diff options
Diffstat (limited to 'id/server/modules/moa-id-module-openID')
20 files changed, 219 insertions, 238 deletions
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java index 9060f35c5..76e7f0901 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java @@ -24,9 +24,9 @@ package at.gv.egovernment.moa.id.protocols.oauth20; import java.util.Properties; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.util.FileUtils; public class OAuth20Configuration { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index 9b19e0a4d..19fdb3fee 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -30,23 +30,25 @@ import org.apache.commons.lang.StringUtils; import com.google.gson.JsonObject; import com.google.gson.JsonPrimitive; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIssuingNationAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIssuingNationAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePIN; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePINType; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; @@ -61,8 +63,6 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAt import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; public final class OAuth20AttributeBuilder { @@ -70,7 +70,7 @@ public final class OAuth20AttributeBuilder { private OAuth20AttributeBuilder() { throw new InstantiationError(); } - + private static IAttributeGenerator<Pair<String, JsonPrimitive>> generator = new IAttributeGenerator<Pair<String, JsonPrimitive>>() { public Pair<String, JsonPrimitive> buildStringAttribute(final String friendlyName, final String name, final String value) { @@ -206,7 +206,7 @@ public final class OAuth20AttributeBuilder { } private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) { + final ISPConfiguration oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) { for (IAttributeBuilder b : builders) { try { //TODO: better solution requires more refactoring :( @@ -222,40 +222,40 @@ public final class OAuth20AttributeBuilder { jsonObject.add(attribute.getFirst(), attribute.getSecond()); } } - catch (AttributeException e) { + catch (AttributeBuilderException e) { Logger.info("Cannot add attribute " + b.getName()); } } } public static void addScopeOpenId(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData, + final ISPConfiguration oaParam, final IAuthData authData, final OAuth20AuthRequest oAuthRequest) { addAttibutes(buildersOpenId, jsonObject, oaParam, authData, oAuthRequest); } public static void addScopeProfile(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersProfile, jsonObject, oaParam, authData, null); } public static void addScopeEID(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersEID, jsonObject, oaParam, authData, null); } public static void addScopeEIDGov(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersEIDGov, jsonObject, oaParam, authData, null); } public static void addScopeMandate(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersMandate, jsonObject, oaParam, authData, null); } public static void addScopeSTORK(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersSTORK, jsonObject, oaParam, authData, null); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java index a43c8fce9..b3586245b 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdAudiencesAttribute implements IAttributeBuilder { @@ -35,9 +34,9 @@ public class OpenIdAudiencesAttribute implements IAttributeBuilder { return "aud"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildStringAttribute(this.getName(), "", oaParam.getPublicURLPrefix()); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + return g.buildStringAttribute(this.getName(), "", oaParam.getUniqueIdentifier()); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java index c6775b692..933ee8904 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder { @@ -35,9 +34,9 @@ public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder { return "auth_time"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildLongAttribute(this.getName(), "", ((long) (authData.getIssueInstant().getTime() / 1000))); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + return g.buildLongAttribute(this.getName(), "", ((long) (authData.getAuthenticationIssueInstant().getTime() / 1000))); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java index 5f32e32a2..04efa3979 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java @@ -24,12 +24,11 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdExpirationTimeAttribute implements IAttributeBuilder { @@ -39,8 +38,8 @@ public class OpenIdExpirationTimeAttribute implements IAttributeBuilder { return "exp"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000 + expirationTime)); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java index 04f38faf6..459d2b1cd 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java @@ -24,12 +24,11 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdIssueInstantAttribute implements IAttributeBuilder { @@ -37,8 +36,8 @@ public class OpenIdIssueInstantAttribute implements IAttributeBuilder { return "iat"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000)); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java index ff19a618a..2f4124c32 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdIssuerAttribute implements IAttributeBuilder { @@ -35,9 +34,9 @@ public class OpenIdIssuerAttribute implements IAttributeBuilder { return "iss"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildStringAttribute(this.getName(), "", authData.getIssuer()); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + return g.buildStringAttribute(this.getName(), "", authData.getAuthenticationIssuer()); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java index eda276df2..66b6a2518 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java @@ -22,27 +22,27 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.util.MiscUtil; public class OpenIdNonceAttribute implements IAttributeBuilder { - public String getName() { + public String getName() { return "nonce"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", null); } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { if (MiscUtil.isNotEmpty(oAuthRequest.getNonce())) return g.buildStringAttribute(this.getName(), "", oAuthRequest.getNonce()); else diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java index 7de90e98e..e3e717ec3 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder { return "sub"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getBPK()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java index 3ebadba52..d23877395 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class ProfileDateOfBirthAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class ProfileDateOfBirthAttribute implements IAttributeBuilder { return "birthdate"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getFormatedDateOfBirth()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java index 89209b062..540962a29 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class ProfileFamilyNameAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class ProfileFamilyNameAttribute implements IAttributeBuilder { return "family_name"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getFamilyName()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java index 895037b2e..f6f774a46 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class ProfileGivenNameAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class ProfileGivenNameAttribute implements IAttributeBuilder { return "given_name"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getGivenName()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java index cd7b8312d..17ed6b40d 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java @@ -34,11 +34,11 @@ import java.security.interfaces.RSAPublicKey; import org.apache.commons.lang.StringUtils; import org.opensaml.xml.security.x509.BasicX509Credential; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Configuration; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20CertificateErrorException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.KeyStoreUtils; public final class OAuth20SignatureUtil { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index b7c54203f..b00675e7c 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -33,16 +33,18 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder; @@ -53,21 +55,19 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorE import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; @Service("OAuth20AuthAction") class OAuth20AuthAction implements IAction { - @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected IRevisionLogger revisionsLogger; @Autowired protected ITransactionStorage transactionStorage; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req; - String responseType = oAuthRequest.getResponseType(); + String responseType = oAuthRequest.getResponseType(); revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST); @@ -111,7 +111,7 @@ class OAuth20AuthAction implements IAction { //TODO: maybe add bPK / wbPK to SLO information - SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), req.getOnlineApplicationConfiguration().getPublicURLPrefix(), accessToken, null, null, req.requestedModule()); + SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), req.getServiceProviderConfiguration().getUniqueIdentifier(), accessToken, null, null, req.requestedModule()); return sloInformation; } @@ -156,9 +156,9 @@ class OAuth20AuthAction implements IAction { private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData) throws MOAIDException, SignatureException { - IOAAuthParameters oaParam = oAuthRequest.getOnlineApplicationConfiguration(); + ISPConfiguration oaParam = oAuthRequest.getServiceProviderConfiguration(); - OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer()); + OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getAuthenticationIssuer()); OAuthJsonToken token = new OAuthJsonToken(signer); StringBuilder resultScopes = new StringBuilder(); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index 258b77b98..40701d91d 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -22,30 +22,22 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; -import java.util.Collection; -import java.util.HashMap; -import java.util.Map; - import javax.servlet.http.HttpServletRequest; -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; -import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.logging.Logger; @Component("OAuth20AuthRequest") @@ -102,7 +94,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { * the state to set */ public void setState(String state) { - this.state = state; + this.state = state; } /** @@ -188,7 +180,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { // check if client id and redirect uri are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); + ISPConfiguration oAuthConfig = authConfig.getServiceProviderConfiguration(this.getSPEntityId()); if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) @@ -200,46 +192,46 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID); - } catch (ConfigurationException e) { + } catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { - Map<String, String> reqAttr = new HashMap<String, String>(); - for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) - reqAttr.put(el, ""); - - for (String s : scope.split(" ")) { - if (s.equalsIgnoreCase("profile")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("eID")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("eID_gov")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("mandate")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("stork")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork()) - reqAttr.put(el.getName(), ""); - - } - } - - //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); - return reqAttr.keySet(); - } +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() +// */ +// @Override +// public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { +// Map<String, String> reqAttr = new HashMap<String, String>(); +// for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) +// reqAttr.put(el, ""); +// +// for (String s : scope.split(" ")) { +// if (s.equalsIgnoreCase("profile")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("eID")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("eID_gov")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("mandate")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("stork")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork()) +// reqAttr.put(el.getName(), ""); +// +// } +// } +// +// //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); +// return reqAttr.keySet(); +// } } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index 3ab283db5..2ce5234ac 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -30,12 +30,13 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; @@ -49,6 +50,8 @@ abstract class OAuth20BaseRequest extends RequestImpl { protected Set<String> allowedParameters = new HashSet<String>(); + @Autowired(required=true) protected IConfiguration authConfig; + protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception { String param = request.getParameter(name); Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param); @@ -70,8 +73,8 @@ abstract class OAuth20BaseRequest extends RequestImpl { if (!ParamValidatorUtils.isValidOA(oaURL)) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } - this.setOAURL(oaURL); - IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL); + this.setSPEntityId(oaURL); + ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaURL); if (oaParam == null) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); @@ -83,7 +86,7 @@ abstract class OAuth20BaseRequest extends RequestImpl { throw new OAuth20OANotSupportedException(); } } - catch (ConfigurationException e) { + catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index d72fe9686..30e89d15a 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -17,24 +17,24 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @Controller -public class OAuth20Protocol extends AbstractAuthProtocolModulController { +public class OAuth20Protocol extends AbstractAuthProtocolModulController implements IModulInfo { public static final String NAME = OAuth20Protocol.class.getName(); public static final String PATH = "id_oauth20"; @@ -48,15 +48,16 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { PVPConstants.BPK_NAME }); - public String getName() { + public String getName() { return NAME; } - - public String getPath() { + + @Override + public String getAuthProtocolIdentifier() { return PATH; } - /** + /** * */ public OAuth20Protocol() { @@ -67,22 +68,22 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { //OpenID Connect auth request @RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET}) - public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { - if (!authConfig.getAllowedProtocols().isOAUTHActive()) { - Logger.info("OpenID-Connect is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); - - } + public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException { +// if (!authConfig.getAllowedProtocols().isOAUTHActive()) { +// Logger.info("OpenID-Connect is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); +// +// } OAuth20AuthRequest pendingReq = applicationContext.getBean(OAuth20AuthRequest.class); try { - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(OAuth20Protocol.NAME); pendingReq.populateParameters(req); - } catch (OAuth20Exception e) { + } catch (EAAFException e) { Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); - throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e); + throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e); } @@ -101,22 +102,22 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { //openID Connect tokken request @RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET}) - public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { - if (!authConfig.getAllowedProtocols().isOAUTHActive()) { - Logger.info("OpenID-Connect is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); - - } + public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException { +// if (!authConfig.getAllowedProtocols().isOAUTHActive()) { +// Logger.info("OpenID-Connect is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); +// +// } OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class); try { - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(OAuth20Protocol.NAME); pendingReq.populateParameters(req); - } catch (OAuth20Exception e) { + } catch (EAAFException e) { Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); - throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e); + throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e); } @@ -148,18 +149,16 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { String errorUri = protocolRequest.getAuthURL() +"/" + OAuth20Constants.ERRORPAGE; String moaError = null; - - ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); - + if (e instanceof OAuth20Exception) { errorCode = ((OAuth20Exception) e).getErrorCode(); errorDescription = URLEncoder.encode(((OAuth20Exception) e).getMessageId() + ": " + e.getMessage(), "UTF-8"); - moaError = errorUtils.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId()); + moaError = statusMessager.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId()); } else { errorCode = OAuth20Constants.ERROR_SERVER_ERROR; errorDescription = URLEncoder.encode(e.getMessage(), "UTF-8"); - moaError = errorUtils.getResponseErrorCode(e); + moaError = statusMessager.getResponseErrorCode(e); } String paramRedirect = null; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java index 2117e2ab8..f3dcbd295 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -31,31 +31,31 @@ import org.springframework.stereotype.Service; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20UnauthorizedClientException; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; @Service("OAuth20TokenAction") class OAuth20TokenAction implements IAction { - @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected IRevisionLogger revisionsLogger; @Autowired protected ITransactionStorage transactionStorage; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - + OAuth20SessionObject auth20SessionObject = null; try { OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index 50638ebf8..e14914512 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -22,19 +22,16 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; -import java.util.Collection; - import javax.servlet.http.HttpServletRequest; -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; @@ -141,7 +138,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { // check if client id and secret are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); + ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(this.getSPEntityId()); if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) { throw new OAuth20AccessDeniedException(); @@ -154,7 +151,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { this.setOnlineApplicationConfiguration(oaParam); } - catch (ConfigurationException e) { + catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } @@ -165,11 +162,11 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { this.allowedParameters.add(OAuth20Constants.PARAM_REDIRECT_URI); } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { - return null; - } +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() +// */ +// @Override +// public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { +// return null; +// } } diff --git a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java index 35bbac6e7..824d64171 100644 --- a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java +++ b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java @@ -30,10 +30,9 @@ import org.opensaml.xml.security.x509.BasicX509Credential; import org.testng.Assert; import org.testng.annotations.Test; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Signer; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Verifier; -import at.gv.egovernment.moa.util.KeyStoreUtils; - import net.oauth.jsontoken.crypto.Signer; import net.oauth.jsontoken.crypto.Verifier; |