diff options
Diffstat (limited to 'id/server/moa-id-commons/src/main/java')
35 files changed, 1350 insertions, 1056 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java index 6726aacb5..6d573efe8 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java @@ -40,11 +40,13 @@ public class MOAIDConstants { public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+"; public static final String PREFIX_STORK = "urn:publicid:gv.at:storkid+"; + public static final String PREFIX_EIDAS = "urn:publicid:gv.at:eidasid+"; public static final String IDENIFICATIONTYPE_FN = "FN"; public static final String IDENIFICATIONTYPE_ERSB = "ERSB"; public static final String IDENIFICATIONTYPE_ZVR = "ZVR"; public static final String IDENIFICATIONTYPE_STORK = "STORK"; + public static final String IDENIFICATIONTYPE_EIDAS = "eIDAS"; public static final String KEYBOXIDENTIFIER_SECURE = "SecureSignatureKeypair"; public static final String KEYBOXIDENTIFIER_CERTIFIED = "CertifiedKeypair"; @@ -61,16 +63,22 @@ public class MOAIDConstants { public static final List<String> ALLOWED_KEYBOXIDENTIFIER; public static final List<String> ALLOWED_REDIRECTTARGETNAMES; public static final List<String> ALLOWED_STORKATTRIBUTEPROVIDERS; + public static final List<String> ALLOWED_eIDAS_LOA; public static final List<String> JDBC_DRIVER_NEEDS_WORKAROUND; public static final String UNIQUESESSIONIDENTIFIER = "uniqueSessionIdentifier"; + public static final String eIDAS_LOA_LOW = "http://eidas.europa.eu/LoA/low"; + public static final String eIDAS_LOA_SUBSTANTIAL = "http://eidas.europa.eu/LoA/substantial"; + public static final String eIDAS_LOA_HIGH = "http://eidas.europa.eu/LoA/high"; + static { Hashtable<String, String> tmp = new Hashtable<String, String>(); tmp.put(IDENIFICATIONTYPE_FN, "Firmenbuchnummer"); tmp.put(IDENIFICATIONTYPE_ZVR, "Vereinsnummer"); tmp.put(IDENIFICATIONTYPE_ERSB, "ERsB Kennzahl"); tmp.put(IDENIFICATIONTYPE_STORK, "STORK"); + tmp.put(IDENIFICATIONTYPE_EIDAS, "eIDAS"); BUSINESSSERVICENAMES = Collections.unmodifiableMap(tmp); List<String> awbpk = new ArrayList<String>(); @@ -87,6 +95,12 @@ public class MOAIDConstants { keyboxIDs.add(KEYBOXIDENTIFIER_CERTIFIED); ALLOWED_KEYBOXIDENTIFIER = Collections.unmodifiableList(keyboxIDs); + List<String> eIDASLOA = new ArrayList<String>(); + eIDASLOA.add(eIDAS_LOA_LOW); + eIDASLOA.add(eIDAS_LOA_SUBSTANTIAL); + eIDASLOA.add(eIDAS_LOA_HIGH); + ALLOWED_eIDAS_LOA = Collections.unmodifiableList(eIDASLOA); + List<String> redirectTargets = new ArrayList<String>(); redirectTargets.add(REDIRECTTARGET_BLANK); redirectTargets.add(REDIRECTTARGET_PARENT); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java index 6b51c8683..2a8f8727a 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java @@ -31,6 +31,16 @@ public interface AuthConfiguration extends ConfigurationProvider{ */ public String getBasicMOAIDConfiguration(final String key); + + /** + * Get a configuration value from basic file based MOA-ID configuration + * + * @param key configuration key + * @param defaultValue Default value if no value with this key is found + * @return configuration value + */ + public String getBasicMOAIDConfiguration(final String key, final String defaultValue); + public int getTransactionTimeOut(); public int getSSOCreatedTimeOut(); public int getSSOUpdatedTimeOut(); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java index ca0a56049..e14f9c9ce 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java @@ -60,7 +60,12 @@ public interface ConfigurationProvider { public String getTrustedCACertificates(); - public String getCertstoreDirectory(); - public boolean isTrustmanagerrevoationchecking(); + + /** + * Get active Spring profiles from file based configuration + * + * @return Array of currently configurated Spring profiles + */ + public String[] getActiveProfiles(); } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java index be6d34275..1aea8d7b6 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java @@ -152,7 +152,12 @@ public interface IOAAuthParameters { */ public boolean isShowStorkLogin(); - public Integer getQaaLevel(); + /** + * Return the eIDAS LoA which is minimum required + * + * @return eIDAS LoA as URL identifier + */ + public String getQaaLevel(); public boolean isRequireConsentForStorkAttributes(); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java index b23b4474b..88cd89319 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java @@ -24,6 +24,9 @@ package at.gv.egovernment.moa.id.commons.api; import java.util.Collection; +import org.opensaml.saml2.metadata.provider.MetadataProvider; + +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; public interface IRequest { @@ -107,14 +110,30 @@ public interface IRequest { /** - * Hold the identifier of the MOASession which is associated with this request + * Hold the identifier of the SSO MOASession which is associated with this request * - * @return MOASession identifier if a associated session exists, otherwise null + * @return SSO MOASession identifier if a associated session exists, otherwise null */ - public String getMOASessionIdentifier(); + public String getInternalSSOSessionIdentifier(); /** + * Hold the MOASession object of a pending request + * This MOASession object is NOT stored to AuthenticationSession database, because it is only part of the pending request + * + * @return {@link IAuthenticationSession} AuthenticationSession data object of this pending request + */ + public IAuthenticationSession getMOASession(); + + + /** + * Populate the MOASession object of a pending request with information from an SSO session database + * + * @param ssoSession + */ + public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession); + + /** * Holds a unique transaction identifier, which could be used for looging * This transaction identifier is unique for a single identification and authentication process * @@ -193,9 +212,10 @@ public interface IRequest { /** * This method get a Set of PVP 2.1 attribute, which are request by this pending-request. + * @param metadataProvider SAML2 Metadata Provider, or null if no metadata provider is required * * @return A set of PVP attribute names or null if no attributes are requested * or the Service Provider, which sends this request needs no attributes */ - public Collection<String> getRequestedAttributes(); + public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider); } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java new file mode 100644 index 000000000..db413b0f5 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java @@ -0,0 +1,66 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.api.data; + +/** + * @author tlenz + * + */ +public interface AuthProzessDataConstants { + + public static final String GENERIC_PREFIX = "generic_"; + + + public static final String FLAG_IS_FOREIGNER = "direct_flagIsForeigner"; + public static final String FLAG_USE_MANDATE = "direct_flagUseMandate"; + public static final String FLAG_IS_ORGANWALTER = "direct_flagOrganwalter"; + public static final String FLAG_IS_AUTHENTICATED = "direct_flagIsAuth"; + public static final String FLAG_SAMLATTRIBUTEGEBEORWBPK = "direct_SAMLAttributeGebeORwbpk"; + + + public static final String VALUE_CREATED = "direct_created"; + public static final String VALUE_ISSUEINSTANT = "direct_issueInstant"; + public static final String VALUE_SESSIONID = "direct_sessionId"; + public static final String VALUE_SIGNER_CERT = "direct_signerCert"; + public static final String VALUE_IDENTITYLINK = "direct_idl"; + public static final String VALUE_BKUURL = "direct_bkuUrl"; + public static final String VALUE_AUTHBLOCK = "direct_authBlock"; + + public static final String VALUE_AUTNBLOCKTOKKEN = "direct_authblocktokken"; + public static final String VALUE_QAALEVEL = "direct_qaaLevel"; + public static final String VALUE_VERIFYSIGRESP = "direct_verifySigResp"; + + public static final String VALUE_MISSESSIONID = "direct_MIS_SessionId"; + public static final String VALUE_MISREFVALUE = "direct_MIS_RefValue"; + public static final String VALUE_MISMANDATE = "direct_MIS_Mandate"; + + + + + @Deprecated + public static final String VALUE_EXTENTEDSAMLATTRAUTH = "direct_extSamlAttrAuth"; + + @Deprecated + public static final String VALUE_EXTENTEDSAMLATTROA = "direct_extSamlAttrOA"; + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/ExtendedSAMLAttribute.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/ExtendedSAMLAttribute.java new file mode 100644 index 000000000..e9045e727 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/ExtendedSAMLAttribute.java @@ -0,0 +1,119 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.commons.api.data; + +/** + * A SAML-Attribute to be appended to the final SAML-Assertion + * that will be passed to the online application. + */ +public interface ExtendedSAMLAttribute { + /** + * Add this attribute only to the SAML-Assertion + * passed to the online application, but not to + * the AUTH-Block. + */ + public final static int NOT_ADD_TO_AUTHBLOCK = 0; + /** + * Add this attribute to both, the AUTH-Block and the + * final SAML-Assertion passed to the online application. + */ + public final static int ADD_TO_AUTHBLOCK = 1; + /** + * Add this attribute to only the AUTH-Block, but not + * to the final SAML-Assertion passed to the online application. + */ + public final static int ADD_TO_AUTHBLOCK_ONLY = 2; + + /** + * The value of the SAML-Attribute. This must be either a + * <code>org.w3c.Element</code> or a <code>java.lang.String</code> + * object. Each other type will be ignored. <br> + * If, for example, the type of the actual SAML-Attribute is a + * <code><xsd:boolean></code> the value must be either the String + * <code>"true"</code> or <code>"false"</code>. + * Or the <code><xsd:integer></code> number <code>273</code> + * has to be the String <code>"273"</code>. + * + * @return The value of the SAML-Attribute. Must not be <code>null</code>. + */ + public Object getValue(); + + /** + * The name of the SAML-Attribute. + * + * @return The name of the SAML-Attribute. Must not be <code>null</code>. + */ + public String getName(); + + /** + * The namespace of the SAML-Attribute. + * An application will use the context specific namespace URI for the attribute it returns. + * However, if the application cannot explicitely assign a namespace URI, the + * {@link at.gv.egovernment.moa.util.Constants#MOA_NS_URI default} MOA namespace URI + * should be used. + * + * @return The namespace of the SAML-Attribute. Must not be <code>null</code>. + */ + public String getNameSpace(); + + /** + * Specifies if this SAML-Attribute should be added to the AUTH-Block. + * <br> + * Depending on the returned value, this SAML-Attribute should be only added to the + * final SAML-Assertion passed to the online application (0), to both, the final + * assertion and the AUTH-Block (1) or to the AUTH-Block only (2). + * + * @return <ul> + * <li>0 - add this SAML-Attribute to the final SAML-Assertion only</li> + * <li>1 - add this SAML-Attribute to both, the final SAML-Assertion and the + * AUTH-Block</li> + * <li>2 - add this SAML-Attribute to the AUTH-Block only + * </ul> + */ + public int getAddToAUTHBlock(); + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java new file mode 100644 index 000000000..8bffceaed --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java @@ -0,0 +1,296 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.api.data; + +import java.util.Date; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; +import iaik.x509.X509Certificate; + +/** + * @author tlenz + * + */ +public interface IAuthenticationSession { + + boolean isAuthenticated(); + + void setAuthenticated(boolean authenticated); + + X509Certificate getSignerCertificate(); + + byte[] getEncodedSignerCertificate(); + + void setSignerCertificate(X509Certificate signerCertificate); + + /** + * Returns the identityLink. + * + * @return IdentityLink + */ + IIdentityLink getIdentityLink(); + + /** + * Returns the sessionID. + * + * @return String + */ + String getSessionID(); + + /** + * Sets the identityLink. + * + * @param identityLink + * The identityLink to set + */ + void setIdentityLink(IIdentityLink identityLink); + + /** + * Sets the sessionID. + * + * @param sessionId + * The sessionID to set + */ + void setSessionID(String sessionId); + + /** + * Returns the BKU URL. + * + * @return String + */ + String getBkuURL(); + + /** + * Sets the bkuURL + * + * @param bkuURL + * The BKU URL to set + */ + void setBkuURL(String bkuURL); + + /** + * Returns the authBlock. + * + * @return String + */ + String getAuthBlock(); + + /** + * Sets the authBlock. + * + * @param authBlock + * The authBlock to set + */ + void setAuthBlock(String authBlock); + + /** + * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>. + * + * @return The SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>. + */ + List<ExtendedSAMLAttribute> getExtendedSAMLAttributesAUTH(); + + /** + * Sets the SAML Attributes to be appended to the AUTHBlock. + * + * @param extendedSAMLAttributesAUTH + * The SAML Attributes to be appended to the AUTHBlock. + */ + void setExtendedSAMLAttributesAUTH(List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH); + + /** + * Returns the SAML Attributes to be appended to the SAML assertion delivered to the online + * application. Maybe <code>null</code>. + * + * @return The SAML Attributes to be appended to the SAML assertion delivered to the online + * application + */ + List<ExtendedSAMLAttribute> getExtendedSAMLAttributesOA(); + + /** + * Sets the SAML Attributes to be appended to the SAML assertion delivered to the online + * application. + * + * @param extendedSAMLAttributesOA + * The SAML Attributes to be appended to the SAML assertion delivered to the online + * application. + */ + void setExtendedSAMLAttributesOA(List<ExtendedSAMLAttribute> extendedSAMLAttributesOA); + + /** + * Returns the boolean value for either a target or a wbPK is provided as SAML Attribute in the + * SAML Assertion or not. + * + * @return true either a target or a wbPK is provided as SAML Attribute in the SAML Assertion or + * false if not. + */ + boolean getSAMLAttributeGebeORwbpk(); + + /** + * Sets the boolean value for either a target or a wbPK is provided as SAML Attribute in the + * SAML Assertion or not. + * + * @param samlAttributeGebeORwbpk + * The boolean for value either a target or wbPK is provided as SAML Attribute in the + * SAML Assertion or not. + */ + void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk); + + /** + * Returns the issuing time of the AUTH-Block SAML assertion. + * + * @return The issuing time of the AUTH-Block SAML assertion. + */ + String getIssueInstant(); + + /** + * Sets the issuing time of the AUTH-Block SAML assertion. + * + * @param issueInstant + * The issueInstant to set. + */ + void setIssueInstant(String issueInstant); + + /** + * + * @param useMandate + * indicates if mandate is used or not + */ + void setUseMandate(String useMandate); + + void setUseMandates(boolean useMandates); + + /** + * @return + */ + boolean isMandateUsed(); + + /** + * + * @param misSessionID + * indicates the MIS session ID + */ + void setMISSessionID(String misSessionID); + + /** + * Returns the MIS session ID + * + * @return + */ + String getMISSessionID(); + + /** + * @return the mandateReferenceValue + */ + String getMandateReferenceValue(); + + /** + * @param mandateReferenceValue + * the mandateReferenceValue to set + */ + void setMandateReferenceValue(String mandateReferenceValue); + + boolean isForeigner(); + + void setForeigner(boolean isForeigner); + + IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse(); + + void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse); + + IMISMandate getMISMandate(); + + void setMISMandate(IMISMandate mandate); + + /** + * @return the isOW + */ + boolean isOW(); + + /** + * @param isOW + * the isOW to set + */ + void setOW(boolean isOW); + + /** + * @return the authBlockTokken + */ + String getAuthBlockTokken(); + + /** + * @param authBlockTokken + * the authBlockTokken to set + */ + void setAuthBlockTokken(String authBlockTokken); + + /** + * eIDAS QAA level + * + * @return the qAALevel + */ + String getQAALevel(); + + /** + * set QAA level in eIDAS form + * + * @param qAALevel the qAALevel to set + */ + void setQAALevel(String qAALevel); + + /** + * @return the sessionCreated + */ + Date getSessionCreated(); + + Map<String, Object> getGenericSessionDataStorage(); + + /** + * Returns a generic session-data object with is stored with a specific identifier + * + * @param key The specific identifier of the session-data object + * @return The session-data object or null if no data is found with this key + */ + Object getGenericDataFromSession(String key); + + /** + * Returns a generic session-data object with is stored with a specific identifier + * + * @param key The specific identifier of the session-data object + * @param clazz The class type which is stored with this key + * @return The session-data object or null if no data is found with this key + */ + <T> T getGenericDataFromSession(String key, Class<T> clazz); + + /** + * Store a generic data-object to session with a specific identifier + * + * @param key Identifier for this data-object + * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface + * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage + */ + void setGenericDataToSession(String key, Object object) throws SessionDataStorageException; + +}
\ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java new file mode 100644 index 000000000..3a0ccd7c9 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java @@ -0,0 +1,175 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.api.data; + +import java.io.IOException; +import java.security.PublicKey; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; + +/** + * @author tlenz + * + */ +public interface IIdentityLink { + + /** + * Returns the dateOfBirth. + * @return Calendar + */ + String getDateOfBirth(); + + /** + * Returns the familyName. + * @return String + */ + String getFamilyName(); + + /** + * Returns the givenName. + * @return String + */ + String getGivenName(); + + /** + * Returns the name. + * @return The name. + */ + String getName(); + + /** + * Returns the identificationValue. + * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>. + * @return String + */ + String getIdentificationValue(); + + /** + * Returns the identificationType. + * <code>"identificationType"</code> type of the identificationValue in the IdentityLink. + * @return String + */ + String getIdentificationType(); + + /** + * Sets the dateOfBirth. + * @param dateOfBirth The dateOfBirth to set + */ + void setDateOfBirth(String dateOfBirth); + + /** + * Sets the familyName. + * @param familyName The familyName to set + */ + void setFamilyName(String familyName); + + /** + * Sets the givenName. + * @param givenName The givenName to set + */ + void setGivenName(String givenName); + + /** + * Sets the identificationValue. + * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>. + * @param identificationValue The identificationValue to set + */ + void setIdentificationValue(String identificationValue); + + /** + * Sets the Type of the identificationValue. + * @param identificationType The type of identificationValue to set + */ + void setIdentificationType(String identificationType); + + /** + * Returns the samlAssertion. + * @return Element + */ + Element getSamlAssertion(); + + /** + * Returns the samlAssertion. + * @return Element + */ + String getSerializedSamlAssertion(); + + /** + * Sets the samlAssertion and the serializedSamlAssertion. + * @param samlAssertion The samlAssertion to set + */ + void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException; + + /** + * Returns the dsigReferenceTransforms. + * @return Element[] + */ + Element[] getDsigReferenceTransforms(); + + /** + * Sets the dsigReferenceTransforms. + * @param dsigReferenceTransforms The dsigReferenceTransforms to set + */ + void setDsigReferenceTransforms(Element[] dsigReferenceTransforms); + + /** + * Returns the publicKey. + * @return PublicKey[] + */ + PublicKey[] getPublicKey(); + + /** + * Sets the publicKey. + * @param publicKey The publicKey to set + */ + void setPublicKey(PublicKey[] publicKey); + + /** + * Returns the prPerson. + * @return Element + */ + Element getPrPerson(); + + /** + * Sets the prPerson. + * @param prPerson The prPerson to set + */ + void setPrPerson(Element prPerson); + + /** + * Returns the issuing time of the identity link SAML assertion. + * + * @return The issuing time of the identity link SAML assertion. + */ + String getIssueInstant(); + + /** + * Sets the issuing time of the identity link SAML assertion. + * + * @param issueInstant The issueInstant to set. + */ + void setIssueInstant(String issueInstant); + +}
\ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IMISMandate.java index db4b93a0b..5bf8b9779 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IMISMandate.java @@ -1,5 +1,5 @@ /* - * Copyright 2003 Federal Chancellery Austria + * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * @@ -20,51 +20,46 @@ * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ +package at.gv.egovernment.moa.id.commons.api.data; +import org.w3c.dom.Element; -package at.gv.egovernment.moa.logging; +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; /** - * Encapsulates contextual information (i.e. per request information) for - * logging purposes. - * - * @author Patrick Peck - * @version $Id$ + * @author tlenz + * */ -public class LoggingContext { - /** The name of the node ID system property. */ - public static final String NODE_ID_PROPERTY = "moa.node-id"; - - /** The current transaction ID. */ - private String transactionID; - /** The node ID. */ - private String nodeID; - - /** - * Create a new <code>LoggingContext</code>. - * - * @param transactionID The transaction ID. May be <code>null</code>. - */ - public LoggingContext(String transactionID) { - this.transactionID = transactionID; - this.nodeID = System.getProperty(NODE_ID_PROPERTY); - } - - /** - * Return the transaction ID. - * - * @return The transaction ID. - */ - public String getTransactionID() { - return transactionID; - } - - /** - * Return the node ID. - * - * @return The node ID. - */ - public String getNodeID() { - return nodeID; - } -} +public interface IMISMandate { + + String getProfRep(); + + void setProfRep(String oid); + + void setOWbPK(String oWbPK); + + String getOWbPK(); + + byte[] getMandate(); + + Element getMandateDOM(); + + Mandate getMandateJaxB(); + + void setMandate(byte[] mandate); + + String getTextualDescriptionOfOID(); + // /** + // * @return the isFullMandateIncluded + // */ + // public boolean isFullMandateIncluded() { + // return isFullMandateIncluded; + // } + // /** + // * @param isFullMandateIncluded the isFullMandateIncluded to set + // */ + // public void setFullMandateIncluded(boolean isFullMandateIncluded) { + // this.isFullMandateIncluded = isFullMandateIncluded; + // } + +}
\ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IVerifiyXMLSignatureResponse.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IVerifiyXMLSignatureResponse.java new file mode 100644 index 000000000..08dfcae71 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IVerifiyXMLSignatureResponse.java @@ -0,0 +1,161 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.api.data; + +import java.util.Date; + +import iaik.x509.X509Certificate; + +/** + * @author tlenz + * + */ +public interface IVerifiyXMLSignatureResponse { + + /** + * Returns the certificateCheckCode. + * @return int + */ + int getCertificateCheckCode(); + + /** + * Returns the signatureCheckCode. + * @return int + */ + int getSignatureCheckCode(); + + /** + * Returns the xmlDSIGManifestCheckCode. + * @return int + */ + int getXmlDSIGManifestCheckCode(); + + /** + * Returns the xmlDsigSubjectName. + * @return String + */ + String getXmlDsigSubjectName(); + + /** + * Sets the certificateCheckCode. + * @param certificateCheckCode The certificateCheckCode to set + */ + void setCertificateCheckCode(int certificateCheckCode); + + /** + * Sets the signatureCheckCode. + * @param signatureCheckCode The signatureCheckCode to set + */ + void setSignatureCheckCode(int signatureCheckCode); + + /** + * Sets the xmlDSIGManifestCheckCode. + * @param xmlDSIGManifestCheckCode The xmlDSIGManifestCheckCode to set + */ + void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode); + + /** + * Sets the xmlDsigSubjectName. + * @param xmlDsigSubjectName The xmlDsigSubjectName to set + */ + void setXmlDsigSubjectName(String xmlDsigSubjectName); + + /** + * Returns the publicAuthorityCode. + * @return int + */ + String getPublicAuthorityCode(); + + /** + * Sets the publicAuthorityCode. + * @param publicAuthorityCode The publicAuthorityCode to set + */ + void setPublicAuthorityCode(String publicAuthorityCode); + + /** + * Returns the qualifiedCertificate. + * @return boolean + */ + boolean isQualifiedCertificate(); + + /** + * Returns the x509certificate. + * @return X509Certificate + */ + X509Certificate getX509certificate(); + + /** + * Sets the qualifiedCertificate. + * @param qualifiedCertificate The qualifiedCertificate to set + */ + void setQualifiedCertificate(boolean qualifiedCertificate); + + /** + * Sets the x509certificate. + * @param x509certificate The x509certificate to set + */ + void setX509certificate(X509Certificate x509certificate); + + /** + * Returns the xmlDSIGManigest. + * @return boolean + */ + boolean isXmlDSIGManigest(); + + /** + * Sets the xmlDSIGManigest. + * @param xmlDSIGManigest The xmlDSIGManigest to set + */ + void setXmlDSIGManigest(boolean xmlDSIGManigest); + + /** + * Returns the publicAuthority. + * @return boolean + */ + boolean isPublicAuthority(); + + /** + * Sets the publicAuthority. + * @param publicAuthority The publicAuthority to set + */ + void setPublicAuthority(boolean publicAuthority); + + /** + * Returns the the resulting code of the signature manifest check. + * + * @return The code of the sigature manifest check. + */ + int getSignatureManifestCheckCode(); + + /** + * Sets the signatureManifestCode. + * + * @param signatureManifestCheckCode The signatureManifestCode to set. + */ + void setSignatureManifestCheckCode(int signatureManifestCheckCode); + + Date getSigningDateTime(); + + void setSigningDateTime(Date signingDateTime); + +}
\ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java index 9414556a2..caff67985 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java @@ -42,4 +42,13 @@ public class SessionDataStorageException extends MOAIDException { } + /** + * @param string + * @param object + * @param e + */ + public SessionDataStorageException(String string, Object[] object, Throwable e) { + super(string, object, e); + } + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index d80856c1c..b1abcdd06 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -32,6 +32,7 @@ import java.util.Iterator; import java.util.List; import java.util.Map; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; @@ -188,6 +189,10 @@ public class ConfigurationMigrationUtils { if (MOAIDConfigurationConstants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) { result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, split[1]); result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, split[2]); + + } else if (MOAIDConfigurationConstants.PREFIX_EIDAS.startsWith(split[0]) && split.length >= 2) { + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, MOAIDConfigurationConstants.IDENIFICATIONTYPE_EIDAS); + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, split[1] + "+" + split[2]); } else if (MOAIDConfigurationConstants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) { result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK); @@ -362,10 +367,11 @@ public class ConfigurationMigrationUtils { else result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED, Boolean.FALSE.toString()); - if (config.getQaa() != null) - result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, config.getQaa().toString()); + if (config.geteIDAS_LOA() != null) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, config.geteIDAS_LOA()); else - result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, "4"); + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, + MOAIDConstants.eIDAS_LOA_HIGH); // fetch vidp config @@ -773,9 +779,15 @@ public class ConfigurationMigrationUtils { if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE) != null && oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE) != null) { - if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE).equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK)) { + + if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE).equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_EIDAS)) { + idnumber.setValue(MOAIDConfigurationConstants.PREFIX_EIDAS + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE)); + idnumber.setType(MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE))); + + } else if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE).equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK)) { idnumber.setValue(MOAIDConfigurationConstants.PREFIX_STORK + "AT" + "+" + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE)); idnumber.setType(MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE))); + } else { idnumber.setValue(MOAIDConfigurationConstants.PREFIX_WPBK + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE) + "+" + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE)); idnumber.setType(MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE))); @@ -1487,11 +1499,11 @@ public class ConfigurationMigrationUtils { try { result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, - String.valueOf(stork.getQualityAuthenticationAssuranceLevel())); + stork.getGeneral_eIDAS_LOA()); } catch(NullPointerException e) { result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, - String.valueOf(4)); + MOAIDConstants.eIDAS_LOA_HIGH); } } @@ -1735,6 +1747,12 @@ public class ConfigurationMigrationUtils { } + //set eIDAS default LoA from general configuration + String eIDASDefaultLOA = moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA); + if (MiscUtil.isNotEmpty(eIDASDefaultLOA)) + stork.setGeneral_eIDAS_LOA(eIDASDefaultLOA); + + Map<String, StorkAttribute> attrMap = new HashMap<String, StorkAttribute>(); Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>(); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/SpringProfileConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/SpringProfileConstants.java new file mode 100644 index 000000000..14824b1f8 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/SpringProfileConstants.java @@ -0,0 +1,8 @@ +package at.gv.egovernment.moa.id.commons.config; + +public final class SpringProfileConstants { + + public static final String ADVANCED_LOG = "advancedLogOn"; + public static final String REDIS_BACKEND = "redisBackend"; + public static final String DB_BACKEND = "dbBackend"; +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java deleted file mode 100644 index ecb13ef34..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java +++ /dev/null @@ -1,192 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.commons.db; - -import java.util.Properties; - -import org.apache.commons.lang3.StringUtils; -import org.hibernate.HibernateException; -import org.hibernate.Session; -import org.hibernate.SessionFactory; -import org.hibernate.Transaction; -import org.hibernate.boot.registry.StandardServiceRegistryBuilder; -import org.hibernate.cfg.Configuration; -import org.hibernate.service.ServiceRegistry; - -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.logging.Logger; - -public final class MOASessionDBUtils { - - private static SessionFactory sessionFactory; - private static ServiceRegistry serviceRegistry; - - @SuppressWarnings("rawtypes") - private static final ThreadLocal THREAD_LOCAL = new ThreadLocal(); - private static boolean automaticSessionHandling = false; - - private static final String[] AUTOMATIC_SESSION_HANDLING_VALUES = new String[] { "jta", "thread" }; - private static final String SESSION_HANDLING_KEY = "hibernate.current_session_context_class"; - - protected MOASessionDBUtils() { } - - public static void initHibernate(Configuration config, Properties hibernateProperties) { - - String scm = StringUtils.trimToNull(hibernateProperties.getProperty(SESSION_HANDLING_KEY)); - if (scm != null) { - automaticSessionHandling = scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[0]) != -1 || scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[1]) != -1; - } - Logger.debug("Evaluating hibernate property \"" + SESSION_HANDLING_KEY + "\"."); - if (automaticSessionHandling) { - Logger.info("Hibernate is automatically handling session context management."); - } else { - Logger.info("Hibernate is NOT automatically handling session context management. Using build-in ThreadLocal session handling."); - } - try { - //Create the SessionFactory - Logger.debug("Creating initial MOASession session factory..."); - - config.configure("hibernate_moasession.cfg.xml"); - //serviceRegistry = new ServiceRegistryBuilder().applySettings(config.getProperties()).buildServiceRegistry(); - - serviceRegistry = new StandardServiceRegistryBuilder(). - applySettings(config.getProperties()).build(); - - sessionFactory = config.buildSessionFactory(serviceRegistry); - Logger.debug("Initial MOASession session factory successfully created."); - - } catch (Throwable ex) { - Logger.error("Initial MOASession session factory creation failed: " + ex.getMessage()); - throw new ExceptionInInitializerError(ex); - } - } - - /** - * Checks if a session factory is currently available. If necessary a new - * session factory is created. - * - * @return current (or new) session factory - * @throws HibernateException - * thrown if a hibernate error occurs - */ - public static Session getCurrentSession() { - if (automaticSessionHandling) { - return sessionFactory.getCurrentSession(); - } - Session session = (Session) THREAD_LOCAL.get(); - // Open a new Session, if this Thread has none yet - if (session == null || !session.isConnected()) { - session = getNewSession(); - } - return session; - } - - @SuppressWarnings("unchecked") - public static Session getNewSession() { - if (automaticSessionHandling) { - Logger.warn("Session is being automatically handled by hibernate. Therefore this session maybe not being newly created. Use HibernateUtil.getCurrentSession() instead."); - return sessionFactory.getCurrentSession(); - } - Session session = (Session) THREAD_LOCAL.get(); - if (session != null) { - Logger.warn("Previous MOASession session has not been closed; closing session now."); - closeSession(); - } - Logger.debug("Opening new MOASession hibernate session..."); - try { - session = sessionFactory.openSession(); - THREAD_LOCAL.set(session); - } catch (HibernateException hex) { - Logger.error(hex.getMessage()); - } - return session; - } - - /** - * Closes the current session. - * - * @throws HibernateException - * thrown if session is already closed or a hibernate error - * occurs. - */ - @SuppressWarnings("unchecked") - public static void closeSession() { - if (automaticSessionHandling) { - Logger.warn("Session is being automatically handled by hibernate. Therefore the current session cannot be closed on demand."); - return; - } - Logger.debug("Closing current MOASession hibernate session..."); - Session session = (Session) THREAD_LOCAL.get(); - THREAD_LOCAL.set(null); - if (session != null) { - try { - session.close(); - - } catch (HibernateException hex) { - Logger.error(hex.getMessage()); - } - } - } - - public static boolean saveOrUpdate(Object dbo) throws MOADatabaseException { - Transaction tx = null; - try { - Session session = MOASessionDBUtils.getCurrentSession(); - - synchronized (session) { - tx = session.beginTransaction(); - session.saveOrUpdate(dbo); - tx.commit(); - } - return true; - - } catch(HibernateException e) { - Logger.warn("Error during MOASession database saveOrUpdate. Rollback.", e); - if (tx != null) - tx.rollback(); - throw new MOADatabaseException(e); - } - } - - public static boolean delete(Object dbo) { - Transaction tx = null; - try { - Session session = MOASessionDBUtils.getCurrentSession(); - - synchronized (session) { - tx = session.beginTransaction(); - session.delete(dbo); - tx.commit(); - } - - return true; - - } catch(HibernateException e) { - Logger.warn("Error during MOASession database delete. Rollback.", e); - if (tx != null) - tx.rollback(); - return false; - } - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java index e2f793edf..3928cf8c0 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java @@ -6,6 +6,7 @@ import java.util.List; import java.util.Map; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.transaction.annotation.Transactional; import at.gv.egiz.components.configuration.api.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils; @@ -39,6 +40,7 @@ public class NewConfigurationDBRead { } + @Transactional public Map<String, String> getOnlineApplicationKeyValueWithId(String id, boolean backupVersion) { try { if (backupVersion) @@ -57,6 +59,7 @@ public class NewConfigurationDBRead { * * @return */ + @Transactional public List<OnlineApplication> getAllOnlineApplications() { Logger.trace("Get All OnlineApplications from database."); @@ -113,6 +116,7 @@ public class NewConfigurationDBRead { * * @return */ + @Transactional public List<OnlineApplication> getAllNewOnlineApplications() { Logger.trace("Get All New OnlineApplications from database."); @@ -139,6 +143,7 @@ public class NewConfigurationDBRead { * * @return */ + @Transactional public at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration getMOAIDConfiguration() { Logger.trace("Load MOAID Configuration from database."); Map<String, String> generalConfig; @@ -168,6 +173,7 @@ public class NewConfigurationDBRead { * * @return */ + @Transactional public List<OnlineApplication> getAllActiveOnlineApplications() { Logger.trace("Get All New OnlineApplications from database."); @@ -195,6 +201,7 @@ public class NewConfigurationDBRead { * @param id * @return */ + @Transactional public OnlineApplication getActiveOnlineApplication(String id) { Logger.trace("Getting Active OnlineApplication with ID " + id + " from database."); @@ -226,6 +233,7 @@ public class NewConfigurationDBRead { * @param dbid * @return */ + @Transactional public OnlineApplication getOnlineApplication(long dbid) { Logger.trace("Getting OnlineApplication with DBID " + dbid + " from database."); @@ -248,6 +256,7 @@ public class NewConfigurationDBRead { * @param id * @return */ + @Transactional public List<OnlineApplication> getOnlineApplications(String id) { Logger.trace("Getting OnlineApplication with ID " + id + " from database."); @@ -273,6 +282,7 @@ public class NewConfigurationDBRead { * @param id * @return */ + @Transactional public OnlineApplication getOnlineApplication(String id) { Logger.trace("Getting OnlineApplication with ID " + id + " from database."); @@ -297,6 +307,7 @@ public class NewConfigurationDBRead { * @param id * @return */ + @Transactional public List<OnlineApplication> searchOnlineApplications(String id) { Logger.trace("Getting OnlineApplication with ID " + id + " from database."); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java deleted file mode 100644 index 7e031cc76..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java +++ /dev/null @@ -1,192 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.commons.db; - -import java.util.Properties; - -import org.apache.commons.lang3.StringUtils; -import org.hibernate.HibernateException; -import org.hibernate.Session; -import org.hibernate.SessionFactory; -import org.hibernate.Transaction; -import org.hibernate.boot.registry.StandardServiceRegistryBuilder; -import org.hibernate.cfg.Configuration; -import org.hibernate.service.ServiceRegistry; - -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.logging.Logger; - -public final class StatisticLogDBUtils { - - private static SessionFactory sessionFactory; - private static ServiceRegistry serviceRegistry; - - @SuppressWarnings("rawtypes") - private static final ThreadLocal THREAD_LOCAL_STATISTIC = new ThreadLocal(); - private static boolean automaticSessionHandling = false; - - private static final String[] AUTOMATIC_SESSION_HANDLING_VALUES = new String[] { "jta", "thread" }; - private static final String SESSION_HANDLING_KEY = "hibernate.current_session_context_class"; - - protected StatisticLogDBUtils() { } - - public static void initHibernate(Configuration config, Properties hibernateProperties) { - - String scm = StringUtils.trimToNull(hibernateProperties.getProperty(SESSION_HANDLING_KEY)); - if (scm != null) { - automaticSessionHandling = scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[0]) != -1 || scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[1]) != -1; - } - Logger.debug("Evaluating hibernate property \"" + SESSION_HANDLING_KEY + "\"."); - if (automaticSessionHandling) { - Logger.info("Hibernate is automatically handling session context management."); - } else { - Logger.info("Hibernate is NOT automatically handling session context management. Using build-in ThreadLocal session handling."); - } - try { - //Create the SessionFactory - Logger.debug("Creating initial StatisicLogger session factory..."); - - config.configure("hibernate_statistic.cfg.xml"); - //serviceRegistry = new ServiceRegistryBuilder().applySettings(config.getProperties()).buildServiceRegistry(); - - serviceRegistry = new StandardServiceRegistryBuilder(). - applySettings(config.getProperties()).build(); - - sessionFactory = config.buildSessionFactory(serviceRegistry); - Logger.debug("Initial StatisicLogger session factory successfully created."); - - } catch (Throwable ex) { - Logger.error("Initial StatisicLogger session factory creation failed: " + ex.getMessage()); - throw new ExceptionInInitializerError(ex); - } - } - - /** - * Checks if a session factory is currently available. If necessary a new - * session factory is created. - * - * @return current (or new) session factory - * @throws HibernateException - * thrown if a hibernate error occurs - */ - public static Session getCurrentSession() { - if (automaticSessionHandling) { - return sessionFactory.getCurrentSession(); - } - Session session = (Session) THREAD_LOCAL_STATISTIC.get(); - // Open a new Session, if this Thread has none yet - if (session == null || !session.isConnected()) { - session = getNewSession(); - } - return session; - } - - @SuppressWarnings("unchecked") - public static Session getNewSession() { - if (automaticSessionHandling) { - Logger.warn("Session is being automatically handled by hibernate. Therefore this session maybe not being newly created. Use HibernateUtil.getCurrentSession() instead."); - return sessionFactory.getCurrentSession(); - } - Session session = (Session) THREAD_LOCAL_STATISTIC.get(); - if (session != null) { - Logger.warn("Previous StatisicLogger session has not been closed; closing session now."); - closeSession(); - } - Logger.debug("Opening new StatisicLogger hibernate session..."); - try { - session = sessionFactory.openSession(); - THREAD_LOCAL_STATISTIC.set(session); - } catch (HibernateException hex) { - Logger.error(hex.getMessage()); - } - return session; - } - - /** - * Closes the current session. - * - * @throws HibernateException - * thrown if session is already closed or a hibernate error - * occurs. - */ - @SuppressWarnings("unchecked") - public static void closeSession() { - if (automaticSessionHandling) { - Logger.warn("Session is being automatically handled by hibernate. Therefore the current session cannot be closed on demand."); - return; - } - Logger.debug("Closing current StatisicLogger hibernate session..."); - Session session = (Session) THREAD_LOCAL_STATISTIC.get(); - THREAD_LOCAL_STATISTIC.set(null); - if (session != null) { - try { - session.close(); - - } catch (HibernateException hex) { - Logger.error(hex.getMessage()); - } - } - } - - public static boolean saveOrUpdate(Object dbo) throws MOADatabaseException { - Transaction tx = null; - try { - Session session = StatisticLogDBUtils.getCurrentSession(); - - synchronized (session) { - tx = session.beginTransaction(); - session.saveOrUpdate(dbo); - tx.commit(); - } - - Logger.info("Insert advanced statistic log entry into database"); - return true; - - } catch(HibernateException e) { - Logger.warn("Error during StatisicLogger database saveOrUpdate. Rollback.", e); - tx.rollback(); - throw new MOADatabaseException(e); - } - } - - public static boolean delete(Object dbo) { - Transaction tx = null; - try { - Session session = StatisticLogDBUtils.getCurrentSession(); - - synchronized (session) { - tx = session.beginTransaction(); - session.delete(dbo); - tx.commit(); - } - - return true; - - } catch(HibernateException e) { - Logger.warn("Error during StatisicLogger database delete. Rollback.", e); - tx.rollback(); - return false; - } - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java index 397fd828b..0f76c4e63 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java @@ -11,29 +11,21 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; -import javax.persistence.Basic; + import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; import javax.persistence.JoinTable; import javax.persistence.ManyToMany; import javax.persistence.OneToMany; -import javax.persistence.Table; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlType; import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; -import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -43,6 +35,8 @@ import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy; import org.jvnet.jaxb2_commons.locator.ObjectLocator; import org.jvnet.jaxb2_commons.locator.util.LocatorUtils; +import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter; + /** * <p>Java class for anonymous complex type. @@ -110,6 +104,9 @@ public class OASTORK @XmlAttribute(name = "Hjid") protected Long hjid; + @XmlTransient + protected String eIDAS_LOA = null; + /** * Gets the value of the storkLogonEnabled property. * @@ -162,7 +159,23 @@ public class OASTORK this.qaa = value; } + + /** + * @return the eIDAS_LOA + */ + public String geteIDAS_LOA() { + return eIDAS_LOA; + } + + /** + * @param eIDAS_LOA the eIDAS_LOA to set + */ + public void seteIDAS_LOA(String eIDAS_LOA) { + this.eIDAS_LOA = eIDAS_LOA; + } + + /** * Gets the value of the oaAttributes property. * * <p> diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java index 59b300e95..bcd159702 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java @@ -11,25 +11,18 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; -import javax.persistence.Basic; + import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; import javax.persistence.OneToMany; -import javax.persistence.Table; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlType; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -94,6 +87,9 @@ public class STORK @XmlAttribute(name = "Hjid") protected Long hjid; + @XmlTransient + protected String general_eIDAS_LOA = null; + /** * Gets the value of the cpeps property. * @@ -257,7 +253,21 @@ public class STORK this.hjid = value; } - public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { + /** + * @return the general_eIDAS_LOA + */ + public String getGeneral_eIDAS_LOA() { + return general_eIDAS_LOA; + } + + /** + * @param general_eIDAS_LOA the general_eIDAS_LOA to set + */ + public void setGeneral_eIDAS_LOA(String general_eIDAS_LOA) { + this.general_eIDAS_LOA = general_eIDAS_LOA; + } + + public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { if (!(object instanceof STORK)) { return false; } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java index 46683a928..4c6cd16c0 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java @@ -37,6 +37,8 @@ import javax.persistence.Table; import org.hibernate.annotations.DynamicUpdate; +import com.fasterxml.jackson.annotation.JsonCreator; + @Entity @@ -48,11 +50,22 @@ import org.hibernate.annotations.DynamicUpdate; }) public class AssertionStore implements Serializable{ + /** + * + */ + private static final long serialVersionUID = 2804964892915004185L; + + + + @JsonCreator + public AssertionStore(){ + + } + - private static final long serialVersionUID = 1L; @Id - @GeneratedValue(strategy = GenerationType.AUTO) + @GeneratedValue(strategy = GenerationType.AUTO) @Column(name = "id", unique=true, nullable=false) private long id; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java index 128dd79df..eeaf03544 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java @@ -59,7 +59,9 @@ import org.hibernate.annotations.DynamicUpdate; @NamedQuery(name="getMOASessionWithNameIDandOAID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.oaurlprefix = :oaID and activeOAsessions.userNameID = :nameID"), @NamedQuery(name="getInterfederatedIDPForAttributeQueryWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is false and authenticatedsessionstore.sessionid = :sessionID"), @NamedQuery(name="getInterfederatedIDPForSSOWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and inderfederations.storeSSOInformation is true and authenticatedsessionstore.sessionid = :sessionID order by inderfederations.QAALevel DESC"), - @NamedQuery(name="getInterfederatedIDPForSSOWithSessionIDIDPID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID and inderfederations.idpurlprefix = :idpID") + @NamedQuery(name="getInterfederatedIDPForSSOWithSessionIDIDPID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID and inderfederations.idpurlprefix = :idpID"), + @NamedQuery(name="getAllActiveOAsForSessionID", query = "select activeOAsessions from AuthenticatedSessionStore authenticatedsessionstore join authenticatedsessionstore.activeOAsessions activeOAsessions where authenticatedsessionstore.sessionid = :sessionID "), + @NamedQuery(name="getAllActiveIDPsForSessionID", query = "select inderfederation from AuthenticatedSessionStore authenticatedsessionstore join authenticatedsessionstore.inderfederation inderfederation where authenticatedsessionstore.sessionid = :sessionID ") }) public class AuthenticatedSessionStore implements Serializable{ diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java index 97f26812f..ba48f8caf 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java @@ -39,7 +39,7 @@ import org.hibernate.annotations.DynamicUpdate; @Entity -@DynamicUpdate(value=true) +//@DynamicUpdate(value=true) @Table(name = "statisticlog") @NamedQueries({ @NamedQuery(name="getAllEntriesNotBeforeTimeStamp", query = "select statisiclog from StatisticLog statisiclog where statisiclog.timestamp > :timeout") diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java index 2ade63c1c..84743b8c7 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java @@ -22,24 +22,25 @@ */ package at.gv.egovernment.moa.id.commons.utils; -import iaik.pki.PKIException; - import java.io.IOException; import java.net.InetAddress; import java.net.Socket; import java.net.UnknownHostException; import java.security.GeneralSecurityException; -import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; import org.apache.commons.httpclient.ConnectTimeoutException; import org.apache.commons.httpclient.params.HttpConnectionParams; import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; +import org.apache.commons.lang3.StringUtils; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException; -import at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moaspss.logging.Logger; +import iaik.pki.PKIException; /** * @author tlenz @@ -53,22 +54,47 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory public MOAHttpProtocolSocketFactory ( String url, - String certStoreRootDirParam, String trustStoreURL, String acceptedServerCertURL, String chainingMode, - boolean checkRevocation - ) throws MOAHttpProtocolSocketFactoryException { - super(); + boolean checkRevocation, + String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException { + internalInitialize(url, null, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder); + } + + /** + * @param string + * @param certStoreDirectory + * @param trustStoreDirectory + * @param object + * @param string2 + * @param b + * @param strings + */ + public MOAHttpProtocolSocketFactory(String url, String certStoreDirectory, String trustStoreURL, + String acceptedServerCertURL, + String chainingMode, + boolean checkRevocation, + String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException { + internalInitialize(url, certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder); + + } + + private void internalInitialize(String url, String certStoreDirectory, String trustStoreURL, + String acceptedServerCertURL, + String chainingMode, + boolean checkRevocation, + String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException { try { - this.sslfactory = SSLUtils.getSSLSocketFactory( + this.sslfactory = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( url, - certStoreRootDirParam, + certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, - checkRevocation, + checkRevocation, + revocationMethodOrder, null, null, null); @@ -86,7 +112,7 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e); } - + } /* (non-Javadoc) @@ -94,8 +120,8 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory */ public Socket createSocket(String host, int port, InetAddress localAddress, int localPort) throws IOException, UnknownHostException { - return this.sslfactory.createSocket(host, port, - localAddress, localPort); + return setEnabledSslCiphers(this.sslfactory.createSocket(host, port, + localAddress, localPort)); } /* (non-Javadoc) @@ -104,8 +130,8 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory public Socket createSocket(String host, int port, InetAddress localAddress, int localPort, HttpConnectionParams params) throws IOException, UnknownHostException, ConnectTimeoutException { - return this.sslfactory.createSocket(host, port, - localAddress, localPort); + return setEnabledSslCiphers(this.sslfactory.createSocket(host, port, + localAddress, localPort)); } /* (non-Javadoc) @@ -113,16 +139,40 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory */ public Socket createSocket(String host, int port) throws IOException, UnknownHostException { - return this.sslfactory.createSocket(host, port); + return setEnabledSslCiphers(this.sslfactory.createSocket(host, port)); } - + /* (non-Javadoc) * @see org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory#createSocket(java.net.Socket, java.lang.String, int, boolean) */ public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException { - return this.sslfactory.createSocket(socket, host, - port, autoClose); + return setEnabledSslCiphers(this.sslfactory.createSocket(socket, host, + port, autoClose)); } + /** + * Enable only a specific subset of TLS cipher suites + * This subset can be set by 'https.cipherSuites' SystemProperty (z.B. -Dhttps.cipherSuites=...) + * + * @param sslSocket {@link SSLSocket} + * @return {@link SSLSocket} with Ciphersuites + */ + private Socket setEnabledSslCiphers(Socket sslSocket) { + if (sslSocket instanceof SSLSocket) { + String systemProp = System.getProperty("https.cipherSuites"); + if (MiscUtil.isNotEmpty(systemProp)) { + ((SSLSocket) sslSocket).setEnabledCipherSuites(systemProp.split(",")); + + } + + try { + Logger.trace("Enabled SSL-Cipher: " + StringUtils.join(((SSLSocket) sslSocket).getEnabledCipherSuites(), ",")); + } catch (Exception e) { + Logger.error(e); + } + } + + return sslSocket; + } } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java index 00e750f58..d65cea08c 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java @@ -46,14 +46,16 @@ package at.gv.egovernment.moa.id.commons.utils.ssl; +import java.io.File; +import java.util.Collections; +import java.util.Set; + import at.gv.egovernment.moa.logging.Logger; import iaik.pki.store.certstore.CertStoreConfiguration; import iaik.pki.store.certstore.CertStoreParameters; import iaik.pki.store.certstore.CertStoreTypes; import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters; -import java.io.File; - /** * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code> * @@ -128,7 +130,7 @@ public class CertStoreConfigurationImpl extends ObservableImpl * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew() */ public boolean createNew() { - return false; + return true; } /** @@ -153,4 +155,14 @@ public class CertStoreConfigurationImpl extends ObservableImpl return CertStoreTypes.DIRECTORY; } + /* (non-Javadoc) + * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getVirtualStores() + */ + @Override + public Set getVirtualStores() { + //TODO: only for Testing and not complete !!!Ask Harald !!!! + return Collections.EMPTY_SET; + + } + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java index eaef3f1d4..9fc6f799d 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java @@ -57,11 +57,11 @@ import java.util.ArrayList; import java.util.List; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; - +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; import iaik.pki.jsse.IAIKX509TrustManager; + /** * <code>TrustManager</code> implementation featuring CRL checking (inherited from * <code>IAIKX509TrustManager</code>), plus server-end-SSL-certificate checking. @@ -95,14 +95,14 @@ public class MOAIDTrustManager extends IAIKX509TrustManager { * Fixes a bug occuring in the case MOA-SP is called by API. * In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP. * This method must be called before a MOAIDTrustManager is constructed, - * from every thread. - */ + * from every thread. + */ public static void initializeLoggingContext() { if (LoggingContextManager.getInstance().getLoggingContext() == null) LoggingContextManager.getInstance().setLoggingContext( new LoggingContext(Thread.currentThread().getName())); } - + /** * Builds an Array of accepted server certificates from an URL, @@ -161,4 +161,36 @@ public class MOAIDTrustManager extends IAIKX509TrustManager { { return true; } + +// public void init(PKIConfiguration pkiConfig, PKIProfile pkiProfile) throws PKIException { +// if (pkiProfile == null) { +// throw new NullPointerException("pkiConfig parameter must not be null"); +// +// } +// +// TransactionId tid = new TransactionIdImpl("Init"); +// log_.info(tid, "Setting up IAIKX509TrustManager", null); +// if (pkiConfig != null) { +// PKIFactory.getInstance().configure(pkiConfig, tid); +//// log_.info(tid, "Registering LDAP protocol handler", null); +//// String protocolHandlers = +//// System.getProperty("java.protocol.handler.pkgs"); +//// if (protocolHandlers == null) { +//// protocolHandlers = "iaik.pki"; +//// +//// } else { +//// protocolHandlers = protocolHandlers + "|iaik.pki"; +//// +//// } +//// +//// System.setProperty("java.protocol.handler.pkgs", protocolHandlers); +//// log_.info(tid, "Registered protocol handlers: " + protocolHandlers, null); +// +// } +// +// pkiProfile_ = pkiProfile; +// pkiFactory_ = PKIFactory.getInstance(); +// initialized_ = true; +// } + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java deleted file mode 100644 index 5d8c7a54e..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java +++ /dev/null @@ -1,118 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.commons.utils.ssl; - -import iaik.pki.PKIConfiguration; -import iaik.pki.pathvalidation.ValidationConfiguration; -import iaik.pki.revocation.RevocationConfiguration; -import iaik.pki.store.certstore.CertStoreConfiguration; -import iaik.pki.store.revocation.archive.ArchiveConfiguration; - -/** - * Implementation of interface <code>PKIConfiguration</code> needed to - * initialize an IAIK JSSE <code>TrustManager</code> - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class PKIConfigurationImpl implements PKIConfiguration { - /** The configuration for the CertStore */ - private CertStoreConfiguration certStoreConfiguration; - /** The configuration for the RevocationChecks */ - private RevocationConfiguration revocationConfiguration; - /** The configuration for the Validation */ - private ValidationConfiguration validationConfiguration; - - /** - * Constructor - * @param conf the Configuration for the PKIConfig - * @throws ConfigurationException for any config error - */ - public PKIConfigurationImpl(String certStoreRootDirParam, String chainingMode) throws SSLConfigurationException { - - certStoreConfiguration = new CertStoreConfigurationImpl(certStoreRootDirParam); - revocationConfiguration = new RevocationConfigurationImpl(); - validationConfiguration = new ValidationConfigurationImpl(chainingMode); - } - - /** - * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration() - */ - public CertStoreConfiguration getCertStoreConfiguration() { - return certStoreConfiguration; - } - - /** - * @see iaik.pki.PKIConfiguration#getRevocationConfiguration() - */ - public RevocationConfiguration getRevocationConfiguration() { - return revocationConfiguration; - } - - /** - * @see iaik.pki.PKIConfiguration#getArchiveConfiguration() - */ - public ArchiveConfiguration getArchiveConfiguration() { - return null; - } - - /** - * @see iaik.pki.PKIConfiguration#getValidationConfiguration() - */ - public ValidationConfiguration getValidationConfiguration() { - return validationConfiguration; - } - -/* (non-Javadoc) - * @see iaik.pki.PKIConfiguration#getTimeout() - */ - public int getTimeout() { - // TODO Auto-generated method stub - return 0; -} - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java index 59994a257..1c8b6e18d 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java @@ -46,10 +46,12 @@ package at.gv.egovernment.moa.id.commons.utils.ssl; +import java.security.NoSuchAlgorithmException; import java.security.cert.X509Certificate; import java.util.Collections; import java.util.Set; +import iaik.asn1.structures.AlgorithmID; import iaik.pki.PKIProfile; import iaik.pki.pathvalidation.ValidationProfile; import iaik.pki.revocation.RevocationProfile; @@ -66,7 +68,7 @@ import iaik.pki.store.truststore.TrustStoreTypes; */ public class PKIProfileImpl extends ObservableImpl implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile { - + /** * URI to the truststore */ @@ -77,6 +79,10 @@ public class PKIProfileImpl extends ObservableImpl */ private boolean revocationChecking; + + private String[] revocationCheckMethode = new String[] {RevocationSourceTypes.CRL}; + protected String ocspRequestHashAlgorithm_ = null; + /** * The trust profile identifier. */ @@ -96,13 +102,6 @@ public class PKIProfileImpl extends ObservableImpl } /** - * @see iaik.pki.PKIProfile#autoAddCertificates() - */ - public boolean autoAddCertificates() { - return true; - } - - /** * @see iaik.pki.PKIProfile#getRevocationProfile() */ public RevocationProfile getRevocationProfile() { @@ -134,23 +133,43 @@ public class PKIProfileImpl extends ObservableImpl * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String) */ public long getMaxRevocationAge(String arg0) { - return 0; + return 0L; } /** * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm() */ public String getOCSPRequestHashAlgorithm() { - return null; + if (ocspRequestHashAlgorithm_ == null) { + try + { + ocspRequestHashAlgorithm_ = AlgorithmID.sha1.getImplementationName(); + } + catch (NoSuchAlgorithmException localNoSuchAlgorithmException) {} + } + return ocspRequestHashAlgorithm_; } + public void setOCSPRequestHashAlgorithm(AlgorithmID paramAlgorithmID) + throws NoSuchAlgorithmException + { + if (paramAlgorithmID == null) { + throw new NullPointerException("Algorithm must not be null."); + } + ocspRequestHashAlgorithm_ = paramAlgorithmID.getImplementationName(); + } + /** * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate) */ public String[] getPreferredServiceOrder(X509Certificate arg0) { - return new String[] {RevocationSourceTypes.CRL}; + return revocationCheckMethode; } + public void setPreferredServiceOrder(String[] order) { + this.revocationCheckMethode = order; + } + /** * @see iaik.pki.store.truststore.TrustStoreProfile#getType() */ @@ -227,4 +246,22 @@ public class PKIProfileImpl extends ObservableImpl public void setId(String id) { this.id = id; } + +/* (non-Javadoc) + * @see iaik.pki.PKIProfile#autoAddCertificates() + */ +@Override +public int autoAddCertificates() { + return 1; + +} + +/* (non-Javadoc) + * @see iaik.pki.PKIProfile#getIndirectRevocationTrustStoreProfile() + */ +@Override +public TrustStoreProfile getIndirectRevocationTrustStoreProfile() { + return null; + +} } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java index b5e0543db..449f77209 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java @@ -46,13 +46,14 @@ package at.gv.egovernment.moa.id.commons.utils.ssl; -import iaik.pki.revocation.RevocationConfiguration; - import java.security.cert.X509Certificate; import java.util.Collections; import java.util.Date; import java.util.Set; +import iaik.pki.revocation.RevocationConfiguration; +import iaik.pki.revocation.dbcrl.config.DBCrlConfig; + /** * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code> * @author Paul Ivancsics @@ -81,4 +82,43 @@ public class RevocationConfigurationImpl extends ObservableImpl implements Revoc return null; } +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#getKeepRevocationInfo() + */ +@Override +public boolean getKeepRevocationInfo() { + return false; +} + +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#getPositiveOCSPResponders() + */ +@Override +public Set getPositiveOCSPResponders() { + +// //TODO: !!!!! ASK Harald !!!!! +// Map<String, String> test = new HashMap<String, String>(); +// test.put("ALL", "ALL"); +// return test.keySet(); + + return Collections.EMPTY_SET; +} + +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#skipIndirectCRLCheckForAlternativeDistributionPoints() + */ +@Override +public boolean skipIndirectCRLCheckForAlternativeDistributionPoints() { + //TODO: !!!!! ASK Harald !!!!! + return false; +} + +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#getDataBaseCRLConfig() + */ +@Override +public DBCrlConfig getDataBaseCRLConfig() { + return null; +} + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java index 68437a04d..4ecda435d 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java @@ -46,25 +46,26 @@ package at.gv.egovernment.moa.id.commons.utils.ssl; -import iaik.pki.PKIConfiguration; -import iaik.pki.PKIException; -import iaik.pki.PKIFactory; -import iaik.pki.PKIProfile; -import iaik.pki.jsse.IAIKX509TrustManager; -import iaik.security.provider.IAIK; - import java.io.IOException; import java.security.GeneralSecurityException; +import java.security.KeyStore; import java.security.Security; import java.util.HashMap; import java.util.Map; import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.KeyStoreUtils; +import iaik.pki.DefaultPKIConfiguration; +import iaik.pki.PKIException; +import iaik.pki.PKIFactory; +//import iaik.pki.jsse.IAIKX509TrustManager; +import iaik.security.provider.IAIK; /** @@ -92,24 +93,7 @@ public class SSLUtils { } - - /** - * Creates an <code>SSLSocketFactory</code> which utilizes an - * <code>IAIKX509TrustManager</code> for the given trust store, - * and the given key store. - * - * @param conf configuration provider providing a generic properties pointing - * to trusted CA store and certificate store root - * @param connParam connection parameter containing the client key store settings - * to be used in case of client authentication; - * if <code>connParam.getClientKeyStore() == null</code>, client authentication - * is assumed to be disabled - * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code> - * @throws IOException thrown while reading key store file - * @throws GeneralSecurityException thrown while creating the socket factory - * @throws ConfigurationException on invalid configuration data - * @throws PKIException while initializing the <code>IAIKX509TrustManager</code> - */ + public static SSLSocketFactory getSSLSocketFactory( String url, String certStoreRootDirParam, @@ -117,9 +101,10 @@ public class SSLUtils { String acceptedServerCertURL, String chainingMode, boolean checkRevocation, + String[] revocationMethodOrder, String clientKeyStoreURL, String clientKeyStorePassword, - String clientKeyStoreType + String clientKeyStoreType ) throws IOException, GeneralSecurityException, SSLConfigurationException, PKIException { @@ -134,9 +119,10 @@ public class SSLUtils { chainingMode, trustStoreURL, acceptedServerCertURL, - checkRevocation); + checkRevocation, + revocationMethodOrder); - KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers( + KeyManager[] kms = getKeyManagers( clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(kms, tms, null); @@ -154,6 +140,68 @@ public class SSLUtils { } /** + * Loads the client key store from file and gets the + * <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>, + * initialized from the given client key store. + * @param clientKeyStoreType key store type of <code>clientKeyStore</code> + * @param clientKeyStoreURL URL of key store containing keys to be used for + * client authentication; if <code>null</code>, the default key store will be utilized + * @param clientKeyStorePassword password used to check the integrity of the client key store; + * if <code>null</code>, it will not be checked + * @return <code>KeyManager</code>s to be used for creating an + * <code>SSLSocketFactory</code> utilizing the given client key store + * @throws IOException thrown while reading from the key store file + * @throws GeneralSecurityException thrown while initializing the + * default <code>KeyManagerFactory</code> + */ + public static KeyManager[] getKeyManagers ( + String clientKeyStoreType, + String clientKeyStoreURL, + String clientKeyStorePassword) + throws IOException, GeneralSecurityException { + + if (clientKeyStoreURL == null) + return null; + + // Set up the KeyStore to use. We need to load the file into + // a KeyStore instance. + KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore( + clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); + return getKeyManagers(clientKeyStore, clientKeyStorePassword); + } + /** + * Gets the <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>, + * initialized from the given client key store. + * @param clientKeyStore client key store + * @param clientKeyStorePassword if provided, it will be used to check + * the integrity of the client key store; if omitted, it will not be checked + * @return <code>KeyManager</code>s to be used for creating an + * <code>SSLSocketFactory</code> utilizing the given client key store + * @throws GeneralSecurityException thrown while initializing the + * default <code>KeyManagerFactory</code> + */ + public static KeyManager[] getKeyManagers ( + KeyStore clientKeyStore, + String clientKeyStorePassword) + throws GeneralSecurityException { + + if (clientKeyStore == null) + return null; + + // Now we initialize the default KeyManagerFactory with this KeyStore + String alg=KeyManagerFactory.getDefaultAlgorithm(); + KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg); + char[] password = null; + if (clientKeyStorePassword != null) + password = clientKeyStorePassword.toCharArray(); + kmFact.init(clientKeyStore, password); + + // And now get the KeyManagers + KeyManager[] kms=kmFact.getKeyManagers(); + return kms; + } + + /** * Initializes an <code>IAIKX509TrustManager</code> for a given trust store, * using configuration data. * @@ -167,18 +215,26 @@ public class SSLUtils { */ private static TrustManager[] getTrustManagers(String certStoreRootDirParam, String chainingMode, String trustStoreURL, String acceptedServerCertURL, - boolean checkRevocation) + boolean checkRevocation, String[] revocationMethodOrder) throws SSLConfigurationException, PKIException, IOException, GeneralSecurityException { - PKIConfiguration cfg = null; - if (! PKIFactory.getInstance().isAlreadyConfigured()) - cfg = new PKIConfigurationImpl(certStoreRootDirParam, chainingMode); - PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation); + DefaultPKIConfiguration cfg = null; + if (! PKIFactory.getInstance().isAlreadyConfigured()) { + CertStoreConfigurationImpl certStoreConf = new CertStoreConfigurationImpl(certStoreRootDirParam); + cfg = new DefaultPKIConfiguration(certStoreConf.getParameters()); + cfg.setChainingMode(chainingMode); + Logger.info("Set-up PKI module configuration ... "); + + } + + PKIProfileImpl profile = new PKIProfileImpl(trustStoreURL, checkRevocation); + profile.setPreferredServiceOrder(revocationMethodOrder); + // This call fixes a bug occuring when PKIConfiguration is // initialized by the MOA-SP initialization code, in case // MOA-SP is called by API MOAIDTrustManager.initializeLoggingContext(); - IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL); + MOAIDTrustManager tm = new MOAIDTrustManager(acceptedServerCertURL); tm.init(cfg, profile); return new TrustManager[] {tm}; } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java deleted file mode 100644 index 51667f010..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.logging; - -/** - * A unified message type to log messages from inside the MOA subsystem. - * - * @author Patrick Peck - * @version $Id$ - */ -public class LogMsg { - /** The message to log. */ - private Object message; - - /** - * Create a <code>LogMsg</code> object. - * - * @param message The actual message to log. May be <code>null</code>. - */ - public LogMsg(Object message) { - this.message = message; - } - - /** - * Convert this log message to a <code>String</code>. - * - * @return The <code>String</code> representation of this log message. - */ - public String toString() { - StringBuffer msg = new StringBuffer(); - LoggingContext ctx = - LoggingContextManager.getInstance().getLoggingContext(); - String tid = ctx != null ? ctx.getTransactionID() : null; - String nodeId = ctx != null ? ctx.getNodeID() : null; - - msg.append("TID="); - msg.append(tid != null ? tid : "<null>"); - msg.append(" NID="); - msg.append(nodeId != null ? nodeId : "<null>"); - msg.append(" MSG="); - msg.append(message != null ? message.toString() : "<null>"); - - return msg.toString(); - } -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java deleted file mode 100644 index f0d7b4c07..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.logging; - -/** - * Provides each thread with a single instance of <code>LoggingContext</code>. - * - * @author Patrick Peck - * @version $Id$ - */ -public class LoggingContextManager { - /** The single instance of this class. */ - private static LoggingContextManager instance = null; - - /** The <code>LoggingContext</code> for each thread. */ - private ThreadLocal context; - - /** - * Get the single instance of the <code>LoggingContextManager</code> class. - * - * @return LoggingContextManager The single instance. - */ - public static synchronized LoggingContextManager getInstance() { - if (instance == null) { - instance = new LoggingContextManager(); - } - return instance; - } - - /** - * Creates a new <code>LoggingContextManager</code>. - * - * Protected to disallow direct instantiation. - */ - protected LoggingContextManager() { - context = new ThreadLocal(); - } - - /** - * Set the <code>LoggingContext</code> context for the current thread. - * - * @param ctx The <code>LoggingContext</code> for the current thread. - */ - public void setLoggingContext(LoggingContext ctx) { - context.set(ctx); - } - - /** - * Return the <code>LoggingContext</code> for the current thread. - * - * @return LoggingContext The <code>LoggingContext</code> for the current - * thread, or <code>null</code> if none has been set. - */ - public LoggingContext getLoggingContext() { - return (LoggingContext) context.get(); - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java index 5a5f4edac..260b2ecb1 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java @@ -24,7 +24,10 @@ package at.gv.egovernment.moa.util; +import java.util.Collections; import java.util.HashMap; +import java.util.Map; + /** * Contains various constants used throughout the system. @@ -509,6 +512,14 @@ public interface Constants { /** * A map used to map namespace prefixes to namespace URIs */ - public static HashMap<String, String> nSMap = new HashMap<String, String>(5); + public static final Map<String, String> nSMap = Collections.unmodifiableMap(new HashMap<String, String>(){ + private static final long serialVersionUID = 3845384324295136490L; + { + put(Constants.SAML_PREFIX, Constants.SAML_NS_URI); + put(Constants.ECDSA_PREFIX, "http://www.w3.org/2001/04/xmldsig-more#"); + put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); + } + }); + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java index 8f3ffd4c6..b1a3f8446 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java @@ -31,7 +31,6 @@ import org.apache.xerces.util.URI.MalformedURIException; import org.xml.sax.EntityResolver; import org.xml.sax.InputSource; -import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; /** @@ -72,7 +71,7 @@ public class MOAEntityResolver implements EntityResolver { if (Logger.isDebugEnabled()) { Logger.debug( - new LogMsg("resolveEntity: p=" + publicId + " s=" + systemId)); + new at.gv.egovernment.moaspss.logging.LogMsg("resolveEntity: p=" + publicId + " s=" + systemId)); } if (publicId != null) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java index 3769b264d..ea71a677f 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java @@ -28,8 +28,8 @@ import org.apache.xml.utils.DefaultErrorHandler; import org.xml.sax.SAXException; import org.xml.sax.SAXParseException; -import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moaspss.logging.LogMsg; /** * An <code>ErrorHandler</code> that logs a message and throws a diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java deleted file mode 100644 index c2c67ec58..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java +++ /dev/null @@ -1,244 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.util; - -import java.io.IOException; -import java.io.InputStream; -import java.security.GeneralSecurityException; -import java.security.KeyStore; - -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; - -/** - * Utility for connecting to server applications via SSL. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SSLUtils { - - /** - * Creates an <code>SSLSocketFactory</code> which utilizes the given trust store. - * - * @param trustStoreType key store type of trust store - * @param trustStoreInputStream input stream for reading JKS trust store containing - * trusted server certificates; if <code>null</code>, the default - * trust store will be utilized - * @param trustStorePassword if provided, it will be used to check - * the integrity of the trust store; if omitted, it will not be checked - * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code> - * @throws IOException thrown while reading from the input stream - * @throws GeneralSecurityException thrown while creating the socket factory - */ - public static SSLSocketFactory getSSLSocketFactory( - String trustStoreType, - InputStream trustStoreInputStream, - String trustStorePassword) - throws IOException, GeneralSecurityException { - - TrustManager[] tms = getTrustManagers(trustStoreType, trustStoreInputStream, trustStorePassword); - SSLContext ctx = SSLContext.getInstance("TLS"); - ctx.init(null, tms, null); - - SSLSocketFactory sf = ctx.getSocketFactory(); - return sf; - } - /** - * Creates an <code>SSLSocketFactory</code> which utilizes the - * given trust store and keystore. - * - * @param trustStore trust store containing trusted server certificates; - * if <code>null</code>, the default trust store will be utilized - * @param clientKeyStoreType key store type of <code>clientKeyStore</code> - * @param clientKeyStoreURL URL of key store containing keys to be used for - * client authentication; if <code>null</code>, the default key store will be utilized - * @param clientKeyStorePassword if provided, it will be used to check - * the integrity of the client key store; if omitted, it will not be checked - * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code> - * @throws IOException thrown while reading key store file - * @throws GeneralSecurityException thrown while creating the socket factory - */ - public static SSLSocketFactory getSSLSocketFactory( - KeyStore trustStore, - String clientKeyStoreType, - String clientKeyStoreURL, - String clientKeyStorePassword) - throws IOException, GeneralSecurityException { - - SSLContext ctx = getSSLContext( - trustStore, clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); - SSLSocketFactory sf = ctx.getSocketFactory(); - return sf; - } - /** - * Creates an <code>SSLContext</code> initialized for the - * given trust store and keystore. - * - * @param trustStore trust store containing trusted server certificates; - * if <code>null</code>, the default trust store will be utilized - * @param clientKeyStoreType key store type of <code>clientKeyStore</code> - * @param clientKeyStoreURL URL of key store containing keys to be used for - * client authentication; if <code>null</code>, the default key store will be utilized - * @param clientKeyStorePassword if provided, it will be used to check - * the integrity of the client key store; if omitted, it will not be checked - * @return <code>SSLContext</code> to be used for creating an <code>SSLSocketFactory</code> - * @throws IOException thrown while reading key store file - * @throws GeneralSecurityException thrown while creating the SSL context - */ - public static SSLContext getSSLContext( - KeyStore trustStore, - String clientKeyStoreType, - String clientKeyStoreURL, - String clientKeyStorePassword) - throws IOException, GeneralSecurityException { - - TrustManager[] tms = getTrustManagers(trustStore); - KeyManager[] kms = getKeyManagers(clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); - SSLContext ctx = SSLContext.getInstance("TLS"); - ctx.init(kms, tms, null); - return ctx; - } - /** - * Loads the trust store from an input stream and gets the - * <code>TrustManager</code>s from a default <code>TrustManagerFactory</code>, - * initialized from the given trust store. - * @param trustStoreType key store type of trust store - * @param trustStoreInputStream input stream for reading JKS trust store containing - * trusted server certificates; if <code>null</code>, the default - * trust store will be utilized - * @param trustStorePassword if provided, it will be used to check - * the integrity of the trust store; if omitted, it will not be checked - * @return <code>TrustManager</code>s to be used for creating an - * <code>SSLSocketFactory</code> utilizing the given trust store - * @throws IOException thrown while reading from the input stream - * @throws GeneralSecurityException thrown while initializing the - * default <code>TrustManagerFactory</code> - */ - protected static TrustManager[] getTrustManagers( - String trustStoreType, - InputStream trustStoreInputStream, - String trustStorePassword) - throws IOException, GeneralSecurityException { - - if (trustStoreInputStream == null) - return null; - - // Set up the TrustStore to use. We need to load the file into - // a KeyStore instance. - KeyStore trustStore = KeyStoreUtils.loadKeyStore(trustStoreType, trustStoreInputStream, trustStorePassword); - return getTrustManagers(trustStore); - } - /** - * Gets the <code>TrustManager</code>s from a default <code>TrustManagerFactory</code>, - * initialized from the given trust store. - * - * @param trustStore the trust store to use - * @return <code>TrustManager</code>s to be used for creating an - * <code>SSLSocketFactory</code> utilizing the given trust store - * @throws GeneralSecurityException thrown while initializing the - * default <code>TrustManagerFactory</code> - */ - protected static TrustManager[] getTrustManagers(KeyStore trustStore) - throws GeneralSecurityException { - - if (trustStore == null) - return null; - - // Initialize the default TrustManagerFactory with this KeyStore - String alg=TrustManagerFactory.getDefaultAlgorithm(); - TrustManagerFactory tmFact=TrustManagerFactory.getInstance(alg); - tmFact.init(trustStore); - - // And now get the TrustManagers - TrustManager[] tms=tmFact.getTrustManagers(); - return tms; - } - /** - * Loads the client key store from file and gets the - * <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>, - * initialized from the given client key store. - * @param clientKeyStoreType key store type of <code>clientKeyStore</code> - * @param clientKeyStoreURL URL of key store containing keys to be used for - * client authentication; if <code>null</code>, the default key store will be utilized - * @param clientKeyStorePassword password used to check the integrity of the client key store; - * if <code>null</code>, it will not be checked - * @return <code>KeyManager</code>s to be used for creating an - * <code>SSLSocketFactory</code> utilizing the given client key store - * @throws IOException thrown while reading from the key store file - * @throws GeneralSecurityException thrown while initializing the - * default <code>KeyManagerFactory</code> - */ - public static KeyManager[] getKeyManagers ( - String clientKeyStoreType, - String clientKeyStoreURL, - String clientKeyStorePassword) - throws IOException, GeneralSecurityException { - - if (clientKeyStoreURL == null) - return null; - - // Set up the KeyStore to use. We need to load the file into - // a KeyStore instance. - KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore( - clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); - return getKeyManagers(clientKeyStore, clientKeyStorePassword); - } - /** - * Gets the <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>, - * initialized from the given client key store. - * @param clientKeyStore client key store - * @param clientKeyStorePassword if provided, it will be used to check - * the integrity of the client key store; if omitted, it will not be checked - * @return <code>KeyManager</code>s to be used for creating an - * <code>SSLSocketFactory</code> utilizing the given client key store - * @throws GeneralSecurityException thrown while initializing the - * default <code>KeyManagerFactory</code> - */ - public static KeyManager[] getKeyManagers ( - KeyStore clientKeyStore, - String clientKeyStorePassword) - throws GeneralSecurityException { - - if (clientKeyStore == null) - return null; - - // Now we initialize the default KeyManagerFactory with this KeyStore - String alg=KeyManagerFactory.getDefaultAlgorithm(); - KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg); - char[] password = null; - if (clientKeyStorePassword != null) - password = clientKeyStorePassword.toCharArray(); - kmFact.init(clientKeyStore, password); - - // And now get the KeyManagers - KeyManager[] kms=kmFact.getKeyManagers(); - return kms; - } -} |