aboutsummaryrefslogtreecommitdiff
path: root/id/server/moa-id-commons
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/moa-id-commons')
-rw-r--r--id/server/moa-id-commons/pom.xml8
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java31
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java14
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java68
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java23
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java9
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java34
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java88
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java27
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java1
10 files changed, 220 insertions, 83 deletions
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index c4007fc80..fd8ddc7fb 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -215,7 +215,7 @@
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-xjc</artifactId>
- <version>2.2.11</version>
+ <version>2.3.0</version>
</dependency>
<dependency>
@@ -227,7 +227,7 @@
<dependency>
<groupId>org.jvnet.jaxb2_commons</groupId>
<artifactId>jaxb2-basics-runtime</artifactId>
- <version>0.11.0</version>
+ <version>1.11.1</version>
</dependency>
<dependency>
@@ -257,7 +257,7 @@
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-jpa</artifactId>
- <version>1.10.4.RELEASE</version>
+ <version>${org.springframework.data.spring-data-jpa}</version>
</dependency>
@@ -301,7 +301,7 @@
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-dbcp2</artifactId>
- <version>2.1.1</version>
+ <version>${org.apache.commons.commons.dbcp2}</version>
</dependency>
<dependency>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
index b16941f51..6f6735d48 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
@@ -9,6 +9,7 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import iaik.asn1.ObjectID;
@@ -123,12 +124,12 @@ public class MOAIDAuthConstants extends MOAIDConstants{
/** List of OWs */
public static final List<ObjectID> OW_LIST = Arrays.asList(
new ObjectID(OW_ORGANWALTER));
-
- /**BKU type identifiers to use bkuURI from configuration*/
- public static final String REQ_BKU_TYPE_LOCAL = "local";
- public static final String REQ_BKU_TYPE_ONLINE = "online";
- public static final String REQ_BKU_TYPE_HANDY = "handy";
- public static final List<String> REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY);
+
+ public static final List<String> REQ_BKU_TYPES = Arrays.asList(
+ IOAAuthParameters.HANDYBKU,
+ IOAAuthParameters.LOCALBKU,
+ IOAAuthParameters.THIRDBKU,
+ IOAAuthParameters.ONLINEBKU);
public static final List<String> LEGACYPARAMETERWHITELIST
= Arrays.asList(PARAM_TARGET, PARAM_BKU, PARAM_OA, PARAM_TEMPLATE, PARAM_USEMANDATE, PARAM_CCC, PARAM_SOURCEID);
@@ -171,24 +172,32 @@ public class MOAIDAuthConstants extends MOAIDConstants{
public static final String REGEX_PATTERN_TARGET = "^[A-Za-z]{2}(-.*)?$";
+ //MDC variables for logging
public static final String MDC_TRANSACTION_ID = "transactionId";
public static final String MDC_SESSION_ID = "sessionId";
+ public static final String MDC_SERVICEPROVIDER_ID = "oaId";
//AuthnRequest IssueInstant validation
public static final int TIME_JITTER = 5; //all 5 minutes time jitter
-
+
+ //General MOASession data-store keys
+ public static final String MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE = "holderofkey_cert";
+
+ //Process context keys
public static final String PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH = "interfederationAuthentication";
public static final String PROCESSCONTEXT_REQUIRELOCALAUTHENTICATION = "requireLocalAuthentication";
public static final String PROCESSCONTEXT_PERFORM_BKUSELECTION = "performBKUSelection";
public static final String PROCESSCONTEXT_ISLEGACYREQUEST = "isLegacyRequest";
public static final String PROCESSCONTEXT_UNIQUE_OA_IDENTFIER = "uniqueSPId";
+ public static final String PROCESSCONTEXT_SSL_CLIENT_CERTIFICATE = MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE;
//General protocol-request data-store keys
+ public static final String AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE = "authProces_SecurityLayerTemplate";
+
+ @Deprecated
public static final String AUTHPROCESS_DATA_TARGET = "authProces_Target";
+ @Deprecated
public static final String AUTHPROCESS_DATA_TARGETFRIENDLYNAME = "authProces_TargetFriendlyName";
- public static final String AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE = "authProces_SecurityLayerTemplate";
- //General MOASession data-store keys
- public static final String MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE = "holderofkey_cert";
-
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
index e9f9a7e80..98f0616a5 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
@@ -28,6 +28,8 @@ import java.util.Hashtable;
import java.util.List;
import java.util.Map;
+import at.gv.egovernment.moa.util.Constants;
+
/**
* @author tlenz
*
@@ -40,9 +42,15 @@ public class MOAIDConstants {
public static final String FILE_URI_PREFIX = "file:/";
- public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+";
- public static final String PREFIX_STORK = "urn:publicid:gv.at:storkid+";
- public static final String PREFIX_EIDAS = "urn:publicid:gv.at:eidasid+";
+ public static final String PREFIX_BASEID = Constants.URN_PREFIX_BASEID;
+ public static final String PREFIX_PBK = Constants.URN_PREFIX_BPK;
+ public static final String PREFIX_HPI = Constants.URN_PREFIX_HPI;
+
+ public static final String PREFIX_CDID = Constants.URN_PREFIX_CDID + "+";
+ public static final String PREFIX_WPBK = Constants.URN_PREFIX_WBPK + "+";
+ public static final String PREFIX_STORK = Constants.URN_PREFIX_STORK + "+";
+ public static final String PREFIX_EIDAS = Constants.URN_PREFIX_EIDAS + "+";
+
public static final String IDENIFICATIONTYPE_FN = "FN";
public static final String IDENIFICATIONTYPE_ERSB = "ERSB";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index bba6d0541..1e1bfa94b 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -31,6 +31,7 @@ import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
/**
* @author tlenz
@@ -38,9 +39,16 @@ import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin;
*/
public interface IOAAuthParameters {
- public static final String ONLINEBKU = "online";
+ public static final String CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL = "configuration.restrictions.baseID.idpProcessing";
+ public static final String CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION = "configuration.restrictions.baseID.spTransmission";
+
+ public static final String THIRDBKU = "thirdBKU";
public static final String HANDYBKU = "handy";
public static final String LOCALBKU = "local";
+
+ @Deprecated
+ public static final String ONLINEBKU = "online";
+
public static final String INDERFEDERATEDIDP = "interfederated";
public static final String EIDAS = "eIDAS";
public static final String AUTHTYPE_OTHERS = "others";
@@ -63,20 +71,52 @@ public interface IOAAuthParameters {
public String getFriendlyName();
public String getPublicURLPrefix();
-
- public String getOaType();
- public boolean getBusinessService();
+ /**
+ * Indicates if this online applications has private area restrictions that disallow baseId processing in general
+ * This restriction is evaluated from area-identifier of this online application and a policy from configuration.
+ * The configuration key 'configuration.restrictions.baseID.idpProcessing' specifies a list of comma-separated values
+ * of area-identifier prefixes that are allowed to receive a baseID. By default only the prefix
+ * 'urn:publicid:gv.at:cdid+' is allowed to receive baseIDs
+ *
+ * @return true if there is a restriction, otherwise false
+ * @throws ConfigurationException In case of online-application configuration has public and private identifies
+ */
+ public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException;
+
/**
- * Get target of a public service-provider
+ * Indicates if this online applications has private area restrictions that disallow baseId transfer to OA
+ * This restriction is evaluated from area-identifier of this online application and a policy from configuration.
+ * The configuration key 'configuration.restrictions.baseID.spTransmission' specifies a list of comma-separated values
+ * of area-identifier prefixes that are allowed to receive a baseID. By default only the prefix
+ * 'urn:publicid:gv.at:cdid+' is allowed to receive baseIDs
*
- * @return target identifier without prefix
+ * @return true if there is a restriction, otherwise false
+ * @throws ConfigurationException In case of online-application configuration has public and private identifies
*/
- public String getTarget();
+ public boolean hasBaseIdTransferRestriction() throws ConfigurationException;
- public String getTargetFriendlyName();
+ /**
+ * Get the full area-identifier for this online application to calculate the
+ * area-specific unique person identifier (bPK, wbPK, eIDAS unique identifier, ...).
+ * This identifier always contains the full prefix
+ *
+ * @return area identifier with prefix
+ * @throws ConfigurationException In case of online-application configuration has public and private identifies
+ */
+ public String getAreaSpecificTargetIdentifier() throws ConfigurationException;
+
+ /**
+ * Get a friendly name for the specific area-identifier of this online application
+ *
+ * @return fiendly name of the area-identifier
+ * @throws ConfigurationException In case of online-application configuration has public and private identifies
+ */
+ public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException;
+
+
public boolean isInderfederationIDP();
public boolean isSTORKPVPGateway();
@@ -84,13 +124,6 @@ public interface IOAAuthParameters {
public boolean isRemovePBKFromAuthBlock();
/**
- * Return the private-service domain-identifier with PreFix
- *
- * @return the identityLinkDomainIdentifier
- */
- public String getIdentityLinkDomainIdentifier();
-
- /**
* @return the keyBoxIdentifier
*/
public String getKeyBoxIdentifier();
@@ -138,11 +171,6 @@ public interface IOAAuthParameters {
*/
public List<String> getMandateProfiles();
- /**
- * @return the identityLinkDomainIdentifierType
- */
- public String getIdentityLinkDomainIdentifierType();
-
public boolean isShowMandateCheckBox();
public boolean isOnlyMandateAllowed();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index b8284c8f9..93f26051c 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -143,7 +143,9 @@ public class ConfigurationMigrationUtils {
if (MiscUtil.isNotEmpty(oa.getEventCodes())) {
result.put(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES, oa.getEventCodes());
}
-
+
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL, oa.getMandateServiceSelectionTemplateURL());
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, oa.getSaml2PostBindingTemplateURL());
//convert target
String target_full = oa.getTarget();
@@ -206,7 +208,7 @@ public class ConfigurationMigrationUtils {
if (bkuurls != null) {
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY, bkuurls.getHandyBKU());
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL, bkuurls.getLocalBKU());
- result.put(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE, bkuurls.getOnlineBKU());
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD, bkuurls.getOnlineBKU());
}
@@ -769,6 +771,9 @@ public class ConfigurationMigrationUtils {
}
dbOA.setSelectedSZRGWServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL));
+
+ dbOA.setMandateServiceSelectionTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL));
+ dbOA.setSaml2PostBindingTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL));
if (Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE))) {
dbOA.setType(MOA_CONFIG_BUSINESSSERVICE);
@@ -826,7 +831,7 @@ public class ConfigurationMigrationUtils {
authoa.setBKUURLS(bkuruls);
bkuruls.setHandyBKU(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY));
bkuruls.setLocalBKU(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL));
- bkuruls.setOnlineBKU(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE));
+ bkuruls.setOnlineBKU(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD));
//store SecurtiyLayerTemplates
TemplatesType templates = authoa.getTemplates();
@@ -1433,7 +1438,7 @@ public class ConfigurationMigrationUtils {
defaultbkus.getHandyBKU());
result.put(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_LOCAL,
defaultbkus.getLocalBKU());
- result.put(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_ONLINE,
+ result.put(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_THIRD,
defaultbkus.getOnlineBKU());
}
@@ -1443,7 +1448,7 @@ public class ConfigurationMigrationUtils {
slreq.getHandyBKU());
result.put(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL,
slreq.getLocalBKU());
- result.put(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_ONLINE,
+ result.put(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_THIRD,
slreq.getOnlineBKU());
}
@@ -1706,8 +1711,8 @@ public class ConfigurationMigrationUtils {
if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_HANDY)))
dbbkus.setHandyBKU(moaconfig.get(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_HANDY));
- if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_ONLINE)))
- dbbkus.setOnlineBKU(moaconfig.get(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_ONLINE));
+ if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_THIRD)))
+ dbbkus.setOnlineBKU(moaconfig.get(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_THIRD));
if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_LOCAL)))
dbbkus.setLocalBKU(moaconfig.get(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_LOCAL));
@@ -1895,8 +1900,8 @@ public class ConfigurationMigrationUtils {
slrequesttempl.setHandyBKU(moaconfig.get(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY));
if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL)))
slrequesttempl.setLocalBKU(moaconfig.get(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL));
- if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_ONLINE)))
- slrequesttempl.setOnlineBKU(moaconfig.get(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_ONLINE));
+ if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_THIRD)))
+ slrequesttempl.setOnlineBKU(moaconfig.get(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_THIRD));
if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_TRUSTSTORE_URL)))
dbconfig.setTrustedCACertificates(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_TRUSTSTORE_URL));
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
index 9fe90daa4..695df3123 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
@@ -70,7 +70,7 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
public static final String SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME = SERVICE_AUTH_TARGET_PUBLIC + ".own.name";
private static final String SERVICE_AUTH_BKU = AUTH + "." + BKU;
- public static final String SERVICE_AUTH_BKU_ONLINE = SERVICE_AUTH_BKU + ".onlineBKU";
+ public static final String SERVICE_AUTH_BKU_THIRD = SERVICE_AUTH_BKU + ".onlineBKU";
public static final String SERVICE_AUTH_BKU_LOCAL = SERVICE_AUTH_BKU + ".localBKU";
public static final String SERVICE_AUTH_BKU_HANDY = SERVICE_AUTH_BKU + ".handyBKU";
public static final String SERVICE_AUTH_BKU_KEYBOXIDENTIFIER = SERVICE_AUTH_BKU + ".keyBoxIdentifier";
@@ -105,6 +105,9 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
public static final String SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT = SERVICE_AUTH_TEMPLATES_CUSTOMIZATION + ".applet.hight";
public static final String SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH = SERVICE_AUTH_TEMPLATES_CUSTOMIZATION + ".applet.width";
+ public static final String SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL = SERVICE_AUTH_TEMPLATES + ".saml2.postbinding.url";
+ public static final String SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL = SERVICE_AUTH_TEMPLATES + ".elga.mandateserviceselection.url";
+
private static final String SERVICE_AUTH_TESTCREDENTIALS = AUTH + "." + TESTCREDENTIALS;
public static final String SERVICE_AUTH_TESTCREDENTIALS_ENABLED = SERVICE_AUTH_TESTCREDENTIALS + ".enabled";
public static final String SERVICE_AUTH_TESTCREDENTIALS_OIDs = SERVICE_AUTH_TESTCREDENTIALS + ".oids";
@@ -193,13 +196,13 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
private static final String GENERAL_DEFAULTS = PREFIX_MOAID_GENERAL + ".defaults";
private static final String GENERAL_DEFAULTS_BKU = GENERAL_DEFAULTS + "." + BKU;
- public static final String GENERAL_DEFAULTS_BKU_ONLINE = GENERAL_DEFAULTS_BKU + ".onlineBKU";
+ public static final String GENERAL_DEFAULTS_BKU_THIRD = GENERAL_DEFAULTS_BKU + ".onlineBKU";
public static final String GENERAL_DEFAULTS_BKU_HANDY = GENERAL_DEFAULTS_BKU + ".handyBKU";
public static final String GENERAL_DEFAULTS_BKU_LOCAL = GENERAL_DEFAULTS_BKU + ".localBKU";
private static final String GENERAL_DEFAULTS_TEMPLATES = GENERAL_DEFAULTS + "." + TEMPLATES;
public static final String GENERAL_DEFAULTS_TEMPLATES_LOCAL = GENERAL_DEFAULTS_TEMPLATES + ".localBKU";
public static final String GENERAL_DEFAULTS_TEMPLATES_HANDY = GENERAL_DEFAULTS_TEMPLATES + ".handyBKU";
- public static final String GENERAL_DEFAULTS_TEMPLATES_ONLINE = GENERAL_DEFAULTS_TEMPLATES + ".onlineBKU";
+ public static final String GENERAL_DEFAULTS_TEMPLATES_THIRD = GENERAL_DEFAULTS_TEMPLATES + ".onlineBKU";
private static final String GENERAL_AUTH = PREFIX_MOAID_GENERAL + ".auth";
private static final String GENERAL_AUTH_CERTIFICATE = GENERAL_AUTH + ".certificate";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
index 4aee10bc1..196923ce6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
@@ -109,10 +109,44 @@ public class OnlineApplication
@XmlTransient
protected String selectedSZRGWServiceURL = null;
+ @XmlTransient
+ protected String saml2PostBindingTemplateURL = null;
+
+ @XmlTransient
+ protected String mandateServiceSelectionTemplateURL = null;
+
/**
+ * @return the saml2PostBindingTemplateURL
+ */
+ public String getSaml2PostBindingTemplateURL() {
+ return saml2PostBindingTemplateURL;
+ }
+
+ /**
+ * @param saml2PostBindingTemplateURL the saml2PostBindingTemplateURL to set
+ */
+ public void setSaml2PostBindingTemplateURL(String saml2PostBindingTemplateURL) {
+ this.saml2PostBindingTemplateURL = saml2PostBindingTemplateURL;
+ }
+
+ /**
+ * @return the mandateServiceSelectionTemplateURL
+ */
+ public String getMandateServiceSelectionTemplateURL() {
+ return mandateServiceSelectionTemplateURL;
+ }
+
+ /**
+ * @param mandateServiceSelectionTemplateURL the mandateServiceSelectionTemplateURL to set
+ */
+ public void setMandateServiceSelectionTemplateURL(String mandateServiceSelectionTemplateURL) {
+ this.mandateServiceSelectionTemplateURL = mandateServiceSelectionTemplateURL;
+ }
+
+ /**
* @return the selectedSZRGWServiceURL
*/
public String getSelectedSZRGWServiceURL() {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
index 9fc6f799d..dd606ea18 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
@@ -57,6 +57,8 @@ import java.util.ArrayList;
import java.util.List;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moaspss.logging.LoggingContext;
import at.gv.egovernment.moaspss.logging.LoggingContextManager;
import iaik.pki.jsse.IAIKX509TrustManager;
@@ -72,21 +74,27 @@ import iaik.pki.jsse.IAIKX509TrustManager;
public class MOAIDTrustManager extends IAIKX509TrustManager {
/** an x509Certificate array containing all accepted server certificates*/
- private X509Certificate[] acceptedServerCertificates;
+ private X509Certificate[] acceptedServerCertificates = null;
/**
* Constructor
* @param acceptedServerCertificateStoreURL the url leading to the acceptedServer cert store
* @throws GeneralSecurityException occurs on security errors
* @throws IOException occurs on IO errors
+ * @throws SSLConfigurationException
*/
public MOAIDTrustManager(String acceptedServerCertificateStoreURL)
- throws IOException, GeneralSecurityException {
+ throws IOException, GeneralSecurityException, SSLConfigurationException {
- if (acceptedServerCertificateStoreURL != null)
- buildAcceptedServerCertificates(acceptedServerCertificateStoreURL);
- else
- acceptedServerCertificates = null;
+ if (acceptedServerCertificateStoreURL != null && MiscUtil.isNotEmpty(acceptedServerCertificateStoreURL.trim())) {
+ Logger.info("Initialize SSL-TrustStore with explicit accepted server-certificates");
+ buildAcceptedServerCertificates(acceptedServerCertificateStoreURL);
+
+ } else {
+ Logger.info("Initialize SSL-TrustStore without explicit accepted server-certificates");
+ acceptedServerCertificates = null;
+
+ }
}
@@ -111,26 +119,72 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
* containing accepted server X509 certificates
* @throws GeneralSecurityException on security errors
* @throws IOException on any IO errors
+ * @throws SSLConfigurationException
*/
private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL)
- throws IOException, GeneralSecurityException {
-
+ throws IOException, GeneralSecurityException, SSLConfigurationException {
List<X509Certificate> certList = new ArrayList<X509Certificate>();
URL storeURL = new URL(acceptedServerCertificateStoreURL);
+
+ //check URL to TrustStore
+ if (storeURL.getFile() == null) {
+ Logger.error("Can NOT initialize SSLTrustManager. TrustStore: " + acceptedServerCertificateStoreURL
+ + " is NOT found");
+ throw new SSLConfigurationException("config.29", new Object[]{acceptedServerCertificateStoreURL, "File or Directory NOT found!"});
+
+ }
File storeDir = new File(storeURL.getFile());
- // list certificate files in directory
- File[] certFiles = storeDir.listFiles();
+
+ //check directory and files
+ if (storeDir == null || storeDir.listFiles() == null) {
+ Logger.error("Can NOT initialize SSLTrustManager. TrustStore: " + acceptedServerCertificateStoreURL
+ + " is NOT found");
+ throw new SSLConfigurationException("config.29", new Object[]{acceptedServerCertificateStoreURL, "Files or Directory NOT found!"});
+
+ }
+
+ // list certificate files in directory
+ File[] certFiles = storeDir.listFiles();
for (int i = 0; i < certFiles.length; i++) {
- // for each: create an X509Certificate and store it in list
- File certFile = certFiles[i];
- FileInputStream fis = new FileInputStream(certFile.getPath());
- CertificateFactory certFact = CertificateFactory.getInstance("X.509");
- X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis);
- fis.close();
- certList.add(cert);
+ // for each: create an X509Certificate and store it in list
+ File certFile = certFiles[i];
+ FileInputStream fis = null;
+ try {
+ fis = new FileInputStream(certFile.getPath());
+ CertificateFactory certFact = CertificateFactory.getInstance("X.509");
+ X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis);
+ certList.add(cert);
+
+ } catch (Exception e) {
+ Logger.error("Can NOT initialize SSLTrustManager. Certificate: " + certFile.getPath()
+ + " is not loadable, Reason: " + e.getMessage());
+
+ if (Logger.isDebugEnabled()) {
+ try {
+ if (fis != null)
+ Logger.debug("Certificate: " + Base64Utils.encode(fis));
+
+ } catch (Exception e1) {
+ Logger.warn("Can NOT log content of certificate: " + certFile.getPath()
+ + ". Reason: " + e.getMessage(), e);
+
+ }
+ }
+
+ throw new SSLConfigurationException("config.28", new Object[]{certFile.getPath(), e.getMessage()}, e);
+
+ } finally {
+ if (fis != null)
+ fis.close();
+
+ }
}
+
// store acceptedServerCertificates
acceptedServerCertificates = (X509Certificate[]) certList.toArray(new X509Certificate[0]);
+ Logger.debug("Add #" + acceptedServerCertificates.length
+ + " certificates as 'AcceptedServerCertificates' from: " + acceptedServerCertificateStoreURL );
+
}
/**
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index 109390132..abf2d211c 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -49,7 +49,6 @@ package at.gv.egovernment.moa.id.commons.utils.ssl;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
-import java.security.Security;
import java.util.HashMap;
import java.util.Map;
@@ -66,8 +65,6 @@ import at.gv.egovernment.moaspss.logging.LoggingContextManager;
import iaik.pki.DefaultPKIConfiguration;
import iaik.pki.PKIException;
import iaik.pki.PKIFactory;
-//import iaik.pki.jsse.IAIKX509TrustManager;
-import iaik.security.provider.IAIK;
/**
@@ -83,18 +80,18 @@ public class SSLUtils {
/** SSLSocketFactory store, mapping URL->SSLSocketFactory **/
private static Map<String, SSLSocketFactory> sslSocketFactories = new HashMap<String, SSLSocketFactory>();
- /**
- * Initializes the SSLSocketFactory store.
- */
- public static void initialize() {
- sslSocketFactories = new HashMap<String, SSLSocketFactory>();
- // JSSE Abhängigkeit
- //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
- Security.addProvider(new IAIK());
- //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
-
-
- }
+// /**
+// * Initializes the SSLSocketFactory store.
+// */
+// public static void initialize() {
+// sslSocketFactories = new HashMap<String, SSLSocketFactory>();
+// // JSSE Abhängigkeit
+// //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+// Security.addProvider(new IAIK());
+// //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+//
+//
+// }
/**
* IAIK PKI module and MOA-SIG uses a ThreadLocal variable for logging
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
index 2a4e3b362..1d94e5da0 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -454,7 +454,6 @@ public interface Constants {
/** URN prefix for context dependent id (stork). */
public static final String URN_PREFIX_STORK = URN_PREFIX + ":storkid";
- //TODO: update to eIDAS prefix
/** URN prefix for context dependent id (eIDAS). */
public static final String URN_PREFIX_EIDAS = URN_PREFIX + ":eidasid";