aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-openID/src
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-module-openID/src')
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java76
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java70
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java74
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Util.java111
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/Pair.java45
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java299
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java48
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java47
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java51
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java49
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java47
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java58
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java47
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java47
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java47
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java47
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20AccessDeniedException.java34
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20CertificateErrorException.java34
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java71
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidClientException.java34
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidGrantException.java34
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidRequestException.java35
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java44
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ResponseTypeException.java34
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java34
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20UnauthorizedClientException.java34
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20WrongParameterException.java34
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Signer.java121
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Verifier.java84
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java116
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthJsonToken.java49
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSignatureAlgorithm.java63
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSigner.java29
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java214
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java243
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java148
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java215
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java124
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java166
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo1
-rw-r--r--id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java131
-rw-r--r--id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/OAuth20ErrorsTests.java184
-rw-r--r--id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/OAuth20GoogleClientTestCase.java158
-rw-r--r--id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/OAuth20UtilTest.java70
44 files changed, 3701 insertions, 0 deletions
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
new file mode 100644
index 000000000..e2ac97535
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
@@ -0,0 +1,76 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20;
+
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.util.FileUtils;
+
+public class OAuth20Configuration {
+
+ private static OAuth20Configuration instance;
+
+ public static OAuth20Configuration getInstance() {
+ if (instance == null) {
+ instance = new OAuth20Configuration();
+ }
+ return instance;
+ }
+
+ public static final String JWT_KEYSTORE = "jwt.ks.file";
+ public static final String JWT_KEYSTORE_PASSWORD = "jwt.ks.password";
+ public static final String JWT_KEY_NAME = "jwt.ks.key.name";
+ public static final String JWT_KEY_PASSWORD = "jwt.ks.key.password";
+
+ private Properties props;
+ private String rootDir = null;
+
+ private OAuth20Configuration() {
+ try {
+ props = AuthConfigurationProviderFactory.getInstance().getGeneralOAuth20ProperiesConfig();
+ rootDir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir();
+ }
+ catch (ConfigurationException e) {
+ e.printStackTrace();
+ }
+ }
+
+ public String getJWTKeyStore() {
+ return FileUtils.makeAbsoluteURL(props.getProperty(JWT_KEYSTORE), rootDir);
+ }
+
+ public String getJWTKeyStorePassword() {
+ return props.getProperty(JWT_KEYSTORE_PASSWORD).trim();
+ }
+
+ public String getJWTKeyName() {
+ return props.getProperty(JWT_KEY_NAME).trim();
+ }
+
+ public String getJWTKeyPassword() {
+ return props.getProperty(JWT_KEY_PASSWORD).trim();
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
new file mode 100644
index 000000000..b0736ff2e
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
@@ -0,0 +1,70 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20;
+
+public final class OAuth20Constants {
+
+ private OAuth20Constants() {
+ throw new InstantiationError();
+ }
+
+ public static final String ERRORPAGE = "moa_errorcodes.html";
+
+ // error parameters and error codes
+ public static final String PARAM_ERROR = "error";
+ public static final String PARAM_ERROR_DESCRIPTION = "error_description";
+ public static final String PARAM_ERROR_URI = "error_uri";
+
+ public static final String ERROR_INVALID_REQUEST = "invalid_request";
+ public static final String ERROR_UNSUPPORTED_RESPONSE_TYPE = "unsupported_response_type";
+ public static final String ERROR_INVALID_CLIENT = "invalid_client";
+ public static final String ERROR_ACCESS_DENIED = "access_denied";
+ public static final String ERROR_SERVER_ERROR = "server_error";
+ public static final String ERROR_INVALID_GRANT = "invalid_grant";
+ public static final String ERROR_UNAUTHORIZED_CLIENT = "unauthorized_client";
+
+ // request parameters
+ //public static final String PARAM_OA_URL = "oaURL";
+ public static final String PARAM_RESPONSE_TYPE = "response_type";
+ public static final String PARAM_REDIRECT_URI = "redirect_uri";
+ public static final String PARAM_STATE = "state";
+ public static final String PARAM_NONCE = "nonce";
+ public static final String PARAM_GRANT_TYPE = "grant_type";
+ public static final String PARAM_GRANT_TYPE_VALUE_AUTHORIZATION_CODE = "authorization_code";
+ public static final String PARAM_CLIENT_ID = "client_id";
+ public static final String PARAM_CLIENT_SECRET = "client_secret";
+ public static final String PARAM_SCOPE = "scope";
+ public static final String PARAM_MOA_MOD = "mod";
+ public static final String PARAM_MOA_ACTION = "action";
+
+
+ // reponse parameters
+ public static final String RESPONSE_CODE = "code";
+ public static final String RESPONSE_TOKEN = "token";
+ public static final String RESPONSE_ACCESS_TOKEN = "access_token";
+ public static final String RESPONSE_ID_TOKEN = "id_token";
+ public static final String RESPONSE_EXPIRES_IN = "expires_in";
+ public static final String RESPONSE_TOKEN_TYPE = "token_type";
+ public static final String RESPONSE_TOKEN_TYPE_VALUE_BEARER = "Bearer";
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java
new file mode 100644
index 000000000..4a33a44b7
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java
@@ -0,0 +1,74 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20;
+
+import java.io.Serializable;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+
+public class OAuth20SessionObject implements Serializable {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ private String scope;
+
+ private String code;
+
+ private Map<String, Object> authDataSession;
+
+ public String getScope() {
+ return scope;
+ }
+
+ public void setScope(String scope) {
+ this.scope = scope;
+ }
+
+ /**
+ * @return the code
+ */
+ public String getCode() {
+ return code;
+ }
+
+ /**
+ * @param code
+ * the code to set
+ */
+ public void setCode(String code) {
+ this.code = code;
+ }
+
+ public Map<String, Object> getAuthDataSession() {
+ return authDataSession;
+ }
+
+ public void setAuthDataSession(Map<String, Object> idToken) {
+ this.authDataSession = idToken;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Util.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Util.java
new file mode 100644
index 000000000..912060949
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Util.java
@@ -0,0 +1,111 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20;
+
+import java.io.UnsupportedEncodingException;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.apache.commons.lang.StringUtils;
+
+import com.google.gson.JsonObject;
+
+public final class OAuth20Util {
+
+ public static final String REGEX_HTTPS = "^(https?)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]";
+ public static final String REGEX_FILE = "^(file):/.[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]";
+
+ private OAuth20Util() {
+ throw new InstantiationError();
+ }
+
+ /**
+ * Simple helper function to add parameter to a url
+ *
+ * @param url
+ * @param name
+ * @param value
+ * @throws UnsupportedEncodingException
+ */
+ public static void addParameterToURL(final StringBuilder url, final String name, final String value)
+ throws UnsupportedEncodingException {
+ if (url.indexOf("?") < 0) {
+ url.append("?");
+ } else {
+ url.append("&");
+ }
+ // URLEncoder.encode(value, "UTF-8")
+ url.append(name).append("=").append(value);
+ }
+
+ public static boolean isUrl(final String url) {
+ Pattern urlPattern;
+ if (url.startsWith("file")) {
+ urlPattern = Pattern.compile(REGEX_FILE, Pattern.CASE_INSENSITIVE);
+ } else {
+ urlPattern = Pattern.compile(REGEX_HTTPS, Pattern.CASE_INSENSITIVE);
+ }
+
+ Matcher matcher = urlPattern.matcher(url);
+ return matcher.find();
+ }
+
+ public static boolean isValidStateValue(String state) {
+ Pattern urlPattern = Pattern.compile("javascript|<|>|&|;", Pattern.CASE_INSENSITIVE);
+ Matcher matcher = urlPattern.matcher(state);
+ return !matcher.find();
+ }
+
+ public static void addProperytiesToJsonObject(JsonObject jsonObject, Map<String, Object> params) {
+ for (Map.Entry<String, Object> param : params.entrySet()) {
+
+ if (!StringUtils.isEmpty(param.getKey()) && param.getValue() != null) {
+
+ // check for integer
+ try {
+ int i = Integer.parseInt(String.valueOf(param.getValue()));
+ jsonObject.addProperty(param.getKey(), i);
+ continue;
+ }
+ catch (NumberFormatException e) {
+ }
+
+ // check for long
+ try {
+ long l = Long.parseLong(String.valueOf(param.getValue()));
+ jsonObject.addProperty(param.getKey(), l);
+ continue;
+ }
+ catch (NumberFormatException e) {
+ }
+
+ // string
+ if (param.getValue() instanceof String) {
+ jsonObject.addProperty(param.getKey(), String.valueOf(param.getValue()));
+ }
+ }
+ }
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/Pair.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/Pair.java
new file mode 100644
index 000000000..eb3cfcccb
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/Pair.java
@@ -0,0 +1,45 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20;
+
+public class Pair<P1, P2> {
+ private final P1 first;
+ private final P2 second;
+
+ private Pair(final P1 newFirst, final P2 newSecond) {
+ this.first = newFirst;
+ this.second = newSecond;
+ }
+
+ public P1 getFirst() {
+ return this.first;
+ }
+
+ public P2 getSecond() {
+ return this.second;
+ }
+
+ public static <P1, P2> Pair<P1, P2> newInstance(final P1 newFirst, final P2 newSecond) {
+ return new Pair<P1, P2>(newFirst, newSecond);
+ }
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
new file mode 100644
index 000000000..bb180d8e9
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -0,0 +1,299 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.lang.StringUtils;
+
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+
+import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.protocols.oauth20.Pair;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIssuingNationAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePIN;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePINType;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepDescAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.logging.Logger;
+
+import com.google.gson.JsonObject;
+import com.google.gson.JsonPrimitive;
+
+public final class OAuth20AttributeBuilder {
+
+ private OAuth20AttributeBuilder() {
+ throw new InstantiationError();
+ }
+
+ private static IAttributeGenerator<Pair<String, JsonPrimitive>> generator = new IAttributeGenerator<Pair<String, JsonPrimitive>>() {
+
+ public Pair<String, JsonPrimitive> buildStringAttribute(final String friendlyName, final String name, final String value) {
+ return Pair.newInstance(friendlyName, new JsonPrimitive(value));
+ }
+
+ public Pair<String, JsonPrimitive> buildIntegerAttribute(final String friendlyName, final String name, final int value) {
+ return Pair.newInstance(friendlyName, new JsonPrimitive(value));
+ }
+
+ public Pair<String, JsonPrimitive> buildLongAttribute(final String friendlyName, final String name, final long value) {
+ return Pair.newInstance(friendlyName, new JsonPrimitive(value));
+ }
+
+ public Pair<String, JsonPrimitive> buildEmptyAttribute(final String friendlyName, final String name) {
+ return Pair.newInstance(friendlyName, new JsonPrimitive(""));
+ }
+
+ };
+
+ private static final List<IAttributeBuilder> buildersOpenId = new ArrayList<IAttributeBuilder>();
+ private static final List<IAttributeBuilder> buildersProfile = new ArrayList<IAttributeBuilder>();
+ private static final List<IAttributeBuilder> buildersEID = new ArrayList<IAttributeBuilder>();
+ private static final List<IAttributeBuilder> buildersEIDGov = new ArrayList<IAttributeBuilder>();
+ private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>();
+ private static final List<IAttributeBuilder> buildersSTORK = new ArrayList<IAttributeBuilder>();
+ static {
+ // openId
+ buildersOpenId.add(new OpenIdIssuerAttribute());
+ buildersOpenId.add(new OpenIdSubjectIdentifierAttribute());
+ buildersOpenId.add(new OpenIdExpirationTimeAttribute());
+ buildersOpenId.add(new OpenIdIssueInstantAttribute());
+ buildersOpenId.add(new OpenIdAuthenticationTimeAttribute());
+ buildersOpenId.add(new OpenIdAudiencesAttribute());
+ buildersOpenId.add(new OpenIdNonceAttribute());
+
+ // profile
+ buildersProfile.add(new ProfileGivenNameAttribute());
+ buildersProfile.add(new ProfileFamilyNameAttribute());
+ buildersProfile.add(new ProfileDateOfBirthAttribute());
+
+ // EID
+ buildersEID.add(new EIDCcsURL());
+ buildersEID.add(new EIDCitizenQAALevelAttributeBuilder());
+ buildersEID.add(new EIDIssuingNationAttributeBuilder());
+ buildersEID.add(new EIDSectorForIDAttributeBuilder());
+ buildersEID.add(new EIDAuthBlock());
+ buildersEID.add(new EIDSignerCertificate());
+ buildersEID.add(new BPKAttributeBuilder());
+
+ // eID_gov
+ buildersEIDGov.add(new EIDSourcePIN());
+ buildersEIDGov.add(new EIDSourcePINType());
+ buildersEIDGov.add(new EIDIdentityLinkBuilder());
+
+ // mandate
+ buildersMandate.add(new MandateTypeAttributeBuilder());
+ buildersMandate.add(new MandateReferenceValueAttributeBuilder());
+
+ buildersMandate.add(new MandateNaturalPersonSourcePinAttributeBuilder());
+ buildersMandate.add(new MandateNaturalPersonSourcePinTypeAttributeBuilder());
+ buildersMandate.add(new MandateNaturalPersonBPKAttributeBuilder());
+ buildersMandate.add(new MandateNaturalPersonFamilyNameAttributeBuilder());
+ buildersMandate.add(new MandateNaturalPersonGivenNameAttributeBuilder());
+ buildersMandate.add(new MandateNaturalPersonBirthDateAttributeBuilder());
+
+ buildersMandate.add(new MandateLegalPersonSourcePinAttributeBuilder());
+ buildersMandate.add(new MandateLegalPersonSourcePinTypeAttributeBuilder());
+ buildersMandate.add(new MandateLegalPersonFullNameAttributeBuilder());
+
+ buildersMandate.add(new MandateProfRepOIDAttributeBuilder());
+ buildersMandate.add(new MandateProfRepDescAttributeBuilder());
+
+ // STORK
+ buildersSTORK.add(new EIDSTORKTOKEN());
+
+ IAttributeBuilder attr = PVPAttributeBuilder.getAttributeBuilder(STORKConstants.ADOPTEDFAMILYNAME_NAME);
+ if (attr != null)
+ buildersSTORK.add(attr);
+
+
+ attr = PVPAttributeBuilder.getAttributeBuilder(STORKConstants.AGE_NAME);
+ if (attr != null)
+ buildersSTORK.add(attr);
+
+ attr = PVPAttributeBuilder.getAttributeBuilder(STORKConstants.CANONICALRESIDENCEADDRESS_NAME);
+ if (attr != null)
+ buildersSTORK.add(attr);
+
+ attr = PVPAttributeBuilder.getAttributeBuilder(STORKConstants.CONTRYCODEOFBIRTH_NAME);
+ if (attr != null)
+ buildersSTORK.add(attr);
+
+ attr = PVPAttributeBuilder.getAttributeBuilder(STORKConstants.FISCALNUMBER_NAME);
+ if (attr != null)
+ buildersSTORK.add(attr);
+
+ attr = PVPAttributeBuilder.getAttributeBuilder(STORKConstants.GENDER_NAME);
+ if (attr != null)
+ buildersSTORK.add(attr);
+
+ attr = PVPAttributeBuilder.getAttributeBuilder(STORKConstants.INHERITEDFAMILYNAME_NAME);
+ if (attr != null)
+ buildersSTORK.add(attr);
+
+ attr = PVPAttributeBuilder.getAttributeBuilder(STORKConstants.ISAGEOVER_NAME);
+ if (attr != null)
+ buildersSTORK.add(attr);
+
+ attr = PVPAttributeBuilder.getAttributeBuilder(STORKConstants.MARITALSTATUS_NAME);
+ if (attr != null)
+ buildersSTORK.add(attr);
+
+ attr = PVPAttributeBuilder.getAttributeBuilder(STORKConstants.NATIONALITYCODE_NAME);
+ if (attr != null)
+ buildersSTORK.add(attr);
+
+ attr = PVPAttributeBuilder.getAttributeBuilder(STORKConstants.PSEUDONYM_NAME);
+ if (attr != null)
+ buildersSTORK.add(attr);
+
+ attr = PVPAttributeBuilder.getAttributeBuilder(STORKConstants.RESIDENCEPERMIT_NAME);
+ if (attr != null)
+ buildersSTORK.add(attr);
+
+ attr = PVPAttributeBuilder.getAttributeBuilder(STORKConstants.RESIDENCEADDRESS_NAME);
+ if (attr != null)
+ buildersSTORK.add(attr);
+
+ attr = PVPAttributeBuilder.getAttributeBuilder(STORKConstants.TITLE_NAME);
+ if (attr != null)
+ buildersSTORK.add(attr);
+ }
+
+ private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) {
+ for (IAttributeBuilder b : builders) {
+ try {
+ //TODO: better solution requires more refactoring :(
+ Pair<String, JsonPrimitive> attribute = null;
+ if (b instanceof OpenIdNonceAttribute) {
+ OpenIdNonceAttribute nonceBuilder = (OpenIdNonceAttribute) b;
+ attribute = nonceBuilder.build(oaParam, authData, oAuthRequest, generator);
+
+ } else
+ attribute = b.build(oaParam, authData, generator);
+
+ if (attribute != null && !StringUtils.isEmpty(attribute.getSecond().getAsString())) {
+ jsonObject.add(attribute.getFirst(), attribute.getSecond());
+ }
+ }
+ catch (AttributeException e) {
+ Logger.info("Cannot add attribute " + b.getName());
+ }
+ }
+ }
+
+ public static void addScopeOpenId(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData,
+ final OAuth20AuthRequest oAuthRequest) {
+ addAttibutes(buildersOpenId, jsonObject, oaParam, authData, oAuthRequest);
+ }
+
+ public static void addScopeProfile(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersProfile, jsonObject, oaParam, authData, null);
+ }
+
+ public static void addScopeEID(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersEID, jsonObject, oaParam, authData, null);
+ }
+
+ public static void addScopeEIDGov(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersEIDGov, jsonObject, oaParam, authData, null);
+ }
+
+ public static void addScopeMandate(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersMandate, jsonObject, oaParam, authData, null);
+ }
+
+ public static void addScopeSTORK(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersSTORK, jsonObject, oaParam, authData, null);
+ }
+
+ /**
+ * @return the buildersprofile
+ */
+ public static List<IAttributeBuilder> getBuildersprofile() {
+ return buildersProfile;
+ }
+
+ /**
+ * @return the builderseid
+ */
+ public static List<IAttributeBuilder> getBuilderseid() {
+ return buildersEID;
+ }
+
+ /**
+ * @return the builderseidgov
+ */
+ public static List<IAttributeBuilder> getBuilderseidgov() {
+ return buildersEIDGov;
+ }
+
+ /**
+ * @return the buildersmandate
+ */
+ public static List<IAttributeBuilder> getBuildersmandate() {
+ return buildersMandate;
+ }
+
+ /**
+ * @return the buildersstork
+ */
+ public static List<IAttributeBuilder> getBuildersstork() {
+ return buildersSTORK;
+ }
+
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
new file mode 100644
index 000000000..e81132ca7
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
@@ -0,0 +1,48 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+
+public class OpenIdAudiencesAttribute implements IAttributeBuilder {
+
+ public String getName() {
+ return "aud";
+ }
+
+ public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildStringAttribute(this.getName(), "", oaParam.getPublicURLPrefix());
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
+
+}
+
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
new file mode 100644
index 000000000..c4260db82
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
@@ -0,0 +1,47 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+
+public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder {
+
+ public String getName() {
+ return "auth_time";
+ }
+
+ public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildLongAttribute(this.getName(), "", ((long) (authData.getIssueInstant().getTime() / 1000)));
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
new file mode 100644
index 000000000..6008eede1
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
@@ -0,0 +1,51 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+
+import java.util.Date;
+
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+
+public class OpenIdExpirationTimeAttribute implements IAttributeBuilder {
+
+ public static final int expirationTime = 5 * 60; // in seconds
+
+ public String getName() {
+ return "exp";
+ }
+
+ public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000 + expirationTime));
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
new file mode 100644
index 000000000..ad7fe68b9
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
@@ -0,0 +1,49 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+
+import java.util.Date;
+
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+
+public class OpenIdIssueInstantAttribute implements IAttributeBuilder {
+
+ public String getName() {
+ return "iat";
+ }
+
+ public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000));
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
new file mode 100644
index 000000000..5c4fe02df
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
@@ -0,0 +1,47 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+
+public class OpenIdIssuerAttribute implements IAttributeBuilder {
+
+ public String getName() {
+ return "iss";
+ }
+
+ public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildStringAttribute(this.getName(), "", authData.getIssuer());
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
new file mode 100644
index 000000000..d2636c259
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
@@ -0,0 +1,58 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class OpenIdNonceAttribute implements IAttributeBuilder {
+
+ public String getName() {
+ return "nonce";
+ }
+
+ public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildStringAttribute(this.getName(), "", null);
+ }
+
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ if (MiscUtil.isNotEmpty(oAuthRequest.getNonce()))
+ return g.buildStringAttribute(this.getName(), "", oAuthRequest.getNonce());
+ else
+ return null;
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
+
+}
+
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
new file mode 100644
index 000000000..10af9cc32
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
@@ -0,0 +1,47 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+
+public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder {
+
+ public String getName() {
+ return "sub";
+ }
+
+ public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildStringAttribute(this.getName(), "", authData.getBPK());
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
new file mode 100644
index 000000000..4262d6bb3
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
@@ -0,0 +1,47 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+
+public class ProfileDateOfBirthAttribute implements IAttributeBuilder {
+
+ public String getName() {
+ return "birthdate";
+ }
+
+ public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildStringAttribute(this.getName(), "", authData.getFormatedDateOfBirth());
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
new file mode 100644
index 000000000..da4f76e2d
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
@@ -0,0 +1,47 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+
+public class ProfileFamilyNameAttribute implements IAttributeBuilder {
+
+ public String getName() {
+ return "family_name";
+ }
+
+ public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildStringAttribute(this.getName(), "", authData.getFamilyName());
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
new file mode 100644
index 000000000..04a6ec60b
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
@@ -0,0 +1,47 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+
+public class ProfileGivenNameAttribute implements IAttributeBuilder {
+
+ public String getName() {
+ return "given_name";
+ }
+
+ public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildStringAttribute(this.getName(), "", authData.getGivenName());
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20AccessDeniedException.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20AccessDeniedException.java
new file mode 100644
index 000000000..25a30bfcf
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20AccessDeniedException.java
@@ -0,0 +1,34 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+
+public class OAuth20AccessDeniedException extends OAuth20Exception {
+ private static final long serialVersionUID = 1L;
+
+ public OAuth20AccessDeniedException() {
+ super(OAuth20Constants.ERROR_ACCESS_DENIED, "oauth20.05", new Object[] {});
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20CertificateErrorException.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20CertificateErrorException.java
new file mode 100644
index 000000000..a938d1544
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20CertificateErrorException.java
@@ -0,0 +1,34 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+
+public class OAuth20CertificateErrorException extends OAuth20Exception {
+ private static final long serialVersionUID = 1L;
+
+ public OAuth20CertificateErrorException(final String name) {
+ super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.09", new Object[] { name });
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java
new file mode 100644
index 000000000..307615fbd
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java
@@ -0,0 +1,71 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+
+public class OAuth20Exception extends RuntimeException {
+
+ private static final long serialVersionUID = 1L;
+
+ private String messageId;
+
+ private String errorCode;
+
+ public OAuth20Exception(final String errorCode, final String messageId, final Object[] parameters) {
+ super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
+ this.errorCode = errorCode;
+ this.messageId = messageId;
+ }
+
+ /**
+ * @return the messageId
+ */
+ public String getMessageId() {
+ return messageId;
+ }
+
+ /**
+ * @param messageId
+ * the messageId to set
+ */
+ public void setMessageId(String messageId) {
+ this.messageId = messageId;
+ }
+
+ /**
+ * @return the errorCode
+ */
+ public String getErrorCode() {
+ return errorCode;
+ }
+
+ /**
+ * @param errorCode
+ * the errorCode to set
+ */
+ public void setErrorCode(String errorCode) {
+ this.errorCode = errorCode;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidClientException.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidClientException.java
new file mode 100644
index 000000000..9c2875cef
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidClientException.java
@@ -0,0 +1,34 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+
+public class OAuth20InvalidClientException extends OAuth20Exception {
+ private static final long serialVersionUID = 1L;
+
+ public OAuth20InvalidClientException() {
+ super(OAuth20Constants.ERROR_INVALID_CLIENT, "oauth20.05", new Object[] {});
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidGrantException.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidGrantException.java
new file mode 100644
index 000000000..c0f03c735
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidGrantException.java
@@ -0,0 +1,34 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+
+public class OAuth20InvalidGrantException extends OAuth20Exception {
+ private static final long serialVersionUID = 1L;
+
+ public OAuth20InvalidGrantException() {
+ super(OAuth20Constants.ERROR_INVALID_GRANT, "oauth20.07", new Object[] {});
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidRequestException.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidRequestException.java
new file mode 100644
index 000000000..b980840c2
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidRequestException.java
@@ -0,0 +1,35 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+
+public class OAuth20InvalidRequestException extends OAuth20Exception {
+ private static final long serialVersionUID = 1L;
+
+ public OAuth20InvalidRequestException() {
+ super(OAuth20Constants.ERROR_INVALID_REQUEST, "oauth20.04", new Object[] {});
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java
new file mode 100644
index 000000000..0edeb89bc
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class OAuth20OANotSupportedException extends OAuth20Exception {
+
+ private static final long serialVersionUID = -8713091674236329339L;
+
+ /**
+ * @param errorCode
+ * @param messageId
+ * @param parameters
+ */
+ public OAuth20OANotSupportedException() {
+ super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.06", new Object[] {});
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ResponseTypeException.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ResponseTypeException.java
new file mode 100644
index 000000000..8de854821
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ResponseTypeException.java
@@ -0,0 +1,34 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+
+public class OAuth20ResponseTypeException extends OAuth20Exception {
+ private static final long serialVersionUID = 1L;
+
+ public OAuth20ResponseTypeException() {
+ super(OAuth20Constants.ERROR_UNSUPPORTED_RESPONSE_TYPE, "oauth20.03", new Object[] {});
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java
new file mode 100644
index 000000000..470507f08
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java
@@ -0,0 +1,34 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+
+public class OAuth20ServerErrorException extends OAuth20Exception {
+ private static final long serialVersionUID = 1L;
+
+ public OAuth20ServerErrorException() {
+ super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.10", new Object[] {});
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20UnauthorizedClientException.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20UnauthorizedClientException.java
new file mode 100644
index 000000000..ee7b4d7d6
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20UnauthorizedClientException.java
@@ -0,0 +1,34 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+
+public class OAuth20UnauthorizedClientException extends OAuth20Exception {
+ private static final long serialVersionUID = 1L;
+
+ public OAuth20UnauthorizedClientException() {
+ super(OAuth20Constants.ERROR_UNAUTHORIZED_CLIENT, "oauth20.08", new Object[] {});
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20WrongParameterException.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20WrongParameterException.java
new file mode 100644
index 000000000..48267d88c
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20WrongParameterException.java
@@ -0,0 +1,34 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+
+public class OAuth20WrongParameterException extends OAuth20Exception {
+ private static final long serialVersionUID = 1L;
+
+ public OAuth20WrongParameterException(final String name) {
+ super(OAuth20Constants.ERROR_INVALID_REQUEST, "oauth20.02", new Object[] { name });
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Signer.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Signer.java
new file mode 100644
index 000000000..50e57bdc1
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Signer.java
@@ -0,0 +1,121 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/**
+ * Copyright 2010 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ *
+ */
+package at.gv.egovernment.moa.id.protocols.oauth20.json;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.Signature;
+import java.security.SignatureException;
+
+import net.oauth.jsontoken.crypto.AbstractSigner;
+import net.oauth.jsontoken.crypto.RsaSHA256Signer;
+import net.oauth.jsontoken.crypto.SignatureAlgorithm;
+
+/**
+ * Signer that can sign byte arrays using a {@link PrivateKey} and SHA-256. <br/>
+ * This is something like a copy of the {@link RsaSHA256Signer}.
+ *
+ */
+public class OAuth20SHA256Signer extends AbstractSigner implements OAuthSigner {
+
+ private final Signature signature;
+ private final PrivateKey signingKey;
+ private final OAuthSignatureAlgorithm algorithm;
+
+ /**
+ * Public constructor.
+ *
+ * @param issuer
+ * The id of this signer, to be included in the JSON Token's envelope.
+ * @param keyId
+ * The id of the key used by this signer, to be included in the JSON Token's
+ * envelope.
+ * @param key
+ * the private key to be used for signing.
+ * @throws InvalidKeyException
+ * if the key is unsuitable for RSA signing.
+ */
+ public OAuth20SHA256Signer(final String issuer, final String keyId, final PrivateKey key) throws InvalidKeyException {
+ super(issuer, keyId);
+
+ this.signingKey = key;
+ this.algorithm = OAuth20SignatureUtil.findSignature(key);
+
+ try {
+ this.signature = this.algorithm.getSignatureInstance();
+ this.signature.initSign(signingKey);
+ }
+ catch (NoSuchAlgorithmException e) {
+ throw new IllegalStateException("Cannot get algorithm for the given private key", e);
+ }
+ catch (NoSuchProviderException e) {
+ throw new IllegalStateException("Cannot get algorithm for the given private key", e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see net.oauth.jsontoken.crypto.Signer#getSignatureAlgorithm()
+ */
+ public SignatureAlgorithm getSignatureAlgorithm() {
+ // it is fine to return RS256 because we overwrite the JsonToken for the algorithm name. But
+ // we need the internal SHA256 which is used.
+ return SignatureAlgorithm.RS256;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see net.oauth.jsontoken.crypto.Signer#sign(byte[])
+ */
+ public byte[] sign(byte[] source) throws SignatureException {
+ try {
+ signature.initSign(signingKey);
+ }
+ catch (InvalidKeyException e) {
+ throw new RuntimeException("key somehow became invalid since calling the constructor");
+ }
+ signature.update(source);
+ return signature.sign();
+ }
+
+ public OAuthSignatureAlgorithm getOAuthSignatureAlgorithm() {
+ return this.algorithm;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Verifier.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Verifier.java
new file mode 100644
index 000000000..374320a5a
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Verifier.java
@@ -0,0 +1,84 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.json;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.SignatureException;
+
+import net.oauth.jsontoken.crypto.RsaSHA256Verifier;
+import net.oauth.jsontoken.crypto.Verifier;
+
+/**
+ * A verifier that can verify signatures on byte arrays using a {@link PublicKey} and SHA-256. <br/>
+ * This is something like a copy of the {@link RsaSHA256Verifier}.
+ */
+public class OAuth20SHA256Verifier implements Verifier {
+
+ private final PublicKey verificationKey;
+ private final Signature signer;
+
+ /**
+ * Public Constructor.
+ *
+ * @param verificationKey
+ * the key used to verify the signature.
+ */
+ public OAuth20SHA256Verifier(final PublicKey verificationKey) {
+ this.verificationKey = verificationKey;
+
+ try {
+ this.signer = OAuth20SignatureUtil.findSignature(verificationKey).getSignatureInstance();
+ this.signer.initVerify(verificationKey);
+ }
+ catch (InvalidKeyException e) {
+ throw new IllegalStateException("key is invalid", e);
+ }
+ catch (NoSuchAlgorithmException e) {
+ throw new IllegalStateException("Cannot get algorithm for the given private key", e);
+ }
+ catch (NoSuchProviderException e) {
+ throw new IllegalStateException("Cannot get algorithm for the given private key", e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see net.oauth.jsontoken.crypto.Verifier#verifySignature(byte[], byte[])
+ */
+ public void verifySignature(byte[] source, byte[] signature) throws SignatureException {
+ try {
+ signer.initVerify(verificationKey);
+ }
+ catch (InvalidKeyException e) {
+ throw new RuntimeException("key someone become invalid since calling the constructor");
+ }
+ signer.update(source);
+ if (!signer.verify(signature)) {
+ throw new SignatureException("signature did not verify");
+ }
+ }
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
new file mode 100644
index 000000000..9f20ee956
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
@@ -0,0 +1,116 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.json;
+
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+
+import org.apache.commons.lang.StringUtils;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Configuration;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20CertificateErrorException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+
+public final class OAuth20SignatureUtil {
+
+ private OAuth20SignatureUtil() {
+ throw new InstantiationError();
+ }
+
+ static OAuthSignatureAlgorithm findSignature(final PrivateKey key) {
+ Logger.debug("OAuth - Looking for signature for key " + key.getClass());
+ if (key instanceof RSAPrivateKey) {
+ Logger.debug("OAuth - going to uses SHA256withRSA signature");
+ return OAuthSignatureAlgorithm.RS256;
+ } else if (key instanceof ECPrivateKey) {
+ Logger.debug("OAuth - going to uses SHA256withECDSA signature");
+ return OAuthSignatureAlgorithm.ECDSA256;
+ } else if (key instanceof iaik.security.ecc.ecdsa.ECPrivateKey) {
+ Logger.debug("OAuth - going to uses SHA256withECDSA signature with iaik");
+ return OAuthSignatureAlgorithm.ECDSA256_IAKIK;
+ } else {
+ throw new IllegalStateException("Cannot find an alorithm for the given private key");
+ }
+ }
+
+ static OAuthSignatureAlgorithm findSignature(final PublicKey key) {
+ if (key instanceof RSAPublicKey) {
+ Logger.debug("OAuth - going to uses SHA256withRSA signature");
+ return OAuthSignatureAlgorithm.RS256;
+ } else if (key instanceof ECPublicKey) {
+ Logger.debug("OAuth - going to uses SHA256withECDSA signature");
+ return OAuthSignatureAlgorithm.ECDSA256;
+ } else if (key instanceof iaik.security.ecc.ecdsa.ECPublicKey) {
+ Logger.debug("OAuth - going to uses SHA256withECDSA signature with iaik");
+ return OAuthSignatureAlgorithm.ECDSA256_IAKIK;
+ } else {
+ throw new IllegalStateException("Cannot find an alorithm for the given private key");
+ }
+ }
+
+ public static OAuthSigner loadSigner(String issuer) throws OAuth20Exception {
+ OAuth20Configuration globalConfig = OAuth20Configuration.getInstance();
+
+ if (StringUtils.isEmpty(globalConfig.getJWTKeyStore())) {
+ throw new OAuth20CertificateErrorException("keystore");
+ }
+
+ if (StringUtils.isEmpty(globalConfig.getJWTKeyName())) {
+ throw new OAuth20CertificateErrorException("key name");
+ }
+
+ try {
+ KeyStore ks = KeyStoreUtils.loadKeyStore(globalConfig.getJWTKeyStore(), globalConfig.getJWTKeyStorePassword());
+
+ X509Certificate certificate = (X509Certificate) ks.getCertificate(globalConfig.getJWTKeyName());
+
+ PrivateKey privateKey = (PrivateKey) ks.getKey(globalConfig.getJWTKeyName(), globalConfig.getJWTKeyPassword()
+ .toCharArray());
+ BasicX509Credential credential = new BasicX509Credential();
+ credential.setEntityCertificate(certificate);
+ credential.setPrivateKey(privateKey);
+
+ // Logger.debug("Going to use X509Certificate:");
+ // Logger.debug(certificate);
+ // Logger.debug("Going to use private key:");
+ // Logger.debug(privateKey);
+
+ return new OAuth20SHA256Signer(issuer, globalConfig.getJWTKeyName(), credential.getPrivateKey());
+
+ }
+ catch (Exception e) {
+ Logger.error(e.getMessage(), e);
+ throw new OAuth20CertificateErrorException("keystore");
+ }
+
+ }
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthJsonToken.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthJsonToken.java
new file mode 100644
index 000000000..af17825fd
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthJsonToken.java
@@ -0,0 +1,49 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.json;
+
+import net.oauth.jsontoken.JsonToken;
+
+import com.google.gson.JsonObject;
+
+public class OAuthJsonToken extends JsonToken {
+
+ private final OAuthSigner signer;
+
+ public OAuthJsonToken(OAuthSigner signer) {
+ super(signer);
+ this.signer = signer;
+ }
+
+ @Override
+ public JsonObject getHeader() {
+ JsonObject header = new JsonObject();
+ header.addProperty(ALGORITHM_HEADER, signer.getOAuthSignatureAlgorithm().getAlgorithm());
+ String keyId = getKeyId();
+ if (keyId != null) {
+ header.addProperty(KEY_ID_HEADER, keyId);
+ }
+ return header;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSignatureAlgorithm.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSignatureAlgorithm.java
new file mode 100644
index 000000000..db15516e7
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSignatureAlgorithm.java
@@ -0,0 +1,63 @@
+package at.gv.egovernment.moa.id.protocols.oauth20.json;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Signature;
+
+import org.apache.commons.lang.StringUtils;
+
+/**
+ * Enum of the signature algorithms supported by this package.
+ */
+public enum OAuthSignatureAlgorithm {
+ ECDSA256("SHA256withECDSA", "ECDSA256", null), RS256("SHA256withRSA", "RS256", null), ECDSA256_IAKIK("SHA1withECDSA", "ECDSA256",
+ "IAIK_ECC");
+
+ private final String signatureName;
+ private final String algorithm;
+ private final String providerName;
+
+ private OAuthSignatureAlgorithm(final String signatureName, final String hashAlg, final String providerName) {
+ this.signatureName = signatureName;
+ this.algorithm = hashAlg;
+ this.providerName = providerName;
+ }
+
+ /**
+ * What the signature algorithm is named in the "alg" parameter in a JSON Token's envelope.
+ */
+ public String getAlgorithm() {
+ return this.algorithm;
+ }
+
+ /**
+ *
+ * @return the signature name like SHA256withECDSA or SHA256withRSA
+ */
+ public String getSignatureName() {
+ return this.signatureName;
+ }
+
+ /**
+ * Calls {@link Signature#getInstance(String)} with the defined signature name
+ *
+ * @return
+ * @throws NoSuchAlgorithmException
+ * @throws NoSuchProviderException
+ */
+ public Signature getSignatureInstance() throws NoSuchAlgorithmException, NoSuchProviderException {
+ if (!StringUtils.isEmpty(this.providerName)) {
+ //return Signature.getInstance(this.signatureName, this.providerName);
+ return Signature.getInstance(this.signatureName, this.providerName);
+ } else {
+ return Signature.getInstance(this.signatureName);
+ }
+ }
+
+ /**
+ * Given the name of the algorithm in the envelope, returns the corresponding enum instance.
+ */
+ public static OAuthSignatureAlgorithm getFromJsonName(String name) {
+ return OAuthSignatureAlgorithm.valueOf(name);
+ }
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSigner.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSigner.java
new file mode 100644
index 000000000..3904f8cef
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSigner.java
@@ -0,0 +1,29 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.json;
+
+import net.oauth.jsontoken.crypto.Signer;
+
+public interface OAuthSigner extends Signer {
+ public abstract OAuthSignatureAlgorithm getOAuthSignatureAlgorithm();
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
new file mode 100644
index 000000000..88e26da76
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -0,0 +1,214 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+
+import java.security.SignatureException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
+import at.gv.egovernment.moa.id.protocols.oauth20.Pair;
+import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OpenIdExpirationTimeAttribute;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
+import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil;
+import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken;
+import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+class OAuth20AuthAction implements IAction {
+
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IAuthData authData) throws MOAIDException {
+
+ OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req;
+ String responseType = oAuthRequest.getResponseType();
+
+ MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST);
+
+ String code = Random.nextRandom();
+
+ try {
+
+ String accessToken = UUID.randomUUID().toString();
+
+ Logger.debug("Stored session with id: " + code);
+ OAuth20SessionObject o = new OAuth20SessionObject();
+ if (responseType.equals(OAuth20Constants.RESPONSE_CODE)) {
+ o.setScope(oAuthRequest.getScope());
+ o.setCode(code);
+
+ //generate idToken from MOASession
+ Map<String, Object> idToken = generateIDToken(o, oAuthRequest, authData, accessToken);
+ o.setAuthDataSession(idToken);
+
+ } else if (responseType.equals(OAuth20Constants.RESPONSE_TOKEN)) {
+ throw new OAuth20ResponseTypeException();
+ }
+
+ // store data in oath session
+ AssertionStorage.getInstance().put(code, o);
+
+ Logger.debug("Saved OAuth20SessionObject in session with id: " + code);
+
+ // add code and state to redirect url
+ httpResp.setStatus(HttpServletResponse.SC_FOUND);
+ String redirectURI = oAuthRequest.getRedirectUri();
+ String state = oAuthRequest.getState();
+
+ redirectURI = this.addURLParameter(redirectURI, OAuth20Constants.RESPONSE_CODE, code);
+ redirectURI = this.addURLParameter(redirectURI, OAuth20Constants.PARAM_STATE, state);
+
+ String finalUrl = redirectURI;
+ httpResp.addHeader("Location", finalUrl);
+ Logger.debug("REDIRECT TO: " + finalUrl.toString());
+
+
+ //TODO: maybe add bPK / wbPK to SLO information
+ SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), accessToken, null, null, req.requestedModule());
+
+ return sloInformation;
+ }
+ catch (Exception e) {
+ Logger.warn("An error occur during OpenID-Connect idToken generation.", e);
+
+ //remove OAuthSessionObject if it already exists
+ if (AssertionStorage.getInstance().containsKey(code)) {
+ AssertionStorage.getInstance().remove(code);
+ }
+
+ if (e instanceof OAuth20Exception) {
+ throw (OAuth20Exception) e;
+ }
+ throw new OAuth20ServerErrorException();
+ }
+
+ }
+
+ private Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject,
+ OAuth20AuthRequest oAuthRequest, IAuthData authData, String accessToken) throws SignatureException, MOAIDException {
+
+ // create response
+ Map<String, Object> params = new HashMap<String, Object>();
+ params.put(OAuth20Constants.RESPONSE_ACCESS_TOKEN, accessToken);
+ params.put(OAuth20Constants.RESPONSE_TOKEN_TYPE, OAuth20Constants.RESPONSE_TOKEN_TYPE_VALUE_BEARER);
+ params.put(OAuth20Constants.RESPONSE_EXPIRES_IN, OpenIdExpirationTimeAttribute.expirationTime);
+ // build id token and scope
+ Pair<String, String> pair = buildIdToken(auth20SessionObject.getScope(), oAuthRequest,
+ authData);
+ Logger.debug("RESPONSE ID_TOKEN: " + pair.getFirst());
+ params.put(OAuth20Constants.RESPONSE_ID_TOKEN, pair.getFirst());
+ Logger.debug("RESPONSE SCOPE: " + pair.getSecond());
+ params.put(OAuth20Constants.PARAM_SCOPE, pair.getSecond());
+
+ return params;
+
+ }
+
+ private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData)
+ throws MOAIDException, SignatureException {
+ OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL());
+
+ OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer());
+ OAuthJsonToken token = new OAuthJsonToken(signer);
+
+ StringBuilder resultScopes = new StringBuilder();
+ // always fill with open id
+ OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), oaParam, authData, oAuthRequest);
+ resultScopes.append("openId");
+
+ for (String s : scope.split(" ")) {
+ if (s.equalsIgnoreCase("profile")) {
+ OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), oaParam, authData);
+ resultScopes.append(" profile");
+ } else if (s.equalsIgnoreCase("eID")) {
+ OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), oaParam, authData);
+ resultScopes.append(" eID");
+ } else if (s.equalsIgnoreCase("eID_gov")) {
+ OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), oaParam, authData);
+ resultScopes.append(" eID_gov");
+ } else if (s.equalsIgnoreCase("mandate")) {
+ OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), oaParam, authData);
+ resultScopes.append(" mandate");
+ } else if (s.equalsIgnoreCase("stork")) {
+ OAuth20AttributeBuilder.addScopeSTORK(token.getPayloadAsJsonObject(), oaParam, authData);
+ resultScopes.append(" stork");
+ }
+ }
+
+ // add properties and sign
+ // HmacSHA256Signer signer = new HmacSHA256Signer("testSigner", "key_id",
+ // "super_secure_pwd".getBytes());
+ // Signer signer = OAuth20Util.loadSigner(authData.getIssuer(), oaParam.getoAuth20Config());
+
+ return Pair.newInstance(token.serializeAndSign(), resultScopes.toString());
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see
+ * at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls
+ * .IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ return true;
+ }
+
+ private String addURLParameter(String url, String name, String value) {
+ String param = name + "=" + value;
+ if (url.indexOf("?") < 0) {
+ return url + "?" + param;
+ } else {
+ return url + "&" + param;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+ */
+ public String getDefaultActionName() {
+ return OAuth20Protocol.AUTH_ACTION;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
new file mode 100644
index 000000000..e5d8db873
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -0,0 +1,243 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
+import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class OAuth20AuthRequest extends OAuth20BaseRequest {
+
+ /**
+ * @param req
+ * @throws ConfigurationException
+ */
+ public OAuth20AuthRequest(HttpServletRequest req)
+ throws ConfigurationException {
+ super(req);
+ }
+
+ private static final long serialVersionUID = 1L;
+
+ private String responseType;
+ private String state;
+ private String redirectUri;
+ private String scope;
+ private String clientID;
+ private String nonce;
+
+ /**
+ * @return the responseType
+ */
+ public String getResponseType() {
+ return responseType;
+ }
+
+ /**
+ * @param responseType
+ * the responseType to set
+ */
+ public void setResponseType(String responseType) {
+ this.responseType = responseType;
+ }
+
+ /**
+ * @return the state
+ */
+ public String getState() {
+ return state;
+ }
+
+ /**
+ * @param state
+ * the state to set
+ */
+ public void setState(String state) {
+ this.state = state;
+ }
+
+ /**
+ * @return the redirectUri
+ */
+ public String getRedirectUri() {
+ return redirectUri;
+ }
+
+ /**
+ * @param redirectUri
+ * the redirectUri to set
+ */
+ public void setRedirectUri(String redirectUri) {
+ this.redirectUri = redirectUri;
+ }
+
+ /**
+ * @return the scope
+ */
+ public String getScope() {
+ return scope;
+ }
+
+ /**
+ * @param scope
+ * the scope to set
+ */
+ public void setScope(String scope) {
+ this.scope = scope;
+ }
+
+ /**
+ * @return the clientID
+ */
+ public String getClientID() {
+ return clientID;
+ }
+
+ /**
+ * @param clientID
+ * the clientID to set
+ */
+ public void setClientID(String clientID) {
+ this.clientID = clientID;
+ }
+
+
+
+ /**
+ * @return the nonce
+ */
+ public String getNonce() {
+ return nonce;
+ }
+
+ /**
+ * @param nonce the nonce to set
+ */
+ public void setNonce(String nonce) {
+ this.nonce = nonce;
+ }
+
+ @Override
+ protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception {
+ this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true));
+ this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true));
+ this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true));
+ this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
+ this.setScope(this.getParam(request, OAuth20Constants.PARAM_SCOPE, false));
+ this.setNonce(this.getParam(request, OAuth20Constants.PARAM_NONCE, false));
+
+ // check for response type
+ if (!this.responseType.equals(OAuth20Constants.RESPONSE_CODE)) {
+ throw new OAuth20ResponseTypeException();
+ }
+
+ // check state for invalid characters (like < > & ; ... javascript ... to prevent xss)
+ if (!OAuth20Util.isValidStateValue(this.getState())) {
+ throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_STATE);
+ }
+
+ // check if client id and redirect uri are ok
+ try {
+ // OAOAUTH20 cannot be null at this point. check was done in base request
+ OAAuthParameter oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL());
+
+
+ if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
+ || !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
+ throw new OAuth20AccessDeniedException();
+ }
+
+ this.setOnlineApplicationConfiguration(oAuthConfig);
+ Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID);
+
+
+ } catch (ConfigurationException e) {
+ throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+ }
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+ Map<String, String> reqAttr = new HashMap<String, String>();
+ for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
+ reqAttr.put(el, "");
+
+ try {
+ OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL());
+
+ for (String s : scope.split(" ")) {
+ if (s.equalsIgnoreCase("profile")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("eID")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("eID_gov")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("mandate")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("stork")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork())
+ reqAttr.put(el.getName(), "");
+
+ }
+ }
+
+ return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator());
+
+ } catch (ConfigurationException e) {
+ Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
+ return null;
+ }
+ }
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
new file mode 100644
index 000000000..5fcac0b2f
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -0,0 +1,148 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang.StringUtils;
+
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidRequestException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+abstract class OAuth20BaseRequest extends RequestImpl {
+
+ private static final long serialVersionUID = 1L;
+
+ protected Set<String> allowedParameters = new HashSet<String>();
+
+ public OAuth20BaseRequest(HttpServletRequest req) throws ConfigurationException {
+ super(req);
+ }
+
+ protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception {
+ String param = request.getParameter(name);
+ Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param);
+
+ if (isNeeded && StringUtils.isEmpty(param)) {
+ throw new OAuth20WrongParameterException(name);
+ }
+
+ this.allowedParameters.add(name);
+
+ return param;
+ }
+
+ protected void populateParameters(final HttpServletRequest request) throws OAuth20Exception {
+
+ // moa id - load oa with client id!
+ try {
+ String oaURL = StringEscapeUtils.escapeHtml(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
+ if (!ParamValidatorUtils.isValidOA(oaURL)) {
+ throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+ }
+ this.setOAURL(oaURL);
+ OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL);
+
+ if (oaParam == null) {
+ throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+ }
+ this.setTarget(oaParam.getTarget());
+
+ if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))
+ || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
+ || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
+ throw new OAuth20OANotSupportedException();
+ }
+ }
+ catch (ConfigurationException e) {
+ throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+ }
+
+ // oAuth
+ this.populateSpecialParameters(request);
+
+ // cleanup parameters
+ this.checkAllowedParameters(request);
+ }
+
+ private void checkAllowedParameters(final HttpServletRequest request) {
+ Logger.debug("Going to check for allowed parameters");
+ this.allowedParameters.add(OAuth20Constants.PARAM_MOA_ACTION);
+ this.allowedParameters.add(OAuth20Constants.PARAM_MOA_MOD);
+
+ @SuppressWarnings("rawtypes")
+ Iterator iter = request.getParameterMap().keySet().iterator();
+ while (iter.hasNext()) {
+ String name = (String) iter.next();
+ if (!this.allowedParameters.contains(name)) {
+
+ Logger.debug("Found wrong parameter: " + name);
+ throw new OAuth20WrongParameterException(name);
+ }
+ }
+
+ }
+
+ protected abstract void populateSpecialParameters(final HttpServletRequest request) throws OAuth20Exception;
+
+ public static OAuth20BaseRequest newInstance(final String action, final HttpServletRequest request, String sessionId, String transactionId) throws OAuth20Exception {
+ OAuth20BaseRequest res;
+ try {
+ if (action.equals(OAuth20Protocol.AUTH_ACTION)) {
+ res = new OAuth20AuthRequest(request);
+
+ } else if (action.equals(OAuth20Protocol.TOKEN_ACTION)) {
+ res = new OAuth20TokenRequest(request);
+
+ } else {
+ throw new OAuth20InvalidRequestException();
+ }
+
+ } catch (ConfigurationException e) {
+ Logger.warn(e.getMessage());
+ throw new OAuth20InvalidRequestException();
+
+ }
+
+ res.setAction(action);
+ res.setModule(OAuth20Protocol.NAME);
+
+ res.populateParameters(request);
+ return res;
+ }
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
new file mode 100644
index 000000000..56d86df72
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -0,0 +1,215 @@
+package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+
+import java.net.URLEncoder;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringUtils;
+
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+import com.google.gson.JsonObject;
+
+import java.util.Arrays;
+
+public class OAuth20Protocol implements IModulInfo {
+
+ public static final String NAME = OAuth20Protocol.class.getName();
+ public static final String PATH = "id_oauth20";
+
+ public static final String AUTH_ACTION = "AUTH";
+ public static final String TOKEN_ACTION = "TOKEN";
+
+ public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
+ new String[] {
+ PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME,
+ PVPConstants.BPK_NAME
+ });
+
+ private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+
+ static {
+ actions.put(AUTH_ACTION, new OAuth20AuthAction());
+ actions.put(TOKEN_ACTION, new OAuth20TokenAction());
+ }
+
+ public String getName() {
+ return NAME;
+ }
+
+ public String getPath() {
+ return PATH;
+ }
+
+ public IAction getAction(String action) {
+ return actions.get(action);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see
+ * at.gv.egovernment.moa.id.moduls.IModulInfo#preProcess(javax.servlet.http.HttpServletRequest,
+ * javax.servlet.http.HttpServletResponse, java.lang.String)
+ */
+ public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action,
+ String sessionId, String transactionId) throws MOAIDException {
+ // validation is done inside creation
+ OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request, sessionId, transactionId);
+ Logger.debug("Created: " + res);
+ return res;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see
+ * at.gv.egovernment.moa.id.moduls.IModulInfo#canHandleRequest(javax.servlet.http.HttpServletRequest
+ * , javax.servlet.http.HttpServletResponse)
+ */
+ public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {
+ if (!StringUtils.isEmpty(request.getParameter("action"))) {
+ if (request.getParameter("action").equals(AUTH_ACTION)) {
+ return getAction(AUTH_ACTION);
+ } else if (request.getParameter("action").equals(TOKEN_ACTION)) {
+ return getAction(TOKEN_ACTION);
+ }
+ }
+
+ return null;// getAction(AUTH_ACTION);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IModulInfo#generateErrorMessage(java.lang.Throwable,
+ * javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
+ * at.gv.egovernment.moa.id.moduls.IRequest)
+ */
+ public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest)
+ throws Throwable {
+
+ // get error code and description
+ String errorCode;
+ String errorDescription;
+ String errorUri = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()
+ +"/" + OAuth20Constants.ERRORPAGE;
+ String moaError = null;
+
+ ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
+
+ if (e instanceof OAuth20Exception) {
+ errorCode = ((OAuth20Exception) e).getErrorCode();
+ errorDescription = URLEncoder.encode(((OAuth20Exception) e).getMessageId() + ": " + e.getMessage(), "UTF-8");
+ moaError = errorUtils.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId());
+
+ } else {
+ errorCode = OAuth20Constants.ERROR_SERVER_ERROR;
+ errorDescription = URLEncoder.encode(e.getMessage(), "UTF-8");
+ moaError = errorUtils.getResponseErrorCode(e);
+ }
+
+ String paramRedirect = null;
+ String state = null;
+ boolean isAuthRequest = false;
+ if (protocolRequest != null) {
+ if (protocolRequest instanceof OAuth20AuthRequest) {
+ isAuthRequest = true;
+
+ paramRedirect = ((OAuth20AuthRequest) protocolRequest).getRedirectUri();
+ state = ((OAuth20AuthRequest) protocolRequest).getState();
+ } else {
+ isAuthRequest = false;
+ }
+ } else {
+ String action = request.getParameter("action");
+ if (MiscUtil.isNotEmpty(action)) {
+ if (action.equals(AUTH_ACTION)) {
+
+ paramRedirect = request.getParameter(OAuth20Constants.PARAM_REDIRECT_URI);
+ state = request.getParameter(OAuth20Constants.PARAM_STATE);
+ isAuthRequest = true;
+ }
+ } else {
+ throw new MOAIDException("oauth20.01", new Object[] {});
+ }
+ }
+
+ // if (action.equals(AUTH_ACTION)) {
+ if (isAuthRequest) {
+ Logger.debug("Going to throw O OAuth20Exception for auth request");
+
+ StringBuilder url = new StringBuilder();
+
+ // check if given redirect url is ok
+ if (StringUtils.isNotEmpty(paramRedirect) && OAuth20Util.isUrl(paramRedirect)) {
+ url.append(paramRedirect);
+
+ // otherwise throw an
+ } else {
+ throw new MOAIDException("oauth20.01", new Object[] {});
+ }
+
+ OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR, errorCode);
+ OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription);
+ if (MiscUtil.isNotEmpty(moaError))
+ OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError);
+ OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_STATE, state);
+
+ response.setContentType("text/html");
+ response.setStatus(HttpServletResponse.SC_FOUND);
+ response.addHeader("Location", url.toString());
+ Logger.debug("REDIRECT TO: " + url.toString());
+ return true;
+
+ } else {
+ Logger.debug("Going to throw O OAuth20Exception for token request");
+
+ Map<String, Object> params = new HashMap<String, Object>();
+ params.put(OAuth20Constants.PARAM_ERROR, errorCode);
+ params.put(OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription);
+ params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError);
+
+ // create response
+ JsonObject jsonObject = new JsonObject();
+ OAuth20Util.addProperytiesToJsonObject(jsonObject, params);
+ String jsonResponse = jsonObject.toString();
+ Logger.debug("JSON Response: " + jsonResponse);
+
+ // write respone to http response
+ response.setContentType("application/json");
+ response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+ response.getOutputStream().print(jsonResponse);
+ response.getOutputStream().close();
+
+ return true;
+ }
+
+ // return false;
+
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see
+ * at.gv.egovernment.moa.id.moduls.IModulInfo#validate(javax.servlet.http.HttpServletRequest,
+ * javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest)
+ */
+ public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
+ // we validate in the preProcess
+ return true;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
new file mode 100644
index 000000000..2238a25e1
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -0,0 +1,124 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20UnauthorizedClientException;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.logging.Logger;
+
+import com.google.gson.JsonObject;
+
+class OAuth20TokenAction implements IAction {
+
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IAuthData authData) throws MOAIDException {
+
+
+ OAuth20SessionObject auth20SessionObject = null;
+ try {
+ OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req;
+
+ MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST);
+
+ try {
+ Logger.debug("Loaded OAuth20SessionObject from session: " + oAuthRequest.getCode());
+
+ auth20SessionObject =
+ AssertionStorage.getInstance().get(oAuthRequest.getCode(), OAuth20SessionObject.class);
+
+ } catch (MOADatabaseException e) {
+ throw new OAuth20UnauthorizedClientException();
+
+ }
+
+ // do checking for different grant types and code
+ if (auth20SessionObject == null || !auth20SessionObject.getCode().equals(oAuthRequest.getCode())) {
+ throw new OAuth20UnauthorizedClientException();
+ } else {
+ Logger.debug("Loaded of OAuth20SessionObject was successful");
+ }
+
+ // create response
+ JsonObject jsonObject = new JsonObject();
+ OAuth20Util.addProperytiesToJsonObject(jsonObject, auth20SessionObject.getAuthDataSession());
+ String jsonResponse = jsonObject.toString();
+ Logger.debug("JSON Response: " + jsonResponse);
+
+ // write respone to http response
+ httpResp.setContentType("application/json");
+ httpResp.setStatus(HttpServletResponse.SC_OK);
+ httpResp.getOutputStream().print(jsonResponse);
+ httpResp.getOutputStream().close();
+
+ return null;
+ }
+ catch (Exception e) {
+ Logger.error(e.getMessage(), e);
+ throw new OAuth20ServerErrorException();
+ }
+
+ finally {
+ if (auth20SessionObject != null) {
+ // destroy session for clean up
+
+ Logger.debug("Going to destroy session: " + auth20SessionObject.getCode());
+ AssertionStorage.getInstance().remove(auth20SessionObject.getCode());
+
+ }
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see
+ * at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls
+ * .IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ return false;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+ */
+ public String getDefaultActionName() {
+ return OAuth20Protocol.TOKEN_ACTION;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
new file mode 100644
index 000000000..abfe4ce15
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -0,0 +1,166 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidGrantException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
+import at.gv.egovernment.moa.logging.Logger;
+
+class OAuth20TokenRequest extends OAuth20BaseRequest {
+
+ /**
+ * @param req
+ * @throws ConfigurationException
+ */
+ public OAuth20TokenRequest(HttpServletRequest req)
+ throws ConfigurationException {
+ super(req);
+ }
+
+ private static final long serialVersionUID = 1L;
+
+ private String code;
+ private String grantType;
+ private String clientID;
+ private String clientSecret;
+
+ /**
+ * @return the code
+ */
+ public String getCode() {
+ return code;
+ }
+
+ /**
+ * @param code
+ * the code to set
+ */
+ public void setCode(String code) {
+ this.code = code;
+ }
+
+ /**
+ * @return the grantType
+ */
+ public String getGrantType() {
+ return grantType;
+ }
+
+ /**
+ * @param grantType
+ * the grantType to set
+ */
+ public void setGrantType(String grantType) {
+ this.grantType = grantType;
+ }
+
+ /**
+ * @return the clientID
+ */
+ public String getClientID() {
+ return clientID;
+ }
+
+ /**
+ * @param clientID
+ * the clientID to set
+ */
+ public void setClientID(String clientID) {
+ this.clientID = clientID;
+ }
+
+ /**
+ * @return the clientSecret
+ */
+ public String getClientSecret() {
+ return clientSecret;
+ }
+
+ /**
+ * @param clientSecret
+ * the clientSecret to set
+ */
+ public void setClientSecret(String clientSecret) {
+ this.clientSecret = clientSecret;
+ }
+
+ @Override
+ protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception {
+ this.setCode(this.getParam(request, OAuth20Constants.RESPONSE_CODE, true));
+ this.setGrantType(this.getParam(request, OAuth20Constants.PARAM_GRANT_TYPE, true));
+ this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
+ this.setClientSecret(this.getParam(request, OAuth20Constants.PARAM_CLIENT_SECRET, true));
+
+ // check for grant type
+ if (!this.getGrantType().equals(OAuth20Constants.PARAM_GRANT_TYPE_VALUE_AUTHORIZATION_CODE)) {
+ throw new OAuth20InvalidGrantException();
+ }
+
+ // check if client id and secret are ok
+ try {
+ // OAOAUTH20 cannot be null at this point. check was done in base request
+ OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL());
+
+ if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) {
+ throw new OAuth20AccessDeniedException();
+ }
+
+ if (!this.getClientSecret().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))) {
+ throw new OAuth20AccessDeniedException();
+ }
+
+ this.setOnlineApplicationConfiguration(oaParam);
+
+ }
+ catch (ConfigurationException e) {
+ throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+ }
+
+ Logger.info("Dispatch OpenIDConnect TokenRequest: ClientID=" + this.clientID);
+
+ //add valid parameters
+ this.allowedParameters.add(OAuth20Constants.PARAM_SCOPE);
+ this.allowedParameters.add(OAuth20Constants.PARAM_REDIRECT_URI);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+ return null;
+ }
+}
diff --git a/id/server/modules/moa-id-module-openID/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo b/id/server/modules/moa-id-module-openID/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo
new file mode 100644
index 000000000..b653c91c3
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20Protocol \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
new file mode 100644
index 000000000..6cf1e8280
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
@@ -0,0 +1,131 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package test.at.gv.egovernment.moa.id.auth.oauth;
+
+import iaik.security.ecc.provider.ECCProvider;
+
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+import net.oauth.jsontoken.crypto.Signer;
+import net.oauth.jsontoken.crypto.Verifier;
+
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Signer;
+import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Verifier;
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+
+public class CertTest {
+
+ /** KeyStore Path */
+ private String rsaKeyStorePath = "file:/D:/dev/work/exthex/workspace/OAuthTesting/resources/keys/test_keystore.jks";
+
+ private String ecdsaKeyStorePath = "file:/D:/dev/work/exthex/workspace/OAuthTesting/resources/keys/ECDSA_keystore.jks";
+
+ /** KeyStore Password */
+ private String keyStorePassword = "test12";
+
+ /** Specific Key Name as Credential */
+ private String keyName = "1";
+
+ /** Key password */
+ private String keyPassword = "test12";
+
+ private BasicX509Credential getCredentials(String keyStorePath) {
+ Assert.assertNotNull(keyStorePath);
+
+ // KeyStorePassword optional
+ // if (StringUtils.isEmpty(this.keyStorePassword))
+ // throw new SAMLException("No keyStorePassword specified");
+
+ Assert.assertNotNull(this.keyName);
+
+ // KeyStorePassword optional
+ // if (StringUtils.isEmpty(this.keyPassword))
+ // throw new SAMLException("No keyPassword specified");
+
+ KeyStore ks = null;
+ try {
+ ks = KeyStoreUtils.loadKeyStore(keyStorePath, this.keyStorePassword);
+
+ }
+ catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ // return new KeyStoreX509CredentialAdapter(ks, keyName, keyPwd.toCharArray());
+ BasicX509Credential credential = null;
+ try {
+ X509Certificate certificate = (X509Certificate) ks.getCertificate(this.keyName);
+
+ PrivateKey privateKey = (PrivateKey) ks.getKey(this.keyName, this.keyPassword.toCharArray());
+
+ // System.out.println("KS Provider:" + privateKey.getClass());
+ credential = new BasicX509Credential();
+ credential.setEntityCertificate(certificate);
+ credential.setPrivateKey(privateKey);
+
+ System.out.println("Private Key: " + privateKey);
+
+ }
+ catch (Exception e) {
+ e.printStackTrace();
+
+ }
+
+ return credential;
+ }
+
+ private void signAndVerify(BasicX509Credential credential) throws Exception {
+ String data = "someData";
+
+ Signer signer = new OAuth20SHA256Signer("signer1", keyName, credential.getPrivateKey());
+
+ byte[] signedData = signer.sign(data.getBytes());
+
+ Verifier verifier = new OAuth20SHA256Verifier(credential.getPublicKey());
+ verifier.verifySignature(data.getBytes(), signedData);
+ }
+
+ @Test
+ // (enabled = false)
+ public void testRSA() throws Exception {
+ BasicX509Credential credential = this.getCredentials(this.rsaKeyStorePath);
+
+ // System.out.println(credential);
+ this.signAndVerify(credential);
+ }
+
+ @Test
+ public void testECDSA() throws Exception {
+ ECCProvider.addAsProvider();
+
+ // Security.addProvider(new ECCProvider());
+ BasicX509Credential credential = this.getCredentials(this.ecdsaKeyStorePath);
+ this.signAndVerify(credential);
+ }
+}
diff --git a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/OAuth20ErrorsTests.java b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/OAuth20ErrorsTests.java
new file mode 100644
index 000000000..abfca4f36
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/OAuth20ErrorsTests.java
@@ -0,0 +1,184 @@
+package test.at.gv.egovernment.moa.id.auth.oauth;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.methods.GetMethod;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.testng.Assert;
+import org.testng.annotations.AfterMethod;
+import org.testng.annotations.BeforeMethod;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
+
+import com.google.api.client.extensions.java6.auth.oauth2.VerificationCodeReceiver;
+import com.google.api.client.extensions.jetty.auth.oauth2.LocalServerReceiver;
+
+public class OAuth20ErrorsTests {
+
+ final static Logger log = LoggerFactory.getLogger(OAuth20ErrorsTests.class);
+
+ private static VerificationCodeReceiver receiver;
+
+ // base uri
+ private static String OAUTH2_BASE_URI = "https://localhost/moa-id-auth/";
+ // auth action
+ private static String OAUTH2_AUTH_URI = OAUTH2_BASE_URI + "oauth2/auth";
+ // token action
+ private static String OAUTH2_TOKEN_URI = OAUTH2_BASE_URI + "oauth2/token";
+
+ // client id
+ private static String CLIENT_ID = "http://test";
+ // client secret
+ private static String CLIENT_SECRET = "d435cf0a-3933-48f7-b142-339710c8f070";
+ // OAuth 2.0 scopes
+ //private static List<String> SCOPES = Arrays.asList("testScope1", "testScope2");
+ // state
+ private static String STATE = "testState";
+ // code
+ private static String CODE = "code";
+ // redirect uri
+ private static String REDIRECT_URI = "http://localhost:59542/Callback";
+
+ @BeforeMethod
+ public void beforeTest() throws Exception {
+ receiver = new LocalServerReceiver.Builder().setPort(59542).build();
+ // REDIRECT_URI = receiver.getRedirectUri();
+ // start
+ receiver.getRedirectUri();
+ }
+
+ @AfterMethod
+ public void afterTest() {
+ try {
+ receiver.stop();
+ }
+ catch (IOException e) {
+ }
+ }
+
+ private void checkParam(final String paramString, final String paramName) {
+ String[] help = paramString.split("=");
+ Assert.assertEquals(help[0], paramName);
+ Assert.assertTrue(StringUtils.isNotEmpty(help[1]));
+ }
+
+ private void checkParams(final String queryString) {
+ // System.out.println("QueryString: " + queryString);
+
+ System.out.println("Result url: " + queryString);
+
+ String[] params = queryString.split("&");
+
+ this.checkParam(params[0], OAuth20Constants.PARAM_ERROR);
+ this.checkParam(params[1], OAuth20Constants.PARAM_ERROR_DESCRIPTION);
+ // this.checkParam(params[2], OAuth20Constants.PARAM_ERROR_URI);
+ // this.checkParam(params[3], OAuth20Constants.PARAM_STATE);
+ this.checkParam(params[2], OAuth20Constants.PARAM_STATE);
+ }
+
+ class OAuthRequestParameters {
+ String redirectUri;
+ String clientId;
+ String responseType;
+ String scope;
+ String state;
+ String error;
+
+ public OAuthRequestParameters(String redirectUri, String clientId, String responseType, String scope, String state,
+ String error) {
+ this.redirectUri = redirectUri;
+ this.clientId = clientId;
+ this.responseType = responseType;
+ this.scope = scope;
+ this.state = state;
+ this.error = error;
+ }
+ }
+
+ @DataProvider(name = "parameter")
+ public Object[][] parameterProvider() {
+ // parameter is missing
+ // OAuthRequestParameters p0 = new OAuthRequestParameters(null, OA_URL, CLIENT_ID, CODE,
+ // "testScope1", null,
+ // "User authorization failed (invalid_request)");
+ // OAuthRequestParameters p1 = new OAuthRequestParameters(REDIRECT_URI, CLIENT_ID, CODE,
+ // "testScope1", STATE,
+ // "User authorization failed (invalid_request)");
+ OAuthRequestParameters p2 = new OAuthRequestParameters(REDIRECT_URI, null, CODE, "testScope1", STATE,
+ "User authorization failed (invalid_request)");
+ OAuthRequestParameters p3 = new OAuthRequestParameters(REDIRECT_URI, CLIENT_ID, null, "testScope1", STATE,
+ "User authorization failed (invalid_request)");
+ OAuthRequestParameters p4 = new OAuthRequestParameters(REDIRECT_URI, CLIENT_ID, CODE, null, STATE, null);
+ OAuthRequestParameters p5 = new OAuthRequestParameters(REDIRECT_URI, CLIENT_ID, CODE, "testScope1", null,
+ "User authorization failed (invalid_request)");
+
+ // wrong response type
+ OAuthRequestParameters p6 = new OAuthRequestParameters(REDIRECT_URI, CLIENT_ID, "WRONG_CODE", "testScope1", STATE,
+ "User authorization failed (unsupported_response_type)");
+ // wrong client id
+ OAuthRequestParameters p7 = new OAuthRequestParameters(REDIRECT_URI, "wrongClient", CODE, "testScope1", STATE,
+ "User authorization failed (invalid_request)");
+ // wrong redirect uri
+ // OAuthRequestParameters p9 = new OAuthRequestParameters("wrongURI", OA_URL, "wrongClient",
+ // CODE, "testScope1", STATE,
+ // "User authorization failed (access_denied)");
+
+ return new Object[][] { { p2 }, { p3 }, { p4 }, { p5 }, { p6 }, { p7 } };
+ }
+
+ @Test(dataProvider = "parameter", enabled = false)
+ public void testMissingParams(OAuthRequestParameters p) throws Exception {
+ StringBuilder url = new StringBuilder();
+ url.append(OAUTH2_AUTH_URI);
+
+ if (StringUtils.isNotEmpty(p.redirectUri)) OAuth20Util.addParameterToURL(url, "redirect_uri", p.redirectUri);
+ if (StringUtils.isNotEmpty(p.clientId)) OAuth20Util.addParameterToURL(url, "client_id", p.clientId);
+ if (StringUtils.isNotEmpty(p.responseType)) OAuth20Util.addParameterToURL(url, "response_type", p.responseType);
+ if (StringUtils.isNotEmpty(p.scope)) OAuth20Util.addParameterToURL(url, "scope", p.scope);
+ if (StringUtils.isNotEmpty(p.state)) OAuth20Util.addParameterToURL(url, "state", p.state);
+
+ String finalUrl = url.toString();
+ System.out.println("Calling: " + finalUrl);
+
+ HttpClient client = new HttpClient();
+ GetMethod get = new GetMethod(finalUrl);
+ int res = client.executeMethod(get);
+ Assert.assertEquals(res, HttpServletResponse.SC_OK);
+
+ // assert
+
+ if (p.error == null) {
+ Assert.assertFalse(get.getQueryString().contains("error"));
+ // receiver.waitForCode();
+ } else {
+ // check if all error params are returned
+ this.checkParams(get.getQueryString());
+ try {
+ receiver.waitForCode();
+ Assert.assertTrue(false);
+ }
+ catch (Exception e) {
+ Assert.assertEquals(e.getMessage(), p.error);
+ }
+ }
+ }
+
+ @Test(enabled = false)
+ public void testTokenErrorResponse() throws Exception {
+ HttpClient client = new HttpClient();
+ GetMethod get = new GetMethod(OAUTH2_TOKEN_URI + "&client_id=" + CLIENT_ID + "&client_secret=" + CLIENT_SECRET
+ + "&code=test&grant_type=authorization_code");
+ int res = client.executeMethod(get);
+
+ System.out.println(res);
+ System.out.println(get.getResponseBodyAsString());
+ }
+}
diff --git a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/OAuth20GoogleClientTestCase.java b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/OAuth20GoogleClientTestCase.java
new file mode 100644
index 000000000..53c7ad496
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/OAuth20GoogleClientTestCase.java
@@ -0,0 +1,158 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package test.at.gv.egovernment.moa.id.auth.oauth;
+
+import java.awt.Desktop;
+import java.awt.Desktop.Action;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.net.URI;
+import java.security.SecureRandom;
+import java.util.Arrays;
+import java.util.List;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+import com.google.api.client.auth.oauth2.AuthorizationCodeFlow;
+import com.google.api.client.auth.oauth2.AuthorizationCodeRequestUrl;
+import com.google.api.client.auth.oauth2.BearerToken;
+import com.google.api.client.auth.oauth2.ClientParametersAuthentication;
+import com.google.api.client.auth.oauth2.TokenResponse;
+import com.google.api.client.auth.openidconnect.IdToken;
+import com.google.api.client.extensions.java6.auth.oauth2.VerificationCodeReceiver;
+import com.google.api.client.extensions.jetty.auth.oauth2.LocalServerReceiver;
+import com.google.api.client.http.GenericUrl;
+import com.google.api.client.http.HttpExecuteInterceptor;
+import com.google.api.client.http.HttpTransport;
+import com.google.api.client.http.javanet.NetHttpTransport;
+import com.google.api.client.json.JsonFactory;
+import com.google.api.client.json.jackson2.JacksonFactory;
+
+public class OAuth20GoogleClientTestCase {
+
+ final static Logger log = LoggerFactory.getLogger(OAuth20GoogleClientTestCase.class);
+
+ // private static FileDataStoreFactory DATA_STORE_FACTORY;
+
+ // Global instance of the HTTP transport.
+ private static HttpTransport HTTP_TRANSPORT = new NetHttpTransport();
+ // Global instance of the JSON factory.
+ private static final JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
+
+ private static String ISS = "https://localhost/moa-id-auth/";
+
+ // base uri
+ //private static String OAUTH2_BASE_URI = ISS + "dispatcher";
+ // auth action
+ //private static String OAUTH2_AUTH_URI = OAUTH2_BASE_URI + "?mod=id_oauth20&action=AUTH";
+ private static String OAUTH2_AUTH_URI = ISS + "oauth2/auth";
+
+ // token action
+ //private static String OAUTH2_TOKEN_URI = OAUTH2_BASE_URI + "?mod=id_oauth20&action=TOKEN";
+ private static String OAUTH2_TOKEN_URI = ISS + "oauth2/token";
+
+ // client id
+ private static String CLIENT_ID = "http://test";
+ // client secret
+ private static String CLIENT_SECRET = "d435cf0a-3933-48f7-b142-339710c8f070";
+ // OAuth 2.0 scopes
+ private static final List<String> SCOPES = Arrays.asList("profile", "eID", "eID_gov", "mandate");
+
+ // open browser for bku login
+ private void openURL(String url) {
+ Assert.assertNotNull(url);
+ log.info("Please open the following URL in your browser:");
+ log.info(url);
+ if (Desktop.isDesktopSupported()) {
+ Desktop desktop = Desktop.getDesktop();
+ if (desktop.isSupported(Action.BROWSE)) {
+ try {
+ desktop.browse(URI.create(url));
+ return;
+ }
+ catch (IOException e) {
+ // handled below
+ }
+ }
+ }
+
+ }
+
+ private TokenResponse authorize() throws Exception {
+ // set up a receiver for the callback
+ VerificationCodeReceiver receiver = new LocalServerReceiver.Builder().setPort(59542).build();
+
+ // create AuthorizationCodeFlow
+ GenericUrl token_uri = new GenericUrl(OAUTH2_TOKEN_URI);
+ HttpExecuteInterceptor credentials = new ClientParametersAuthentication(CLIENT_ID, CLIENT_SECRET);
+ AuthorizationCodeFlow flow = new AuthorizationCodeFlow.Builder(BearerToken.queryParameterAccessMethod(), HTTP_TRANSPORT,
+ JSON_FACTORY, token_uri, credentials, CLIENT_ID, OAUTH2_AUTH_URI).setScopes(SCOPES).build();
+ // .setDataStoreFactory(DATA_STORE_FACTORY)
+
+ // create AuthorizationCodeRequestUrl
+ try {
+ String redirectUri = receiver.getRedirectUri();
+ String state = new BigInteger(130, new SecureRandom()).toString(32);
+ AuthorizationCodeRequestUrl authorizationUrl = flow.newAuthorizationUrl().setRedirectUri(redirectUri).setState(state);
+
+ // open in browser
+ this.openURL(authorizationUrl.build());
+
+ // receive authorization code and exchange it for an access token
+ String code = receiver.waitForCode();
+ System.out.println(code);
+ TokenResponse response = flow.newTokenRequest(code).setRedirectUri(redirectUri).execute();
+ return response;
+ }
+ finally {
+ // if anything fails, stop the receiver
+ receiver.stop();
+ }
+
+ }
+
+ // eyJhbGciOiJSUzI1NiIsImtpZCI6IjEifQ.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdC9tb2EtaWQtYXV0aC8iLCJleHAiOi02MzE5MDMsInN1YiI6IncveThQY2pNTHBFTGZmUHRTSDNtbmd6M24rRVx1MDAzZCIsImJpcnRoZGF0ZSI6IjE5ODUtMDItMDEiLCJmYW1pbHlfbmFtZSI6IkhpZXNzIiwiZ2l2ZW5fbmFtZSI6Ik1pY2hhZWwiLCJpYXQiOi02MzIyMDN9.Z_jveITHlTtktPOOV3n_sMbg50YQ4YcOEcSUs_RJ-4FGedj1sVxk9gmlUQcBPfQaBrPgC6RoiPLTy8CKu2PBClEyv9c9HdzIGqBjWzaTSNASx_QL5bfG4EQ8VZmSEI9d0whzlaBgkUFNfhx-Q2ZVh-g8SJ-0JO0zFR18OSRNTxPTJ4PPl0APqn2H-98sU331_zQKiZxNOvl_6OG26VoIYwEuW5m_N5tsf4lLAlqYcdHR3iNTeu8AkAOvlEwv7Z3BeeOiP4u-OWuc6VusWBPxaI2NwmDIoorpyIxY-wEFb4CWICuyk61Wlq1SCNdl-f-ODwJBK3rlj0IMlYbAjKSB0g
+ private void verifyIdToken(TokenResponse response) throws Exception {
+ String id_token = (String) response.getUnknownKeys().get("id_token");
+ log.info("going to parse id token: {}", id_token);
+
+ IdToken idToken = IdToken.parse(JSON_FACTORY, id_token);
+ Assert.assertTrue(idToken.verifyIssuer(ISS));
+
+ log.info(idToken.getPayload().toPrettyString());
+ log.info(idToken.getHeader().toPrettyString());
+
+ }
+
+ @Test(enabled = false)
+ public void testServerFlow() throws Exception {
+ TokenResponse response = this.authorize();
+ log.info(response.toPrettyString());
+
+ this.verifyIdToken(response);
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/OAuth20UtilTest.java b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/OAuth20UtilTest.java
new file mode 100644
index 000000000..8e18adc08
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/OAuth20UtilTest.java
@@ -0,0 +1,70 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package test.at.gv.egovernment.moa.id.auth.oauth;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
+
+public class OAuth20UtilTest {
+
+ @Test
+ public void validateURL() {
+ Assert.assertTrue(OAuth20Util.isUrl("file:/D:/dev/work/exthex/workspace/OAuthTesting/resources/keys/test_keystore.jks"));
+ Assert.assertTrue(OAuth20Util.isUrl("https://www.google.at/"));
+ Assert.assertTrue(OAuth20Util.isUrl("http://test"));
+ Assert.assertTrue(OAuth20Util.isUrl("http://localhost:59542/Callback"));
+
+
+ Assert.assertFalse(OAuth20Util.isUrl("http://"));
+ Assert.assertFalse(OAuth20Util.isUrl("123http://test"));
+ Assert.assertFalse(OAuth20Util.isUrl("test"));
+ }
+
+ @Test
+ public void validateState() {
+ // check state for invalid characters (like < > & ; ... javascript ... to prevent xss)
+
+ Assert.assertFalse(OAuth20Util.isValidStateValue("javascript"));
+ Assert.assertFalse(OAuth20Util.isValidStateValue("<Test"));
+ Assert.assertFalse(OAuth20Util.isValidStateValue("Test>"));
+ Assert.assertFalse(OAuth20Util.isValidStateValue("Tas<est"));
+ Assert.assertFalse(OAuth20Util.isValidStateValue("Te>st"));
+ Assert.assertFalse(OAuth20Util.isValidStateValue("Tes&t"));
+ Assert.assertFalse(OAuth20Util.isValidStateValue("Tes;t"));
+ Assert.assertTrue(OAuth20Util.isValidStateValue("secure_state"));
+ }
+
+
+ @Test
+ public void testExp() {
+ Pattern urlPattern = Pattern.compile("/oauth2/auth\\?(.*)$", Pattern.CASE_INSENSITIVE);
+ Matcher matcher = urlPattern.matcher("https://localhost/moa-id-auth/oauth2/auth?client_id=http://test&redirect_uri=http://localhost:59542/Callback&response_type=code&scope=profile%20eID%20eID_gov%20mandate&state=7gfnabf112ogg9segnnrfpi83q");
+ System.out.println(matcher.find());
+ }
+
+}