolverException("config.14", new Object[] {"AuthType not supported"}); - } - - return result; - } - - /** - * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationParameters(OAConfiguration, AuthenticationData, String, boolean, String) - */ - public Map getAuthenticationParameters( - OAConfiguration oaConf, - SAML1AuthenticationData authData, - String clientIPAddress, - boolean businessService, - String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException { - - Map result = new HashMap(); - - if (!isConfigured) { - Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured"); - return result; - } - - String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); - String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); - String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); - String bPK =""; - String wType= ""; - if (businessService) { - bPK = resolveValue(MOAWBPK, authData, clientIPAddress); - wType = "w"; - } else { - bPK = resolveValue(MOABPK, authData, clientIPAddress); - } - String userid = ""; - String password = ""; - LPRParams params = null; - - //try (w)bPK and named search - params = bPKIdentitySearch(bPK, wType); - - if (null == params) - params = namedIdentitySearch(famName, givenName, dateOfBirth); - - //if both searches failed, report error. - if(null == params) - throw new NotAllowedException("User:_" + wType + "bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null); - - //TODO MOAID XMLLPR URLEncoder.encode - if (oaConf.getAuthType().equals("param")) { - try { - if(null != params.getUN()) result.put(XSD_UNATTR, URLEncoder.encode(params.getUN(),"ISO-8859-1")); - if(null != params.getPW()) result.put(XSD_PWATTR, URLEncoder.encode(params.getPW(),"ISO-8859-1")); - if(null != params.getParam1()) result.put(XSD_PARAM1ATTR, URLEncoder.encode(params.getParam1(),"ISO-8859-1")); - if(null != params.getParam2()) result.put(XSD_PARAM2ATTR, URLEncoder.encode(params.getParam2(),"ISO-8859-1")); - if(null != params.getParam3()) result.put(XSD_PARAM3ATTR, URLEncoder.encode(params.getParam3(),"ISO-8859-1")); - } catch (UnsupportedEncodingException e) { - // ISO-8859-1 is supported - throw new LoginParameterResolverException("URLEncoder error", null); - } - } else { - throw new LoginParameterResolverException("AuthType not supported", null); - } - return result; - } - - /** - * Resolves a login header or parameter value. - * @param predicate header or parameter predicate name from online application configuration - * @param authData authentication data for current login - * @param clientIPAddress client IP address - * @return header or parameter value resolved; <code>null</code> if unknown name is given - */ - private static String resolveValue( - String predicate, - SAML1AuthenticationData authData, - String clientIPAddress) { - if (predicate.equals("MOAGivenName")) - return authData.getGivenName(); - if (predicate.equals("MOAFamilyName")) - return authData.getFamilyName(); - if (predicate.equals("MOADateOfBirth")) - return authData.getFormatedDateOfBirth(); - if (predicate.equals("MOABPK")) - return authData.getBPK(); - - //AuthData holdes the correct BPK/WBPK - if (predicate.equals("MOAWBPK")) - return authData.getBPK(); - if (predicate.equals("MOAPublicAuthority")) - if (authData.isPublicAuthority()) - return "true"; - else - return "false"; - if (predicate.equals("MOABKZ")) - return authData.getPublicAuthorityCode(); - if (predicate.equals("MOAQualifiedCertificate")) - if (authData.isQualifiedCertificate()) - return "true"; - else - return "false"; - if (predicate.equals("MOAStammzahl")) - return authData.getIdentificationValue(); - if (predicate.equals(MOAIdentificationValueType)) - return authData.getIdentificationType(); - if (predicate.equals("MOAIPAddress")) - return clientIPAddress; - else - return null; - } - - /** - * reads, parses the configuration file of XMLLoginParameterResolver and returns the document element. - * @param fileName of the configuration file. - */ - private Element readXMLFile(String fileName) throws ParserConfigurationException, SAXException, IOException { - Logger.info("XMLLoginParameterResolver: Loading and parsing XMLPLoginParameterConfiguration configuration: " + fileName); - - InputStream stream = null; - Element configElem; - - stream = new BufferedInputStream(new FileInputStream(fileName)); - configElem = DOMUtils.parseDocument(stream, true, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); - return configElem; - } - - /** - * buildInfo builds up the internal data mapping between the "Identities" and the "Parameters" from the parsed XML file. - * @param root document root element. - */ - private void buildInfo(Element root, boolean businessService) { - NodeList idList = root.getElementsByTagName(XSD_IDELEM); - NodeList paramList = root.getElementsByTagName(XSD_PARAMELEM); - String wType =""; - if (businessService) wType = "w"; - for (int i = 0; i < idList.getLength(); i++) - Logger.debug("XMLLoginParameterResolver: LocalName idList: " + idList.item(i).getLocalName()); - - for (int i = 0; i < paramList.getLength(); i++) - Logger.debug("XMLLoginParameterResolver: LocalName paramList: " + paramList.item(i).getLocalName()); - - for (int i = 0; i < idList.getLength(); i++) { - Element tmpElem = (Element) idList.item(i); - NodeList tmpList = tmpElem.getElementsByTagName(XSD_NAMEDIDELEM); - for (int j = 0; j < tmpList.getLength(); j++) - Logger.debug("XMLLoginParameterResolver: LocalName tmp: " + tmpList.item(j).getLocalName()); - - //Search for NamedIdentity Elements - if (1 == tmpList.getLength()) { - tmpElem = (Element) tmpList.item(0); - String tmpStr = tmpElem.getAttribute(XSD_SURNAMEATTR) + "," + - tmpElem.getAttribute(XSD_GIVENNAMEATTR) + "," + - tmpElem.getAttribute(XSD_BIRTHDATEATTR); - boolean tmpBool = false; - if (tmpElem.getFirstChild() != null - && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) - tmpBool = true; - //TODO XMLLPR remove - Logger.debug("XMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); - tmpElem = (Element) paramList.item(i); - Logger.debug("XMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute(XSD_UNATTR) + - " attribute PW: " + tmpElem.getAttribute(XSD_PWATTR) + - " attribute Param1: " + tmpElem.getAttribute(XSD_PARAM1ATTR) + - " attribute Param2: " + tmpElem.getAttribute(XSD_PARAM2ATTR) + - " attribute Param3: " + tmpElem.getAttribute(XSD_PARAM3ATTR) ); - namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute(XSD_UNATTR), tmpElem.getAttribute(XSD_PWATTR), - tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR), - tmpElem.getAttribute(XSD_PARAM3ATTR)) ); - } else { - - //(w)bPKIdentity Elements - if (businessService) { - tmpList = tmpElem.getElementsByTagName(XSD_WBPKIDELEM); - } else { - tmpList = tmpElem.getElementsByTagName(XSD_BPKIDELEM); - } - if (1 == tmpList.getLength()) { - tmpElem = (Element) tmpList.item(0); - String tmpStr = ""; - if (businessService) { - tmpStr = tmpElem.getAttribute(XSD_WBPKATTR); - } else { - tmpStr = tmpElem.getAttribute(XSD_BPKATTR); - } - boolean tmpBool = false; - if (tmpElem.getFirstChild() != null - && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) - tmpBool = true; - Logger.debug("XMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); - tmpElem = (Element) paramList.item(i); - Logger.debug("XMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute(XSD_UNATTR) + - " attribute PW: " + tmpElem.getAttribute(XSD_PWATTR) + - " attribute Param1: " + tmpElem.getAttribute(XSD_PARAM1ATTR) + - " attribute Param2: " + tmpElem.getAttribute(XSD_PARAM2ATTR) + - " attribute Param3: " + tmpElem.getAttribute(XSD_PARAM3ATTR) ); - namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute(XSD_UNATTR), tmpElem.getAttribute(XSD_PWATTR), - tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR), - tmpElem.getAttribute(XSD_PARAM3ATTR)) ); - } else { - if (businessService) { - Logger.warn("XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_WBPKIDELEM + " found"); - } else { - Logger.warn("XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_BPKIDELEM + " found"); - } - } - } - } - - Logger.debug("namedMap:" + namedMap.toString()); - Logger.debug(wType + "bPKMap:" + bPKMap.toString()); - } - - - - - /** - * searches for a given bPK and returns the appropriate LPRParams structure - * @param bPK search argument - * @return LPRParams if bPK could be found in internal mappings or null otherwise. - */ - LPRParams bPKIdentitySearch(String bPK, String wType) { - //search for mapping with (w)bPK of the user - Logger.info("XMLLoginParameterResolver: search for login data mapped to " + wType + "bPK:" + bPK); - LPRParams params = (LPRParams) bPKMap.get(bPK); - if (null == params) { - Logger.info("XMLLoginParameterResolver: params for " + wType + "bPK: " + bPK + " not found!"); - return null; - } else if (params.getEnabled()) { - Logger.info("XMLLoginParameterResolver: " + wType + "bPK: " + bPK + "found in list; user is enabled"); - Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); - return params; - } - Logger.info("XMLLoginParameterResolver: " + wType + "bPK: " + bPK + "found in list but user is NOT enabled"); - return null; - } - - /** - * searches for a given namedIdentity and returns the appropriate LPRParams structure - * @param surName surname search argument - * @param givenName givenname search argument - * @param dateOfBirth dateofbirth search argument - * @return LPRParams if (w)bPK could be found in internal mappings or null otherwise. - */ - LPRParams namedIdentitySearch(String surName, String givenName, String dateOfBirth) { - Logger.info("XMLLoginParameterResolver: search for login data for SurName:" + surName + " GivenName: " + givenName + " DateOfBirth" + dateOfBirth); - //try first a search with surname, givenname and birthdate - LPRParams params = (LPRParams) namedMap.get(surName + "," + givenName + "," + dateOfBirth); - if (null == params) { - Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + givenName + "BirthDate: " + dateOfBirth + " not found!"); - //try a search with surname, givenname only - params = (LPRParams) namedMap.get(surName + "," + givenName + "," + XSD_BIRTHDATEBLANKATTR); - if(null == params) { - Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + givenName + " not found!"); - return null; - } - } - - if (params.getEnabled()) { - Logger.info("XMLLoginParameterResolver: Surname:" + surName + " GivenName: " + givenName + " found in list; user is enabled"); - Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); - return params; - } - Logger.info("XMLLoginParameterResolver: SurName:" + surName + " GivenName: " + givenName + "found in list; user is NOT enabled"); - return null; - } - - //public static final String XSD_MAPPING = "Mapping"; - //public static final String XSD_DOCELEM = "MOAIdentities"; - public static final String XSD_IDELEM = "Identity"; - public static final String XSD_NAMEDIDELEM = "NamedIdentity"; - public static final String XSD_BPKIDELEM = "bPKIdentity"; - public static final String XSD_WBPKIDELEM = "wbPKIdentity"; - public static final String XSD_PARAMELEM = "Parameters"; - public static final String XSD_SURNAMEATTR = "SurName"; - public static final String XSD_GIVENNAMEATTR = "GivenName"; - public static final String XSD_BIRTHDATEATTR = "BirthDate"; - public static final String XSD_BIRTHDATEBLANKATTR = "any"; - public static final String XSD_BPKATTR = "bPK"; - public static final String XSD_WBPKATTR = "wbPK"; - public static final String XSD_UNATTR = "UN"; - public static final String XSD_PWATTR = "PW"; - public static final String XSD_PARAM1ATTR = "Param1"; - public static final String XSD_PARAM2ATTR = "Param2"; - public static final String XSD_PARAM3ATTR = "Param3"; - private Map bPKMap; - private Map namedMap; - private boolean isConfigured = false; -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java deleted file mode 100644 index 740421024..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java +++ /dev/null @@ -1,472 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy; - -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; -import java.io.IOException; -import java.util.*; - -import org.apache.xerces.parsers.DOMParser; -import org.w3c.dom.*; - -// Referenced classes of package at.gv.egovernment.moa.id.proxy: -// -// TODO MOA-ID test full functionality - -public class XMLLoginParameterResolverPlainData - implements LoginParameterResolver -{ - private String configuration; - - /** - * inner class used to store mapped parameters - */ - class LPRParams { - - /** - * getter method for parameter Enabled. - * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver - */ - public boolean getEnabled() { - return enabled.booleanValue(); - } - - /** - * getter method for parameter UN (username) - * @return Parameter UN or <code>null</code> not set. - */ - public String getUN() { - return UN; - } - - /** - * getter method for parameter UN (username) - * @return Parameter UN or <code>null</code> not set. - */ - public String getPlainUN() { - return UN; - } - - - /** - * getter method for parameter PW (password) - * @return Parameter PW or <code>null</code> not set. - */ - public String getPW() { - return PW; - } - - /** - * getter method for generic parameter Param1 - * @return Parameter Param1 or <code>null</code> not set. - */ - public String getParam1() { - return Param1; - } - - /** - * getter method for generic parameter Param2 - * @return Parameter Param2 or <code>null</code> not set. - */ - public String getParam2() { - return Param2; - } - - /** - * getter method for generic parameter Param3 - * @return Parameter Param3 or <code>null</code> not set. - */ - public String getParam3() { - return Param3; - } - - /** - * Returns a string representation of LPRParams - * - * @return a <code>String</code> representation of this object. - * @see XMLLoginParameterResolver.LPRParams - */ - public String toString() { - return "Enabled: " - + enabled.toString() - + "UN: '" - + UN - + "' PW: '" - + PW - + "' Param1: '" - + Param1 - + "' Param2: '" - + Param2 - + "' Param3: '" - + Param3 - + "'\n"; - } - - //private member variables used to store the parameters - private Boolean enabled = null; - private String UN = null; - private String PW = null; - private String Param1 = null; - private String Param2 = null; - private String Param3 = null; - - /** - * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object. - * - * @param enabled enable user mapping to parameter set for the parameter set. - * @param UN username used in HTTP 401 - BasicAuthentication - * @param PW password used in HTTP 401 - BasicAuthentication - * @param Param1 generic parameter1 used in HeaderAuthentication and ParameterAuthentication - * @param Param2 generic parameter2 used in HeaderAuthentication and ParameterAuthentication - * @param Param3 generic parameter3 used in HeaderAuthentication and ParameterAuthentication - **/ - LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) { - this.enabled = new Boolean(enabled); - this.UN = UN; - this.PW = PW; - this.Param1 = Param1; - this.Param2 = Param2; - this.Param3 = Param3; - } - - /** - * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object. - * - * @param enabled enable user mapping to parameter set for the parameter set. - * @param UN username used in HTTP 401 - BasicAuthentication - * @param PW password used in HTTP 401 - BasicAuthentication - **/ - LPRParams(boolean enabled, String UN, String PW) { - this(enabled, UN, PW, null, null, null); - } - } - - //TODO document - public XMLLoginParameterResolverPlainData() - { - bPKMap = new HashMap(); - namedMap = new HashMap(); - - } - - //TODO document - public Map getAuthenticationHeaders(OAConfiguration oaConf, SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws NotAllowedException - { - Map result = new HashMap(); - if(oaConf.getAuthType().equals("basic")) - { - String famName = resolveValue(MOAFamilyName, authData, clientIPAddress); - String givenName = resolveValue(MOAGivenName, authData, clientIPAddress); - String dateOfBirth = resolveValue(MOADateOfBirth, authData, clientIPAddress); - String bPK =""; - String wType= ""; - if (businessService) { - bPK = resolveValue(MOAWBPK, authData, clientIPAddress); - wType = "w"; - } else { - bPK = resolveValue(MOABPK, authData, clientIPAddress); - } - String userid = ""; - String password = ""; - String param1 = ""; - String param2 = ""; - String param3 = ""; - - LPRParams params = null; - boolean userFound = false; - - //first step: search for (w)bPK entry in user list - Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for "+ wType + "bPK:" + bPK); - params = (LPRParams)bPKMap.get(bPK); - if(params == null) - Logger.debug("XMLLoginParameterResolverPlainData: params for "+ wType + "bPK: " + bPK + " not found in file!"); - else - if(params.getEnabled()) - { //if user is enabled: get related parameters - Logger.debug("XMLLoginParameterResolverPlainData: "+ wType + "bPK: " + bPK + " found in list; user is enabled"); - Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString()); - userid = params.getUN(); - password = params.getPW(); - param1 = params.getParam1(); - param2 = params.getParam2(); - param3 = params.getParam3(); - userFound = true; - } else - { - Logger.info("XMLLoginParameterResolverPlainData: "+ wType + "bPK: " + bPK + " found in list; user is NOT enabled"); - } - if(!userFound) //secound step: search for name entry in user list - { - Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for SurName:" + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth); - params = (LPRParams)namedMap.get(famName + "," + givenName + "," + dateOfBirth); - if(params == null) { - Logger.debug("XMLLoginParameterResolverPlainData: params for Surname: " + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth + " not found in file!"); - //try also with wildcard ("*") birthdate - params = (LPRParams)namedMap.get(famName + "," + givenName + "," + "*"); - if(params != null) Logger.debug("XMLLoginParameterResolverPlainData: params for Surname: " + famName + " GivenName: " + givenName + " DateOfBirth: " + "*" + " found!"); - } - - if(null != params && params.getEnabled()) - { - Logger.debug("XMLLoginParameterResolverPlainData: SurName:" + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth + " found in file; user is enabled"); - Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString()); - userid = params.getUN(); - password = params.getPW(); - param1 = params.getParam1(); - param2 = params.getParam2(); - param3 = params.getParam3(); - userFound = true; - } - } - if(!userFound) //third step: search for default user in user list - { - //third step: search for (w)bPK for the default user entry in user list - Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for default user"); - params = (LPRParams)bPKMap.get("default"); - if(params == null) - Logger.debug("XMLLoginParameterResolverPlainData: params for default user not found in file!"); - else - if(params.getEnabled()) - { //if user is enabled: get related parameters - Logger.debug("XMLLoginParameterResolverPlainData: default user found in list; user is enabled"); - Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString()); - userid = params.getUN(); - password = params.getPW(); - param1 = params.getParam1(); - param2 = params.getParam2(); - param3 = params.getParam3(); - userFound = true; - } else - { - Logger.info("XMLLoginParameterResolverPlainData: default user found in list; user is NOT enabled"); - } - } - - if(!userFound) //if user is not found then throw NotAllowedException exception - { - //TODO MOA-ID proove this with testcases! - Logger.info("XMLLoginParameterResolverPlainData: Person is not allowed No automatic login"); - throw new NotAllowedException("XMLLoginParameterResolverPlainData: Person is not allowed No automatic login ", new Object[] { }); - } - try //if user was found: generate Authorization header entry with associated credemtials - { - String userIDPassword = userid + ":" + password; - String credentials = Base64Utils.encode(userIDPassword.getBytes()); - Logger.debug("XMLLoginParameterResolverPlainData: calculated credentials: " + credentials); - result.put("Authorization", "Basic " + credentials); - } - catch(IOException ignore) { } - } else - if(oaConf.getAuthType().equals("header")) - { - String key; - String resolvedValue; - for(Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); iter.hasNext(); result.put(key, resolvedValue)) - { - key = (String)iter.next(); - String predicate = (String)oaConf.getHeaderAuthMapping().get(key); - resolvedValue = resolveValue(predicate, authData, clientIPAddress); - } - - } - return result; - } - - public Map getAuthenticationParameters(OAConfiguration oaConf, SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) - { - Map result = new HashMap(); - if(oaConf.getAuthType().equals("param")) - { - String key; - String resolvedValue; - for(Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext(); result.put(key, resolvedValue)) - { - key = (String)iter.next(); - String predicate = (String)oaConf.getParamAuthMapping().get(key); - resolvedValue = resolveValue(predicate, authData, clientIPAddress); - } - - } - return result; - } - - private static String resolveValue(String predicate, SAML1AuthenticationData authData, String clientIPAddress) - { - if(predicate.equals(MOAGivenName)) - return authData.getGivenName(); - if(predicate.equals(MOAFamilyName)) - return authData.getFamilyName(); - if(predicate.equals(MOADateOfBirth)) - return authData.getFormatedDateOfBirth(); - if(predicate.equals(MOABPK)) - return authData.getBPK(); - - //AuthData holds the correct BPK/WBPK - if(predicate.equals(MOAWBPK)) - return authData.getBPK(); - if(predicate.equals(MOAPublicAuthority)) - if(authData.isPublicAuthority()) - return "true"; - else - return "false"; - if(predicate.equals(MOABKZ)) - return authData.getPublicAuthorityCode(); - if(predicate.equals(MOAQualifiedCertificate)) - if(authData.isQualifiedCertificate()) - return "true"; - else - return "false"; - if(predicate.equals(MOAStammzahl)) - return authData.getIdentificationValue(); - if (predicate.equals(MOAIdentificationValueType)) - return authData.getIdentificationType(); - if(predicate.equals(MOAIPAddress)) - return clientIPAddress; - else - return null; - } - - private Document readXMLFile(String fileName) throws LoginParameterResolverException - { - Logger.info("XMLLoginParameterResolverPlainData: Loading MOA-OA configuration " + fileName); - DOMParser parser = new DOMParser(); - try - { - parser.setFeature("http://xml.org/sax/features/validation", true); - parser.setFeature("http://apache.org/xml/features/validation/schema", true); - parser.parse(fileName); - return parser.getDocument(); - } - catch(Exception e) - { - String msg = e.toString(); - throw new LoginParameterResolverException("proxy.13", new Object[] {"<noURL>: XMLLoginParameterResolverPlainData: Error parsing file " + fileName, "detail problem: " + msg}); - } - } - - private void buildInfo(Document doc, boolean businessService) - { - Element root = doc.getDocumentElement(); - NodeList idList = root.getElementsByTagName("Identity"); - NodeList paramList = root.getElementsByTagName("Parameters"); - String wType =""; - if (businessService) wType = "w"; - for(int i = 0; i < idList.getLength(); i++) - Logger.debug("XMLLoginParameterResolverPlainData: LocalName idList: " + idList.item(i).getLocalName()); - - for(int i = 0; i < paramList.getLength(); i++) - Logger.debug("XMLLoginParameterResolverPlainData: LocalName paramList: " + paramList.item(i).getLocalName()); - - for(int i = 0; i < idList.getLength(); i++) - { - Element tmpElem = (Element)idList.item(i); - NodeList tmpList = tmpElem.getElementsByTagName("NamedIdentity"); - for(int j = 0; j < tmpList.getLength(); j++) - Logger.debug("XMLLoginParameterResolverPlainData: LocalName tmp: " + tmpList.item(j).getLocalName()); - - if(1 == tmpList.getLength()) - { - tmpElem = (Element)tmpList.item(0); - String tmpStr = tmpElem.getAttribute("SurName") + "," + tmpElem.getAttribute("GivenName") + "," + tmpElem.getAttribute("BirthDate"); - boolean tmpBool = false; - if(tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) - tmpBool = true; - Logger.debug("XMLLoginParameterResolverPlainData: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); - tmpElem = (Element)paramList.item(i); - Logger.debug("XMLLoginParameterResolverPlainData: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW")); - namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); - } else - { - tmpList = tmpElem.getElementsByTagName(wType + "bPKIdentity"); - if(1 == tmpList.getLength()) - { - tmpElem = (Element)tmpList.item(0); - String tmpStr = tmpElem.getAttribute(wType + "bPK"); - boolean tmpBool = false; - if(tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) - tmpBool = true; - Logger.debug("XMLLoginParameterResolverPlainData: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); - tmpElem = (Element)paramList.item(i); - Logger.debug("XMLLoginParameterResolverPlainData: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW") + " attribute Param1: " + tmpElem.getAttribute("Param1")); - bPKMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); - } else - { - Logger.warn("XMLLoginParameterResolverPlainData: wrong format or incorrect mode; no NamedIdentity or " + wType + "bPKIdentity found"); - } - } - } - - Logger.debug("namedMap:" + namedMap.toString()); - Logger.debug(wType + "bPKMap:" + bPKMap.toString()); - } - - //public static final String XSD_DOCELEM = "MOAIdentities"; - //public static final String XSD_IDELEM = "Identity"; - //public static final String XSD_NAMEDIDELEM = "NamedIdentity"; - //public static final String XSD_BPKIDELEM = "bPKIdentity"; - //public static final String XSD_PARAMELEM = "Parameters"; - //public static final String XML_LPR_CONFIG_PROPERTY_NAME1 = "moa.id.xmllpr1.configuration"; - private Map bPKMap; - private Map namedMap; - - - public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException { - Logger.info("XMLLoginParameterResolverPlainData: initialization string: " + configuration); - this.configuration = configuration; - String fileName = configuration; - if(fileName == null) { - fileName = "file:conf/moa-id/Identities.xml"; - Logger.info("XMLLoginParameterResolverPlainData: used file name string: " + fileName); - } - Document doc = readXMLFile(fileName); - buildInfo(doc, businessService.booleanValue() ); - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java deleted file mode 100644 index 73f4d1f1f..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java +++ /dev/null @@ -1,101 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy.builder; - -import java.text.MessageFormat; -import java.util.Calendar; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; - -/** - * Builder for the <code><samlp:Request></code> used for querying - * the authentication data <code><saml:Assertion></code>. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLRequestBuilder implements Constants { - /** samlp-Request template */ - private static final String REQUEST = - "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"{0}\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"{1}\">" + - "<samlp:AssertionArtifact>{2}</samlp:AssertionArtifact>" + - "</samlp:Request>"; - - /** - * Constructor for SAMLRequestBuilder. - */ - public SAMLRequestBuilder() { - super(); - } - - /** - * Builds the <code><samlp:Request></code>. - * @param requestID request ID - * @param samlArtifactBase64 SAML artifact, encoded BASE64 - * @return the DOM element - */ - public Element build(String requestID, String samlArtifactBase64) throws BuildException { - try { - String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()); - String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64}); - Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); - return requestElem; - } - catch (Throwable ex) { - throw new BuildException( - "builder.00", - new Object[] {"samlp:Request", ex.toString()}, - ex); - } - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java deleted file mode 100644 index 26da33e34..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java +++ /dev/null @@ -1,206 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy.invoke; - -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; -import java.util.Vector; - -import javax.xml.namespace.QName; -import javax.xml.rpc.Call; -import javax.xml.rpc.Service; -import javax.xml.rpc.ServiceFactory; - -import org.apache.axis.message.SOAPBodyElement; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.ServiceException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.data.SAMLStatus; -import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; -import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder; -import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; -import at.gv.egovernment.moa.id.proxy.servlet.ProxyException; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Invoker of - * <ul> - * <li>either the GetAuthenticationData web service of MOA-ID Auth</li> - * <li>or the API call {@link at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData},</li> - * </ul> - * depending of the configuration. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class GetAuthenticationDataInvoker { - /** Create a new QName object for the webservice endpoint */ - private static final QName SERVICE_QNAME = new QName("GetAuthenticationData"); - - /** invoked object for API call of MOA-ID Auth */ - private static Object apiServer = null; - /** invoked method for API call of MOA-ID Auth */ - private static Method apiMethod = null; - - /** - * Invokes the service passing domain model objects. - * @param samlArtifact SAML artifact - * @return AuthenticationData object - * @throws ServiceException on any exception thrown - */ - /** - * Get authentication data from the MOA-ID Auth component, - * either via API call or via web service call. - * @param samlArtifact SAML artifact to be used as a parameter - * @return AuthenticationData - * @throws MOAIDException - */ - public SAML1AuthenticationData getAuthenticationData(String samlArtifact) - throws MOAIDException { - - ConnectionParameter authConnParam = - ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter(); - - //Removed for MOA-ID 2.x -// if (authConnParam == null) { -// try { -// if (apiServer == null) { -// Class serverClass = Class.forName("at.gv.egovernment.moa.id.auth.AuthenticationServer"); -// Method getInstanceMethod = serverClass.getMethod("getInstance", (Class[]) null); -// apiServer = getInstanceMethod.invoke(null, (Object[]) null); -// apiMethod = serverClass.getMethod( -// "getAuthenticationData", new Class[] {String.class}); -// } -// AuthenticationData authData = (AuthenticationData)apiMethod.invoke(apiServer, new Object[] {samlArtifact}); -// return authData; -// } -// catch (InvocationTargetException ex) { -// Throwable targetEx = ex.getTargetException(); -// if (targetEx instanceof AuthenticationException) -// throw (AuthenticationException) targetEx; -// else -// throw new ProxyException("proxy.09", new Object[] {targetEx.toString()}); -// } -// catch (Throwable ex) { -// throw new ProxyException("proxy.09", new Object[] {ex.toString()}); -// } -// } -// else { - Element samlpRequest = new SAMLRequestBuilder().build(Random.nextRandom(), samlArtifact); - Element samlpResponse = getAuthenticationData(samlpRequest); - SAMLResponseParser srp = new SAMLResponseParser(samlpResponse); - SAMLStatus status = srp.parseStatusCode(); - if (! "samlp:Success".equals(status.getStatusCode())) { - if ("samlp:Responder".equals(status.getStatusCode())) { - Logger.info("MOA-ID authentication process failed."); - String code = status.getStatusCode(); - if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0) - code += "(" + status.getSubStatusCode() + ")"; - - throw new MOAIDException("proxy.17", new Object[] {status.getStatusMessage()}); - - } else { - // on error status throw exception - String code = status.getStatusCode(); - if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0) - code += "(" + status.getSubStatusCode() + ")"; - - throw new ServiceException("service.02", new Object[] {code, status.getStatusMessage()}); - } - } - return srp.parseAuthenticationData(); -// } - } - - /** - * Invokes the service passing DOM elements. - * @param request request DOM element - * @return response DOM element - * @throws ServiceException on any exception thrown - */ - public Element getAuthenticationData(Element request) throws ServiceException { - try { - Service service = ServiceFactory.newInstance().createService(SERVICE_QNAME); - Call call = service.createCall(); - SOAPBodyElement body = - new SOAPBodyElement(request); - SOAPBodyElement[] params = new SOAPBodyElement[] {body}; - Vector responses; - SOAPBodyElement response; - - String endPoint; - ConnectionParameter authConnParam = - ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter(); - - //If the ConnectionParameter do NOT exist, we throw an exception .... - if (authConnParam!=null) { - endPoint = authConnParam.getUrl(); - call.setTargetEndpointAddress(endPoint); - responses = (Vector) call.invoke(SERVICE_QNAME, params); - response = (SOAPBodyElement) responses.get(0); - return response.getAsDOM(); - } - else - { - throw new ServiceException("service.01", null); - } - } - catch (Exception ex) { - throw new ServiceException("service.00", new Object[] {ex.toString()}, ex); - } - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java deleted file mode 100644 index ebda8dae0..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java +++ /dev/null @@ -1,210 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy.parser; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; -import at.gv.egovernment.moa.util.BoolUtils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Parser for the <code><saml:Assertion></code> returned by the - * <code>GetAuthenticationData</code> web service. - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationDataAssertionParser implements Constants { - - /** Prefix for SAML-Xpath-expressions */ - private static String SAML = SAML_PREFIX + ":"; - /** Prefix for PersonData-Xpath-expressions */ - private static String PR = PD_PREFIX + ":"; - /** Prefix for Attribute MajorVersion in an Xpath-expression */ - private static String MAJOR_VERSION_XPATH = - "@MajorVersion"; - /** Prefix for Attribute MinorVersion in an Xpath-expression */ - private static String MINOR_VERSION_XPATH = - "@MinorVersion"; - /** Prefix for Attribute AssertionID in an Xpath-expression */ - private static String ASSERTION_ID_XPATH = - "@AssertionID"; - /** Prefix for Attribute Issuer in an Xpath-expression */ - private static String ISSUER_XPATH = - "@Issuer"; - /** Prefix for Attribute IssueInstant in an Xpath-expression */ - private static String ISSUE_INSTANT_XPATH = - "@IssueInstant"; - /** Prefix for Element AttributeStatement in an Xpath-expression */ - private static String ATTRIBUTESTATEMENT_XPATH = - SAML + "AttributeStatement/"; - /** Prefix for Element NameIdentifier in an Xpath-expression */ - private static String PK_XPATH = - ATTRIBUTESTATEMENT_XPATH + - SAML + "Subject/" + - SAML + "NameIdentifier"; - private static String NAME_QUALIFIER_XPATH = - PK_XPATH + "/@NameQualifier"; - /** Prefix for Element Person in an Xpath-expression */ - private static String PERSONDATA_XPATH = - ATTRIBUTESTATEMENT_XPATH + - SAML + "Attribute[@AttributeName=\"PersonData\"]/" + - SAML + "AttributeValue/" + - PR + "Person/"; - /** Prefix for Element Value in an Xpath-expression */ - private static String IDENTIFICATION_VALUE_XPATH = - PERSONDATA_XPATH + - PR + "Identification/" + - PR + "Value"; - private static String IDENTIFICATION_TYPE_XPATH = - PERSONDATA_XPATH + - PR + "Identification/" + - PR + "Type"; - /** Prefix for Element GivenName in an Xpath-expression */ - private static String GIVEN_NAME_XPATH = - PERSONDATA_XPATH + - PR + "Name/" + - PR + "GivenName"; - /** Prefix for Element FamilyName in an Xpath-expression */ - private static String FAMILY_NAME_XPATH = - PERSONDATA_XPATH + - PR + "Name/" + - PR + "FamilyName"; - /** Prefix for Element DateOfBirth in an Xpath-expression */ - private static String DATE_OF_BIRTH_XPATH = - PERSONDATA_XPATH + - PR + "DateOfBirth"; - /** Prefix for Element AttributeValue in an Xpath-expression */ - private static String IS_QUALIFIED_CERT_XPATH = - ATTRIBUTESTATEMENT_XPATH + - SAML + "Attribute[@AttributeName=\"isQualifiedCertificate\"]/" + - SAML + "AttributeValue"; - /** Prefix for Element AttributeValue in an Xpath-expression */ - private static String PUBLIC_AUTHORITY_XPATH = - ATTRIBUTESTATEMENT_XPATH + - SAML + "Attribute[@AttributeName=\"isPublicAuthority\"]/" + - SAML + "AttributeValue"; - /** Element samlAssertion represents the SAML:Assertion */ - private Element samlAssertion; - - /** - * Constructor - * @param samlAssertion samlpResponse the <code><samlp:Response></code> as a DOM element - */ - public AuthenticationDataAssertionParser(Element samlAssertion) { - this.samlAssertion = samlAssertion; - } - - /** - * Parses the <code><saml:Assertion></code>. - * @return <code>AuthenticationData</code> object - * @throws ParseException on any error - */ - public SAML1AuthenticationData parseAuthenticationData() - throws ParseException { - - try { - SAML1AuthenticationData authData = new SAML1AuthenticationData(); - //ÄNDERN: NUR der Identification-Teil - authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion)); - authData.setMajorVersion(new Integer( - XPathUtils.getAttributeValue(samlAssertion, MAJOR_VERSION_XPATH, "-1")).intValue()); - authData.setMinorVersion(new Integer( - XPathUtils.getAttributeValue(samlAssertion, MINOR_VERSION_XPATH, "-1")).intValue()); - authData.setAssertionID( - XPathUtils.getAttributeValue(samlAssertion, ASSERTION_ID_XPATH, "")); - authData.setIssuer( - XPathUtils.getAttributeValue(samlAssertion, ISSUER_XPATH, "")); - authData.setIssueInstant( - XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, "")); - String pkValue = XPathUtils.getElementValue(samlAssertion, PK_XPATH, ""); - - if (XPathUtils.getAttributeValue(samlAssertion, NAME_QUALIFIER_XPATH, "").equalsIgnoreCase(URN_PREFIX_BPK)) { - //bPK - authData.setBPK(pkValue); - authData.setBPKType(Constants.URN_PREFIX_BPK); - - } else { - //wbPK - authData.setBPK(pkValue); - authData.setBPKType(XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, "")); - } - authData.setIdentificationValue( - XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, "")); - authData.setIdentificationType( - XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, "")); - authData.setGivenName( - XPathUtils.getElementValue(samlAssertion, GIVEN_NAME_XPATH, "")); - authData.setFamilyName( - XPathUtils.getElementValue(samlAssertion, FAMILY_NAME_XPATH, "")); - authData.setDateOfBirth( - XPathUtils.getElementValue(samlAssertion, DATE_OF_BIRTH_XPATH, "")); - authData.setQualifiedCertificate(BoolUtils.valueOf( - XPathUtils.getElementValue(samlAssertion, IS_QUALIFIED_CERT_XPATH, ""))); - String publicAuthority = - XPathUtils.getElementValue(samlAssertion, PUBLIC_AUTHORITY_XPATH, null); - if (publicAuthority == null) { - authData.setPublicAuthority(false); - authData.setPublicAuthorityCode(""); - } - else { - authData.setPublicAuthority(true); - if (! publicAuthority.equalsIgnoreCase("true")) - authData.setPublicAuthorityCode(publicAuthority); - } - return authData; - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString() }, t); - } - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java deleted file mode 100644 index cec8dbe6c..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java +++ /dev/null @@ -1,147 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy.parser; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.data.SAMLStatus; -import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Parser for the <code><samlp:Response></code> returned by the - * <code>GetAuthenticationData</code> web service. - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLResponseParser implements Constants { - /** Element containing the samlResponse */ - private Element samlResponse; - /** Xpath prefix for reaching SAMLP Namespaces */ - private static String SAMLP = SAMLP_PREFIX + ":"; - /** Xpath prefix for reaching SAML Namespaces */ - private static String SAML = SAML_PREFIX + ":"; - /** Xpath prefix for reaching PersonData Namespaces */ - private static String PR = PD_PREFIX + ":"; - /** Xpath expression for reaching the SAMLP:Response element */ - private static final String ROOT = - "/" + SAMLP + "Response/"; - /** Xpath expression for reaching the SAMLP:Status element */ - private static final String STATUS_XPATH = - ROOT + - SAMLP + "Status/"; - /** Xpath expression for reaching the SAMLP:StatusCode_Value attribute */ - private static final String STATUSCODE_XPATH = - STATUS_XPATH + - SAMLP + "StatusCode/@Value"; - /** Xpath expression for reaching the SAMLP:SubStatusCode_Value attribute */ - private static final String SUBSTATUSCODE_XPATH = - STATUS_XPATH + - SAMLP + "StatusCode/" + - SAMLP + "StatusCode/@Value"; - /** Xpath expression for reaching the SAMLP:StatusMessage element */ - private static final String STATUSMESSAGE_XPATH = - STATUS_XPATH + - SAMLP + "StatusMessage"; - /** Xpath expression for reaching the SAML:Assertion element */ - private static String ASSERTION_XPATH = - ROOT + - SAML + "Assertion"; - - /** - * Constructor - * @param samlResponse the <code><samlp:Response></code> as a DOM element - */ - public SAMLResponseParser(Element samlResponse) { - this.samlResponse = samlResponse; - } - - /** - * Parses the <code><samlp:StatusCode></code> from the <code><samlp:Response></code>. - * @return <code>AuthenticationData</code> object - * @throws ParseException on any parsing error - */ - public SAMLStatus parseStatusCode() - throws ParseException { - - SAMLStatus status = new SAMLStatus(); - try { - status.setStatusCode( - XPathUtils.getAttributeValue(samlResponse, STATUSCODE_XPATH, "")); - status.setSubStatusCode( - XPathUtils.getAttributeValue(samlResponse, SUBSTATUSCODE_XPATH, "")); - status.setStatusMessage( - XPathUtils.getElementValue(samlResponse, STATUSMESSAGE_XPATH, "")); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString() }, t); - } - return status; - } - - /** - * Parses the <code><saml:Assertion></code> from the <code><samlp:Response></code>. - * @return <code>AuthenticationData</code> object - * @throws ParseException on any parsing error - */ - public SAML1AuthenticationData parseAuthenticationData() - throws ParseException { - - Element samlAssertion; - try { - samlAssertion = (Element)XPathUtils.selectSingleNode(samlResponse, ASSERTION_XPATH); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString() }, t); - } - return new AuthenticationDataAssertionParser(samlAssertion).parseAuthenticationData(); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java deleted file mode 100644 index e7340850c..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java +++ /dev/null @@ -1,122 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy.servlet; - -import java.io.IOException; -import java.text.DateFormat; -import java.util.Date; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer; -import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Servlet requested for updating the MOA-ID Auth configuration from configuration file - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class ConfigurationServlet extends HttpServlet { - - /** - * - */ - private static final long serialVersionUID = -886733697373217942L; - -/** - * Handle a HTTP GET request, used to indicated that the MOA - * configuration needs to be updated (reloaded). - * - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ - public void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - - MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance(); - try { - MOAIDProxyInitializer.initialize(); - - String message = msg.getMessage("config.00", new Object[] - { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} ); - Logger.info(message); - - HTTPRequestJSPForwarder.forwardNamed(message, "/message-proxy.jsp", getServletContext(), request, response); - } catch (Throwable t) { - String errorMessage = msg.getMessage("config.04", null); - Logger.error(errorMessage, t); - HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-proxy.jsp", getServletContext(), request, response); - } - } - - /** - * Do the same as <code>doGet</code>. - * - * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) - */ - public void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - doGet(request, response); - } - -/** - * Calls the web application initializer. - * - * @see javax.servlet.Servlet#init(ServletConfig) - */ -public void init(ServletConfig servletConfig) throws ServletException { - super.init(servletConfig); -} - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java deleted file mode 100644 index d4d4fa7a1..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java +++ /dev/null @@ -1,86 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy.servlet; - -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; - -/** - * Exception thrown while proxying a request to the online application - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class ProxyException extends MOAIDException { - - /** - * - */ - private static final long serialVersionUID = -2498996404868930153L; - -/** - * Constructor for ProxyException. - * @param messageId - * @param parameters - */ - public ProxyException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - /** - * Constructor for ProxyException. - * @param messageId - * @param parameters - * @param wrapped - */ - public ProxyException( - String messageId, - Object[] parameters, - Throwable wrapped) { - super(messageId, parameters, wrapped); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java deleted file mode 100644 index 9447f2e35..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ /dev/null @@ -1,1008 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.proxy.servlet; - -import java.io.BufferedInputStream; -import java.io.BufferedOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.io.StringWriter; -import java.io.UnsupportedEncodingException; -import java.net.HttpURLConnection; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Map; -import java.util.Vector; - -import javax.net.ssl.SSLSocketFactory; -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletConfig; -import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.commons.lang.StringEscapeUtils; - -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.ServiceException; -import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; -import at.gv.egovernment.moa.id.proxy.ConnectionBuilder; -import at.gv.egovernment.moa.id.proxy.ConnectionBuilderFactory; -import at.gv.egovernment.moa.id.proxy.LoginParameterResolver; -import at.gv.egovernment.moa.id.proxy.LoginParameterResolverException; -import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory; -import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer; -import at.gv.egovernment.moa.id.proxy.NotAllowedException; -import at.gv.egovernment.moa.id.proxy.invoke.GetAuthenticationDataInvoker; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.egovernment.moa.util.URLEncoder; - -/** - * Servlet requested for logging in at an online application, - * and then for proxying requests to the online application. - * @author Paul Ivancsics - * @version $Id$ - */ -public class ProxyServlet extends HttpServlet { - /** - * - */ - private static final long serialVersionUID = 6838184868735988125L; -/** Name of the Parameter for the Target */ - private static final String PARAM_TARGET = "Target"; - /** Name of the Parameter for the SAMLArtifact */ - private static final String PARAM_SAMLARTIFACT = "SAMLArtifact"; - /** Name of the Parameter for the ErrorMessage */ - private static final String PARAM_ERRORMASSAGE = "error"; - - /** Name of the Attribute for marking the session as authenticated*/ - private static final String ATT_AUTHDATAFETCHED = "AuthDataFetched"; - /** Name of the Attribute for the PublicURLPrefix */ - private static final String ATT_PUBLIC_URLPREFIX = "PublicURLPrefix"; - /** Name of the Attribute for the RealURLPrefix */ - private static final String ATT_REAL_URLPREFIX = "RealURLPrefix"; - /** Name of the Attribute for the SSLSocketFactory */ - private static final String ATT_SSL_SOCKET_FACTORY = "SSLSocketFactory"; - /** Name of the Attribute for the LoginHeaders */ - private static final String ATT_LOGIN_HEADERS = "LoginHeaders"; - /** Name of the Attribute for the LoginParameters */ - private static final String ATT_LOGIN_PARAMETERS = "LoginParameters"; - /** Name of the Attribute for the SAMLARTIFACT */ - private static final String ATT_SAML_ARTIFACT = "SamlArtifact"; - /** Name of the Attribute for the state of the browser request for login dialog*/ - private static final String ATT_BROWSERREQU = "BrowserLoginRequest"; - /** Name of the Attribute for the state of the browser request for login dialog*/ - private static final String ATT_OA_CONF = "oaConf"; - /** Name of the Attribute for the Logintype of the OnlineApplication*/ - private static final String ATT_OA_LOGINTYPE = "LoginType"; - /** Name of the Attribute for the number of the try to login into the OnlineApplication*/ - private static final String ATT_OA_LOGINTRY = "LoginTry"; - /** Maximum permitted login tries */ - private static final int MAX_OA_LOGINTRY = 3; - /** Name of the Attribute for authorization value for further connections*/ - private static final String ATT_OA_AUTHORIZATION_HEADER = "authorizationkey"; - /** Name of the Attribute for user binding */ - private static final String ATT_OA_USER_BINDING = "UserBinding"; - /** For extended internal debug messages */ - private static final boolean INTERNAL_DEBUG = false; - /** Message to be given if browser login failed */ - private static final String RET_401_MSG = "<html><head><title>Ein Fehler ist aufgetreten</title></head><body><h1>Fehler bei der Anmeldung</h1><p>Bei der Anmeldung ist ein Fehler aufgetreten.</p><p>Fehler bei der Anmeldung. <br>Prüfen Sie bitte ihre Berechtigung.<br><b>Abbruch durch den Benutzer.</b><br></p></body></html>"; - - /** - * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse) - */ - protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - - Logger.debug("getRequestURL:" + req.getRequestURL().toString()); - - String artifact = req.getParameter(PARAM_SAMLARTIFACT); - artifact = StringEscapeUtils.escapeHtml(artifact); - - try { - if (artifact != null) { - // check if SAML Artifact was already used in this session (in case of page reload) - HttpSession session = req.getSession(); - if (null != session && artifact.equals(session.getAttribute(ATT_SAML_ARTIFACT))) { - if (session.getAttribute(ATT_BROWSERREQU)==null) { - tunnelRequest(req, resp); - }else{ - login(req, resp); //login after browser login dialog - } - } else - // it is the first time that the SAML Artifact was used - login(req, resp); - } - else - tunnelRequest(req, resp); - } - catch (MOAIDException ex) { - handleError(ex.getMessage(), ex, req, resp); - } - catch (Throwable ex) { - handleError(ex.getMessage(), ex, req, resp); - } - } - - /** - * Login to online application at first call of servlet for a user session.<br/> - * <ul> - * <li>Acquires authentication data from the MOA-ID Auth component.</li> - * <li>Reads configuration data for the online application.</li> - * <li>Resolves login parameters.</li> - * <li>Sets up an SSLSocketFactory in case of a secure connection to the online application.</li> - * <li>For a stateless online application, stores data in the HttpSession.</li> - * <li>Tunnels the request to the online application.</li> - * </ul> - * @param req - * @param resp - * @throws ConfigurationException when wrong configuration is encountered - * @throws ProxyException when wrong configuration is encountered - * @throws BuildException while building the request for MOA-ID Auth - * @throws ServiceException while invoking MOA-ID Auth - * @throws ParseException while parsing the response from MOA-ID Auth - */ - private void login(HttpServletRequest req, HttpServletResponse resp) throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException { - - HttpSession session = req.getSession(); - String samlArtifact = ""; - Map loginHeaders = null; - Map loginParameters = null; - String publicURLPrefix = ""; - String realURLPrefix = ""; - SSLSocketFactory ssf = null; - String urlRequested = req.getRequestURL().toString(); - OAConfiguration oaConf = null; - String loginType = ""; - String binding = ""; - - if (session.getAttribute(ATT_BROWSERREQU)==null) { - - // read configuration data - ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); - OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(urlRequested); - if (oaParam == null) { - throw new ProxyException("proxy.02", new Object[] { urlRequested }); - } - - samlArtifact = req.getParameter(PARAM_SAMLARTIFACT); - Logger.debug("moa-id-proxy login " + PARAM_SAMLARTIFACT + ": " + samlArtifact); - // String target = req.getParameter(PARAM_TARGET); parameter given but not processed - // boolean targetprovided = req.getParameter(PARAM_TARGET) != null; - - // get authentication data from the MOA-ID Auth component - SAML1AuthenticationData authData; - try { - authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact); - - } catch (ServiceException ex) { - throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex); - - } catch (ProxyException ex) { - throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex); - - } catch (MOAIDException ex) { - String errorURL = oaParam.getErrorRedirctURL(); - if (MiscUtil.isNotEmpty(errorURL)) { - generateErrorAndRedirct(resp, errorURL, ex.getMessage()); - return; - - } else { - Logger.info("No ErrorRedirectURL defined. The error is shown on MOA-ID Proxy errorpage."); - throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex); - } - } - session.setAttribute(ATT_AUTHDATAFETCHED, "true"); - - publicURLPrefix = oaParam.getPublicURLPrefix(); - Logger.debug("OA: " + publicURLPrefix); - oaConf = oaParam.getOaConfiguration(); - ConnectionParameter oaConnParam = oaParam.getConnectionParameter(); - realURLPrefix = oaConnParam.getUrl(); - - // resolve login parameters to be forwarded to online application - LoginParameterResolver lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix); - String clientIPAddress = req.getRemoteAddr(); - boolean businessService = oaParam.getBusinessService(); - try { - if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) { - loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress, businessService, publicURLPrefix); - } else { - loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress, businessService, publicURLPrefix); - for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) { - //extract user-defined bindingValue - String headerKey = (String) iter.next(); - String headerKeyValue = (String) loginHeaders.get(headerKey); - if (headerKey.equalsIgnoreCase("binding")) { - binding = (String) loginHeaders.get(headerKey); - } - for (int i = 1; i <= 3; i++) { - if (headerKey.equalsIgnoreCase("param" + i)) { - int sep = headerKeyValue.indexOf("="); - if (sep>-1) { - if (sep>0) { - String value = ""; - if (headerKeyValue.length()>sep+1) value = headerKeyValue.substring(sep+1); - if (loginParameters == null) loginParameters = new HashMap(); - loginParameters.put(headerKeyValue.substring(0,sep) , value); - } - } else { - loginParameters.put(headerKey, ""); - } - } - } - } - loginHeaders.remove("binding"); - loginHeaders.remove("param1"); - loginHeaders.remove("param2"); - loginHeaders.remove("param3"); - } - } catch (LoginParameterResolverException ex) { - String errorURL = oaParam.getErrorRedirctURL(); - if (MiscUtil.isNotEmpty(errorURL)) { - generateErrorAndRedirct(resp, errorURL, - MOAIDMessageProvider.getInstance().getMessage("proxy.13", - new Object[] { publicURLPrefix })); - return; - - } else - throw new ProxyException("proxy.13", new Object[] { publicURLPrefix }); - - } catch (NotAllowedException e) { - String errorURL = oaParam.getErrorRedirctURL(); - if (MiscUtil.isNotEmpty(errorURL)) { - generateErrorAndRedirct(resp, errorURL, - MOAIDMessageProvider.getInstance().getMessage("proxy.15", - new Object[] { })); - return; - - } else - throw new ProxyException("proxy.15", new Object[] { }); - } - - // setup SSLSocketFactory for communication with the online application - if (oaConnParam.isHTTPSURL()) { - try { - ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); - } catch (Throwable ex) { - throw new ProxyException( - "proxy.05", - new Object[] { oaConnParam.getUrl(), ex.toString()}, - ex); - } - } - - // for stateless online application, store data in HttpSession - loginType = oaConf.getLoginType(); - if ("".equalsIgnoreCase(binding)) { - binding = oaConf.getBinding(); - if ("".equalsIgnoreCase(binding)) binding = "full"; - } - Logger.debug("Login type: " + loginType); - if (loginType.equals(OAConfiguration.LOGINTYPE_STATELESS)) { - int sessionTimeOut = oaParam.getSessionTimeOut(); - if (sessionTimeOut == 0) - sessionTimeOut = 60 * 60; // default 1 h - - session.setMaxInactiveInterval(sessionTimeOut); - session.setAttribute(ATT_PUBLIC_URLPREFIX, publicURLPrefix); - session.setAttribute(ATT_REAL_URLPREFIX, realURLPrefix); - session.setAttribute(ATT_SSL_SOCKET_FACTORY, ssf); - session.setAttribute(ATT_LOGIN_HEADERS, loginHeaders); - session.setAttribute(ATT_LOGIN_PARAMETERS, loginParameters); - session.setAttribute(ATT_SAML_ARTIFACT, samlArtifact); - session.setAttribute(ATT_OA_CONF, oaConf); - session.setAttribute(ATT_OA_LOGINTYPE, loginType); - session.setAttribute(ATT_OA_USER_BINDING, binding); - session.removeAttribute(ATT_BROWSERREQU); - session.removeAttribute(ATT_OA_AUTHORIZATION_HEADER); - session.removeAttribute(ATT_OA_LOGINTRY); - Logger.debug("moa-id-proxy: HTTPSession " + session.getId() + " angelegt"); - } - - } else { - loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS); - publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX); - realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX); - ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY); - loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS); - loginParameters = (Map) session.getAttribute(ATT_LOGIN_PARAMETERS); - samlArtifact = (String) session.getAttribute(ATT_SAML_ARTIFACT); - oaConf = (OAConfiguration) session.getAttribute(ATT_OA_CONF); - loginType = (String) session.getAttribute(ATT_OA_LOGINTYPE); - binding = (String) session.getAttribute(ATT_OA_USER_BINDING); - session.removeAttribute(ATT_BROWSERREQU); - Logger.debug("moa-id-proxy: HTTPSession " + session.getId() + " aufgenommen"); - } - - try { - int respcode = 0; - - // tunnel request to the online application - respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf, binding); - if (respcode == 401) { - if (OAConfiguration.BINDUNG_FULL.equals(binding) && oaConf.getLoginType().equals(OAConfiguration.LOGINTYPE_STATELESS)) { - throw new ProxyException("proxy.12", new Object[] { realURLPrefix }); - } - } - } catch (ProxyException ex) { - throw new ProxyException("proxy.12", new Object[] { realURLPrefix }); - } catch (Throwable ex) { - throw new ProxyException("proxy.04", new Object[] { urlRequested, ex.toString()}, ex); - } - } - - /** - * Tunnels a request to the stateless online application using data stored in the HTTP session. - * @param req HTTP request - * @param resp HTTP response - * @throws IOException if an I/O error occurs - */ - private void tunnelRequest(HttpServletRequest req, HttpServletResponse resp) throws ProxyException, IOException { - - //Logger.debug("Tunnel request (stateless)"); - HttpSession session = req.getSession(false); - - if (session == null) - throw new ProxyException("proxy.07", null); - String publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX); - //A session is automatically created when forwarded 1st time to errorpage-proxy.jsp (with the handleError method) - //additional check if publicURLPrefix is OK, if not throw an Exception - if (publicURLPrefix == null) - throw new ProxyException("proxy.07", null); - - String realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX); - SSLSocketFactory ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY); - Map loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS); - Map loginParameters = (Map) session.getAttribute(ATT_LOGIN_PARAMETERS); - String binding = (String) session.getAttribute(ATT_OA_USER_BINDING); - if (publicURLPrefix == null || realURLPrefix == null) - throw new ProxyException("proxy.08", new Object[] { req.getRequestURL().toString()}); - - int respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf, binding); - if (respcode == -401) // #tries to login exceeded - throw new ProxyException("proxy.16", new Object[] {realURLPrefix, Integer.toString(MAX_OA_LOGINTRY)}); - } - -/** - * Tunnels a request to the online application using given URL mapping and SSLSocketFactory. - * This method returns the ResponseCode of the request to the online application. - * @param req HTTP request - * @param resp HTTP response - * @param loginHeaders header field/values to be inserted for purposes of authentication; - * may be <code>null</code> - * @param loginParameters parameter name/values to be inserted for purposes of authentication; - * may be <code>null</code> - * @param publicURLPrefix prefix of request URL to be substituted for the <code>realURLPrefix</code> - * @param realURLPrefix prefix of online application URL to substitute the <code>publicURLPrefix</code> - * @param ssf SSLSocketFactory to use - * @throws IOException if an I/O error occurs - */ -private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map loginHeaders, Map loginParameters, String publicURLPrefix, String realURLPrefix, SSLSocketFactory ssf, String binding) - throws IOException { - - String originBinding = binding; - String browserUserID = ""; - String browserPassword = ""; - //URL url = new URL(realURLPrefix); - //String realURLHost = url.getHost(); - if (INTERNAL_DEBUG && !binding.equals("")) Logger.debug("Binding: " + binding); - - // collect headers from request - Map headers = new HashMap(); - for (Enumeration enu = req.getHeaderNames(); enu.hasMoreElements();) { - String headerKey = (String) enu.nextElement(); - String headerKeyValue = req.getHeader(headerKey); - if (INTERNAL_DEBUG) Logger.debug("Incoming:" + headerKey + "=" + headerKeyValue); - //Analyze Basic-Auth-Headers from the client - if (headerKey.equalsIgnoreCase("Authorization")) { - if (headerKeyValue.substring(0,6).equalsIgnoreCase("Basic ")) { - String credentials = headerKeyValue.substring(6); - byte [] bplaintextcredentials = Base64Utils. decode(credentials, true); - String plaintextcredentials = new String(bplaintextcredentials); - browserUserID = plaintextcredentials.substring(0,plaintextcredentials.indexOf(":")); - browserPassword = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1); - //deactivate following line for security - //if (INTERNAL_DEBUG) Logger.debug("Analyzing authorization-header from browser: " + headerKeyValue + "gives UN:PW=" + browserUserID + ":" + browserPassword ); - } - if (headerKeyValue.substring(0,9).equalsIgnoreCase("Negotiate")) { - //deactivate following line for security - //if (INTERNAL_DEBUG) Logger.debug("Analyzing authorization-header from browser: Found NTLM Aut.: " + headerKeyValue + "gives UN:PW=" + browserUserID + ":" + browserPassword ); - } - } - else - { - /* Headers MUST NOT be repaced according to our Spec. - if (headerKey.equalsIgnoreCase("Host")) { - headerKeyValue = realURLHost; - //headerKeyValue= realURLPrefix.substring(hoststartpos); - if (INTERNAL_DEBUG) Logger.debug("replaced:" + headerKey + "=" + headerKeyValue); - } - */ - headers.put(headerKey, headerKeyValue); - } - } - - - // collect login headers, possibly overwriting headers from request - String authorizationvalue=""; - if (req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER)==null) { - - if (OAConfiguration.BINDUNG_NOMATCH.equals(binding)) { - int loginTry = getLoginTry(req); - Logger.debug("Binding: mode = " + OAConfiguration.BINDUNG_NOMATCH + "(try #" + Integer.toString(loginTry) + ")"); - if (loginTry==1) { - binding = OAConfiguration.BINDUNG_FULL; - } else { - binding = OAConfiguration.BINDUNG_USERNAME; - } - } - - /* Soll auch bei anderen bindings zuerst ein passwort probiert werden k�nnen: - //if we have the first Login-Try and we have Binding to Username and a predefined Password we try this one first - // full binding will be covered by next block - if (loginTry==1 && !OAConfiguration.BINDUNG_FULL.equals(binding)) { - //1st try: if we have a password, try this one first - for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) { - String headerKey = (String) iter.next(); - String headerKeyValue = (String) loginHeaders.get(headerKey); - if (isBasicAuthenticationHeader(headerKey, headerKeyValue)) { - String credentials = headerKeyValue.substring(6); - byte [] bplaintextcredentials = Base64Utils.decode(credentials, true); - String plaintextcredentials = new String(bplaintextcredentials); - String password = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1); - if (password!=null && !password.equals("")) { - Logger.debug("Binding: found predefined password. Trying full binding first"); - binding = OAConfiguration.BINDUNG_FULL; - break; - } - } - } - } - */ - - - - //we have a connection with not having logged on - if (loginHeaders != null && (browserPassword.length()!=0 || browserUserID.length()!=0 || OAConfiguration.BINDUNG_FULL.equals(binding))) { - for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) { - String headerKey = (String) iter.next(); - String headerKeyValue = (String) loginHeaders.get(headerKey); - //customize loginheaders if necessary - if (isBasicAuthenticationHeader(headerKey, headerKeyValue)) - { - if (OAConfiguration.BINDUNG_FULL.equals(binding)) { - authorizationvalue = headerKeyValue; - Logger.debug("Binding: full binding to user established"); - } else { - String credentials = headerKeyValue.substring(6); - byte [] bplaintextcredentials = Base64Utils.decode(credentials, true); - String plaintextcredentials = new String(bplaintextcredentials); - String userID = plaintextcredentials.substring(0,plaintextcredentials.indexOf(":")); - String password = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1); - String userIDPassword = ":"; - if (OAConfiguration.BINDUNG_USERNAME.equals(binding)) { - Logger.debug("Binding: Access with necessary binding to user"); - userIDPassword = userID + ":" + browserPassword; - } else if (OAConfiguration.BINDUNG_NONE.equals(binding)) { - Logger.debug("Binding: Access without binding to user"); - //If first time - if (browserUserID.length()==0) browserUserID = userID; - if (browserPassword.length()==0) browserPassword = password; - userIDPassword = browserUserID + ":" + browserPassword; - } else { - userIDPassword = userID + ":" + password; - } - credentials = Base64Utils.encode(userIDPassword.getBytes()); - authorizationvalue = "Basic " + credentials; - headerKeyValue = authorizationvalue; - } - } - headers.put(headerKey, headerKeyValue); - } - } - }else{ - //if OA needs Authorization header in each further request - authorizationvalue = (String) req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER); - if (loginHeaders != null) headers.put("Authorization", authorizationvalue); - } - - - Vector parameters = new Vector(); - for (Enumeration enu = req.getParameterNames(); enu.hasMoreElements();) { - String paramName = (String) enu.nextElement(); - if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) { - if (INTERNAL_DEBUG) Logger.debug("Req Parameter-put: " + paramName + ":" + req.getParameter(paramName)); - String parameter[] = new String[2]; - parameter[0]= paramName; - parameter[1]= req.getParameter(paramName); - parameters.add(parameter); - } - } - // collect login parameters, possibly overwriting parameters from request - if (loginParameters != null) { - for (Iterator iter = loginParameters.keySet().iterator(); iter.hasNext();) { - String paramName = (String) iter.next(); - if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) { - if (INTERNAL_DEBUG) Logger.debug("Req Login-Parameter-put: " + paramName + ":" + loginParameters.get(paramName)); - String parameter[] = new String[2]; - parameter[0]= paramName; - parameter[1]= (String) loginParameters.get(paramName); - parameters.add(parameter); - } - } - } - - ConnectionBuilder cb = ConnectionBuilderFactory.getConnectionBuilder(publicURLPrefix); - HttpURLConnection conn = cb.buildConnection(req, publicURLPrefix, realURLPrefix, ssf, parameters); - - // set headers as request properties of URLConnection - for (Iterator iter = headers.keySet().iterator(); iter.hasNext();) { - String headerKey = (String) iter.next(); - String headerValue = (String) headers.get(headerKey); - String LogStr = "Req header " + headerKey + ": " + headers.get(headerKey); - if (isBasicAuthenticationHeader(headerKey, headerValue)) { - String credentials = headerValue.substring(6); - byte [] bplaintextcredentials = Base64Utils. decode(credentials, true); - String plaintextcredentials = new String(bplaintextcredentials); - String uid = plaintextcredentials.substring(0,plaintextcredentials.indexOf(":")); - String pwd = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1); - //Sollte AuthorizationInfo vom HTTPClient benutzt werden: cb.addBasicAuthorization(publicURLPrefix, uid, pwd); - //deactivate following line for security - //if (INTERNAL_DEBUG && Logger.isDebugEnabled()) LogStr = LogStr + " >UserID:Password< >" + uid + ":" + pwd + "<"; - } - conn.setRequestProperty(headerKey, headerValue); - if (INTERNAL_DEBUG) Logger.debug(LogStr); - } - - StringWriter sb = new StringWriter(); - - // Write out parameters into output stream of URLConnection. - // On GET request, do not send parameters in any case, - // otherwise HttpURLConnection would send a POST. - if (!"get".equalsIgnoreCase(req.getMethod()) && !parameters.isEmpty()) { - boolean firstParam = true; - String parameter[] = new String[2]; - for (Iterator iter = parameters.iterator(); iter.hasNext();) { - parameter = (String[]) iter.next(); - String paramName = parameter[0]; - String paramValue = parameter[1]; - if (firstParam) - firstParam = false; - else - sb.write("&"); - sb.write(paramName); - sb.write("="); - sb.write(paramValue); - if (INTERNAL_DEBUG) Logger.debug("Req param " + paramName + ": " + paramValue); - } - } - - // For WebDAV and POST: copy content - if (!"get".equalsIgnoreCase(req.getMethod())) { - if (INTERNAL_DEBUG && !"post".equalsIgnoreCase(req.getMethod())) Logger.debug("---- WEBDAV ---- copying content"); - try { - OutputStream out = conn.getOutputStream(); - InputStream in = req.getInputStream(); - if (!parameters.isEmpty()) out.write(sb.toString().getBytes()); //Parameter nicht mehr mittels Printwriter schreiben - copyStream(in, out, null, req.getMethod()); - out.flush(); - out.close(); - } catch (IOException e) { - if (!"post".equalsIgnoreCase(req.getMethod())) - Logger.debug("---- WEBDAV ---- streamcopy problem"); - else - Logger.debug("---- POST ---- streamcopy problem"); - } - } - - // connect - if (INTERNAL_DEBUG) Logger.debug("Connect Request"); - conn.connect(); - if (INTERNAL_DEBUG) Logger.debug("Connect Response"); - - // check login tries - if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) { - int loginTry = getLoginTry(req); - req.getSession().setAttribute(ATT_OA_LOGINTRY, Integer.toString(loginTry)); - if (loginTry > MAX_OA_LOGINTRY) { - Logger.debug("Found 401 UNAUTHORIZED, maximum tries exceeded; leaving..."); - cb.disconnect(conn); - return -401; - } - } - - - - if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED && OAConfiguration.BINDUNG_FULL.equals(originBinding)) { - Logger.debug("Found 401 UNAUTHORIZED, leaving..."); - cb.disconnect(conn); - return conn.getResponseCode(); - } - - - resp.setStatus(conn.getResponseCode()); - //Issue by Gregor Karlinger - content type was annotated twice - //resp.setContentType(conn.getContentType()); - - if (loginHeaders != null && (conn.getResponseCode()==HttpURLConnection.HTTP_OK || conn.getResponseCode()==HttpURLConnection.HTTP_MOVED_TEMP) && req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER)==null) { - req.getSession().setAttribute(ATT_OA_AUTHORIZATION_HEADER, authorizationvalue); - Logger.debug("Login OK. Saving authorization header to remember in further requests"); - } - - // Read response headers - // Omit response header "content-length" if response header "Transfer-encoding: chunked" is set. - // Otherwise, the connection will not be kept alive, resulting in subsequent missing requests. - // See JavaDoc of javax.servlet.http.HttpServlet: - // When using HTTP 1.1 chunked encoding (which means that the response has a Transfer-Encoding header), do not set the Content-Length header. - Vector respHeaders = new Vector(); - - boolean chunked = false; - String contentLengthKey = null; - String transferEncodingKey = null; - int i = 1; - String headerKey; - String loginType = (String) req.getSession().getAttribute(ATT_OA_LOGINTYPE); - while ((headerKey = conn.getHeaderFieldKey(i)) != null) { - String headerValue = conn.getHeaderField(i); - - if (headerKey.equalsIgnoreCase("WWW-Authenticate")) { - int start = headerValue.indexOf("Basic realm=\""); - boolean requestsBasicAuth = headerValue.substring(start).startsWith("Basic realm=\""); - if (requestsBasicAuth) { - headerValue = "Basic realm=\"" + publicURLPrefix + "\""; - - if ( OAConfiguration.BINDUNG_USERNAME.equals(originBinding) || OAConfiguration.BINDUNG_NOMATCH.equals(originBinding)) - headerValue = "Basic realm=\"Bitte Passwort eingeben\""; - else if ("none".equals(originBinding)) { - headerValue = "Basic realm=\"Bitte Benutzername und Passwort eingeben\""; - } - } - } - -// // Überschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen) -// if (headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\"")) { -// headerValue = "Basic realm=\"" + publicURLPrefix + "\""; -// if (OAConfiguration.BINDUNG_USERNAME.equals(originBinding) || OAConfiguration.BINDUNG_NOMATCH.equals(originBinding)) { -// headerValue = "Basic realm=\"Bitte Passwort eingeben\""; -// } else if (OAConfiguration.BINDUNG_NONE.equals(originBinding)) { -// headerValue = "Basic realm=\"Bitte Benutzername und Passwort eingeben\""; -// } -// } - - String respHeader[] = new String[2]; - if ((conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) && headerKey.equalsIgnoreCase("content-length")) { - //alter the unauthorized message with template for login - //TODO: supply a special login form on unauthorized messages with bindings!=full - headerValue = Integer.toString(RET_401_MSG.length()); - } - respHeader[0]= headerKey; - respHeader[1]= headerValue; - - if (!(OAConfiguration.BINDUNG_FULL.equals(originBinding) && OAConfiguration.LOGINTYPE_STATELESS.equals(loginType) && headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\""))) { - respHeaders.add(respHeader); - if (INTERNAL_DEBUG) Logger.debug("Resp header " + headerKey + ": " + headerValue); - } else { - Logger.debug("Resp header ---REMOVED--- " + headerKey + ": " + headerValue); - } - if (isTransferEncodingChunkedHeader(headerKey, headerValue) || "content-length".equalsIgnoreCase(headerKey)) { - respHeaders.remove(respHeader); - Logger.debug("Resp header " + headerKey + " REMOVED"); - } - - i++; - } - - - String headerValue; - String respHeader[] = new String[2]; - - //write out all Responseheaders - for (Iterator iter = respHeaders.iterator(); iter.hasNext();) { - respHeader = (String[]) iter.next(); - headerKey = respHeader[0]; - headerValue = respHeader[1]; - resp.addHeader(headerKey, headerValue); - } - - //Logger.debug(">>>> Copy Content"); - //Logger.debug(" from ()" + conn.getURL()); - //Logger.debug(" to (" + req.getRemoteAddr() + ":"+ ") " +req.getRequestURL()); - - // read response stream - Logger.debug("Resp from " + conn.getURL().toString() + ": status " + conn.getResponseCode()); - // Load content unless the server lets us know that the content is NOT MODIFIED... - if (conn.getResponseCode()!=HttpURLConnection.HTTP_NOT_MODIFIED ) { - BufferedInputStream respIn = new BufferedInputStream(conn.getInputStream()); - //Logger.debug("Got Inputstream"); - BufferedOutputStream respOut = new BufferedOutputStream(resp.getOutputStream()); - //Logger.debug("Got Outputstream"); - - byte [] buffer = new byte[4096]; - if (respOut != null) { - int bytesRead; - while ((bytesRead = respIn.read(buffer)) >= 0) { - if (conn.getResponseCode()!=HttpURLConnection.HTTP_UNAUTHORIZED) respOut.write(buffer, 0, bytesRead); - } - } else { - while (respIn.read(buffer) >= 0); - } - - - /* - int ch; - StringBuffer strBuf = new StringBuffer(""); - while ((ch = respIn.read()) >= 0) { - if (conn.getResponseCode()!=HttpURLConnection.HTTP_UNAUTHORIZED) respOut.write(ch); - strBuf.append((char)ch); - } - Logger.debug("Resp Content:"); - if (strBuf.toString().length()>500) - Logger.debug(strBuf.toString().substring(0,500)); - else - Logger.debug(strBuf.toString()); - */ - - - if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) { - respOut.write(RET_401_MSG.getBytes()); - } - respOut.flush(); - respOut.close(); - respIn.close(); - if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) { - Logger.debug("Found 401 UNAUTHORIZED..."); - cb.disconnect(conn); - return conn.getResponseCode(); - } - } else { - //if (conn.getResponseCode()==HttpURLConnection.HTTP_NOT_MODIFIED) - Logger.debug("Found 304 NOT MODIFIED..."); - } - - cb.disconnect(conn); - Logger.debug("Request done"); - - return conn.getResponseCode(); -} - -/** - * Gets the current amount of the login try at the online application - * - * @param req the HttpServletRequest - * @return the number off the current login try - */ -private int getLoginTry(HttpServletRequest req) { - String oa_loginTry = (String) req.getSession().getAttribute(ATT_OA_LOGINTRY); - int loginTry = 1; - if (oa_loginTry!=null) loginTry = Integer.parseInt(oa_loginTry)+1; - return loginTry; -} -/** - * Determines whether a HTTP header is a basic authentication header of the kind "Authorization: Basic ..." - * - * @param headerKey header name - * @param headerValue header value - * @return true for a basic authentication header - */ -private boolean isBasicAuthenticationHeader(String headerKey, String headerValue) { - if (!"authorization".equalsIgnoreCase(headerKey)) - return false; - if (headerValue.length() < "basic".length()) - return false; - String authenticationSchema = headerValue.substring(0, "basic".length()); - return "basic".equalsIgnoreCase(authenticationSchema); -} -/** - * Determines whether a basic authentication header of the kind "Authorization: Basic ..." - * is included in a HTTP request - * @param req HTTP request - * @return true for a basic authentication header provided - */ -private boolean isBasicAuthenticationHeaderProvided(HttpServletRequest req) { - for (Enumeration enu = req.getHeaderNames(); enu.hasMoreElements();) { - String headerKey = (String) enu.nextElement(); - String headerValue = req.getHeader(headerKey); - if (isBasicAuthenticationHeader(headerKey, headerValue)) - return true; - } - return false; -} -/** - * Determines whether a HTTP header is "Transfer-encoding" header with value containing "chunked" - * - * @param headerKey header name - * @param headerValue header value - * @return true for a "Transfer-encoding: chunked" header - */ -private boolean isTransferEncodingChunkedHeader(String headerKey, String headerValue) { - if (!"transfer-encoding".equalsIgnoreCase(headerKey)) - return false; - return headerValue.indexOf("chunked") >= 0 || headerValue.indexOf("Chunked") >= 0 || headerValue.indexOf("CHUNKED") >= 0; -} - -/** - * Calls the web application initializer. - * - * @see javax.servlet.Servlet#init(ServletConfig) - */ -public void init(ServletConfig servletConfig) throws ServletException { - super.init(servletConfig); - try { - MOAIDProxyInitializer.initialize(); - Logger.info(MOAIDMessageProvider.getInstance().getMessage("proxy.00", null)); - } - catch (Exception ex) { - Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("proxy.06", null), ex); - throw new ServletException(ex); - } -} - -/** - * Handles an error. <br> - * <ul> - * <li>Logs the error</li> - * <li>Places error message and exception thrown into the request - * as request attributes (to be used by <code>"/errorpage-proxy.jsp"</code>)</li> - * <li>Sets HTTP status 500 (internal server error)</li> - * </ul> - * - * @param errorMessage error message - * @param exceptionThrown exception thrown - * @param req servlet request - * @param resp servlet response - */ -protected void handleError( - String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) { - - - if(null != errorMessage) { - Logger.error(errorMessage); - req.setAttribute("ErrorMessage", errorMessage ); - } - - if (null != exceptionThrown) { - if(null == errorMessage) errorMessage = exceptionThrown.getMessage(); - Logger.error(errorMessage, exceptionThrown); - //req.setAttribute("ExceptionThrown", exceptionThrown); - } - - if (Logger.isDebugEnabled()) { - req.setAttribute("LogLevel", "debug"); - } - - //forward this to errorpage-proxy.jsp where the HTML error page is generated - ServletContext context = getServletContext(); - RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-proxy.jsp"); - try { - dispatcher.forward(req, resp); - } catch (ServletException e) { - Logger.error(e); - } catch (IOException e) { - Logger.error(e); - } - -} - - -// * taken from iaik.utils.util.copyStream: -/** - * Reads all data (until EOF is reached) from the given source to the - * destination stream. If the destination stream is null, all data is dropped. - * It uses the given buffer to read data and forward it. If the buffer is - * null, this method allocates a buffer. - * - * @param source The stream providing the data. - * @param destination The stream that takes the data. If this is null, all - * data from source will be read and discarded. - * @param buffer The buffer to use for forwarding. If it is null, the method - * allocates a buffer. - * @exception IOException If reading from the source or writing to the - * destination fails. - */ -private static void copyStream(InputStream source, OutputStream destination, byte[] buffer, String method) throws IOException { - if (source == null) { - throw new NullPointerException("Argument \"source\" must not be null."); - } - if (buffer == null) { - buffer = new byte[4096]; - } - - if (destination != null) { - int bytesRead; - while ((bytesRead = source.read(buffer)) >= 0) { - destination.write(buffer, 0, bytesRead); - //if (method.equalsIgnoreCase("POST")) Logger.debug(buffer.toString()); - } - } else { - while (source.read(buffer) >= 0); - } -} - -private static void generateErrorAndRedirct(HttpServletResponse resp, String errorURL, String message) { - try { - errorURL = addURLParameter(errorURL, PARAM_ERRORMASSAGE, - URLEncoder.encode(message, "UTF-8")); - - } catch (UnsupportedEncodingException e) { - errorURL = addURLParameter(errorURL, PARAM_ERRORMASSAGE, "Fehlermeldung%20konnte%20nicht%20%C3%BCbertragen%20werden."); - } - - errorURL = resp.encodeRedirectURL(errorURL); - resp.setContentType("text/html"); - resp.setStatus(302); - resp.addHeader("Location", errorURL); -} - -protected static String addURLParameter(String url, String paramname, - String paramvalue) { - String param = paramname + "=" + paramvalue; - if (url.indexOf("?") < 0) - return url + "?" + param; - else - return url + "&" + param; -} - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index 4288f48ad..30b6caef8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -33,7 +33,10 @@ import org.hibernate.Query; import org.hibernate.Session; import org.hibernate.Transaction; +import com.fasterxml.jackson.core.JsonProcessingException; + import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; @@ -42,8 +45,9 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.utils.JsonMapper; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.EncryptedData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; @@ -60,6 +64,8 @@ public class AuthenticationSessionStoreage { //private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>(); + private static JsonMapper mapper = new JsonMapper(); + public static boolean isAuthenticated(String moaSessionID) { AuthenticatedSessionStore session; @@ -73,34 +79,44 @@ public class AuthenticationSessionStoreage { } } - public static AuthenticationSession createSession(String pendingRequestID) throws MOADatabaseException, BuildException { + public static AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException { String id = Random.nextRandom(); - - AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); - dbsession.setSessionid(id); - dbsession.setAuthenticated(false); + try { + AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); + dbsession.setSessionid(id); + dbsession.setAuthenticated(false); - //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 - Date now = new Date(); - dbsession.setCreated(now); - dbsession.setUpdated(now); + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + Date now = new Date(); + dbsession.setCreated(now); + dbsession.setUpdated(now); - dbsession.setPendingRequestID(pendingRequestID); + dbsession.setPendingRequestID(target.getRequestID()); - AuthenticationSession session = new AuthenticationSession(id, now); - encryptSession(session, dbsession); + //set additional session informations + AuthenticationSessionExtensions sessionExt = new AuthenticationSessionExtensions(); + sessionExt.setUniqueSessionId(target.getSessionIdentifier()); + dbsession.setAdditionalInformation(mapper.serialize(sessionExt)); - //store AssertionStore element to Database - try { + AuthenticationSession session = new AuthenticationSession(id, now); + encryptSession(session, dbsession); + + //store AssertionStore element to Database MOASessionDBUtils.saveOrUpdate(dbsession); Logger.info("MOASession with sessionID=" + id + " is stored in Database"); + return session; + } catch (MOADatabaseException e) { Logger.warn("MOASession could not be created."); throw new MOADatabaseException(e); + + } catch (JsonProcessingException e) { + Logger.warn("Extended session information can not be stored.", e); + throw new MOADatabaseException(e); + } - - return session; + } public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException { @@ -118,6 +134,45 @@ public class AuthenticationSessionStoreage { throw new MOADatabaseException("MOASession deserialization-exception"); } } + + public static AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); + + if (MiscUtil.isNotEmpty(dbsession.getAdditionalInformation())) { + try { + return (AuthenticationSessionExtensions)mapper.deserialize(dbsession.getAdditionalInformation(), + AuthenticationSessionExtensions.class); + + } catch (Exception e) { + Logger.warn("Extended session information extraction FAILED!", e); + } + } + return null; + + } + + public static void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); + + dbsession.setAdditionalInformation( + mapper.serialize(sessionExtensions)); + + MOASessionDBUtils.saveOrUpdate(dbsession); + Logger.debug("MOASession with sessionID=" + sessionID + " is stored in Database"); + + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be stored."); + throw new MOADatabaseException(e); + + } catch (JsonProcessingException e) { + Logger.warn("Extended session information can not be stored.", e); + throw new MOADatabaseException("Extended session information can not be stored.", e); + + } + + } public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException { storeSession(session, null); @@ -385,8 +440,12 @@ public class AuthenticationSessionStoreage { //send transaction tx.commit(); - Logger.debug("Add SSO-Session login information for OA: " + OAUrl - + " and AssertionID: " + SLOInfo.getSessionIndex()); + if (SLOInfo != null) + Logger.debug("Add SSO-Session login information for OA: " + OAUrl + + " and AssertionID: " + SLOInfo.getSessionIndex()); + else + Logger.debug("Add SSO-Session login information for OA: " + OAUrl); + } } catch (MOADatabaseException e) { @@ -750,7 +809,7 @@ public class AuthenticationSessionStoreage { idp.setIdpurlprefix(req.getInterfederationResponse().getEntityID()); try { - OAAuthParameter oa = AuthConfigurationProvider.getInstance(). + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance(). getOnlineApplicationParameter(idp.getIdpurlprefix()); idp.setStoreSSOInformation(oa.isInterfederationSSOStorageAllowed()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java index f246c55e1..b0d166951 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java @@ -42,7 +42,6 @@ import javax.crypto.spec.SecretKeySpec; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.DatabaseEncryptionException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.data.EncryptedData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ConfigurationEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ConfigurationEncrytionUtil.java index 10221604c..19da7ed9e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ConfigurationEncrytionUtil.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ConfigurationEncrytionUtil.java @@ -23,7 +23,7 @@ package at.gv.egovernment.moa.id.util; import at.gv.egovernment.moa.id.auth.exception.DatabaseEncryptionException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; public class ConfigurationEncrytionUtil extends AbstractEncrytionUtil { @@ -34,7 +34,7 @@ public class ConfigurationEncrytionUtil extends AbstractEncrytionUtil { public static ConfigurationEncrytionUtil getInstance() { if (instance == null) { try { - key = AuthConfigurationProvider.getInstance().getMOAConfigurationEncryptionKey(); + key = AuthConfigurationProviderFactory.getInstance().getMOAConfigurationEncryptionKey(); instance = new ConfigurationEncrytionUtil(); } catch (Exception e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java index 520b81b17..0b517e783 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java @@ -37,7 +37,7 @@ import org.w3c.dom.NodeList; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.SPSSFactory; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 5eb55317a..47010a735 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -64,16 +64,15 @@ import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
-public class ParamValidatorUtils implements MOAIDAuthConstants{
+public class ParamValidatorUtils extends MOAIDAuthConstants{
/**
* Checks if the given target is valid
@@ -261,7 +260,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ * @param template
* @return
*/
- public static boolean isValidTemplate(HttpServletRequest req, String template, List<TemplateType> oaSlTemplates) {
+ public static boolean isValidTemplate(HttpServletRequest req, String template, List<String> oaSlTemplates) {
Logger.debug("Ueberpruefe Parameter Template bzw. bkuSelectionTemplateURL");
@@ -289,14 +288,14 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ }
else {
//check against configured trustet template urls
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ AuthConfiguration authConf = AuthConfigurationProviderFactory.getInstance();
List<String> trustedTemplateURLs = authConf.getSLRequestTemplates();
//get OA specific template URLs
if (oaSlTemplates != null && oaSlTemplates.size() > 0) {
- for (TemplateType el : oaSlTemplates)
- if (MiscUtil.isNotEmpty(el.getURL()))
- trustedTemplateURLs.add(el.getURL());
+ for (String el : oaSlTemplates)
+ if (MiscUtil.isNotEmpty(el))
+ trustedTemplateURLs.add(el);
}
boolean b = trustedTemplateURLs.contains(template);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java index 2d9fb9196..22a021d99 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java @@ -83,7 +83,7 @@ public class Random { ByteBuffer bb = ByteBuffer.wrap(b); long l = bb.getLong(); - return "" + l; + return "" + Math.abs(l); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index 81abe3f5a..af3424881 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -70,7 +70,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.ConnectionParameterInterface; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; /** @@ -132,8 +132,8 @@ public class SSLUtils { conf.getCertstoreDirectory(), trustStoreURL, acceptedServerCertURL, - AuthConfigurationProvider.getInstance().getDefaultChainingMode(), - AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking(), + AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), + AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(), connParam.getClientKeyStore(), connParam.getClientKeyStorePassword(), "pkcs12"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java index 8660f7c09..498f8408b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java @@ -23,7 +23,7 @@ package at.gv.egovernment.moa.id.util; import at.gv.egovernment.moa.id.auth.exception.DatabaseEncryptionException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; public class SessionEncrytionUtil extends AbstractEncrytionUtil { @@ -34,7 +34,7 @@ public class SessionEncrytionUtil extends AbstractEncrytionUtil { public static SessionEncrytionUtil getInstance() { if (instance == null) { try { - key = AuthConfigurationProvider.getInstance().getMOASessionEncryptionKey(); + key = AuthConfigurationProviderFactory.getInstance().getMOASessionEncryptionKey(); instance = new SessionEncrytionUtil(); } catch (Exception e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java index 1edb8d1f3..8e42f0df7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java @@ -48,6 +48,12 @@ package at.gv.egovernment.moa.id.util.client.mis.simple; import java.io.Serializable;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.MiscUtil;
public class MISMandate implements Serializable{
@@ -91,6 +97,28 @@ public class MISMandate implements Serializable{ public byte[] getMandate() {
return mandate;
}
+
+ public Element getMandateDOM() {
+ try {
+ byte[] byteMandate = mandate;
+ String stringMandate = new String(byteMandate);
+ return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
+
+ }
+ catch (Throwable e) {
+ Logger.warn("Mandate content could not be generated from MISMandate.");
+ return null;
+ }
+ }
+
+ public Mandate getMandateJaxB() {
+ Element domMandate = getMandateDOM();
+ if (domMandate != null)
+ return MandateBuilder.buildMandate(domMandate);
+
+ return null;
+ }
+
public void setMandate(byte[] mandate) {
this.mandate = mandate;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java index 9ce44fe15..dd4e67bcd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java @@ -30,7 +30,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -public class LegacyHelper implements MOAIDAuthConstants{ +public class LegacyHelper extends MOAIDAuthConstants{ public static boolean isUseMandateRequested(HttpServletRequest req) throws WrongParametersException { diff --git a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml new file mode 100644 index 000000000..e9e4eb23d --- /dev/null +++ b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml @@ -0,0 +1,38 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <context:property-placeholder location="${moa.id.configuration}"/> + + <bean id="moaidauthconfig" class="at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider"/> + + <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" lazy-init="true" destroy-method="close"> + <aop:scoped-proxy/> + <property name="driverClassName" value="${configuration.hibernate.connection.driver_class}" /> + <property name="url" value="${configuration.hibernate.connection.url}"/> + <property name="username" value="${configuration.hibernate.connection.username}" /> + <property name="password" value="${configuration.hibernate.connection.password}" /> + <property name="testOnBorrow" value="true" /> + <property name="validationQuery" value="SELECT 1" /> + </bean> + + <bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"> + <property name="showSql" value="true" /> + <property name="generateDdl" value="${jpaVendorAdapter.generateDdl}" /> +<!-- <property name="generateDdl"> + <bean class="java.lang.Boolean"> + <constructor-arg value="${jpaVendorAdapter.generateDdl}"/> + </bean> + </property> --> + <property name="databasePlatform" value="${configuration.hibernate.dialect}" /> + </bean> + + +</beans>
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 0d91fc2c0..23a689305 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -48,7 +48,7 @@ auth.27=Federated authentication FAILED. init.00=MOA ID Authentisierung wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
-init.02=Fehler beim Starten des Service MOA ID Authentisierung
+init.02=Fehler beim Starten des Service MOA-ID-Auth
init.04=Fehler beim Datenbankzugriff mit der SessionID {0}
@@ -74,7 +74,9 @@ config.18=Keine MOA-ID 2.x Konfiguration gefunden. config.19=Kein Schl\u00FCssel f\u00FCr die Resignierung der Personenbindung gefunden.
config.20=Umgebungsvariable "moa.id.proxy.configuration" nicht gesetzt
config.21=F\u00FCr diese Online Applikation sind keine Vollmachtsprofile hinterlegt.
-config.22=F\u00FCr den Interfederation-Gateway mit der ID {0} ist kein Endpunkt zur Weiterleitung konfiguriert.
+config.22=F\u00FCr den Interfederation-Gateway mit der ID {0} ist kein Endpunkt zur Weiterleitung konfiguriert.
+config.23=Fehler beim initialisieren von OpenSAML
+config.24=MOA-ID-Auth Configfile {1} does not start with {0} prefix.
parser.00=Leichter Fehler beim Parsen: {0}
parser.01=Fehler beim Parsen: {0}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index eeacdc627..59a29d9bd 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -54,6 +54,8 @@ config.19=9199 config.20=9199 config.21=9006 config.22=9008 +config.23=9199 +config.24=9199 parser.00=1101 parser.01=1101 diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilderTest.java deleted file mode 100644 index 0aa1ffab9..000000000 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilderTest.java +++ /dev/null @@ -1,139 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package test.at.gv.egovernment.moa.id.auth.builder; - -import java.io.FileInputStream; -import java.io.RandomAccessFile; - -import org.w3c.dom.Element; -import test.at.gv.egovernment.moa.id.auth.invoke.MOASPSSTestCase; - -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; - - - -/** - * Test case for the signature verification web service. - * - * This test requires a running SignatureVerification web service. - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class VerifyXMLSignatureRequestBuilderTest extends MOASPSSTestCase { - - - private SignatureVerificationInvoker caller; - - public VerifyXMLSignatureRequestBuilderTest(String name) { - super(name); - } - - public void setUp() { - System.setProperty( - ConfigurationProvider.CONFIG_PROPERTY_NAME, - "data/test/conf/ConfigurationTest.xml"); - caller = new SignatureVerificationInvoker(); - } - - public void testVerifyXMLSignatureRequestBuilderIdentityLink() throws Exception { - - RandomAccessFile infoBox = new RandomAccessFile( - "data/test/xmldata/testperson1/InfoboxReadResponse.xml","r"); - byte[] b = new byte[(int) infoBox.length()]; - infoBox.read(b); - infoBox.close(); - String xmlInfoboxReadResponse = new String(b, "UTF-8"); - - - RandomAccessFile vr = new RandomAccessFile( - "data/test/xmldata/standard/VerifyXMLSignatureRequestIdentityLink.xml","r"); - b = new byte[(int) vr.length()]; - vr.read(b); - vr.close(); - String xmlResponse = new String(b, "UTF-8"); - - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse); - IdentityLink idl = irrp.parseIdentityLink(); - VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder(); - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - - Element requestBuild = vsrb.build(idl, authConf.getMoaSpIdentityLinkTrustProfileID()); - - assertXmlEquals(requestBuild, xmlResponse); - - } - - public void testVerifyXMLSignature2() throws Exception { - - RandomAccessFile s = new RandomAccessFile("data/test/xmldata/standard/CreateXMLSignatureResponse.xml","r"); - byte[] b = new byte[(int) s.length()]; - s.read(b); - s.close(); - String xmlCreateXMLSignatureResponse = new String(b, "UTF-8"); - - CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse); - CreateXMLSignatureResponse csr = cXMLsrp.parseResponse(); - - VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder(); - - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - - Element request = vsrb.build(csr, authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(), authConf.getMoaSpIdentityLinkTrustProfileID()); - - // check the result - assertXmlEquals(request, new FileInputStream("data/test/xmldata/standard/VerifyXMLSignatureRequestCreateXML.xml")); - - } - } diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java deleted file mode 100644 index 0876cfac6..000000000 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java +++ /dev/null @@ -1,216 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package test.at.gv.egovernment.moa.id.auth.invoke; - -import java.io.RandomAccessFile; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; -import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; -import at.gv.egovernment.moa.util.DOMUtils; - - - -/** - * Test case for the signature verification web service. - * - * This test requires a running SignatureVerification web service. - * - * @author Patrick Peck - * @author Fatemeh Philippi - * @version $Id$ - */ -public class SignatureVerificationTest extends MOASPSSTestCase { - - - private SignatureVerificationInvoker caller; - - public SignatureVerificationTest(String name) { - super(name); - } - - public void setUp() { -System.setProperty( - ConfigurationProvider.CONFIG_PROPERTY_NAME, - "data/test/conf/ConfigurationTest.xml"); - caller = new SignatureVerificationInvoker(); - } - -/* public void testVerifyCMSSignature() throws Exception { - Element request = - parseXml("data/test/xml/VCSQ000.xml").getDocumentElement(); - Element result; - - // call the service - result = caller.verifyXMLSignature(request); - - // check the result - assertEquals("VerifyCMSSignatureResponse", result.getTagName()); - }*/ - - public void testVerifyXMLSignature1() throws Exception { - - //Momentan zeigt die Konfiguration als Endpunkt aus localhost:8081 zum - //Protokollieren per TCPMon... der ECHT Endpunkt ist 10.16.46.108:8080 - RandomAccessFile s = - new RandomAccessFile( - "data/test/xmldata/testperson1/InfoboxReadResponse.xml","r"); - byte[] b = new byte[(int) s.length()]; - s.read(b); - String xmlInfoboxReadResponse =new String(b,"UTF8"); - - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse); - IdentityLink idl = irrp.parseIdentityLink(); - VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder(); - - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - - Element request = vsrb.build(idl, authConf.getMoaSpIdentityLinkTrustProfileID()); - s =new RandomAccessFile("D://PatricksVerifyXMLSignatureRequestWithInfoboxReadResponse.xml","rw"); - s.write(DOMUtils.serializeNode(request).getBytes("UTF-8")); - s.close(); -// Element request = DOMUtils.parseDocument(vsrb.build(xmlInfoboxReadResponse,"TrustProfile1"),false,null,null).getDocumentElement(); -// Element request = DOMUtils.parseDocument(xmlInfoboxReadResponse,false,null,null).getDocumentElement(); -// call the service - Element response = caller.verifyXMLSignature(request); - VerifyXMLSignatureResponseParser vParser = new VerifyXMLSignatureResponseParser(response); - VerifyXMLSignatureResponse vData = vParser.parseData(); - VerifyXMLSignatureResponseValidator vValidate = VerifyXMLSignatureResponseValidator.getInstance(); - - DynamicOAAuthParameters oaParam = new DynamicOAAuthParameters(); - oaParam.setBusinessService(true); - vValidate.validate(vData, authConf.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, oaParam); - vValidate.validateCertificate(vData,idl); - - // check the result - assertXmlEquals(response, request); - - } - - public void testVerifyXMLSignature2() throws Exception { - // Pr�ft den 2. Aufruf mit dem CreateXMLSIgnatureResponse als Parameter - //Momentan zeigt die Konfiguration als Endpunkt aus localhost:8081 zum - //Protokollieren per TCPMon... der ECHT Endpunkt ist 10.16.46.108:8080 - RandomAccessFile s = - new RandomAccessFile( - "data/test/xmldata/standard/CreateXMLSignatureResponse.xml","r"); - byte[] b = new byte[(int) s.length()]; - s.read(b); - String xmlCreateXMLSignatureResponse = new String(b, "UTF8"); - - CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse); -// CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse); - CreateXMLSignatureResponse csr = cXMLsrp.parseResponse(); - - VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder(); - - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - - Element request = vsrb.build(csr, authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(), authConf.getMoaSpIdentityLinkTrustProfileID()); - // Element request = DOMUtils.parseDocument(vsrb.build(xmlInfoboxReadResponse,"TrustProfile1"),false,null,null).getDocumentElement(); -// Element request = DOMUtils.parseDocument(xmlInfoboxReadResponse,false,null,null).getDocumentElement(); - Element result; -/*s =new RandomAccessFile("D://PatricksVerifyXMLSignatureRequestWithAuthBlock.xml","rw"); - s.write(DOMUtils.serializeNode(request).getBytes("UTF-8")); - s.close();*/ - // call the service - result = caller.verifyXMLSignature(request); - // check the result - assertEquals("VerifyXMLSignatureResponse", result.getTagName()); - - } - - - public void testParseCreateXMLSignatureResponse() throws Exception { - - //Sp�ter soll die Datei direkt vom Server geholt werden... - - RandomAccessFile s = - new RandomAccessFile( - "data/test/xmldata/standard/CreateXMLSignatureResponse.xml", - - "r"); - byte[] b = new byte[(int) s.length()]; - s.read(b); - String xmlCreateXMLSignatureResponse = new String(b, "UTF-8"); - - CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse); - CreateXMLSignatureResponse csr = cXMLsrp.parseResponse(); - - } - - public void testParseVerifyXMLSignatureResponse() throws Exception { - - //Sp�ter soll die Datei direkt vom Server geholt werden... - - RandomAccessFile s = - new RandomAccessFile( - "data/test/xmldata/standard/VerifyXMLSignaterResponse.xml", - - "r"); - byte[] b = new byte[(int) s.length()]; - s.read(b); - String xmlVerifyXMLSignatureResponse = new String(b, "UTF-8"); - - VerifyXMLSignatureResponseParser vXMLsrp = new VerifyXMLSignatureResponseParser(xmlVerifyXMLSignatureResponse); - VerifyXMLSignatureResponse vsr = vXMLsrp.parseData(); - - } - - - } diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/AllTests.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/AllTests.java deleted file mode 100644 index 8386fc52f..000000000 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/AllTests.java +++ /dev/null @@ -1,77 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -///* -// * Copyright 2003 Federal Chancellery Austria -// * MOA-ID has been developed in a cooperation between BRZ, the Federal -// * Chancellery Austria - ICT staff unit, and Graz University of Technology. -// * -// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by -// * the European Commission - subsequent versions of the EUPL (the "Licence"); -// * You may not use this work except in compliance with the Licence. -// * You may obtain a copy of the Licence at: -// * http://www.osor.eu/eupl/ -// * -// * Unless required by applicable law or agreed to in writing, software -// * distributed under the Licence is distributed on an "AS IS" basis, -// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// * See the Licence for the specific language governing permissions and -// * limitations under the Licence. -// * -// * This product combines work with different licenses. See the "NOTICE" text -// * file for details on the various modules and licenses. -// * The "NOTICE" text file is part of the distribution. Any derivative works -// * that you distribute must include a readable copy of the "NOTICE" text file. -// */ -// -// -//package test.at.gv.egovernment.moa.id.proxy; -// -//import test.at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilderTest; -//import test.at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParserTest; -//import junit.awtui.TestRunner; -//import junit.framework.Test; -//import junit.framework.TestSuite; -// -///** -// * @author Paul Ivancsics -// * @version $Id$ -// */ -//public class AllTests { -// -// public static Test suite() { -// TestSuite suite = new TestSuite(); -// -// suite.addTestSuite(SAMLRequestBuilderTest.class); -// suite.addTestSuite(SAMLResponseParserTest.class); -// -// return suite; -// } -// -// public static void main(String[] args) { -// try { -// TestRunner.run(AllTests.class); -// } catch (Exception e) { -// e.printStackTrace(); -// } -// } -//} diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/DOMTreeCompare.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/DOMTreeCompare.java deleted file mode 100644 index d2af95855..000000000 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/DOMTreeCompare.java +++ /dev/null @@ -1,508 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package test.at.gv.egovernment.moa.id.proxy.builder; - -import java.io.PrintStream; -import java.util.ArrayList; - -import org.w3c.dom.Element; -import org.w3c.dom.NamedNodeMap; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; -import org.w3c.dom.Text; - -import at.gv.egovernment.moa.util.Base64Utils; - -/** - * @author Administrator - * - * To change this generated comment edit the template variable "typecomment": - * Window>Preferences>Java>Templates. - * To enable and disable the creation of type comments go to - * Window>Preferences>Java>Code Generation. - */ -public class DOMTreeCompare { - - boolean debug = true; - - private static PrintStream Log = null; - - static - { - Log = System.out; - } - - public boolean compareElements(Element root1, Element root2) - { - //Log.println("----- Compare Elements:"+root1.getNodeName()+" "+root2.getNodeName()); - filterTree(root1); - filterTree(root2); - return compareNodes(root1,root2,0,"root/",false); - } - - private boolean compareNodes(Node n1, Node n2, int level,String path,boolean attribute) - { - /*try { - Log.println(DOMUtils.serializeNode(n1)); - } - catch(Exception e) - { - e.printStackTrace(); - }*/ - boolean equal = false; - //Log.println("----- Compare Node "+level+":"+n1+" "+n2); - //Log.println("----- Compare Node "+level+":"+n1.getNodeName()+" "+n2.getNodeName()); - //Log.println("----- Checking:"+path+getPathString(n1)); - NodeList nl1 = n1.getChildNodes(); - NodeList nl2 = n2.getChildNodes(); - - int size1 = nl1.getLength(); - int size2 = nl2.getLength(); - - if(debug)display_one(n1); - if(debug)display_one(n2); - - - if(debug) - if(n1.getNodeName().equals("Base64Content") && n2.getNodeName().equals("Base64Content")) - { - try { - Log.println("CONT:"+new String(Base64Utils.decode(strip(n1.getChildNodes().item(0).getNodeValue()),false))); - Log.println("CONT:"+new String(Base64Utils.decode(strip(n2.getChildNodes().item(0).getNodeValue()),false))); - } - catch(Exception e) - { - e.printStackTrace(); - } - } - - if(size1 != size2) - { - Log.println("----- Anzahl der Kinder nicht gleich:"+path+getPathString(n1)+":"+getPathString(n2)); - return false; - } - - equal = compareNodeExact(n1,n2,level,path+getPathString(n1)+"/"); - if(!equal) - { - Log.println("----- Knoten sind nicht identisch:"+path+getPathString(n1)); - return false; - } - - if(n1.hasAttributes() || n2.hasAttributes()) - { - equal = compareNodeAttriubtes(n1,n2,level+1,path+getPathString(n1)+"/(a)"); - if(!equal) - { - Log.println("----- Attribute stimmen nicht �berein:"+path+getPathString(n1)); - return false; - } - } - if(size1==0) - { - return true; - } - - for(int counter=0;counter<size1;counter++) - { - boolean found = false; - Node comp_n1 = nl1.item(counter); - - //if(comp_n1==null) return false; - - Node comp_n2 = null; - size2 = nl2.getLength(); - for(int counter2=0;counter2<size2;counter2++) - { - comp_n2 = nl2.item(counter2); - - /*equal = compareNodeExact(comp_n1,comp_n2,level+1); - if(equal) return false;*/ - //Log.println("COMP_N1:"+comp_n1); - //Log.println("COMP_N2:"+comp_n2); - equal = compareNodes(comp_n1,comp_n2,level+1,path+getPathString(comp_n1)+"/",false); - if(equal) - { - n2.removeChild(comp_n2); - counter2=size2; - nl2 = n2.getChildNodes(); - size2 = nl2.getLength(); - } - - } - - if(!equal) - { - Log.println("----- Keine �bereinstimmung gefunden:"+path+getPathString(comp_n1)); - return false; - } - } - return true; - } - - private boolean compareNodeExact(Node n1,Node n2,int level,String path) - { - if(n1.getNodeType() == Node.TEXT_NODE) - { - Text textnode = (Text)n1; - /*Log.println("----- *****"+textnode.getNodeName()); - Log.println("----- *****"+textnode.getParentNode().getNodeName()); - Log.println("----- *****"+textnode.getNodeValue());*/ - } - - //Log.println("----- Checking:"+path); - String n1_name = n1.getNodeName(); - String n2_name = n2.getNodeName(); - /*Log.println("----- !!!!!"+n1.getNodeName()); - Log.println("----- !!!!!"+n1.getNodeValue()); - Log.println("----- !!!!!"+n1.getLocalName()); - Log.println("----- !!!!!"+n1.getPrefix()); - Log.println("----- !!!!!"+n1.getNextSibling()); - Log.println("----- !!!!!"+n1.getPreviousSibling());*/ - - //Log.println("----- Compare Node "+level+":"+n1_name+" "+n2_name); - if(!((n1_name==null && n2_name==null) || - (n1_name!=null && n2_name!=null && n1_name.equals(n2_name)))) - { - Log.println("----- Name stimmt nicht �berein:"+path); - return false; - } - - //Log.println("----- Compare Node "+level+":"+n1.getNodeType()+" "+n2.getNodeType()); - if(n1.getNodeType() != n2.getNodeType()) - { - Log.println("----- Knotentyp stimmt nicht �berein:"+path); - return false; - } - - String n1_ns = n1.getPrefix(); - String n2_ns = n2.getPrefix(); - //Log.println("----- Compare Node "+level+":"+n1_ns+" "+n2_ns); - if(!((n1_ns==null && n2_ns==null) || - (n1_ns!=null && n2_ns!=null && n1_ns.equals(n2_ns)))) - { - Log.println("----- NameSpace stimmt nicht �berein:"+path); - return false; - } - - String n1_value = n1.getNodeValue(); - String n2_value = n2.getNodeValue(); - - boolean special = false; - special = specialValues(n1_value,n2_value,path); - if(special) return true; - - //Log.println("----- Compare Node "+level+":"+n1_value+" "+n2_value); - if(!((n1_value==null && n2_value==null) || - (n1_value!=null && n2_value!=null && n1_value.equals(n2_value)))) - { - Log.println("----- Wert stimmt nicht �berein:"+path); - Log.println("----- Value1:\n"+n1_value); - Log.println("----- Value2:\n"+n2_value); - return false; - } - - - return true; - } - - private boolean compareNodeAttriubtesWithoutSize(Node n1, Node n2, int level,String path) - { - return true; - } - - private boolean compareNodeAttriubtes(Node n1, Node n2, int level,String path) - { - //Log.println("----- Compare NodeAttributes "+level+":"+n1.getNodeName()+" "+n2.getNodeName()); - Element n1elem = (Element)n1; - Element n2elem = (Element)n2; - - NamedNodeMap nnm1 = n1.getAttributes(); - NamedNodeMap nnm2 = n2.getAttributes(); - - int size1 = 0; - int size2 = 0; - - boolean specialattrs = specialAttributesSize(path); - - if(!specialattrs) - { - - if(nnm1==null && nnm2==null) return true; - if(nnm1==null || nnm2==null) - { - Log.println("----- Anzahl der Attribute nicht gleich:"+path+":"+getPathString(n1)); - return false; - } - size1 = nnm1.getLength(); - size2 = nnm2.getLength(); - - if(size1 != size2) - { - Log.println("----- Anzahl der Attribute nicht gleich:"+path+":"+getPathString(n1)); - return false; - } - - } - else - { - return compareNodeAttriubtesWithoutSize(n1,n2,level,path); - } - - for(int counter=0;counter<size1;counter++) - { - Node attribute_node1 = nnm1.item(counter); - Node attribute_node2 = nnm2.item(counter); - - String attr1_name = attribute_node1.getNodeName(); - String attr2_name = attribute_node2.getNodeName(); - - String value1 = n1elem.getAttribute(attr1_name); - String value2 = n2elem.getAttribute(attr2_name); - - boolean special = false; - - special = specialAttributes(path,attr1_name,value1,attr2_name,value2); - if(special) - { - return special; - } - - if(!value1.equals(value2)) - { - Log.println("----- Keine �bereinstimmung gefunden:"+path+getPathString(n1)); - return false; - } - } - - return true; - } - - private boolean checkNode(Node base,String name) - { - if(base.getNodeName().equals(name)) - { - return true; - } - - NodeList children = base.getChildNodes(); - int size = children.getLength(); - for(int counter=0;counter<size;counter++) - { - boolean found = checkNode(children.item(counter),name); - if(found) return true; - } - return false; - } - - private void display_one(Node base) - { - int att_size=0; - if(base.getAttributes()!=null) - { - att_size=base.getAttributes().getLength(); - } - if(base.getNodeName().equals("#text")) - Log.println(base.getNodeName()+base.getChildNodes().getLength()+":"+att_size+" ("+base.getNodeValue()+")"); - else - Log.println(base.getNodeName()+base.getChildNodes().getLength()+":"+att_size); - } - - private void display(Node base) - { - display(base,1); - } - - private void display(Node base,int level) - { - String spacer = ""; - for(int counter=0;counter<level;counter++) - { - spacer+=" "; - } - - int att_size=0; - if(base.getAttributes()!=null) - { - att_size=base.getAttributes().getLength(); - } - if(base.getNodeName().equals("#text")) - Log.println(spacer+base.getNodeName()+base.getChildNodes().getLength()+":"+att_size+" ("+base.getNodeValue()+")"); - else - Log.println(spacer+base.getNodeName()+base.getChildNodes().getLength()+":"+att_size); - - NodeList children = base.getChildNodes(); - int size = children.getLength(); - for(int counter=0;counter<size;counter++) - { - display(children.item(counter),level+1); - } - } - - private void filterTree(Node base) - { - ArrayList removeList = new ArrayList(); - - NodeList children = base.getChildNodes(); - int size = children.getLength(); - for(int counter=0;counter<size;counter++) - { - Node child1 = children.item(counter); - if(child1.getNodeType() == Node.TEXT_NODE && child1.getNodeValue().trim().equals("")) - { - removeList.add(child1); - } - } - - size = removeList.size(); - for(int counter=0;counter<size;counter++) - { - base.removeChild((Node)removeList.get(counter)); - } - - children = base.getChildNodes(); - size = children.getLength(); - for(int counter=0;counter<size;counter++) - { - filterTree(children.item(counter)); - } - - } - - private String getPathString(Node n) - { - if(n.getNodeType()==Node.TEXT_NODE) - { - return n.getParentNode().getNodeName()+"(text)"; - } - else - { - return n.getNodeName(); - } - - } - - public boolean specialAttributes(String path,String attr1_name,String value1,String attr2_name,String value2) - { - //if(value1.startsWith("reference-") && value2.startsWith("reference-")) return true; - //if(value1.startsWith("signature-") && value2.startsWith("signature-")) return true; - - return false; - } - - public boolean specialAttributesSize(String path) - { - //if(path.endsWith("/xsl:template/(a)")) return true; - return false; - } - - public boolean specialValues(String value1,String value2,String path) - { - - //Log.println(path); - /*if(ignoreSignatureValue) - { - if(path.endsWith("/dsig:SignatureValue(text)/")) - { - return true; - } - } - else - { - if(path.endsWith("/dsig:SignatureValue(text)/")) - { - String stripped_1 = strip(value1); - String stripped_2 = strip(value2); - return stripped_1.equals(stripped_2); - } - }*/ - - return false; - } - - private String strip(String input) - { - String output = replaceStringAll(input," ",""); - output = replaceStringAll(output,"\n",""); - output = replaceStringAll(output,"\r",""); - return output; - } - - private static String replaceStringAll( - String input, - String oldPart, - String newPart) - { - - String erg = null; - - int pos = input.indexOf(oldPart); - if(pos==-1) return input; - - while(true) - { - - //First Part - pos = input.indexOf(oldPart); - if(pos==-1) break; - erg = input.substring(0, pos); - - //Insert new Part - erg += newPart; - - //insert REST - erg - += input.substring( - input.indexOf(oldPart) + oldPart.length(), - input.length()); - - input = erg; - } - return erg; - } - -} diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java deleted file mode 100644 index 2e676a00b..000000000 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java +++ /dev/null @@ -1,78 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package test.at.gv.egovernment.moa.id.proxy.builder; - -import org.w3c.dom.Element; - -import test.at.gv.egovernment.moa.id.UnitTestCase; -import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; -import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder; -import at.gv.egovernment.moa.util.DOMUtils; - -/* - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLRequestBuilderTest extends UnitTestCase { - - public SAMLRequestBuilderTest(String arg0) { - super(arg0); - } - - public void testBuild() throws Exception { - String requestID = "123"; - String samlArtifact = new SAMLArtifactBuilder().build("https://moa.gv.at/auth/", "12345678901234567890", null); - String REQUEST_SHOULD = "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"" + - requestID + "\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"IGNORE\">" + - "<samlp:AssertionArtifact>" + samlArtifact + "</samlp:AssertionArtifact>" + - "</samlp:Request>"; - Element request = new SAMLRequestBuilder().build(requestID, samlArtifact); - Element requestShould = DOMUtils.parseDocument(REQUEST_SHOULD, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); - assertTrue(new SAMLRequestCompare().compareElements(requestShould, request)); - } - -} diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestCompare.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestCompare.java deleted file mode 100644 index e595ca86c..000000000 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestCompare.java +++ /dev/null @@ -1,65 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package test.at.gv.egovernment.moa.id.proxy.builder; - -/* - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLRequestCompare extends test.at.gv.egovernment.moa.id.proxy.builder.DOMTreeCompare { - - - /* - * @see at.gv.egovernment.moa.util.SAMLRequestCompare#specialAttributes(java.lang.String, java.lang.String) - */ - public boolean specialAttributes(String path,String attr1_name,String value1,String attr2_name,String value2) { - if(attr1_name.equals("IssueInstant")) - return true; - return false; - } - -} diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java deleted file mode 100644 index 3b4beb7b7..000000000 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java +++ /dev/null @@ -1,227 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package test.at.gv.egovernment.moa.id.proxy.parser; - -import org.w3c.dom.Element; - -import test.at.gv.egovernment.moa.id.UnitTestCase; - -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.data.SAMLStatus; -import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; -import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; - -/* - * @author Paul Ivancsics - * @version $Id$ - */ -public class SAMLResponseParserTest extends UnitTestCase { - - public SAMLResponseParserTest(String arg0) { - super(arg0); - } - - public void testParse() throws Exception { - String samlResponse = - "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + - "<samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"" + - " ResponseID=\"\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-03-29T06:00:00+02:00\">" + - "<samlp:Status>" + - "<samlp:StatusCode Value=\"samlp:Success\"><samlp:StatusCode Value=\"samlp:Success\"></samlp:StatusCode></samlp:StatusCode>" + - "<samlp:StatusMessage>Ollas leiwand</samlp:StatusMessage>" + - "</samlp:Status>" + -"<saml:Assertion xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:pr=\"http://reference.e-government.gv.at/namespace/persondata/20020228#\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" MajorVersion=\"1\" MinorVersion=\"0\" AssertionID=\"-4633313027464114584\" Issuer=\"http://localhost:8080/moa-id-auth/\" IssueInstant=\"2003-04-02T14:55:42+02:00\">" + - "<saml:AttributeStatement>" + - "<saml:Subject>" + - "<saml:NameIdentifier NameQualifier=\"http://reference.e-government.gv.at/names/vpk/20020221#\">MTk2OC0xMC0yMmdi</saml:NameIdentifier>" + - "<saml:SubjectConfirmation>" + - "<saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>" + - "<saml:SubjectConfirmationData>" + - "<saml:Assertion xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" MajorVersion=\"1\" MinorVersion=\"0\" AssertionID=\"any\" Issuer=\"Hermann Muster\" IssueInstant=\"2003-04-02T14:55:27+02:00\">" + - "<saml:AttributeStatement>" + - "<saml:Subject>" + - "<saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>" + - "</saml:Subject>" + - "<saml:Attribute AttributeName=\"Gesch�ftsbereich\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">" + - "<saml:AttributeValue>gb</saml:AttributeValue>" + - "</saml:Attribute>" + - "<saml:Attribute AttributeName=\"OA\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">" + - "<saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>" + - "</saml:Attribute>" + - "</saml:AttributeStatement>" + - "</saml:Assertion>" + - "<saml:Assertion AssertionID=\"zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474\" IssueInstant=\"2003-02-12T20:28:34.474\" Issuer=\"http://zmr.bmi.gv.at/zmra/names#Issuer\" MajorVersion=\"1\" MinorVersion=\"0\" xmlns:pr=\"http://reference.e-government.gv.at/namespace/persondata/20020228#\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">" + - "<saml:AttributeStatement>" + - "<saml:Subject>" + - "<saml:SubjectConfirmation>" + - "<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>" + - "<saml:SubjectConfirmationData>" + - "<pr:Person xsi:type=\"pr:PhysicalPersonType\">" + - "<pr:Identification>" + - "<pr:Value>123456789012</pr:Value>" + - "<pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>" + - "</pr:Identification>" + - "<pr:Name>" + - "<pr:GivenName>Hermann</pr:GivenName>" + - "<pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName>" + - "</pr:Name>" + - "<pr:DateOfBirth>1968-10-22</pr:DateOfBirth>" + - "</pr:Person>" + - "</saml:SubjectConfirmationData>" + - "</saml:SubjectConfirmation>" + - "</saml:Subject>" + - "<saml:Attribute AttributeName=\"CitizenPublicKey\" AttributeNamespace=\"http://www.buergerkarte.at/namespaces/personenbindung/20020506#\">" + - "<saml:AttributeValue>" + - "<dsig:RSAKeyValue xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" + - "<dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a f2daYYuO8dycQw3xg6U=</dsig:Modulus>" + - "<dsig:Exponent>AQAB</dsig:Exponent>" + - "</dsig:RSAKeyValue>" + - "</saml:AttributeValue>" + - "</saml:Attribute>" + - "<saml:Attribute AttributeName=\"CitizenPublicKey\" AttributeNamespace=\"http://www.buergerkarte.at/namespaces/personenbindung/20020506#\">" + - "<saml:AttributeValue>" + - "<dsig:RSAKeyValue xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" + - "<dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn pIpdAwR9sw5xnIvTySc=</dsig:Modulus>" + - "<dsig:Exponent>AQAB</dsig:Exponent>" + - "</dsig:RSAKeyValue>" + - "</saml:AttributeValue>" + - "</saml:Attribute>" + - "</saml:AttributeStatement>" + - "<dsig:Signature xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" + - "<dsig:SignedInfo>" + - "<dsig:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/>" + - "<dsig:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/>" + - "<dsig:Reference URI=\"\">" + - "<dsig:Transforms>" + - "<dsig:Transform Algorithm=\"http://www.w3.org/TR/1999/REC-xpath-19991116\">" + - "<dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath>" + - "</dsig:Transform>" + - "<dsig:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>" + - "</dsig:Transforms>" + - "<dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" + - "<dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue>" + - "</dsig:Reference>" + - "<dsig:Reference Type=\"http://www.w3.org/2000/09/xmldsig#Manifest\" URI=\"\">" + - "<dsig:Transforms>" + - "<dsig:Transform Algorithm=\"http://www.w3.org/TR/1999/REC-xpath-19991116\">" + - "<dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath>" + - "</dsig:Transform>" + - "</dsig:Transforms>" + - "<dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" + - "<dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue>" + - "</dsig:Reference>" + - "</dsig:SignedInfo>" + - "<dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz 5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP 3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue>" + - "<dsig:KeyInfo>" + - "<dsig:X509Data>" + - "<dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 +UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 Btxup/kgjGMnnS7C</dsig:X509Certificate>" + - "<dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia 2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv 7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate>" + - "<dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB /wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 kFfp23o/juVtJNw=</dsig:X509Certificate>" + - "</dsig:X509Data>" + - "</dsig:KeyInfo>" + - "<dsig:Object>" + - "<dsig:Manifest>" + - "<dsig:Reference URI=\"\">" + - "<dsig:Transforms>" + - "<dsig:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>" + - "</dsig:Transforms>" + - "<dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" + - "<dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue>" + - "</dsig:Reference>" + - "</dsig:Manifest>" + - "</dsig:Object>" + - "</dsig:Signature>" + - "</saml:Assertion>" + - "</saml:SubjectConfirmationData>" + - "</saml:SubjectConfirmation>" + - "</saml:Subject>" + - "<saml:Attribute AttributeName=\"PersonData\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/persondata/20020228#\">" + - "<saml:AttributeValue>" + - "<pr:Person xsi:type=\"pr:PhysicalPersonType\">" + - "<pr:Identification>" + - "<pr:Value>123456789012</pr:Value>" + - "<pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>" + - "</pr:Identification>" + - "<pr:Name>" + - "<pr:GivenName>Hermann</pr:GivenName>" + - "<pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName>" + - "</pr:Name>" + - "<pr:DateOfBirth>1968-10-22</pr:DateOfBirth>" + - "</pr:Person>" + - "</saml:AttributeValue>" + - "</saml:Attribute>" + - "<saml:Attribute AttributeName=\"isQualifiedCertificate\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">" + - "<saml:AttributeValue>true</saml:AttributeValue>" + - "</saml:Attribute>" + - "</saml:AttributeStatement>" + -"</saml:Assertion>" + - "</samlp:Response>"; - - Element samlResponseElem = - DOMUtils.parseDocument(samlResponse, true, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); - SAMLResponseParser parser = new SAMLResponseParser(samlResponseElem); - SAMLStatus status = parser.parseStatusCode(); - assertEquals("samlp:Success", status.getStatusCode()); - assertEquals("samlp:Success", status.getSubStatusCode()); - assertEquals("Ollas leiwand", status.getStatusMessage()); - SAML1AuthenticationData authData = parser.parseAuthenticationData(); - assertEquals(1, authData.getMajorVersion()); - assertEquals(0, authData.getMinorVersion()); - assertEquals("-4633313027464114584", authData.getAssertionID()); - assertEquals("http://localhost:8080/moa-id-auth/", authData.getIssuer()); - assertEquals("2003-04-02T14:55:42+02:00", authData.getIssueInstantString()); - assertEquals("123456789012", authData.getIdentificationValue()); - assertEquals("MTk2OC0xMC0yMmdi", authData.getBPK()); - assertEquals("Hermann", authData.getGivenName()); - assertEquals("Muster", authData.getFamilyName()); - assertEquals("1968-10-22", authData.getDateOfBirth()); - assertTrue(authData.isQualifiedCertificate()); - assertFalse(authData.isPublicAuthority()); - } -} diff --git a/id/server/idserverlib/src/test/java/test/lasttest/Dispatcher.java b/id/server/idserverlib/src/test/java/test/lasttest/Dispatcher.java deleted file mode 100644 index 2111d9811..000000000 --- a/id/server/idserverlib/src/test/java/test/lasttest/Dispatcher.java +++ /dev/null @@ -1,110 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package test.lasttest; - -/** - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class Dispatcher extends Thread { - private LasttestClient parent = null; - private int max; - private int turns; - private int turn_counter; - private int turn; - private int time; - private long sum; - private int turnnum; - - public Dispatcher(LasttestClient parent, int max, int turns, int time, long sum) { - this.parent = parent; - this.max = max; - this.turns = turns; - this.time = time; - this.sum = sum; - turnnum=0; - } - - public void run() { - this.setPriority(Thread.NORM_PRIORITY + 1); - System.out.println("Dispatcher wird gestartet..."); - TestThread[] old_reqs = buildRequests(0); - for (turn_counter = 0; turns == 0 ? true : (turn_counter < turns); turn_counter++) { - try { -// LasttestClient.Log.write(("Starte Durchlauf " + turn_counter + "\n").getBytes()); - } - catch (Exception e) {} - -// System.out.println("Starte Durchlauf " + turn_counter); - turn = turn_counter; - if (turns == 0) - turn_counter--; - TestThread[] reqs = buildRequests(turn_counter); - for (int counter = 0; counter < max; counter++) { - old_reqs[counter].start(); - } - old_reqs = reqs; - try { - Thread.sleep(time); - } - catch (Exception e) { - e.printStackTrace(); - } - } - parent.stop = true; - } - - public TestThread[] buildRequests(int turnNo) { - TestThread[] ret = new TestThread[max]; - for (int counter = 0; counter < max; counter++) { -// turnnum ++; - ret[counter] = new TestThread(parent, turnNo); - } - return ret; - } -} diff --git a/id/server/idserverlib/src/test/java/test/lasttest/HostnameVerifierHack.java b/id/server/idserverlib/src/test/java/test/lasttest/HostnameVerifierHack.java deleted file mode 100644 index 7dd68a949..000000000 --- a/id/server/idserverlib/src/test/java/test/lasttest/HostnameVerifierHack.java +++ /dev/null @@ -1,59 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package test.lasttest; - -import com.sun.net.ssl.HostnameVerifier; - -/** - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class HostnameVerifierHack implements HostnameVerifier{ - public boolean verify(String arg0, String arg1) { - return true; - }} diff --git a/id/server/idserverlib/src/test/java/test/lasttest/LasttestClient.java b/id/server/idserverlib/src/test/java/test/lasttest/LasttestClient.java deleted file mode 100644 index 4a89f031e..000000000 --- a/id/server/idserverlib/src/test/java/test/lasttest/LasttestClient.java +++ /dev/null @@ -1,264 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package test.lasttest; - -import java.io.FileOutputStream; -import java.io.OutputStream; -import java.io.PrintStream; -import java.security.Security; -import java.util.Date; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.StreamUtils; -import at.gv.egovernment.moa.util.URLDecoder; -import at.gv.egovernment.moa.util.URLEncoder; -import com.sun.net.ssl.HttpsURLConnection; - -/** - * @author Sven - * - * To change this generated comment edit the template variable "typecomment": - * Window>Preferences>Java>Templates. - * To enable and disable the creation of type comments go to - * Window>Preferences>Java>Code Generation. - * - * Aufruf: Requestdatei (==null), ServerURL, Anzahl der Requests pro Sekunde, Anzahl der Wiederholungen - * z.b. "data/CX0/TestGeneratorCX0.001.Req.xml" "http://127.0.0.1:8080/" 5 100 - * - * ==> GE�NDERT: ersten 2 Parameter gekillt... nur noch 5 100 - */ -public class LasttestClient { - - protected static final String TESTDATA_ROOT = "data/abnahme-test/"; - protected static final String MOA_AUTH_SERVER = "https://localhost:8443/moa-id-auth/"; - protected AuthenticationServer server; - - public int max_thread_count = 300; - public int thread_counter = 0; - public int error_count = 0; - public int turns = 0; - public long sum = 0; - public long max = 0; - public long min = Long.MAX_VALUE; - - public static PrintStream Log = null; - - public boolean stop = false; - - public static final String trustStore = "javax.net.ssl.trustStore"; - public static final String trustStorePassword = "javax.net.ssl.trustStorePassword"; - public static final String handler = "java.protocol.handler.pkgs"; - - public void startTest(int req_per_second, int turns, int time) throws Exception { - Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - - System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); - System.setProperty("javax.net.ssl.trustStore", "C:/Programme/ApacheGroup/abnahme/server.keystore"); - System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); - - System.setProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME, TESTDATA_ROOT + "xmldata/L000/Configuration.xml"); - - AuthConfigurationProvider.reload(); - - this.turns = turns; - - boolean result = new TestThread(this,0).doRequest(0);// doTestRequest(); - if (result) { - System.out.println("TestRequest OK. Lasttest wird gestartet."); - sum=0; - max=0; - Dispatcher dp = new Dispatcher(this, req_per_second, turns, time, sum); - dp.start(); - while (!stop) { - try { - Log.println(new String(("Checking Stop Condition ...(Running " + thread_counter + ", Min " + (min) + ", Max " + (max) + ", " + new Date(System.currentTimeMillis()) + ")"))); - Log.flush(); - } - catch (Exception e) {} - - System.out.println("Checking Stop Condition ...(Running " + thread_counter + ", Min " + (min) + ", Max " + (max) + ", " + new Date(System.currentTimeMillis()) + ")"); - Thread.sleep(10000); - } - System.out.println("Fehler:" + error_count + " (Running " + thread_counter + ", Min " + (min) + ", Max " + (max) + ", " + new Date(System.currentTimeMillis()) + ")"); - } - else { - System.out.println("TestRequest lieferte einen Fehler. Lasttest wird nicht gestartet."); - } - } - - - public boolean doTestRequest() throws Exception { - - try { - - TestThread tt = new TestThread(null,0); - - // Anmelden - String URL = tt.getURL(MOA_AUTH_SERVER, "gb", "http://10.16.126.28:9080/moa-id-proxy/"); - HttpsURLConnection conn = tt.giveConnection(URL, "GET"); - - conn.connect(); - String result = new String(StreamUtils.readStream(conn.getInputStream())); - String MOASessionID = tt.parseSessionIDFromForm(result); - conn.disconnect(); - - URL = tt.parseDataURL(result); - // Verify Identity Link - conn = tt.giveConnection(URL, "POST"); - conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded"); - String infoboxReadResponse = tt.readXmldata("InfoboxReadResponse.xml"); - OutputStream out = conn.getOutputStream(); - out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes()); - out.flush(); - out.close(); - conn.connect(); - String redirectLoc = conn.getHeaderField("Location"); - conn.disconnect(); - //Verify Auth Block - conn = tt.giveConnection(redirectLoc, "POST"); - String createXMLSignatureResponse = URLEncoder.encode(tt.readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8"); - out = conn.getOutputStream(); - out.write(("XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8")); - out.flush(); - out.close(); - conn.connect(); - redirectLoc = conn.getHeaderField("Location"); - String samlArtifact = tt.parseSamlArtifact(redirectLoc); - System.out.println("SamlArtifact: " + samlArtifact); - - conn.disconnect(); - - conn = null; - - SAMLRequestBuilder srb = new SAMLRequestBuilder(); - - Element erg = tt.doCall(srb.build(MOASessionID, URLDecoder.decode(samlArtifact, "UTF-8")),MOA_AUTH_SERVER); - result = DOMUtils.serializeNode(erg); - if (result.indexOf("saml:Assertion")<0) - { - System.err.println("Falsche Antwort vom Webservice:\n" + result); - throw new Exception("Falsche Antwort vom Webservice"); - - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN LASTTEST :" + e.getLocalizedMessage()); - throw e; - } - - return true; - - } - - public String replaceString(String input, String oldPart, String newPart) throws Exception { - String erg = null; - - //First Part - erg = input.substring(0, input.indexOf(oldPart)); - //Insert new Part - erg += newPart; - - //insert REST - erg += input.substring(input.indexOf(oldPart) + oldPart.length(), input.length()); - - return erg; - } - - public static void main(String[] args) throws Exception { - Log = new PrintStream(new FileOutputStream("C:/Lasttest.log")); - int time = 0; - int sek = 0; - int turns = 0; - - if (args.length != 3) { - System.out.println("Parameteranzahl falsch. Bitte verwenden Sie die Syntax <Request_pro_Zeiteinheit(Zahl)> <Anzahl_der_Durchl�ufe(Zahl oder INF)> <Zeit_zwischen_Aufrufen_in_ms(Zahl)>"); - return; - } - - try { - sek = Integer.parseInt(args[0]); - time = Integer.parseInt(args[2]); - if (args[1].equals("INF")) { - turns = 0; - } - else - turns = Integer.parseInt(args[1]); - } - catch (NumberFormatException e) { - System.out.println("Einer der Parameter (Requestanzahl oder Testanzahl) ist keine Zahl !"); - return; - } - - System.out.println("Starte Lastest mit folgenden Parametern ..."); - System.out.println("ServerURL: " + MOA_AUTH_SERVER); - double reqPerSek = sek*1000; - System.out.println("Requests pro Sekunde: " + reqPerSek/time); - System.out.println("Durchl�ufe: " + (turns == 0 ? "INF" : turns + "")); - - Log.println("Starte Lastest mit folgenden Parametern ..."); - Log.println("ServerURL: " + MOA_AUTH_SERVER); - Log.println("Requests pro Sekunde: " + reqPerSek / time); - Log.println("Durchl�ufe: " + (turns == 0 ? "INF" : turns + "")); - - - try { - LasttestClient lc = new LasttestClient(); - //lc.startTest("data/CX0/TestGeneratorCX0.001.Req.xml","http://161.106.2.255:8080/",10,1000); - lc.startTest(sek, turns, time); - } - catch (Exception e) { - e.printStackTrace(); - } - } -} - diff --git a/id/server/idserverlib/src/test/java/test/lasttest/TestThread.java b/id/server/idserverlib/src/test/java/test/lasttest/TestThread.java deleted file mode 100644 index 9ad9890a0..000000000 --- a/id/server/idserverlib/src/test/java/test/lasttest/TestThread.java +++ /dev/null @@ -1,297 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package test.lasttest; - -import java.io.OutputStream; -import java.net.URL; -import java.util.Vector; - -import javax.xml.namespace.QName; -import javax.xml.rpc.Call; -import javax.xml.rpc.Service; -import javax.xml.rpc.ServiceFactory; - -import org.apache.axis.message.SOAPBodyElement; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder; -import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory; -import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.StreamUtils; -import at.gv.egovernment.moa.util.URLDecoder; -import at.gv.egovernment.moa.util.URLEncoder; -import com.sun.net.ssl.HttpsURLConnection; - -/** - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class TestThread extends Thread { - private LasttestClient parent = null; - private int turn_no; - private Dispatcher disp = null; - - public TestThread( LasttestClient parent, int durchlauf_nr) { - turn_no = durchlauf_nr; - this.parent = parent; - - } - - protected Element doCall(Element request, String server) throws Exception { - - /* QName serviceName = new QName("GetAuthenticationData"); - - String endPoint = server + "services/GetAuthenticationData"; - Service service = ServiceFactory.newInstance().createService(serviceName); - Call call = service.createCall(); - SOAPBodyElement body = new SOAPBodyElement(request); - SOAPBodyElement[] params = new SOAPBodyElement[] { body }; - Vector responses; - SOAPBodyElement response; - - - System.out.println(DOMUtils.serializeNode(body.getAsDOM())); - call.setTargetEndpointAddress(endPoint); - System.out.println("Rufe WS auf: " + endPoint); - responses = (Vector) call.invoke(params); - System.out.println("WS aufgerufen."); - response = (SOAPBodyElement) responses.get(0); - System.out.println(DOMUtils.serializeNode(response.getAsDOM())); - return response.getAsDOM();*/ - - QName serviceName = new QName("GetAuthenticationData"); - String endPoint = server + "services/GetAuthenticationData"; - Service service = ServiceFactory.newInstance().createService(serviceName); - Call call = service.createCall(); - - System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); - System.setProperty("javax.net.ssl.trustStore", "C:/Programme/ApacheGroup/abnahme/server.keystore"); - System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); - SOAPBodyElement body = new SOAPBodyElement(request); - SOAPBodyElement[] params = new SOAPBodyElement[] { body }; - Vector responses; - SOAPBodyElement response; - - call.setTargetEndpointAddress(endPoint); - responses = (Vector) call.invoke(params); - response = (SOAPBodyElement) responses.get(0); - return response.getAsDOM(); - } - - public boolean doRequest(int turnNo) throws Exception { - long start = System.currentTimeMillis(); - - try { - LasttestClient.Log.write(("Starte Durchlauf " + turnNo + "\n").getBytes()); - } - catch (Exception e) {} - - System.out.println("Starte Durchlauf " + turnNo); - // Anmelden - String URL = getURL(LasttestClient.MOA_AUTH_SERVER, "gb", "http://10.16.126.28:9080/moa-id-proxy/"); - HttpsURLConnection conn = giveConnection(URL, "GET"); - conn.connect(); - String result = new String(StreamUtils.readStream(conn.getInputStream())); - /* - * FOR DEBUG ONLY - */ - // System.out.println(URL); - // System.out.println(result); - //---------------- - - String MOASessionID = parseSessionIDFromForm(result); - conn.disconnect(); - - URL = parseDataURL(result); - // Verify Identity Link - conn = giveConnection(URL, "POST"); - conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded"); - String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml"); - OutputStream out = conn.getOutputStream(); - out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes()); - out.flush(); - out.close(); - conn.connect(); - - /* - * FOR DEBUG ONLY - */ - // System.out.println(URL); - // System.out.println(new String(StreamUtils.readStream(conn.getInputStream()))); - //---------------- - - String redirectLoc = conn.getHeaderField("Location"); - conn.disconnect(); - //Verify Auth Block - conn = giveConnection(redirectLoc, "POST"); - String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8"); - out = conn.getOutputStream(); - out.write(("XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8")); - out.flush(); - out.close(); - conn.connect(); - redirectLoc = conn.getHeaderField("Location"); - - /* - * FOR DEBUG ONLY - */ - // System.out.println(redirectLoc); - // System.out.println(new String(StreamUtils.readStream(conn.getInputStream()))); - //---------------- - String samlArtifact = parseSamlArtifact(redirectLoc); - - // System.out.println("SamlArtifact: " + samlArtifact); - - AxisSecureSocketFactory.initialize(conn.getSSLSocketFactory()); - conn.disconnect(); - - conn = null; - - SAMLRequestBuilder srb = new SAMLRequestBuilder(); - - doCall(srb.build(MOASessionID, URLDecoder.decode(samlArtifact, "UTF-8")), LasttestClient.MOA_AUTH_SERVER); - // writeXmldata("GetAuthenticationDataWebServiceResponse.xml", result.getBytes("UTF-8")); - - long end = System.currentTimeMillis(); - long diff = end - start; - parent.sum +=diff; - if (parent.max < diff) { - parent.max = diff; - } - if (parent.min > diff) { - parent.min = diff; - } - if (turnNo>0) { - long totalmem = Runtime.getRuntime().totalMemory(); - long freemem = Runtime.getRuntime().freeMemory(); - try { - LasttestClient.Log.write(new String("Ende Durchlauf: " + turnNo + " ==> Dauer:" + diff + " Schnitt: " + (parent.sum/turnNo/2) + " Total-Mem: " + totalmem + " Free-Mem: " + freemem + "\n").getBytes()); - LasttestClient.Log.flush(); - } - catch (Exception e) {} - System.out.println(new String("Ende Durchlauf: " + turnNo + " ==> Dauer:" + diff + " Schnitt: " + (parent.sum/turnNo/2) + " Total-Mem: " + totalmem + " Free-Mem: " + freemem)); - } - return true; - - } - - public String getSubString(String input, String startsWith, String endsWith) { - return input.substring(input.indexOf(startsWith) + startsWith.length(), input.indexOf(endsWith, input.indexOf(startsWith) + startsWith.length())); - } - - public String getURL(String authURL, String target, String oaURL) { - return authURL + "StartAuthentication?Target=" + target + "&OA=" + oaURL; - } - - public HttpsURLConnection giveConnection(String targetURL, String requestMethod) throws Exception { - HttpsURLConnection conn = (HttpsURLConnection) new URL(targetURL).openConnection(); - conn.setRequestMethod(requestMethod); - conn.setDoInput(true); - conn.setDoOutput(true); - conn.setUseCaches(false); - conn.setAllowUserInteraction(false); - conn.setHostnameVerifier(new HostnameVerifierHack()); - return conn; - } - - public String killInclusive(String input, String startsWith, String endsWith, String newValue) { - int start = 0; - int ende; - String result; - result = input; - do { - start = result.indexOf(startsWith, start) + startsWith.length(); - ende = result.indexOf(endsWith, start); - result = result.substring(0, start - startsWith.length()) + newValue + result.substring(ende + endsWith.length(), result.length()); - start++; - } - while (result.indexOf(startsWith, ende + 1) > 0); - - return result; - } - - public String parseDataURL(String input) { - return getSubString(input.substring(input.indexOf("DataURL"), input.length()), "value=\"", "\""); - } - - public String parseSamlArtifact(String input) { -// System.out.println(input); - return getSubString(input + "@@@", "SAMLArtifact=", "@@@"); - } - - public String parseSessionIDFromForm(String htmlForm) { - String parName = "MOASessionID="; - int i1 = htmlForm.indexOf(parName) + parName.length(); - int i2 = htmlForm.indexOf("\"", i1); - return htmlForm.substring(i1, i2); - } - - public String readXmldata(String filename) throws Exception { - - return FileUtils.readFile(LasttestClient.TESTDATA_ROOT + "xmldata/L000/" + filename, "UTF-8"); - } - - /** - * @see java.lang.Runnable#run() - */ - public void run() { - parent.thread_counter++; - - try { - if (!doRequest(turn_no)) { - parent.error_count++; - } - } - catch (Exception e) { - e.printStackTrace(); - parent.error_count++; - } - parent.thread_counter--; - } - -} diff --git a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java index 549eb4f2b..fd1473b1f 100644 --- a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java +++ b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java @@ -1,7 +1,19 @@ package test.tlenz; +import java.io.FileInputStream; +import java.io.InputStream; + +import org.w3c.dom.Element; + +import iaik.asn1.structures.Name; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.data.AuthenticationRole; import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; +import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; +import at.gv.egovernment.moa.util.DOMUtils; /******************************************************************************* * Copyright 2014 Federal Chancellery Austria @@ -46,12 +58,38 @@ import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; public class simpletest { // public static void main(String[] args) { + try { + InputStream s = new FileInputStream("D:/idl_test/identity_link.xml"); + Element idlTemplate = DOMUtils.parseXmlValidating(s); + + //resign IDL + IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); + Element resignedilAssertion = identitylinkresigner.resignIdentityLink(idlTemplate, "IDLSigning"); + IdentityLink identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink(); + + } catch (Exception e) { + System.out.println(e.getMessage()); + + } - AuthenticationRole test = AuthenticationRoleFactory.buildFormPVPole("ecas-demo-EUROPEAN_COMMISSION(key=A\\,B)"); + String subjectName = "serialNumber=896929130327, givenName=OCSP, SN=Responder 03-1, CN=OCSP Responder 03-1, C=AT"; - test = AuthenticationRoleFactory.buildFormPVPole("ecas-demo-EUROPEAN_COMMISSION"); - test = AuthenticationRoleFactory.buildFormPVPole("ecas-demo-EUROPEAN_COMMISSION(key=A)"); - test = AuthenticationRoleFactory.buildFormPVPole("ecas-demo-EUROPEAN_COMMISSION(keyA=A,keyB=B)"); + try { + Name test = new RFC2253NameParser(subjectName).parse(); + + System.out.println(test.getRFC2253String()); + + } catch (RFC2253NameParserException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + +// AuthenticationRole test = AuthenticationRoleFactory.buildFormPVPole("ecas-demo-EUROPEAN_COMMISSION(key=A\\,B)"); +// +// test = AuthenticationRoleFactory.buildFormPVPole("ecas-demo-EUROPEAN_COMMISSION"); +// test = AuthenticationRoleFactory.buildFormPVPole("ecas-demo-EUROPEAN_COMMISSION(key=A)"); +// test = AuthenticationRoleFactory.buildFormPVPole("ecas-demo-EUROPEAN_COMMISSION(keyA=A,keyB=B)"); // // System.setProperty("mandates.configuration", "D:/Projekte/svn/moa-id/moa-id.properties"); diff --git a/id/server/idserverlib/src/test/resources/log4j.xml b/id/server/idserverlib/src/test/resources/log4j.xml new file mode 100644 index 000000000..6685c1e82 --- /dev/null +++ b/id/server/idserverlib/src/test/resources/log4j.xml @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd"> + +<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/"> + <appender name="consoleAppender" class="org.apache.log4j.ConsoleAppender"> + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d{dd MMM yyyy HH:mm:ss} %5p %c{1} - %m%n" /> + </layout> + </appender> + + <root> + <priority value="info" /> + <appender-ref ref="consoleAppender" /> + </root> + +</log4j:configuration> |