diff options
Diffstat (limited to 'id/server')
135 files changed, 2498 insertions, 3219 deletions
diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index 53aab2f9e..806e7843c 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -202,6 +202,12 @@ <artifactId>xalan</artifactId> <!-- should be provided by the container or jre --> <scope>provided</scope> + <exclusions> + <exclusion> + <groupId>xalan</groupId> + <artifactId>serializer</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>xerces</groupId> diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html index 18cb15437..d2e7d1e1b 100644 --- a/id/server/auth/src/main/webapp/index.html +++ b/id/server/auth/src/main/webapp/index.html @@ -2,7 +2,7 @@ <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf8" > - <title>MOA-ID 3.0.x</title> + <title>MOA-ID 3.1.x</title> <link rel="stylesheet" href="./common/main.css" type="text/css"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <link href='https://fonts.googleapis.com/css?family=Roboto:300,400' rel='stylesheet' type='text/css'> diff --git a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html index a29b1d7bb..2b0115d4a 100644 --- a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html +++ b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html @@ -405,7 +405,7 @@ #bkulogin { min-width: 190px; - min-height: 155px; + min-height: 170px; } .setAssertionButton_full { @@ -616,6 +616,12 @@ top: 40px; } + + #ssoSessionTransferBlock { + font-size: 0.8em; + margin-left: 5px; + margin-bottom: 5px; + } </style> <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions--> @@ -656,7 +662,6 @@ if (isMetro()) document.getElementById("metroDetected").style.display="block"; document.getElementById("localBKU").style.display="block"; - document.getElementById("bkuButtonOnlineId").disabled = "true"; /* if (checkMandateSSO()) return; */ @@ -673,7 +678,6 @@ generateIFrame(iFrameURL); } function bkuHandyClicked() { - document.getElementById("bkuButtonHandyId").disabled = "true"; document.getElementById("localBKU").style.display="none"; /* if (checkMandateSSO()) return; */ @@ -836,7 +840,7 @@ <h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2> </div> <div id="bkulogin" class="hell" role="form"> - <div id="mandateLogin" style=""> + <div id="mandateLogin" style="#MANDATEVISIBLE#"> <div> <input tabindex="1" type="checkbox" name="Mandate" id="mandateCheckBox" class="verticalcenter" role="checkbox" @@ -854,15 +858,13 @@ <img id="bkuimage" class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png" alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" - value="Karte" - id="bkuButtonOnlineId"/> + value="Karte" /> </div> <div id="bkuhandy"> <img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png" alt="HandyBKU" /> <input name="bkuButtonHandy" type="button" onClick="bkuHandyClicked();" tabindex="3" role="button" - value="HANDY" - id="bkuButtonHandyId"/> + value="HANDY" /> </div> </div> <div id="localBKU"> @@ -871,19 +873,20 @@ <input type="hidden" name="bkuURI" value="#LOCAL#"> <input type="hidden" name="useMandate" id="useMandate"> <input type="hidden" name="SSO" id="useSSO"> <input - type="hidden" name="CCC" id="ccc"> <input type="hidden" + type="hidden" name="ccc" id="ccc"> <input type="hidden" name="MODUL" value="#MODUL#"> <input type="hidden" name="ACTION" value="#ACTION#"> <input type="hidden" name="MOASessionID" value="#SESSIONID#"> <input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4" - role="button" onclick="setMandateSelection();" - > - <!--p> - <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small> - </p--> - </form> + role="button" onclick="setMandateSelection();"> + </form> </div> + <!-- Single Sign-On Session transfer functionality --> + <!--div id="ssoSessionTransferBlock"> + <a href="#AUTH_URL#?MOASessionID=#SESSIONID#&restoreSSOSession=true">>Restore SSO Session from Smartphone</a> + </div--> + <div id="stork" align="center" style="#STORKVISIBLE#"> <h2 id="tabheader" class="dunkel">Home Country Selection</h2> <p> @@ -904,7 +907,7 @@ </div> </div> </div> - <div id="validation"> + <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border: 0; width: 88px; height: 31px" src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> @@ -913,7 +916,7 @@ src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="CSS ist valide!" /> </a> - </div> + </div--> </div> </body> </html> diff --git a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html index 1a3e683de..07d018a94 100644 --- a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html +++ b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html @@ -600,7 +600,7 @@ </div> </div> </div> - <div id="validation"> + <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border:0;width:88px;height:31px" src="#CONTEXTPATH#/img/valid-html5-blue.png" @@ -608,10 +608,10 @@ </a> <a href="http://jigsaw.w3.org/css-validator/"> <img style="border:0;width:88px;height:31px" - src="https://jigsaw.w3.org/css-validator/images/vcss-blue" + src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="CSS ist valide!" /> </a> - </div> + </div--> </div> </body> </html> diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html index a29b1d7bb..2b0115d4a 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html @@ -405,7 +405,7 @@ #bkulogin { min-width: 190px; - min-height: 155px; + min-height: 170px; } .setAssertionButton_full { @@ -616,6 +616,12 @@ top: 40px; } + + #ssoSessionTransferBlock { + font-size: 0.8em; + margin-left: 5px; + margin-bottom: 5px; + } </style> <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions--> @@ -656,7 +662,6 @@ if (isMetro()) document.getElementById("metroDetected").style.display="block"; document.getElementById("localBKU").style.display="block"; - document.getElementById("bkuButtonOnlineId").disabled = "true"; /* if (checkMandateSSO()) return; */ @@ -673,7 +678,6 @@ generateIFrame(iFrameURL); } function bkuHandyClicked() { - document.getElementById("bkuButtonHandyId").disabled = "true"; document.getElementById("localBKU").style.display="none"; /* if (checkMandateSSO()) return; */ @@ -836,7 +840,7 @@ <h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2> </div> <div id="bkulogin" class="hell" role="form"> - <div id="mandateLogin" style=""> + <div id="mandateLogin" style="#MANDATEVISIBLE#"> <div> <input tabindex="1" type="checkbox" name="Mandate" id="mandateCheckBox" class="verticalcenter" role="checkbox" @@ -854,15 +858,13 @@ <img id="bkuimage" class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png" alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" - value="Karte" - id="bkuButtonOnlineId"/> + value="Karte" /> </div> <div id="bkuhandy"> <img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png" alt="HandyBKU" /> <input name="bkuButtonHandy" type="button" onClick="bkuHandyClicked();" tabindex="3" role="button" - value="HANDY" - id="bkuButtonHandyId"/> + value="HANDY" /> </div> </div> <div id="localBKU"> @@ -871,19 +873,20 @@ <input type="hidden" name="bkuURI" value="#LOCAL#"> <input type="hidden" name="useMandate" id="useMandate"> <input type="hidden" name="SSO" id="useSSO"> <input - type="hidden" name="CCC" id="ccc"> <input type="hidden" + type="hidden" name="ccc" id="ccc"> <input type="hidden" name="MODUL" value="#MODUL#"> <input type="hidden" name="ACTION" value="#ACTION#"> <input type="hidden" name="MOASessionID" value="#SESSIONID#"> <input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4" - role="button" onclick="setMandateSelection();" - > - <!--p> - <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small> - </p--> - </form> + role="button" onclick="setMandateSelection();"> + </form> </div> + <!-- Single Sign-On Session transfer functionality --> + <!--div id="ssoSessionTransferBlock"> + <a href="#AUTH_URL#?MOASessionID=#SESSIONID#&restoreSSOSession=true">>Restore SSO Session from Smartphone</a> + </div--> + <div id="stork" align="center" style="#STORKVISIBLE#"> <h2 id="tabheader" class="dunkel">Home Country Selection</h2> <p> @@ -904,7 +907,7 @@ </div> </div> </div> - <div id="validation"> + <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border: 0; width: 88px; height: 31px" src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> @@ -913,7 +916,7 @@ src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="CSS ist valide!" /> </a> - </div> + </div--> </div> </body> </html> diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html index 1a3e683de..07d018a94 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html @@ -600,7 +600,7 @@ </div> </div> </div> - <div id="validation"> + <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border:0;width:88px;height:31px" src="#CONTEXTPATH#/img/valid-html5-blue.png" @@ -608,10 +608,10 @@ </a> <a href="http://jigsaw.w3.org/css-validator/"> <img style="border:0;width:88px;height:31px" - src="https://jigsaw.w3.org/css-validator/images/vcss-blue" + src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="CSS ist valide!" /> </a> - </div> + </div--> </div> </body> </html> diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html index 9a621998c..a9d73e0d3 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html @@ -444,16 +444,16 @@ </div> </div> </div> - <div id="validation"> + <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border: 0; width: 88px; height: 31px" src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> </a> <a href="http://jigsaw.w3.org/css-validator/"> <img style="border: 0; width: 88px; height: 31px" - src="https://jigsaw.w3.org/css-validator/images/vcss-blue" + src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="CSS ist valide!" /> </a> - </div> + </div--> </div> diff --git a/id/server/data/deploy/tomcat/unix/tomcat-start.sh b/id/server/data/deploy/tomcat/unix/tomcat-start.sh index e0aaae973..f6ae86540 100644 --- a/id/server/data/deploy/tomcat/unix/tomcat-start.sh +++ b/id/server/data/deploy/tomcat/unix/tomcat-start.sh @@ -10,7 +10,7 @@ LOGGING_LOGBACK_OPT=-Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logba CONFIG_OPT=-Dmoa.id.configuration=$CATALINA_BASE/conf/moa-id/moa-id.properties
SPSS_OPT=-Dmoa.spss.server.configuration=file:$CATALINA_BASE/conf/moa-spss/SampleMOASPSSConfiguration.xml
CONFIGTOOL_OPT=-Dmoa.id.webconfig=file:$CATALINA_BASE/conf/moa-id-configuration/moa-id-configtool.properties
-CONFIGTOOL_USER_OPT=-Duser.properties=":$CATALINA_BASE/conf/moa-id-configuration/userdatabase.properties"
+CONFIGTOOL_USER_OPT=-Duser.properties=$CATALINA_BASE/conf/moa-id-configuration/userdatabase.properties
DEMOOA_OPT=-Dmoa.id.demoOA=$CATALINA_BASE/conf/moa-id-oa/oa.properties
STORK_OPT=-Deu.stork.samlengine.config.location=$CATALINA_BASE/conf/moa-id/stork/
diff --git a/id/server/data/deploy/tomcat/win32/startTomcat.bat b/id/server/data/deploy/tomcat/win32/startTomcat.bat index b45a72ace..325ae1f20 100644 --- a/id/server/data/deploy/tomcat/win32/startTomcat.bat +++ b/id/server/data/deploy/tomcat/win32/startTomcat.bat @@ -15,7 +15,7 @@ set LOGGING_LOGBACK_OPT=-Dlogback.configurationFile=%CATALINA_HOME%/conf/moa-id/ set CONFIG_OPT_SPSS=-Dmoa.spss.server.configuration=%CATALINA_HOME%/conf/moa-spss/SampleMOASPSSConfiguration.xml
set CONFIG_OPT_ID=-Dmoa.id.configuration=file:%CATALINA_HOME%/conf/moa-id/moa-id.properties
set CONFIGTOOL_OPT=-Dmoa.id.webconfig=file:%CATALINA_HOME%/conf/moa-id-configuration/moa-id-configtool.properties
-set CONFIGTOOL_USER_OPT=-Duser.properties=":$CATALINA_BASE/conf/moa-id-configuration/userdatabase.properties"
+set CONFIGTOOL_USER_OPT=-Duser.properties=$CATALINA_BASE/conf/moa-id-configuration/userdatabase.properties
set DEMOOA_OPT=-Dmoa.id.demoOA=%CATALINA_HOME%/conf/moa-id-oa/oa.properties
set STORK_OPT=-Deu.stork.samlengine.config.location=%CATALINA_HOME%/conf/moa-id/stork/
set PROXY_OPT=-Dmoa.id.proxy.configuration=%CATALINA_HOME%/conf/moa-id-proxy/MOAIDConfiguration.xml
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html index 4eb5ea2ba..b373fb83d 100644 --- a/id/server/doc/handbook/config/config.html +++ b/id/server/doc/handbook/config/config.html @@ -1002,11 +1002,20 @@ https://<host>:<port>/moa-id-auth/MonitoringServlet</pre> <th>Beschreibung</th> </tr> <tr> - <td><span id="wwlbl_loadGeneralConfig_moaconfig_ssoPublicUrl2">Public URL Prefix</span></td> + <td>Public URL Prefix</td> <td>https://demo.egiz.gv.at/moa-id-auth/</td> - <td>URL-Prefix der MOA-ID Instanz. Diese URL wird für die automatische Generierung von Formularen und Informationen verwendet und MUSS konfiguriert werden.</td> + <td><p>URL-Prefix der MOA-ID Instanz. Diese URL wird für die automatische Generierung von Formularen und Informationen verwendet und MUSS konfiguriert werden.</p> + <p><strong>Hinweis:</strong> Wenn virtuelle IDPs aktiviert sind muss hier für jede virtuelle MOA-ID Instanz, der Public URL Prefix als Comma Separatet Value (CSV) eingetragen werden. <br> + (z.B.: https://demo.egiz.gv.at/moa-id-auth/,https://apps.egiz.gv.at/moa-id-auth/)</p></td> + </tr> + <tr> + <td>Virtuelle IDPs aktiviere</td> + <td> </td> + <td><p>Mit dieser Option können für diese MOA-ID Instanz mehrere virtuelle MOA-ID Instanzen, welche unter schiedenen Domains erreichbar sind aktiviert werden. Der Public URL-Prefix jeder virtuellen MOA-ID Instanz muss als Comma Separatet Value (CSV) im Konfigurationsfeld 'Public URL Prefix' angegeben werden.</p> + <p><strong>Hinweis:</strong> Single Sign-On (SSO) und Single LogOut (SLO) zwischen unterschiedlichen virtuellen IDPs ist NICHT möglich, da die Auslieferung des SSO http-Cookies durch die "Same Origin Policy" des Browers unterbunden wird.</p></td> </tr> </table> +<p> </p> <h4><a name="konfigurationsparameter_allgemein_bku" id="konfigurationsparameter_allgemein_bku"></a>3.1.2 Default BKUs</h4> <p>Hiermit werden die URLs zu den Default Bürgerkartenumgebungen (BKUs) definiert die von MOA-ID-Auth für einen Anmeldevorgang verwendet werden, wenn die Bürgerkartenauswahl nicht bereits auf Seiten der Online-Applikation erfolgt ist (siehe <a href="./../protocol/protocol.html#allgemeines_legacy">Legacy Request</a>) oder in der Online-Applikationskonfiguration keine BKU URLs konfiguriert wurden (siehe <a href="#konfigurationsparameter_oa_bku">Kapitel 3.2.2</a>).</p> <table class="configtable"> @@ -1189,7 +1198,8 @@ Checking</td> </li> <li><strong>Privatwirtschaftlicher Bereich:</strong><strong></strong> Die MOA-ID-Auth Instanz ist einem privatwirtschaftlichen Bereich für SSO zugeordnet, steht SSO nur eingeschränkt zur Verfügung. Da laut E-Governmentgesetz die Errechnung eines wbPK aus der Stammzahl nicht beim Auftraggeber eines privaten Bereichs durchgeführt werden darf (vgl. E-Government Gesetz §12(1).4), und deshalb an die Bürgerkartenumgebung ausgelagert werden muss. In diesem Fall sind Anmeldungen mittels SSO nur für jenen privatwirtschaftlichen Bereich möglich dem auch der SSO Bereich zugeordnet wurde. </li> -</ol> + </ol> +<p><strong>Hinweis:</strong> Single Sign-On (SSO) und Single LogOut (SLO) ist zwischen virtellen IDPs (siehe <a href="#konfigurationsparameter_allgemein_publicurlprefix">Kapitel 3.1.1</a>) ist nicht möglich. Dem zur Folge kann ein Benutzer / eine Benutzerin mehrere aktive SSO Sessions bei unterschiedlichen virtuellen IDPs auf der selben physischen MOA-ID Instanz besitzen welche NICHT mittels SLO gemeinsam geschlossen werden.</p> <table class="configtable"> <tr> <th>Name</th> diff --git a/id/server/doc/handbook/index.html b/id/server/doc/handbook/index.html index 3784075a3..0eab8f187 100644 --- a/id/server/doc/handbook/index.html +++ b/id/server/doc/handbook/index.html @@ -29,7 +29,7 @@ </div> <div class="container"> - <h2>Übersicht zur Dokumentation der Version 3.0.x </h2> + <h2>Übersicht zur Dokumentation der Version 3.1.x </h2> <dl> <dt><a href="./intro/intro.html">Einführung</a></dt> diff --git a/id/server/doc/htmlTemplates/BKU-selection.html b/id/server/doc/htmlTemplates/BKU-selection.html index 123a23837..2b0115d4a 100644 --- a/id/server/doc/htmlTemplates/BKU-selection.html +++ b/id/server/doc/htmlTemplates/BKU-selection.html @@ -405,7 +405,7 @@ #bkulogin { min-width: 190px; - min-height: 155px; + min-height: 170px; } .setAssertionButton_full { @@ -616,6 +616,12 @@ top: 40px; } + + #ssoSessionTransferBlock { + font-size: 0.8em; + margin-left: 5px; + margin-bottom: 5px; + } </style> <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions--> @@ -740,7 +746,7 @@ } } function onChangeChecks() { - if (top.innerWidth < 650) { + if (self.innerWidth < 650) { document.getElementById("moaidform").setAttribute("target","_parent"); } else { document.getElementById("moaidform").removeAttribute("target"); @@ -834,7 +840,7 @@ <h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2> </div> <div id="bkulogin" class="hell" role="form"> - <div id="mandateLogin" style=""> + <div id="mandateLogin" style="#MANDATEVISIBLE#"> <div> <input tabindex="1" type="checkbox" name="Mandate" id="mandateCheckBox" class="verticalcenter" role="checkbox" @@ -867,19 +873,20 @@ <input type="hidden" name="bkuURI" value="#LOCAL#"> <input type="hidden" name="useMandate" id="useMandate"> <input type="hidden" name="SSO" id="useSSO"> <input - type="hidden" name="CCC" id="ccc"> <input type="hidden" + type="hidden" name="ccc" id="ccc"> <input type="hidden" name="MODUL" value="#MODUL#"> <input type="hidden" name="ACTION" value="#ACTION#"> <input type="hidden" name="MOASessionID" value="#SESSIONID#"> <input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4" - role="button" onclick="setMandateSelection();" - > - <!--p> - <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small> - </p--> - </form> + role="button" onclick="setMandateSelection();"> + </form> </div> + <!-- Single Sign-On Session transfer functionality --> + <!--div id="ssoSessionTransferBlock"> + <a href="#AUTH_URL#?MOASessionID=#SESSIONID#&restoreSSOSession=true">>Restore SSO Session from Smartphone</a> + </div--> + <div id="stork" align="center" style="#STORKVISIBLE#"> <h2 id="tabheader" class="dunkel">Home Country Selection</h2> <p> @@ -900,7 +907,7 @@ </div> </div> </div> - <div id="validation"> + <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border: 0; width: 88px; height: 31px" src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> @@ -909,7 +916,7 @@ src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="CSS ist valide!" /> </a> - </div> + </div--> </div> </body> </html> diff --git a/id/server/doc/htmlTemplates/sendAssertion.html b/id/server/doc/htmlTemplates/sendAssertion.html index 1a3e683de..07d018a94 100644 --- a/id/server/doc/htmlTemplates/sendAssertion.html +++ b/id/server/doc/htmlTemplates/sendAssertion.html @@ -600,7 +600,7 @@ </div> </div> </div> - <div id="validation"> + <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border:0;width:88px;height:31px" src="#CONTEXTPATH#/img/valid-html5-blue.png" @@ -608,10 +608,10 @@ </a> <a href="http://jigsaw.w3.org/css-validator/"> <img style="border:0;width:88px;height:31px" - src="https://jigsaw.w3.org/css-validator/images/vcss-blue" + src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="CSS ist valide!" /> </a> - </div> + </div--> </div> </body> </html> diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index ee697926b..afc432628 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -90,11 +90,7 @@ <artifactId>Commons</artifactId>
<version>1.4.0</version>
</dependency> -->
- <dependency>
- <groupId>eu.stork</groupId>
- <artifactId>SamlEngine</artifactId>
- <version>1.5.1</version>
- </dependency>
+
<dependency>
<groupId>MOA</groupId>
@@ -167,6 +163,11 @@ </exclusions>
</dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ </dependency>
+
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
@@ -400,78 +401,6 @@ </dependency>
-->
-
-
- <!-- JSON JWT implementation -->
- <dependency>
- <groupId>com.googlecode.jsontoken</groupId>
- <artifactId>jsontoken</artifactId>
- <version>1.1</version>
- <exclusions>
- <exclusion>
- <groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
- </exclusion>
- <exclusion>
- <artifactId>google-collections</artifactId>
- <groupId>com.google.collections</groupId>
- </exclusion>
- </exclusions>
- </dependency>
-
- <dependency>
- <groupId>com.google.guava</groupId>
- <artifactId>guava</artifactId>
- <version>18.0</version>
- </dependency>
-
- <dependency>
- <groupId>commons-codec</groupId>
- <artifactId>commons-codec</artifactId>
- <version>1.10</version>
- </dependency>
-
- <!-- Google OAuth Client -->
- <dependency>
- <groupId>com.google.http-client</groupId>
- <artifactId>google-http-client-jackson2</artifactId>
- <version>1.19.0</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>com.google.oauth-client</groupId>
- <artifactId>google-oauth-client-jetty</artifactId>
- <version>1.19.0</version>
- <scope>test</scope>
- <exclusions>
- <exclusion>
- <groupId>org.mortbay.jetty</groupId>
- <artifactId>servlet-api</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
-
- <dependency>
- <groupId>eu.stork</groupId>
- <artifactId>DocumentService</artifactId>
- <version>0.0.1-SNAPSHOT</version>
- <classifier>classes</classifier>
- <exclusions>
- <exclusion>
- <artifactId>axis</artifactId>
- <groupId>org.apache.axis</groupId>
- </exclusion>
- <exclusion>
- <artifactId>bcprov-jdk16</artifactId>
- <groupId>org.bouncycastle</groupId>
- </exclusion>
- <exclusion>
- <artifactId>jaxws-tools</artifactId>
- <groupId>com.sun.xml.ws</groupId>
- </exclusion>
- </exclusions>
- </dependency>
-
<!-- the core, which includes Streaming API, shared low-level abstractions (but NOT data-binding) -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
@@ -506,7 +435,7 @@ <groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>1.4.178</version>
- <scope>runtime</scope>
+ <scope>test</scope>
</dependency>
<!-- tools -->
@@ -538,6 +467,12 @@ </dependency> -->
+ <dependency>
+ <groupId>eu.stork</groupId>
+ <artifactId>SamlEngine</artifactId>
+ <version>1.5.1</version>
+ </dependency>
+
<!-- spring -->
<dependency>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java index 8ee32c54e..7ac026888 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java @@ -23,11 +23,10 @@ package at.gv.egovernment.moa.id.advancedlogging; import java.security.MessageDigest; +import java.util.Arrays; import java.util.Date; import java.util.List; -import com.google.common.primitives.Ints; - import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.config.ConfigurationException; @@ -47,7 +46,7 @@ public class MOAReversionLogger { private static MOAReversionLogger instance = null; - private static final List<Integer> defaultEventCodes = Ints.asList( + private static final List<Integer> defaultEventCodes = Arrays.asList( MOAIDEventConstants.SESSION_CREATED, MOAIDEventConstants.SESSION_DESTROYED, MOAIDEventConstants.SESSION_ERROR, @@ -69,8 +68,9 @@ public class MOAReversionLogger { MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION, MOAIDEventConstants.AUTHPROCESS_STORK_REQUESTED, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER - ); - + ); + + public static synchronized MOAReversionLogger getInstance() { if (instance == null) { instance = new MOAReversionLogger(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index bfed65ae2..5487152cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -26,7 +26,6 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.util.Date; -import java.util.List; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; @@ -34,7 +33,6 @@ import javax.xml.bind.Unmarshaller; import org.apache.commons.lang3.StringEscapeUtils; - import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; @@ -44,7 +42,6 @@ import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.client.SZRGWClientException; - import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -68,7 +65,7 @@ public class StatisticLogger { private static final String MANTATORTYPE_JUR = "jur"; private static final String MANTATORTYPE_NAT = "nat"; - private static final int MAXERRORLENGTH = 250; + private static final int MAXERRORLENGTH = 200; private static final String ERRORTYPE_UNKNOWN = "unkown"; private static final String ERRORTYPE_BKU = "bku"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 953a478be..022ec9def 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -4,7 +4,6 @@ package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; -import iaik.pki.jsse.IAIKX509TrustManager; import iaik.security.ecc.provider.ECCProvider; import iaik.security.provider.IAIK; @@ -13,14 +12,11 @@ import java.security.GeneralSecurityException; import javax.activation.CommandMap; import javax.activation.MailcapCommandMap; -import javax.net.ssl.SSLSocketFactory; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigLoader; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.logging.Logger; @@ -137,50 +133,27 @@ public class MOAIDAuthInitializer { "http://www.w3.org/2001/04/xmldsig-more#"); Constants.nSMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); - // Loads the configuration + // Initialize configuration provider + AuthConfiguration authConf = AuthConfigurationProviderFactory.reload(); + + //test, if MOA-ID is already configured + authConf.getPublicURLPrefix(); + + // Initialize MOA-SP + //MOA-SP is only use by API calls since MOA-ID 3.0.0 try { - AuthConfiguration authConf = AuthConfigurationProviderFactory.reload(); - - ConnectionParameter moaSPConnParam = authConf - .getMoaSpConnectionParameter(); - - // If MOA-SP API calls: loads MOA-SP configuration and configures IAIK - if (moaSPConnParam == null) { - try { - LoggingContextManager.getInstance().setLoggingContext( - new LoggingContext("startup")); - ConfigurationProvider config = ConfigurationProvider - .getInstance(); - new IaikConfigurator().configure(config); - } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) { - throw new ConfigurationException("config.10", new Object[] { ex - .toString() }, ex); - } - } - - // Initializes IAIKX509TrustManager logging - /* - String log4jConfigURL = System.getProperty("log4j.configuration"); - Logger.info("Log4J Configuration: " + log4jConfigURL); - if (log4jConfigURL != null) { - IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL)); - } - */ - - // Initializes the Axis secure socket factory for use in calling the - // MOA-SP web service - if (moaSPConnParam != null && moaSPConnParam.isHTTPSURL()) { - SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf, - moaSPConnParam); - AxisSecureSocketFactory.initialize(ssf); - } - - - } catch (ConfigurationException e) { - Logger.error("MOA-ID-Auth start-up FAILED. Error during application configuration.", e); - System.exit(-1); - - } + LoggingContextManager.getInstance().setLoggingContext( + new LoggingContext("startup")); + ConfigurationProvider config = ConfigurationProvider + .getInstance(); + new IaikConfigurator().configure(config); + + } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) { + throw new ConfigurationException("config.10", new Object[] { ex + .toString() }, ex); + + } + // Starts the session cleaner thread to remove unpicked authentication data AuthenticationSessionCleaner.start(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 998fa495f..57a5316e8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -135,10 +135,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { AuthenticationData authdata = null; try { - Object saml1Requst = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl").newInstance(); + //check if SAML1 authentication module is in Classpath + Class<?> saml1RequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl"); IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance(); - if (protocolRequest.getClass().isInstance(saml1Requst)) { - //request is SAML1 + if (saml1RequstTemplate != null && + saml1RequstTemplate.isInstance(protocolRequest)) { + //request is SAML1 --> invoke SAML1 protocol specific methods if (session.getExtendedSAMLAttributesOA() == null) { saml1authdata.getClass().getMethod("setExtendedSAMLAttributesOA", List.class).invoke(saml1authdata, new ArrayList<ExtendedSAMLAttribute>()); @@ -310,7 +312,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { //validate PVP 2.1 response try { SAMLVerificationEngine engine = new SAMLVerificationEngine(); - engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + engine.verifyIDPResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); SAMLVerificationEngine.validateAssertion(intfResp, false); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java index 899b0fd15..d4350f97b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -95,6 +95,9 @@ public class DataURLBuilder { // dataURL = individualDataURLPrefix + authServletName; // } else + if (!authBaseURL.endsWith("/")) + authBaseURL += "/"; + dataURL = authBaseURL + authServletName; dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_SESSIONID, sessionID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java index 02aaac8cb..d14910319 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java @@ -147,6 +147,9 @@ public class SendAssertionFormBuilder { value = value.replace(ACTION, action); value = value.replace(ID, id); value = value.replace(OANAME, oaParam.getFriendlyName()); + + if (contextpath.endsWith("/")) + contextpath = contextpath.substring(0, contextpath.length() - 1); value = value.replace(CONTEXTPATH, contextpath); value = FormBuildUtils.customiceLayoutBKUSelection(value, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java index 8429baf23..4a6ecd56a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java @@ -152,8 +152,7 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask { authReq.setAssertionConsumerServiceIndex(0); authReq.setIssueInstant(new DateTime()); Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath(); - issuer.setValue(serviceURL); + issuer.setValue(pendingReq.getAuthURLWithOutSlash()); issuer.setFormat(NameIDType.ENTITY); authReq.setIssuer(issuer); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java index 8add03da7..712ebb731 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java @@ -59,6 +59,12 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask { IRequest pendingReq = RequestStorage.getPendingRequest( (String) executionContext.get("pendingRequestID")); + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); + + } + //get Session from context String moasessionid = (String) executionContext.get(PARAM_SESSIONID); AuthenticationSession session = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 004961116..e659c9447 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -56,7 +56,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ String ccc, String module, String action, - HttpServletRequest req) throws WrongParametersException, MOAIDException { + HttpServletRequest req, + IRequest protocolReq) throws WrongParametersException, MOAIDException { String targetFriendlyName = null; @@ -223,20 +224,15 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.05"); moasession.setOAURLRequested(oaURL); - + //check AuthURL - String authURL = req.getScheme() + "://" + req.getServerName(); - if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { - authURL = authURL.concat(":" + req.getServerPort()); - } - authURL = authURL.concat(req.getContextPath() + "/"); - + String authURL = protocolReq.getAuthURL(); if (!authURL.startsWith("https:") && !AuthConfigurationProviderFactory.getInstance().isHTTPAuthAllowed()) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); //set Auth URL from configuration - moasession.setAuthURL(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/"); + moasession.setAuthURL(authURL); //check and set SourceID if (oaParam.getSAML1Parameter() != null) { @@ -318,7 +314,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ oaURL = request.getOAURL(); target = request.getTarget(); - parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); + parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req, request); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 43f4f90ff..fe24d45dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -197,11 +197,6 @@ public class AuthServlet extends HttpServlet { procExc.getCause() instanceof TaskExecutionException) { TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause(); loggedException = taskExc.getOriginalException(); - if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) { - Logger.error(exceptionThrown.getMessage(), exceptionThrown); - - } else - Logger.error(exceptionThrown.getMessage()); } } @@ -213,6 +208,14 @@ public class AuthServlet extends HttpServlet { if (!(loggedException instanceof MOAIDException)) { Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException); + } else { + if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) { + Logger.error(loggedException.getMessage(), loggedException); + + } else { + Logger.error(loggedException.getMessage()); + + } } IExceptionStore store = DBExceptionStoreImpl.getStore(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index 2a63968dd..15d596049 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -24,8 +24,6 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; import java.util.Enumeration; -import java.util.List; -import java.util.Map; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -33,28 +31,18 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; -import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; - import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; - -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; - import at.gv.egovernment.moa.id.process.ExecutionContextImpl; +import at.gv.egovernment.moa.id.process.ProcessExecutionException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; public class GenerateIFrameTemplateServlet extends AuthServlet { @@ -139,6 +127,25 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { catch (MOAIDException ex) { handleError(null, ex, req, resp, pendingRequestID); + + } catch (ProcessExecutionException e) { + Throwable cause = e.getCause(); + if (cause != null && cause instanceof TaskExecutionException) { + Throwable taskCause = cause.getCause(); + if (taskCause != null && taskCause instanceof WrongParametersException) { + WrongParametersException internalEx = (WrongParametersException) taskCause; + handleWrongParameters(internalEx, req, resp); + return; + + } else if (taskCause != null && taskCause instanceof MOAIDException) { + MOAIDException moaTaskCause = (MOAIDException) taskCause; + handleError(null, moaTaskCause, req, resp, pendingRequestID); + return; + + } + } + + Logger.error("BKUSelectionServlet has an interal Error.", e); } catch (Exception e) { Logger.error("BKUSelectionServlet has an interal Error.", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index 0a6d30be7..fe5cd1ac0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -45,6 +45,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescripto import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; @@ -62,6 +63,23 @@ public class IDPSingleLogOutServlet extends AuthServlet { protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { Logger.debug("receive IDP SingleLogOut Request"); + + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + try { + if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(authURL)) { + Logger.warn("Requested URL " + authURL + " is not in PublicPrefix Configuration"); + resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed"); + return; + + } + + } catch (MOAIDException e) { + Logger.error("Internal Server Error.", e); + resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error"); + return; + + } + SSOManager ssomanager = SSOManager.getInstance(); String ssoid = ssomanager.getSSOSessionID(req); @@ -109,7 +127,7 @@ public class IDPSingleLogOutServlet extends AuthServlet { AuthenticationSession authSession = AuthenticationSessionStoreage .getSession(moaSessionID); if(authSession != null) { - authmanager.performSingleLogOut(req, resp, authSession, null); + authmanager.performSingleLogOut(req, resp, authSession, authURL); return; } @@ -142,7 +160,7 @@ public class IDPSingleLogOutServlet extends AuthServlet { } else { //print SLO information directly - redirectURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/idpSingleLogout"; + redirectURL = HTTPUtils.extractAuthURLFromRequest(req) + "/idpSingleLogout"; String artifact = Random.nextRandom(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index c1e084a59..53187088e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -60,6 +60,7 @@ import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -85,14 +86,14 @@ public class LogOutServlet extends AuthServlet { if (MiscUtil.isEmpty(redirectUrl)) { //set default redirect Target Logger.debug("Set default RedirectURL back to MOA-ID-Auth"); - redirectUrl = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + redirectUrl = HTTPUtils.extractAuthURLFromRequest(req); } else { //return an error if RedirectURL is not a active Online-Applikation OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(redirectUrl); if (oa == null) { Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth"); - redirectUrl = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + redirectUrl = HTTPUtils.extractAuthURLFromRequest(req); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index 7dd8645c6..a914659b0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -36,6 +36,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.util.FormBuildUtils; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; @@ -64,8 +65,10 @@ public class RedirectServlet extends AuthServlet{ OAAuthParameter oa = null; String redirectTarget = DEFAULT_REDIRECTTARGET; try { - oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(url); - if (oa == null && !url.startsWith(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix())) { + oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(url); + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + + if (oa == null && !AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(authURL)) { resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); return; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java index c98a7d537..65dcc7bf3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java @@ -81,8 +81,16 @@ public interface AuthConfiguration extends ConfigurationProvider{ public boolean isAdvancedLoggingActive(); - public String getPublicURLPrefix(); + /** + * Returns the PublicURLPrefix. + * + * @return the PublicURLPrefix (one or more) of this IDP instance. All publicURLPrefix URLs are ends without / + * @throws ConfigurationException if no PublicURLPrefix is found. + */ + public List<String> getPublicURLPrefix() throws ConfigurationException; + public boolean isVirtualIDPsEnabled(); + public boolean isPVP2AssertionEncryptionActive(); public boolean isCertifiacteQCActive(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java index 38135b028..9812f346d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java @@ -65,7 +65,7 @@ public class AuthConfigurationProviderFactory { instance = new PropertyBasedAuthConfigurationProvider(fileURI); } catch (URISyntaxException e){ - Logger.error("MOA-ID-Auth configuration file does not starts with file:/ as prefix."); + Logger.error("MOA-ID-Auth configuration file does not starts with file:/ as prefix.", e); throw new ConfigurationException("config24", new Object[]{MOAIDAuthConstants.FILE_URI_PREFIX, fileName}); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/ConfigurationToJSONConverter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/ConfigurationToJSONConverter.java deleted file mode 100644 index e1c1ac49e..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/ConfigurationToJSONConverter.java +++ /dev/null @@ -1,155 +0,0 @@ -//package at.gv.egovernment.moa.id.config.auth; -// -//import java.beans.IntrospectionException; -//import java.beans.Introspector; -//import java.beans.PropertyDescriptor; -//import java.lang.reflect.InvocationTargetException; -//import java.lang.reflect.Method; -//import java.util.Arrays; -//import java.util.List; -// -//import org.springframework.beans.factory.annotation.Autowired; -//import org.springframework.beans.factory.config.AutowireCapableBeanFactory; -//import org.springframework.context.ApplicationContext; -//import org.springframework.context.support.ClassPathXmlApplicationContext; -// -//import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; -//import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; -//import at.gv.egovernment.moa.id.config.ConfigurationException; -//import at.gv.egovernment.moa.id.config.ConfigurationProvider; -// -//import com.fasterxml.jackson.annotation.JsonIgnore; -//import com.fasterxml.jackson.annotation.JsonProperty; -// -//public class ConfigurationToJSONConverter { -// -// @Autowired -// NewAuthConfigurationProvider configProvider; -// -// @Autowired -// MOAIDConfiguration configDataBase; -// -// public static void main(String[] args) { -// -// try { -// ConfigurationToJSONConverter converter = new ConfigurationToJSONConverter(args[0]); -// converter.writeConfigToJSONDB(); -// System.out.println("====================================="); -// System.out.println("====================================="); -// converter.readConfigFromDB(); -// System.out.println("====================================="); -// System.out.println("====================================="); -// -// // otherwise the database connection is not initialized -// JaxBAuthConfigurationProvider.getInstance(); -// List<String> methodNames = Arrays.asList("getAllOnlineApplications", "getAllUsers", "getMOAIDConfiguration"); -// converter.extractDataViaConfigurationDBRead(methodNames); -// converter.readExtractedConfigurationDBReadData(methodNames); -// -// } catch (ConfigurationException e) { -// e.printStackTrace(); -// System.out.println("Problems reading the configuration file in: " + System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME)); -// System.exit(1); -// } -// -// } -// -// public ConfigurationToJSONConverter(String pathToDBConfigPropertiesFile) throws ConfigurationException { -// -// System.getProperties().setProperty("location", "file:" + pathToDBConfigPropertiesFile); -// ApplicationContext context = new ClassPathXmlApplicationContext("configuration.beans.xml"); -// AutowireCapableBeanFactory acbFactory = context.getAutowireCapableBeanFactory(); -// acbFactory.autowireBean(this); -// -// } -// -// public void extractDataViaConfigurationDBRead(List<String> methodNames) { -// System.out.println("Start extracting"); -// // read objects from db and write to key-value -// for (String name : methodNames) { -// try { -// Method method = ConfigurationDBRead.class.getMethod(name); -// Object tmp = method.invoke(null, new Object[] {}); -// JsonProperty annotation = method.getAnnotation(JsonProperty.class); -// if (annotation != null) { -// configDataBase.set(annotation.value(), tmp); -// } else { -// System.out.println("Annotate Method with name: " + name); -// } -// } catch (NoSuchMethodException | SecurityException | IllegalAccessException | IllegalArgumentException -// | InvocationTargetException e) { -// System.out.println("Problems while extracting ConfigurationDBRead data."); -// } -// } -// } -// -// public void readExtractedConfigurationDBReadData(List<String> methodNames) { -// for (String name : methodNames) { -// Object tmp = configDataBase.get(name); -// System.out.println(">>> OBJECT: " + tmp); -// } -// } -// -// public void writeConfigToJSONDB() { -// -// try { -// // find all getter methods -// for (PropertyDescriptor pd : Introspector.getBeanInfo(NewAuthConfigurationProvider.class).getPropertyDescriptors()) { -// // check if correct methods, and not annotated with @JsonIgnore -// if ((pd.getReadMethod() != null) -// && (!"class".equals(pd.getName())) -// && (pd.getReadMethod().getAnnotation(JsonIgnore.class) == null)) { -// -// JsonProperty name = pd.getReadMethod().getAnnotation(JsonProperty.class); -// // get result of get method -// Object tmp; -// try { -// tmp = pd.getReadMethod().invoke(configProvider); -// // convert result to JSON -// if (name != null) { -// configDataBase.set(name.value(), tmp); -// } else { -// System.out.println("CHECK if '" + pd.getDisplayName() + "' is NOT ANNOTATED"); -// } -// } catch (IllegalAccessException | InvocationTargetException e) { -// System.out.println("Problems while writing the configuration to the database."); -// } -// } -// } -// -// // no static method handling needed -// -// } catch (IllegalArgumentException e) { -// System.out.println("Problems while using reflection to get all getter methods."); -// } catch (IntrospectionException e) { -// System.out.println("Problems while using reflection to get all getter methods."); -// } -// -// } -// -// public void readConfigFromDB() { -// try { -// // find all getter methods -// for (PropertyDescriptor pd : Introspector.getBeanInfo(NewAuthConfigurationProvider.class) -// .getPropertyDescriptors()) { -// // check if correct methods, and not annotated with @JsonIgnore -// if ((pd.getReadMethod() != null) -// && (!"class".equals(pd.getName())) -// && (pd.getReadMethod().getAnnotation(JsonIgnore.class) == null)) { -// JsonProperty name = pd.getReadMethod().getAnnotation(JsonProperty.class); -// // get result of get method -// if (name != null) { -// System.out.println(">>> OBJECT: " + configDataBase.get(name.value())); -// } else { -// System.out.println("CHECK if '" + pd.getDisplayName() + "' is NOT ANNOTATED"); -// } -// } -// } -// } catch (IllegalArgumentException e) { -// System.out.println("Problems while using reflection to get all getter methods."); -// } catch (IntrospectionException e) { -// System.out.println("Problems while using reflection to get all getter methods."); -// } -// } -// -//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index 645831479..7b798f522 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -6,6 +6,7 @@ import java.io.FileNotFoundException; import java.io.IOException; import java.net.MalformedURLException; import java.net.URI; +import java.net.URL; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -21,8 +22,15 @@ import org.springframework.context.ApplicationContext; import org.springframework.context.support.ClassPathXmlApplicationContext; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOASP; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.SecurityLayer; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl; import at.gv.egovernment.moa.id.config.ConfigurationUtils; @@ -48,6 +56,8 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide private final Properties properties = new Properties(); private ApplicationContext context = null; + private boolean requireJDBCBackupImplementation = false; + public PropertyBasedAuthConfigurationProvider() { } @@ -84,6 +94,20 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide AutowireCapableBeanFactory acbFactory = context.getAutowireCapableBeanFactory(); acbFactory.autowireBean(this); + //Some databases do not allow the selection of a lob in SQL where expression + String dbDriver = properties.getProperty("configuration.hibernate.connection.driver_class"); + if (MiscUtil.isNotEmpty(dbDriver)) { + for (String el:MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) { + if (dbDriver.startsWith(el)) { + requireJDBCBackupImplementation = true; + Logger.info("JDBC driver '" + dbDriver + + "' is blacklisted --> Switch to alternative DB access methode implementation."); + + } + } + } + + } catch (FileNotFoundException e) { throw new ConfigurationException("config.03", null, e); @@ -791,20 +815,47 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide return Boolean.valueOf(prop); } - /** - * Returns the PublicURLPrefix. NOTE: returns {@code null} if no PublicURLPrefix is set. - * - * @return the PublicURLPrefix or {@code null} - */ - public String getPublicURLPrefix() { - try { - return configuration.getStringValue( - MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX); + public List<String> getPublicURLPrefix() throws ConfigurationException{ + try { + String publicURLPrefixList = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX); + List<String> returnValues = new ArrayList<String>(); + if (publicURLPrefixList != null) { + publicURLPrefixList = KeyValueUtils.normalizeCSVValueString(publicURLPrefixList); + List<String> publicURLPrefixArray = Arrays.asList(publicURLPrefixList.split(",")); + Logger.trace("Found " + publicURLPrefixArray.size() + " PublicURLPrefix in configuration."); + + + for (String el : publicURLPrefixArray) { + try { + new URL(el); + if (el.endsWith("/")) + returnValues.add(el.substring(0, el.length()-1)); + else + returnValues.add(el); + + } catch (MalformedURLException e) { + Logger.warn("IDP PublicURLPrefix URL " + el + " is not a valid URL", e); + } + } + } + + if (returnValues.size() > 0) + return returnValues; + + else { + Logger.warn("MOA-ID PublicURLPrefix is not found in configuration."); + throw new ConfigurationException("config.08", new Object[]{"IDP PublicURLPrefix"}); + + } + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { Logger.warn("MOA-ID PublicURLPrefix can not be read from configuration.", e); - return null; + throw new ConfigurationException("config.08", new Object[]{"IDP PublicURLPrefix"}, e); + } + } /** @@ -983,9 +1034,11 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide Logger.trace("Get active OnlineApplication with ID " + id + " from database."); Map<String, String> oaConfig = null; try { - //OracleDB does not allow the selection of a lob in SQL where expression + + //TODO: + //Some databases do not allow the selection of a lob in SQL where expression String dbDriver = properties.getProperty("configuration.hibernate.connection.driver_class"); - if (MiscUtil.isNotEmpty(dbDriver) && dbDriver.startsWith("oracle.jdbc.")) + if (requireJDBCBackupImplementation) oaConfig = configuration.getOnlineApplicationBackupVersion(id); else @@ -1120,4 +1173,24 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide else return getMoaSpIdentityLinkTrustProfileID(); } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#isVirtualIDPsEnabled() + */ + @Override + public boolean isVirtualIDPsEnabled() { + try { + String value = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_ISVIRTUALIDPSENABLED); + if (MiscUtil.isNotEmpty(value)) { + return Boolean.valueOf(value); + } + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.error("Error during 'isVirutalIDPsEnabled' load operationen." , e); + + } + + return false; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java index d1e04e107..a4bba8b19 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java @@ -75,6 +75,7 @@ public class SLOInformationContainer implements Serializable { if (sloDesc.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) activeBackChannelOAs.put(oa.getOaurlprefix(), new SLOInformationImpl( + oa.getAuthURL(), oa.getAssertionSessionID(), oa.getUserNameID(), oa.getUserNameIDFormat(), @@ -84,6 +85,7 @@ public class SLOInformationContainer implements Serializable { else activeFrontChannalOAs.put(oa.getOaurlprefix(), new SLOInformationImpl( + oa.getAuthURL(), oa.getAssertionSessionID(), oa.getUserNameID(), oa.getUserNameIDFormat(), @@ -123,6 +125,7 @@ public class SLOInformationContainer implements Serializable { activeFrontChannalOAs.put(el.getIdpurlprefix(), new SLOInformationImpl( + el.getAuthURL(), el.getSessionIndex(), el.getUserNameID(), NameID.TRANSIENT, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java index 55b213702..55a56056d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java @@ -39,17 +39,23 @@ public class SLOInformationImpl implements SLOInformationInterface, Serializable private String nameIDFormat = null; private String binding = null; private String serviceURL = null; + private String authURL = null; - public SLOInformationImpl(String sessionID, String nameID, String nameIDFormat, String protocolType) { - new SLOInformationImpl(sessionID, nameID, nameIDFormat, protocolType, null); + public SLOInformationImpl(String authURL, String sessionID, String nameID, String nameIDFormat, String protocolType) { + new SLOInformationImpl(authURL, sessionID, nameID, nameIDFormat, protocolType, null); } - public SLOInformationImpl(String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) { + public SLOInformationImpl(String authURL, String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) { this.sessionIndex = sessionID; this.nameID = nameID; this.nameIDFormat = nameIDFormat; this.protocolType = protocolType; + if (authURL.endsWith("/")) + this.authURL = authURL.substring(0, authURL.length()-1); + else + this.authURL = authURL; + if (sloService != null) { this.binding = sloService.getBinding(); this.serviceURL = sloService.getLocation(); @@ -148,6 +154,13 @@ public class SLOInformationImpl implements SLOInformationInterface, Serializable public String getServiceURL() { return serviceURL; } + + /** + * @return the authURL from requested IDP without ending / + */ + public String getAuthURL() { + return authURL; + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 771c9a35e..ce44db215 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -33,7 +33,6 @@ import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; - import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; @@ -45,7 +44,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; - +import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; @@ -86,13 +85,18 @@ public class DispatcherServlet extends AuthServlet{ MOAIDAuthInitializer.initialize(); Logger.info(MOAIDMessageProvider.getInstance().getMessage( "init.00", null)); + + Logger.info("Dispatcher Servlet initialization finished."); + } catch (Exception ex) { Logger.fatal( MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); - throw new ServletException(ex); + + //throw new ServletException(ex); + } - Logger.info("Dispatcher Servlet initialization finished."); + } protected void processRequest(HttpServletRequest req, @@ -364,7 +368,10 @@ public class DispatcherServlet extends AuthServlet{ } catch (AuthnRequestValidatorException e) { //log Error Message StatisticLogger logger = StatisticLogger.getInstance(); - logger.logErrorOperation(e, e.getErrorRequest()); + logger.logErrorOperation(e, e.getErrorRequest()); + + //TODO: maybe add some error message handling??? + return; }catch (InvalidProtocolRequestException e) { @@ -377,6 +384,13 @@ public class DispatcherServlet extends AuthServlet{ "(Errorcode=" + code + " | Description=" + descr + ")"); return; + } catch (ConfigurationException e) { + resp.setContentType("text/html;charset=UTF-8"); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" + + "(Errorcode=9199" + +" | Description="+ e.getMessage() + ")"); + return; + } catch (MOAIDException e) { Logger.error("Failed to generate a valid protocol request!"); resp.setContentType("text/html;charset=UTF-8"); @@ -544,7 +558,7 @@ public class DispatcherServlet extends AuthServlet{ try { //Store OA specific SSO session information AuthenticationSessionStoreage.addSSOInformation(moasessionID, - newSSOSessionId, assertionID, protocolRequest.getOAURL()); + newSSOSessionId, assertionID, protocolRequest); } catch (AuthenticationException e) { Logger.warn("SSO Session information can not be stored -> SSO is not enabled!"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 39cb5b9c8..c38bbc68f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -52,7 +52,6 @@ import org.opensaml.saml2.core.NameIDPolicy; import org.opensaml.saml2.core.NameIDType; import org.opensaml.saml2.core.RequestedAuthnContext; import org.opensaml.saml2.core.StatusCode; -import org.opensaml.saml2.core.Subject; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SingleLogoutService; import org.opensaml.saml2.metadata.SingleSignOnService; @@ -72,9 +71,10 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; -import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -82,12 +82,11 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.SLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; - import at.gv.egovernment.moa.id.process.ExecutionContextImpl; import at.gv.egovernment.moa.id.process.ProcessEngine; import at.gv.egovernment.moa.id.process.ProcessExecutionException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; @@ -98,6 +97,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -167,7 +168,20 @@ public class AuthenticationManager extends MOAIDAuthConstants { } public void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { + HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { + performSingleLogOut(httpReq, httpResp, session, pvpReq, null); + + } + + public void performSingleLogOut(HttpServletRequest httpReq, + HttpServletResponse httpResp, AuthenticationSession session, String authURL) throws MOAIDException { + performSingleLogOut(httpReq, httpResp, session, null, authURL); + + } + + + private void performSingleLogOut(HttpServletRequest httpReq, + HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException { String pvpSLOIssuer = null; String inboundRelayState = null; @@ -176,6 +190,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); pvpSLOIssuer = logOutReq.getIssuer().getValue(); inboundRelayState = samlReq.getRelayState(); + } SSOManager ssomanager = SSOManager.getInstance(); @@ -195,7 +210,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { } catch (MOADatabaseException e) { Logger.warn("Delete MOASession FAILED."); - sloContainer.putFailedOA(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()); + sloContainer.putFailedOA(pvpReq.getAuthURL()); } @@ -219,8 +234,13 @@ public class AuthenticationManager extends MOAIDAuthConstants { + " FAILED. NO LogOut response received."); sloContainer.putFailedOA(sloReq.getIssuer().getValue()); + } else { + SAMLVerificationEngine engine = new SAMLVerificationEngine(); + engine.verifySLOResponse(sloResp, + TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + } - + SingleLogOutBuilder.checkStatusCode(sloContainer, sloResp); } catch (SOAPException e) { @@ -228,7 +248,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { + " FAILED.", e); sloContainer.putFailedOA(sloReq.getIssuer().getValue()); - } catch (SecurityException e) { + } catch (SecurityException | InvalidProtocolRequestException e) { Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue() + " FAILED.", e); sloContainer.putFailedOA(sloReq.getIssuer().getValue()); @@ -258,7 +278,10 @@ public class AuthenticationManager extends MOAIDAuthConstants { AssertionStorage.getInstance().put(relayState, sloContainer); - String timeOutURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + if (MiscUtil.isEmpty(authURL)) + authURL = pvpReq.getAuthURL(); + + String timeOutURL = authURL + "/idpSingleLogout" + "?restart=" + relayState; @@ -381,7 +404,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), target.requestedAction(), target.getRequestID(), oaParam, - AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()); + target.getAuthURL()); MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); @@ -450,7 +473,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { authReq.setAssertionConsumerServiceIndex(0); authReq.setIssueInstant(new DateTime()); Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath(); + String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath().get(0); issuer.setValue(serviceURL); issuer.setFormat(NameIDType.ENTITY); @@ -470,28 +493,27 @@ public class AuthenticationManager extends MOAIDAuthConstants { SAML2Utils.createSAMLObject(AuthnContextClassRef.class); //check if STORK protocol module is in ClassPath - Object storkRequst = null; + Class<?> storkRequstTemplate = null; Integer storkSecClass = null; try { - storkRequst = Class.forName("at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest").newInstance(); - if (storkRequst != null && - target.getClass().isInstance(storkRequst)) { + storkRequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest"); + if (storkRequstTemplate != null && + storkRequstTemplate.isInstance(target)) { Object storkAuthnRequest = target.getClass().getMethod("getStorkAuthnRequest", null).invoke(target, null); storkSecClass = (Integer) storkAuthnRequest.getClass().getMethod("getQaa", null).invoke(storkAuthnRequest, null); } - } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) { + } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) { } - - - if (sp != null && sp.isSTORKPVPGateway()){ + + if (sp != null && sp.isSTORKPVPGateway()) { //use PVP SecClass instead of STORK QAA level String secClass = null; - if (storkRequst != null && - target.getClass().isInstance(storkRequst)) { + if (storkRequstTemplate != null && + storkRequstTemplate.isInstance(target)) { try { secClass = PVPtoSTORKMapper.getInstance().mapToSecClass( @@ -509,8 +531,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { authnClassRef.setAuthnContextClassRef("http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3"); } else { - if (storkRequst != null && - target.getClass().isInstance(storkRequst)) { + if (storkRequstTemplate != null && + storkRequstTemplate.isInstance(target)) { //use requested QAA level from STORK request try { authnClassRef.setAuthnContextClassRef( @@ -525,7 +547,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { } - if (MiscUtil.isEmpty(authnClassRef.getAuthnContextClassRef())) + if (MiscUtil.isEmpty(authnClassRef.getAuthnContextClassRef())) + //TODO: switch to eIDAS QAA-levels authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); } @@ -692,7 +715,9 @@ public class AuthenticationManager extends MOAIDAuthConstants { //Build authentication form - String publicURLPreFix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + String publicURLPreFix = target.getAuthURL(); + if (publicURLPreFix.endsWith("/")) + publicURLPreFix = publicURLPreFix.substring(0, publicURLPreFix.length() - 1); String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), target.requestedAction(), oaParam, publicURLPreFix, moasession.getSessionID()); @@ -714,6 +739,17 @@ public class AuthenticationManager extends MOAIDAuthConstants { out.flush(); } } catch (ProcessExecutionException e) { + Throwable cause = e.getCause(); + if (cause != null && cause instanceof TaskExecutionException) { + Throwable taskCause = cause.getCause(); + if (taskCause != null && taskCause instanceof MOAIDException) { + MOAIDException moaTaskCause = (MOAIDException) taskCause; + Logger.warn(taskCause); + throw moaTaskCause; + + } + } + throw new MOAIDException("process.01", new Object[] { moasession.getProcessInstanceId(), moasession }, e); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java index 6f43b3ee7..4ae271bbc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -49,5 +49,13 @@ public interface IRequest { public List<Attribute> getRequestedAttributes(); public IOAAuthParameters getOnlineApplicationConfiguration(); + /** + * get the IDP URL PreFix, which was used for authentication request + * + * @return IDP URL PreFix <String>. The URL prefix always ends without / + */ + public String getAuthURL(); + public String getAuthURLWithOutSlash(); + //public void setTarget(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index 26fb7bd29..cdaade1bb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -23,15 +23,24 @@ package at.gv.egovernment.moa.id.moduls; import java.io.Serializable; +import java.net.MalformedURLException; +import java.net.URL; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.opensaml.saml2.core.Attribute; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.logging.Logger; public abstract class RequestImpl implements IRequest, Serializable{ - + private static final long serialVersionUID = 1L; private String oaURL; @@ -44,12 +53,79 @@ public abstract class RequestImpl implements IRequest, Serializable{ private String requestID; private String sessionIdentifier; private IOAAuthParameters OAConfiguration = null; + private String authURL = null; //MOA-ID interfederation private String requestedIDP = null; private MOAResponse response = null; /** + * @throws ConfigurationException + * + */ + public RequestImpl(HttpServletRequest req) throws ConfigurationException { + String authURLString = HTTPUtils.extractAuthURLFromRequest(req); + URL authURL; + try { + authURL = new URL(authURLString); + + } catch (MalformedURLException e) { + Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + authURLString, e); + throw new ConfigurationException("1299", null, e); + + } + + AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); + List<String> configuredPublicURLPrefix = config.getPublicURLPrefix(); + + if (!config.isVirtualIDPsEnabled()) { + Logger.trace("Virtual IDPs are disabled. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0)); + this.authURL = configuredPublicURLPrefix.get(0); + + } else { + Logger.debug("Extract AuthenticationServiceURL: " + authURLString); + URL resultURL = null; + + for (String el : configuredPublicURLPrefix) { + try { + URL configuredURL = new URL(el); + + //get Ports from URL + int configPort = configuredURL.getPort(); + if (configPort == -1) + configPort = configuredURL.getDefaultPort(); + + int authURLPort = authURL.getPort(); + if (authURLPort == -1) + authURLPort = authURL.getDefaultPort(); + + //check AuthURL against ConfigurationURL + if (configuredURL.getHost().equals(authURL.getHost()) && + configPort == authURLPort && + configuredURL.getPath().equals(authURL.getPath())) { + Logger.debug("Select configurated PublicURLPrefix: " + configuredURL + + " for authURL: " + authURLString); + resultURL = configuredURL; + } + + } catch (MalformedURLException e) { + Logger.error("Configurated IDP PublicURLPrefix is not a valid URL." + el); + + } + } + + if (resultURL == null) { + Logger.warn("Extract AuthenticationServiceURL: " + authURL + " is NOT found in configuration."); + throw new ConfigurationException("config.25", new Object[]{authURLString}); + + } else { + this.authURL = resultURL.toExternalForm(); + + } + } + } + + /** * This method map the protocol specific requested attributes to PVP 2.1 attributes. * * @return List of PVP 2.1 attributes with maps all protocol specific attributes @@ -169,4 +245,27 @@ public abstract class RequestImpl implements IRequest, Serializable{ this.OAConfiguration = oaConfig; } + + /** + * @return the authURL + */ + public String getAuthURL() { + return authURL; + } + + public String getAuthURLWithOutSlash() { + if (authURL.endsWith("/")) + return authURL.substring(0, authURL.length()-1); + else + return authURL; + + } + +// /** +// * @param authURL the authURL to set +// */ +// public void setAuthURL(String authURL) { +// this.authURL = authURL; +// } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java index 9f8b6610f..9327cabd7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -102,10 +102,10 @@ public class AttributQueryAction implements IAction { List<String> attrList = addDefaultAttributes(attrQuery, authData); //build PVP 2.1 assertion - Assertion assertion = PVP2AssertionBuilder.buildAssertion(attrQuery, attrList, authData, date, authData.getSessionIndex()); + Assertion assertion = PVP2AssertionBuilder.buildAssertion(req.getAuthURL(), attrQuery, attrList, authData, date, authData.getSessionIndex()); //build PVP 2.1 response - Response authResponse = AuthResponseBuilder.buildResponse(attrQuery, date, assertion); + Response authResponse = AuthResponseBuilder.buildResponse(req.getAuthURL(), attrQuery, date, assertion); try { SoapBinding decoder = new SoapBinding(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index 1b187d82e..50f91df44 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -110,7 +110,7 @@ public class MetadataAction implements IAction { // .setEntityID(PVPConfiguration.getInstance().getIDPSSOMetadataService()); idpEntityDescriptor - .setEntityID(PVPConfiguration.getInstance().getIDPPublicPath()); + .setEntityID(req.getAuthURLWithOutSlash()); idpEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS)); @@ -139,10 +139,10 @@ public class MetadataAction implements IAction { idpEntitiesDescriptor.setSignature(signature); //set IDP metadata - idpEntityDescriptor.getRoleDescriptors().add(generateIDPMetadata(keyInfoGenerator)); + idpEntityDescriptor.getRoleDescriptors().add(generateIDPMetadata(req, keyInfoGenerator)); //set SP metadata for interfederation - idpEntityDescriptor.getRoleDescriptors().add(generateSPMetadata(keyInfoGenerator)); + idpEntityDescriptor.getRoleDescriptors().add(generateSPMetadata(req, keyInfoGenerator)); DocumentBuilder builder; DocumentBuilderFactory factory = DocumentBuilderFactory @@ -190,7 +190,7 @@ public class MetadataAction implements IAction { return (PVP2XProtocol.METADATA); } - private RoleDescriptor generateSPMetadata(KeyInfoGenerator keyInfoGenerator) throws CredentialsNotAvailableException, SecurityException, ConfigurationException { + private RoleDescriptor generateSPMetadata(IRequest req, KeyInfoGenerator keyInfoGenerator) throws CredentialsNotAvailableException, SecurityException, ConfigurationException { Logger.debug("Set SP Metadata key information"); @@ -248,7 +248,7 @@ public class MetadataAction implements IAction { postassertionConsumerService.setIndex(0); postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); postassertionConsumerService.setLocation(PVPConfiguration - .getInstance().getSPSSOPostService()); + .getInstance().getSPSSOPostService(req.getAuthURL())); postassertionConsumerService.setIsDefault(true); spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); @@ -257,7 +257,7 @@ public class MetadataAction implements IAction { redirectassertionConsumerService.setIndex(1); redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); redirectassertionConsumerService.setLocation(PVPConfiguration - .getInstance().getSPSSORedirectService()); + .getInstance().getSPSSORedirectService(req.getAuthURL())); spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService); @@ -273,7 +273,7 @@ public class MetadataAction implements IAction { SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); redirectSLOService.setLocation(PVPConfiguration - .getInstance().getSPSSORedirectService()); + .getInstance().getSPSSORedirectService(req.getAuthURL())); redirectSLOService .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); spSSODescriptor.getSingleLogoutServices().add(redirectSLOService); @@ -293,7 +293,7 @@ public class MetadataAction implements IAction { return spSSODescriptor; } - private IDPSSODescriptor generateIDPMetadata(KeyInfoGenerator keyInfoGenerator) throws ConfigurationException, CredentialsNotAvailableException, SecurityException { + private IDPSSODescriptor generateIDPMetadata(IRequest req, KeyInfoGenerator keyInfoGenerator) throws ConfigurationException, CredentialsNotAvailableException, SecurityException { // //set SignatureMethode @@ -325,12 +325,12 @@ public class MetadataAction implements IAction { idpSSODescriptor.setWantAuthnRequestsSigned(true); - if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) { + if (PVPConfiguration.getInstance().getIDPSSOPostService(req.getAuthURL()) != null) { //add SSO descriptor SingleSignOnService postSingleSignOnService = SAML2Utils .createSAMLObject(SingleSignOnService.class); postSingleSignOnService.setLocation(PVPConfiguration - .getInstance().getIDPSSOPostService()); + .getInstance().getIDPSSOPostService(req.getAuthURL())); postSingleSignOnService .setBinding(SAMLConstants.SAML2_POST_BINDING_URI); idpSSODescriptor.getSingleSignOnServices().add( @@ -347,12 +347,12 @@ public class MetadataAction implements IAction { } - if (PVPConfiguration.getInstance().getIDPSSORedirectService() != null) { + if (PVPConfiguration.getInstance().getIDPSSORedirectService(req.getAuthURL()) != null) { //add SSO descriptor SingleSignOnService redirectSingleSignOnService = SAML2Utils .createSAMLObject(SingleSignOnService.class); redirectSingleSignOnService.setLocation(PVPConfiguration - .getInstance().getIDPSSORedirectService()); + .getInstance().getIDPSSORedirectService(req.getAuthURL())); redirectSingleSignOnService .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); idpSSODescriptor.getSingleSignOnServices().add( @@ -362,7 +362,7 @@ public class MetadataAction implements IAction { SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); redirectSLOService.setLocation(PVPConfiguration - .getInstance().getIDPSSORedirectService()); + .getInstance().getIDPSSORedirectService(req.getAuthURL())); redirectSLOService .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 0c7502003..c0ec086ed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; import java.io.IOException; import java.util.ArrayList; +import java.util.Arrays; import java.util.HashMap; import java.util.Iterator; import java.util.List; @@ -55,8 +56,6 @@ import org.opensaml.xml.io.MarshallingException; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.signature.SignableXMLObject; -import java.util.Arrays; - import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; @@ -76,12 +75,9 @@ import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; @@ -92,12 +88,16 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSuppor import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.util.ErrorResponseUtils; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.VelocityLogAdapter; import at.gv.egovernment.moa.logging.Logger; @@ -210,7 +210,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { if(METADATA.equals(action)) { - return new PVPTargetConfiguration(); + return new PVPTargetConfiguration(request); } @@ -231,7 +231,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { SAMLVerificationEngine engine = new SAMLVerificationEngine(); engine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); msg.setVerified(true); - + } if (msg instanceof MOARequest && @@ -296,6 +296,8 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { } } catch (PVP2Exception e) { + String samlRequest = request.getParameter("SAMLRequest"); + Logger.warn("Receive INVALID protocol request: " + samlRequest, e); throw e; } catch (SecurityPolicyException e) { @@ -387,7 +389,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { samlResponse.setIssueInstant(new DateTime()); Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); - nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + nissuer.setValue(pvpRequest.getAuthURLWithOutSlash()); nissuer.setFormat(NameID.ENTITY); samlResponse.setIssuer(nissuer); @@ -460,7 +462,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { HttpServletResponse response, InboundMessage inMsg, String sessionId, String transactionId) throws MOAIDException { - PVPTargetConfiguration config = new PVPTargetConfiguration(); + PVPTargetConfiguration config = new PVPTargetConfiguration(request); MOARequest msg; if (inMsg instanceof MOARequest && @@ -496,13 +498,24 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { Logger.debug("PreProcess SLO Response from " + resp.getIssuer()); - if (!resp.getDestination().startsWith( - PVPConfiguration.getInstance().getIDPPublicPath())) { + List<String> allowedPublicURLPrefix = + AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + boolean isAllowedDestination = false; + + for (String prefix : allowedPublicURLPrefix) { + if (!resp.getDestination().startsWith( + prefix)) { + isAllowedDestination = true; + break; + } + } + + if (!isAllowedDestination) { Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL"); throw new AssertionValidationExeption("PVP 2.1 single logout response destination does not match to IDP URL", null); } - + //TODO: check if relayState exists inMsg.getRelayState(); @@ -533,7 +546,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { //validate destination String destinaten = attrQuery.getDestination(); - if (!PVPConfiguration.getInstance().getIDPAttributeQueryService().equals(destinaten)) { + if (!PVPConfiguration.getInstance().getIDPAttributeQueryService(HTTPUtils.extractAuthURLFromRequest(request)).equals(destinaten)) { Logger.warn("AttributeQuery destination does not match IDP AttributeQueryService URL"); throw new AttributQueryException("AttributeQuery destination does not match IDP AttributeQueryService URL", null); @@ -558,7 +571,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { } - PVPTargetConfiguration config = new PVPTargetConfiguration(); + PVPTargetConfiguration config = new PVPTargetConfiguration(request); config.setRequest(moaRequest); config.setOAURL(moaRequest.getEntityID()); config.setOnlineApplicationConfiguration(oa); @@ -586,7 +599,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { if(!(samlReq instanceof AuthnRequest)) { throw new MOAIDException("Unsupported request", new Object[] {}); } - + EntityDescriptor metadata = moaRequest.getEntityMetadata(); if(metadata == null) { throw new NoMetadataInformationException(); @@ -607,14 +620,30 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { } + //parse AssertionConsumerService AssertionConsumerService consumerService = null; if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) && MiscUtil.isNotEmpty(authnRequest.getProtocolBinding())) { - //use AssertionConsumerServiceURL from request - consumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); - consumerService.setBinding(authnRequest.getProtocolBinding()); - consumerService.setLocation(authnRequest.getAssertionConsumerServiceURL()); + //use AssertionConsumerServiceURL from request + + //check requested AssertionConsumingService URL against metadata + List<AssertionConsumerService> metadataAssertionServiceList = spSSODescriptor.getAssertionConsumerServices(); + for (AssertionConsumerService service : metadataAssertionServiceList) { + if (authnRequest.getProtocolBinding().equals(service.getBinding()) + && authnRequest.getAssertionConsumerServiceURL().equals(service.getLocation())) { + consumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); + consumerService.setBinding(authnRequest.getProtocolBinding()); + consumerService.setLocation(authnRequest.getAssertionConsumerServiceURL()); + Logger.debug("Requested AssertionConsumerServiceURL is valid."); + } + } + + if (consumerService == null) { + throw new InvalidAssertionConsumerServiceException(authnRequest.getAssertionConsumerServiceURL()); + + } + } else { //use AssertionConsumerServiceIndex and select consumerService from metadata @@ -633,9 +662,10 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { if (consumerService == null) { throw new InvalidAssertionConsumerServiceException(aIdx); - } + } } + //select AttributeConsumingService from request AttributeConsumingService attributeConsumer = null; Integer aIdx = authnRequest.getAttributeConsumingServiceIndex(); @@ -669,7 +699,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding()); - PVPTargetConfiguration config = new PVPTargetConfiguration(); + PVPTargetConfiguration config = new PVPTargetConfiguration(request); config.setOAURL(oaURL); config.setOnlineApplicationConfiguration(oa); config.setBinding(consumerService.getBinding()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java index 74b20356e..0b402a0fd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java @@ -26,6 +26,8 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import javax.servlet.http.HttpServletRequest; + import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.impl.AuthnRequestImpl; @@ -46,6 +48,16 @@ import at.gv.egovernment.moa.logging.Logger; public class PVPTargetConfiguration extends RequestImpl { + /** + * @param req + * @throws ConfigurationException + */ + public PVPTargetConfiguration(HttpServletRequest req) + throws ConfigurationException { + super(req); + + } + private static final long serialVersionUID = 4889919265919638188L; InboundMessage request; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index b567798fa..582f5939d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -23,42 +23,20 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; import java.io.Serializable; -import java.io.StringWriter; import java.io.UnsupportedEncodingException; -import java.security.NoSuchAlgorithmException; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; import java.util.List; -import java.util.Map.Entry; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.SerializationUtils; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; import org.hibernate.HibernateException; import org.hibernate.Query; import org.hibernate.Session; import org.hibernate.Transaction; -import org.opensaml.common.SAMLObject; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.LogoutRequest; import org.opensaml.saml2.core.LogoutResponse; -import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.Status; -import org.opensaml.saml2.core.StatusCode; -import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.metadata.SingleLogoutService; -import org.opensaml.saml2.metadata.impl.SingleLogoutServiceBuilder; -import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.opensaml.ws.soap.common.SOAPException; -import org.opensaml.xml.XMLObject; -import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.x509.X509Credential; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -67,35 +45,22 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; -import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; -import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationContainer; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.opemsaml.MOAStringRedirectDeflateEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MessageProvider; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; @@ -134,7 +99,7 @@ public class SingleLogOutAction implements IAction { SSOManager ssomanager = SSOManager.getInstance(); String ssoID = ssomanager.getSSOSessionID(httpReq); if (MiscUtil.isEmpty(ssoID)) { - Logger.warn("Can not find active Session. Single LogOut not possible!"); + Logger.info("Can not find active Session. Single LogOut not possible!"); SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); //LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, null); @@ -148,7 +113,7 @@ public class SingleLogOutAction implements IAction { session = AuthenticationSessionStoreage.getSession(moasession); } catch (MOADatabaseException e) { - Logger.warn("Can not find active Session. Single LogOut not possible!"); + Logger.info("Can not find active Session. Single LogOut not possible!"); SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); //LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, null); @@ -259,7 +224,7 @@ public class SingleLogOutAction implements IAction { } else { //print SLO information directly - redirectURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/idpSingleLogout"; + redirectURL = req.getAuthURL() + "/idpSingleLogout"; String artifact = Random.nextRandom(); @@ -275,7 +240,7 @@ public class SingleLogOutAction implements IAction { } //redirect to Redirect Servlet - String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet"; + String url = req.getAuthURL() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(redirectURL, "UTF-8")); url = httpResp.encodeRedirectURL(url); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index 5402e3dce..8a6b09376 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -32,27 +32,25 @@ import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; -import org.opensaml.saml2.metadata.SingleLogoutService; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.security.SecurityPolicyResolver; +import org.opensaml.ws.security.provider.BasicSecurityPolicy; +import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver; import org.opensaml.ws.transport.http.HttpServletRequestAdapter; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.Credential; -import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; import org.opensaml.xml.security.x509.X509Credential; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; @@ -60,6 +58,9 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOAPVPSignedRequestPolicyRule; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -151,11 +152,11 @@ public class PostBinding implements IDecoder, IEncoder { //set metadata descriptor type if (isSPEndPoint) { messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); - decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSOPostService())); + decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSOPostService(HTTPUtils.extractAuthURLFromRequest(req)))); } else { messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService())); + decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(HTTPUtils.extractAuthURLFromRequest(req)))); } } catch (ConfigurationException e) { @@ -163,7 +164,16 @@ public class PostBinding implements IDecoder, IEncoder { } messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); - + + //set security policy context + BasicSecurityPolicy policy = new BasicSecurityPolicy(); + policy.getPolicyRules().add( + new MOAPVPSignedRequestPolicyRule( + TrustEngineFactory.getSignatureKnownKeysTrustEngine(), + messageContext.getPeerEntityRole())); + SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy); + messageContext.setSecurityPolicyResolver(secResolver); + decode.decode(messageContext); InboundMessage msg = null; @@ -189,8 +199,9 @@ public class PostBinding implements IDecoder, IEncoder { if (MiscUtil.isEmpty(msg.getEntityID())) Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer()); } - - msg.setVerified(false); + + + msg.setVerified(true); msg.setRelayState(messageContext.getRelayState()); return msg; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 81863f48f..0a459a9be 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -60,6 +60,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -141,11 +142,11 @@ public class RedirectBinding implements IDecoder, IEncoder { //set metadata descriptor type if (isSPEndPoint) { messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); - decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSORedirectService())); + decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSORedirectService(HTTPUtils.extractAuthURLFromRequest(req)))); } else { messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService())); + decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService(HTTPUtils.extractAuthURLFromRequest(req)))); } } catch (ConfigurationException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java index a2583c706..2ef861e20 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java @@ -36,7 +36,6 @@ import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.opensaml.ws.soap.client.BasicSOAPMessageContext; import org.opensaml.ws.soap.soap11.Envelope; import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder; import org.opensaml.ws.transport.http.HttpServletRequestAdapter; @@ -49,7 +48,6 @@ import org.opensaml.xml.signature.SignableXMLObject; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; @@ -70,9 +68,23 @@ public class SoapBinding implements IDecoder, IEncoder { messageContext .setInboundMessageTransport(new HttpServletRequestAdapter( req)); - //messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); - + + //TODO: update in a futher version: + // requires a special SignedSOAPRequestPolicyRole because + // messageContext.getInboundMessage() is not directly signed + + //set security context +// BasicSecurityPolicy policy = new BasicSecurityPolicy(); +// policy.getPolicyRules().add( +// new MOAPVPSignedRequestPolicyRule( +// TrustEngineFactory.getSignatureKnownKeysTrustEngine(), +// SPSSODescriptor.DEFAULT_ELEMENT_NAME)); +// SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( +// policy); +// messageContext.setSecurityPolicyResolver(resolver); + + //decode message soapDecoder.decode(messageContext); Envelope inboundMessage = (Envelope) messageContext diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java index 91888df5c..ebbafd4e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java @@ -127,7 +127,7 @@ public class AttributQueryBuilder { query.setIssueInstant(now); Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); - nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath().get(0)); nissuer.setFormat(NameID.ENTITY); query.setIssuer(nissuer); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java index 4959df16c..24c2626e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java @@ -66,13 +66,15 @@ import at.gv.egovernment.moa.logging.Logger; */ public class AuthResponseBuilder { - public static Response buildResponse(RequestAbstractType req, DateTime date, Assertion assertion) throws InvalidAssertionEncryptionException, ConfigurationException { + public static Response buildResponse(String authURL, RequestAbstractType req, DateTime date, Assertion assertion) throws InvalidAssertionEncryptionException, ConfigurationException { Response authResponse = SAML2Utils.createSAMLObject(Response.class); Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); //change to entity value from entity name to IDP EntityID (URL) - nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + if (authURL.endsWith("/")) + authURL = authURL.substring(0, authURL.length()-1); + nissuer.setValue(authURL); nissuer.setFormat(NameID.ENTITY); authResponse.setIssuer(nissuer); authResponse.setInResponseTo(req.getID()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java index 50f42d928..dbbc21ec9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java @@ -27,8 +27,11 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; import org.joda.time.DateTime; +import org.opensaml.Configuration; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; @@ -43,15 +46,18 @@ import org.opensaml.saml2.core.StatusCode; import org.opensaml.saml2.core.StatusMessage; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.IDPSSODescriptor; -import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.saml2.metadata.SSODescriptor; import org.opensaml.saml2.metadata.SingleLogoutService; import org.opensaml.saml2.metadata.impl.SingleLogoutServiceBuilder; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; +import org.opensaml.xml.signature.Signer; +import org.w3c.dom.Document; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -63,7 +69,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; @@ -215,8 +220,8 @@ public class SingleLogOutBuilder { } DateTime now = new DateTime(); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + issuer.setValue(sloInfo.getAuthURL()); issuer.setFormat(NameID.ENTITY); sloReq.setIssuer(issuer); sloReq.setIssueInstant(now); @@ -228,7 +233,35 @@ public class SingleLogOutBuilder { nameID.setFormat(sloInfo.getUserNameIDFormat()); nameID.setValue(sloInfo.getUserNameIdentifier()); sloReq.setNameID(nameID ); - + + //sign message + try { + X509Credential idpSigningCredential = CredentialProvider.getIDPAssertionSigningCredential(); + + Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(idpSigningCredential); + sloReq.setSignature(signer); + + DocumentBuilder builder; + DocumentBuilderFactory factory = DocumentBuilderFactory + .newInstance(); + + builder = factory.newDocumentBuilder(); + Document document = builder.newDocument(); + Marshaller out = Configuration.getMarshallerFactory() + .getMarshaller(sloReq); + out.marshall(sloReq, document); + + Signer.signObject(signer); + + } catch (Exception e) { + Logger.error("Single LogOut request signing FAILED!", e); + throw new MOAIDException("pvp2.19", null); + + } + return sloReq; } @@ -277,7 +310,7 @@ public class SingleLogOutBuilder { private static LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException, MOAIDException { LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + issuer.setValue(spRequest.getAuthURLWithOutSlash()); issuer.setFormat(NameID.ENTITY); sloResp.setIssuer(issuer); sloResp.setIssueInstant(new DateTime()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index d80ddba25..7c7941b68 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -90,7 +90,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class PVP2AssertionBuilder implements PVPConstants { - public static Assertion buildAssertion(AttributeQuery attrQuery, + public static Assertion buildAssertion(String authURL, AttributeQuery attrQuery, List<String> reqAttributes, IAuthData authData, DateTime date, String sessionIndex) throws ConfigurationException { @@ -136,12 +136,12 @@ public class PVP2AssertionBuilder implements PVPConstants { SubjectConfirmationData subjectConfirmationData = null; - return buildGenericAssertion(attrQuery.getIssuer().getValue(), date, + return buildGenericAssertion(authURL, attrQuery.getIssuer().getValue(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, new DateTime(authData.getSsoSessionValidTo().getTime())); } - public static Assertion buildAssertion(AuthnRequest authnRequest, + public static Assertion buildAssertion(String authURL, AuthnRequest authnRequest, IAuthData authData, EntityDescriptor peerEntity, DateTime date, AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation) throws MOAIDException { @@ -416,10 +416,25 @@ public class PVP2AssertionBuilder implements PVPConstants { sloInformation.setNameIDFormat(subjectNameID.getFormat()); sloInformation.setSessionIndex(sessionIndex); - return buildGenericAssertion(peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter()); + return buildGenericAssertion(authURL, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter()); } - public static Assertion buildGenericAssertion(String entityID, DateTime date, + /** + * + * @param authURL IDP PublicURL PreFix + * @param entityID Service Provider EntityID + * @param date + * @param authnContextClassRef + * @param attrList + * @param subjectNameID + * @param subjectConfirmationData + * @param sessionIndex + * @param isValidTo + * @return + * @throws ConfigurationException + */ + + public static Assertion buildGenericAssertion(String authURL, String entityID, DateTime date, AuthnContextClassRef authnContextClassRef, List<Attribute> attrList, NameID subjectNameID, SubjectConfirmationData subjectConfirmationData, String sessionIndex, DateTime isValidTo) throws ConfigurationException { @@ -471,7 +486,9 @@ public class PVP2AssertionBuilder implements PVPConstants { Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + if (authURL.endsWith("/")) + authURL = authURL.substring(0, authURL.length()-1); + issuer.setValue(authURL); issuer.setFormat(NameID.ENTITY); assertion.setIssuer(issuer); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index dc3b787e4..47d7a29b3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -121,43 +121,46 @@ public class PVPConfiguration { } } - public String getIDPPublicPath() throws ConfigurationException { - String publicPath = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); - if(publicPath != null) { - if(publicPath.endsWith("/")) { - int length = publicPath.length(); - publicPath = publicPath.substring(0, length-1); - } + public List<String> getIDPPublicPath() throws ConfigurationException { + List<String> publicPath = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + List<String> returnvalue = new ArrayList<String>(); + for (String el : publicPath) { + if(el.endsWith("/")) { + int length = el.length(); + returnvalue.add(el.substring(0, length-1)); + + } else + returnvalue.add(el); } - return publicPath; + return returnvalue; } - public String getSPSSOPostService() throws ConfigurationException { - return getIDPPublicPath() + PVP2_SP_POST; + public String getSPSSOPostService(String publicURLPrefix) throws ConfigurationException { + return publicURLPrefix + PVP2_SP_POST; } - public String getSPSSORedirectService() throws ConfigurationException { - return getIDPPublicPath() + PVP2_SP_REDIRECT; + public String getSPSSORedirectService(String publicURLPrefix) throws ConfigurationException { + return publicURLPrefix + PVP2_SP_REDIRECT; } - public String getIDPSSOPostService() throws ConfigurationException { - return getIDPPublicPath() + PVP2_IDP_POST; + public String getIDPSSOPostService(String publicURLPrefix) throws ConfigurationException { + return publicURLPrefix + PVP2_IDP_POST; } - public String getIDPSSORedirectService() throws ConfigurationException { - return getIDPPublicPath() + PVP2_IDP_REDIRECT; + public String getIDPSSORedirectService(String publicURLPrefix) throws ConfigurationException { + return publicURLPrefix + PVP2_IDP_REDIRECT; } - public String getIDPSSOSOAPService() throws ConfigurationException { - return getIDPPublicPath() + PVP2_IDP_SOAP; + public String getIDPSSOSOAPService(String publicURLPrefix) throws ConfigurationException { + return publicURLPrefix + PVP2_IDP_SOAP; } - public String getIDPAttributeQueryService() throws ConfigurationException { - return getIDPPublicPath() + PVP2_IDP_ATTRIBUTEQUERY; + public String getIDPAttributeQueryService(String publicURLPrefix) throws ConfigurationException { + return publicURLPrefix + PVP2_IDP_ATTRIBUTEQUERY; } - public String getIDPSSOMetadataService() throws ConfigurationException { - return getIDPPublicPath() + PVP2_METADATA; + public String getIDPSSOMetadataService(String publicURLPrefix) throws ConfigurationException { + return publicURLPrefix + PVP2_METADATA; } public String getIDPKeyStoreFilename() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java index 94a4e8226..392569366 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java @@ -34,6 +34,15 @@ public class InvalidAssertionConsumerServiceException extends PVP2Exception { /** * */ + public InvalidAssertionConsumerServiceException(String wrongURL) { + super("pvp2.23", new Object[]{wrongURL}); + this.statusCodeValue = StatusCode.REQUESTER_URI; + + } + + /** + * + */ private static final long serialVersionUID = 7861790149343943091L; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index a31258784..059e68865 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -82,10 +82,10 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { SLOInformationImpl sloInformation = new SLOInformationImpl(); //build Assertion - Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authData, + Assertion assertion = PVP2AssertionBuilder.buildAssertion(obj.getAuthURL(), authnRequest, authData, peerEntity, date, consumerService, sloInformation); - Response authResponse = AuthResponseBuilder.buildResponse(authnRequest, date, assertion); + Response authResponse = AuthResponseBuilder.buildResponse(obj.getAuthURL(), authnRequest, date, assertion); IEncoder binding = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java index fe287a433..d76e6c2f1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java @@ -59,6 +59,12 @@ public class CredentialProvider { .getIDPKeyPasswordMetadata().toCharArray()); credentials.setUsageType(UsageType.SIGNING); + if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { + Logger.error("IDP Metadata Signing credentials is not found or contains no PrivateKey."); + throw new CredentialsNotAvailableException("IDP Assertion Signing credentials (Alias: " + + config.getIDPKeyAliasMetadata() + ") is not found or contains no PrivateKey.", null); + + } return credentials; } catch (Exception e) { Logger.error("Failed to generate IDP Metadata Signing credentials"); @@ -80,6 +86,13 @@ public class CredentialProvider { .getIDPKeyPasswordAssertionSign().toCharArray()); credentials.setUsageType(UsageType.SIGNING); + if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { + Logger.error("IDP Assertion Signing credentials is not found or contains no PrivateKey."); + throw new CredentialsNotAvailableException("IDP Assertion Signing credentials (Alias: " + + config.getIDPKeyAliasAssertionSign() + ") is not found or contains no PrivateKey.", null); + + } + return (X509Credential) credentials; } catch (Exception e) { Logger.error("Failed to generate IDP Assertion Signing credentials"); @@ -105,6 +118,14 @@ public class CredentialProvider { .getIDPKeyPasswordAssertionEncryption().toCharArray()); credentials.setUsageType(UsageType.ENCRYPTION); + + if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { + Logger.error("IDP Assertion Encryption credentials is not found or contains no PrivateKey."); + throw new CredentialsNotAvailableException("IDP Assertion Encryption credentials (Alias: " + + config.getIDPKeyAliasAssertionEncryption() + ") is not found or contains no PrivateKey.", null); + + } + return (X509Credential) credentials; } catch (Exception e) { Logger.error("Failed to generate IDP Assertion Encryption credentials"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java index 4d12c38da..75ef7e5a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java @@ -57,6 +57,15 @@ public class MOASAMLSOAPClient { BasicSOAPMessageContext soapContext = new BasicSOAPMessageContext(); soapContext.setOutboundMessage(soapRequest); + + //set security policy context +// BasicSecurityPolicy policy = new BasicSecurityPolicy(); +// policy.getPolicyRules().add( +// new MOAPVPSignedRequestPolicyRule( +// TrustEngineFactory.getSignatureKnownKeysTrustEngine(), +// SPSSODescriptor.DEFAULT_ELEMENT_NAME)); +// SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy); +// soapContext.setSecurityPolicyResolver(secResolver); HttpClientBuilder clientBuilder = new HttpClientBuilder(); if (destination.startsWith("https")) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java new file mode 100644 index 000000000..f62410656 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java @@ -0,0 +1,187 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.validation; + +import javax.xml.namespace.QName; +import javax.xml.transform.dom.DOMSource; +import javax.xml.validation.Schema; +import javax.xml.validation.Validator; + +import org.opensaml.common.SignableSAMLObject; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.common.xml.SAMLSchemaBuilder; +import org.opensaml.security.MetadataCriteria; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.ws.message.MessageContext; +import org.opensaml.ws.security.SecurityPolicyException; +import org.opensaml.ws.security.SecurityPolicyRule; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.security.CriteriaSet; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.criteria.EntityIDCriteria; +import org.opensaml.xml.security.criteria.UsageCriteria; +import org.opensaml.xml.signature.SignatureTrustEngine; +import org.opensaml.xml.validation.ValidationException; +import org.w3c.dom.Element; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public abstract class AbstractRequestSignedSecurityPolicyRule implements SecurityPolicyRule { + + private SignatureTrustEngine trustEngine = null; + private QName peerEntityRole = null; + /** + * @param peerEntityRole + * + */ + public AbstractRequestSignedSecurityPolicyRule(SignatureTrustEngine trustEngine, QName peerEntityRole) { + this.trustEngine = trustEngine; + this.peerEntityRole = peerEntityRole; + + } + + + /** + * Reload the PVP metadata for a given entity + * + * @param entityID for which the metadata should be refreshed. + * @return true if the refresh was successful, otherwise false + */ + protected abstract boolean refreshMetadataProvider(String entityID); + + + protected abstract SignableSAMLObject getSignedSAMLObject(XMLObject inboundData); + + /* (non-Javadoc) + * @see org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message.MessageContext) + */ + @Override + public void evaluate(MessageContext context) throws SecurityPolicyException { + try { + verifySignature(context); + + } catch (SecurityPolicyException e) { + if (MiscUtil.isEmpty(context.getInboundMessageIssuer())) { + throw e; + + } + Logger.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + context.getInboundMessageIssuer()); + if (!refreshMetadataProvider(context.getInboundMessageIssuer())) + throw e; + + else { + Logger.trace("PVP2X metadata reload finished. Check validate message again."); + verifySignature(context); + + } + Logger.trace("Second PVP2X message validation finished"); + + } + + + } + + private void verifySignature(MessageContext context) throws SecurityPolicyException { + SignableSAMLObject samlObj = getSignedSAMLObject(context.getInboundMessage()); + if (samlObj != null && samlObj.getSignature() != null) { + + SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); + try { + profileValidator.validate(samlObj.getSignature()); + performSchemaValidation(samlObj.getDOM()); + + } catch (ValidationException e) { + Logger.warn("Signature is not conform to SAML signature profile", e); + throw new SecurityPolicyException("Signature is not conform to SAML signature profile"); + + } catch (SchemaValidationException e) { + Logger.warn("Signature is not conform to SAML signature profile", e); + throw new SecurityPolicyException("Signature is not conform to SAML signature profile"); + + } + + + + CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add( new EntityIDCriteria(context.getInboundMessageIssuer()) ); + criteriaSet.add( new MetadataCriteria(peerEntityRole, SAMLConstants.SAML20P_NS) ); + criteriaSet.add( new UsageCriteria(UsageType.SIGNING) ); + + try { + if (!trustEngine.validate(samlObj.getSignature(), criteriaSet)) { + throw new SecurityPolicyException("Signature validation FAILED."); + + } + Logger.debug("PVP AuthnRequest signature valid."); + + } catch (org.opensaml.xml.security.SecurityException e) { + Logger.info("PVP2x message signature validation FAILED. Message:" + e.getMessage()); + throw new SecurityPolicyException("Signature validation FAILED."); + + } + + } else { + throw new SecurityPolicyException("Request is not signed."); + + } + + } + + private void performSchemaValidation(Element source) throws SchemaValidationException { + + String err = null; + try { + Schema test = SAMLSchemaBuilder.getSAML11Schema(); + Validator val = test.newValidator(); + val.validate(new DOMSource(source)); + Logger.debug("Schema validation check done OK"); + return; + + } catch (SAXException e) { + err = e.getMessage(); + if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) + Logger.warn("Schema validation FAILED with exception:", e); + else + Logger.warn("Schema validation FAILED with message: "+ e.getMessage()); + + } catch (Exception e) { + err = e.getMessage(); + if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) + Logger.warn("Schema validation FAILED with exception:", e); + else + Logger.warn("Schema validation FAILED with message: "+ e.getMessage()); + + } + + throw new SchemaValidationException("pvp2.22", new Object[]{err}); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java new file mode 100644 index 000000000..932f3b818 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java @@ -0,0 +1,70 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.validation; + +import javax.xml.namespace.QName; + +import org.opensaml.common.SignableSAMLObject; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.signature.SignatureTrustEngine; + +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; + +/** + * @author tlenz + * + */ +public class MOAPVPSignedRequestPolicyRule extends + AbstractRequestSignedSecurityPolicyRule { + + /** + * @param trustEngine + * @param peerEntityRole + */ + public MOAPVPSignedRequestPolicyRule(SignatureTrustEngine trustEngine, + QName peerEntityRole) { + super(trustEngine, peerEntityRole); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#refreshMetadataProvider(java.lang.String) + */ + @Override + protected boolean refreshMetadataProvider(String entityID) { + return MOAMetadataProvider.getInstance().refreshMetadataProvider(entityID); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#getSignedSAMLObject(org.opensaml.xml.XMLObject) + */ + @Override + protected SignableSAMLObject getSignedSAMLObject(XMLObject inboundData) { + if (inboundData instanceof SignableSAMLObject) + return (SignableSAMLObject) inboundData; + + else + return null; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java index 70b778c49..812e27a36 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification; import java.util.ArrayList; import java.util.List; +import javax.xml.namespace.QName; import javax.xml.transform.dom.DOMSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; @@ -61,7 +62,7 @@ import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; @@ -74,7 +75,6 @@ import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; public class SAMLVerificationEngine { - public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { try { @@ -83,7 +83,7 @@ public class SAMLVerificationEngine { verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine); else - verifyResponse(((MOAResponse)msg).getResponse(), sigTrustEngine); + verifyIDPResponse(((MOAResponse)msg).getResponse(), sigTrustEngine); } catch (InvalidProtocolRequestException e) { if (MiscUtil.isEmpty(msg.getEntityID())) { @@ -102,15 +102,24 @@ public class SAMLVerificationEngine { verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine); else - verifyResponse(((MOAResponse)msg).getResponse(), sigTrustEngine); + verifyIDPResponse(((MOAResponse)msg).getResponse(), sigTrustEngine); } Logger.trace("Second PVP2X message validation finished"); } } + public void verifyIDPResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine) throws InvalidProtocolRequestException{ + verifyResponse(samlObj, sigTrustEngine, IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + + } - public void verifyResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException{ + public void verifySLOResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException { + verifyResponse(samlObj, sigTrustEngine, SPSSODescriptor.DEFAULT_ELEMENT_NAME); + + } + + private void verifyResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine, QName defaultElementName) throws InvalidProtocolRequestException{ SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); try { profileValidator.validate(samlObj.getSignature()); @@ -127,7 +136,7 @@ public class SAMLVerificationEngine { CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) ); - criteriaSet.add( new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) ); + criteriaSet.add( new MetadataCriteria(defaultElementName, SAMLConstants.SAML20P_NS) ); criteriaSet.add( new UsageCriteria(UsageType.SIGNING) ); try { @@ -175,10 +184,20 @@ public class SAMLVerificationEngine { if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>(); - if (validateDestination && !samlResp.getDestination().startsWith( - PVPConfiguration.getInstance().getIDPPublicPath())) { + List<String> allowedPublicURLPrefix = + AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + boolean isValidDestination = false; + for (String allowedPreFix : allowedPublicURLPrefix) { + if (validateDestination && samlResp.getDestination().startsWith( + allowedPreFix)) { + isValidDestination = true; + break; + + } + } + if (!isValidDestination) { Logger.warn("PVP 2.1 assertion destination does not match to IDP URL"); - throw new AssertionValidationExeption("PVP 2.1 assertion destination does not match to IDP URL", null); + throw new AssertionValidationExeption("PVP 2.1 assertion destination does not match to IDP URL", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java index 704adc80d..3b97f3b08 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java @@ -145,22 +145,22 @@ public class AssertionStorage { query.setTimestamp("timeout", expioredate); results = query.list(); session.getTransaction().commit(); - } - - if (results.size() != 0) { - for(AssertionStore result : results) { - try { - cleanDelete(result); - Logger.info("Remove stored information with ID: " + result.getArtifact() - + " after timeout."); - } catch (HibernateException e){ - Logger.warn("Sessioninformation with ID=" + result.getArtifact() - + " not removed after timeout! (Error during Database communication)", e); - } - - } - } + if (results.size() != 0) { + for(AssertionStore result : results) { + try { + cleanDelete(result); + Logger.info("Remove stored information with ID: " + result.getArtifact() + + " after timeout."); + + } catch (HibernateException e){ + Logger.warn("Sessioninformation with ID=" + result.getArtifact() + + " not removed after timeout! (Error during Database communication)", e); + } + + } + } + } } public void remove(String artifact) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index 829383cb4..9dee39fe8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -377,7 +377,7 @@ public class AuthenticationSessionStoreage { } public static void addSSOInformation(String moaSessionID, String SSOSessionID, - SLOInformationInterface SLOInfo, String OAUrl) throws AuthenticationException { + SLOInformationInterface SLOInfo, IRequest protocolRequest) throws AuthenticationException { AuthenticatedSessionStore dbsession; Transaction tx = null; @@ -412,7 +412,7 @@ public class AuthenticationSessionStoreage { //check if OA already has an active OA session if (dbsession.getActiveOAsessions() != null) { for (OASessionStore el : dbsession.getActiveOAsessions()) { - if (el.getOaurlprefix().equals(OAUrl)) + if (el.getOaurlprefix().equals(protocolRequest.getOAURL())) activeOA = el; } } @@ -421,7 +421,7 @@ public class AuthenticationSessionStoreage { activeOA = new OASessionStore(); //set active OA applications - activeOA.setOaurlprefix(OAUrl); + activeOA.setOaurlprefix(protocolRequest.getOAURL()); activeOA.setMoasession(dbsession); activeOA.setCreated(new Date()); @@ -432,6 +432,7 @@ public class AuthenticationSessionStoreage { activeOA.setUserNameIDFormat(SLOInfo.getUserNameIDFormat()); activeOA.setProtocolType(SLOInfo.getProtocolType()); activeOA.setAttributeQueryUsed(false); + activeOA.setAuthURL(protocolRequest.getAuthURL()); } @@ -463,10 +464,10 @@ public class AuthenticationSessionStoreage { tx.commit(); if (SLOInfo != null) - Logger.info("Add SSO-Session login information for OA: " + OAUrl + Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL() + " and AssertionID: " + SLOInfo.getSessionIndex()); else - Logger.info("Add SSO-Session login information for OA: " + OAUrl); + Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL()); } @@ -693,19 +694,20 @@ public class AuthenticationSessionStoreage { //send transaction tx.commit(); + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return false; + + } else { + cleanDelete(result.get(0)); + return true; + } } - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() != 1) { - Logger.trace("No entries found."); - return false; - - } else { - cleanDelete(result.get(0)); - return true; - } } catch (Exception e) { if (tx != null && !tx.wasCommitted()) tx.rollback(); @@ -886,6 +888,7 @@ public class AuthenticationSessionStoreage { idp = new InterfederationSessionStore(); idp.setCreated(now); idp.setIdpurlprefix(req.getInterfederationResponse().getEntityID()); + idp.setAuthURL(req.getAuthURL()); try { OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance(). @@ -1024,21 +1027,22 @@ public class AuthenticationSessionStoreage { query.setTimestamp("timeoutupdate", expioredateupdate); results = query.list(); tx.commit(); - } - - if (results.size() != 0) { - for(AuthenticatedSessionStore result : results) { - try { - cleanDelete(result); - Logger.info("Authenticated session with sessionID=" + result.getSessionid() - + " after session timeout."); - } catch (HibernateException e){ - Logger.warn("Authenticated session with sessionID=" + result.getSessionid() - + " not removed after timeout! (Error during Database communication)", e); - } - } + if (results.size() != 0) { + for(AuthenticatedSessionStore result : results) { + try { + cleanDelete(result); + Logger.info("Authenticated session with sessionID=" + result.getSessionid() + + " after session timeout."); + + } catch (HibernateException e){ + Logger.warn("Authenticated session with sessionID=" + result.getSessionid() + + " not removed after timeout! (Error during Database communication)", e); + } + } + } } + } catch (Exception e) { if (tx != null && !tx.wasCommitted()) tx.rollback(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java index 054ad1014..4cddd141b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java @@ -126,22 +126,22 @@ public class DBExceptionStoreImpl implements IExceptionStore { query.setTimestamp("timeout", expioredate); results = query.list(); session.getTransaction().commit(); - } - - if (results.size() != 0) { - for(ExceptionStore result : results) { - try { - MOASessionDBUtils.delete(result); - Logger.info("Remove Exception with ID=" + result.getExid() - + " after timeout."); - } catch (HibernateException e){ - Logger.warn("Exception with ID=" + result.getExid() - + " not removed after timeout! (Error during Database communication)", e); - } - - } - } + if (results.size() != 0) { + for(ExceptionStore result : results) { + try { + MOASessionDBUtils.delete(result); + Logger.info("Remove Exception with ID=" + result.getExid() + + " after timeout."); + + } catch (HibernateException e){ + Logger.warn("Exception with ID=" + result.getExid() + + " not removed after timeout! (Error during Database communication)", e); + } + + } + } + } } @SuppressWarnings("rawtypes") diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java index 1f08d9019..2aceb833c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java @@ -156,5 +156,21 @@ public class HTTPUtils { return buffer.toString(); } + + /** + * Extract the IDP PublicURLPrefix from authrequest + * + * @param req HttpServletRequest + * @return PublicURLPrefix <String> which ends always without / + */ + public static String extractAuthURLFromRequest(HttpServletRequest req) { + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath()); + return authURL; + + } } diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index ac5a5be60..cabf1557e 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -79,6 +79,7 @@ config.21=F\u00FCr diese Online Applikation sind keine Vollmachtsprofile hinterl config.22=F\u00FCr den Interfederation-Gateway mit der ID {0} ist kein Endpunkt zur Weiterleitung konfiguriert.
config.23=Fehler beim initialisieren von OpenSAML
config.24=MOA-ID-Auth Configfile {1} does not start with {0} prefix.
+config.25=Der verwendete IDP PublicURLPrefix {0} ist nicht erlaubt.
parser.00=Leichter Fehler beim Parsen: {0}
parser.01=Fehler beim Parsen: {0}
@@ -265,6 +266,7 @@ pvp2.19=Der Single LogOut Vorgang musste wegen eines unkorregierbaren Fehler abg pvp2.20=F\u00FCr die im Request angegebene EntityID konnten keine g\u00FCltigen Metadaten gefunden werden.
pvp2.21=Die Signature des Requests konnte nicht g\u00FCltig validiert werden.
pvp2.22=Der Request konnte nicht g\u00FCltig validiert werden (Fehler\={0}).
+pvp2.23={0} ist keine gueltige AssertionConsumerServiceURL oder entspricht nicht den Metadaten.
oauth20.01=Fehlerhafte redirect url
oauth20.02=Fehlender oder ung\u00FCltiger Parameter "{0}"
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index fa332f0c7..abd5d15f3 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -58,6 +58,7 @@ config.21=9006 config.22=9008 config.23=9199 config.24=9199 +config.25=9199 parser.00=1101 parser.01=1101 @@ -180,7 +181,11 @@ stork.21=1205 pvp2.01=6100 pvp2.06=6100 +pvp2.10=6100 +pvp2.11=6100 +pvp2.12=6100 pvp2.13=9199 +pvp2.15=6105 pvp2.16=6101 pvp2.17=6102 pvp2.20=6103 diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html index 123a23837..2b0115d4a 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html @@ -405,7 +405,7 @@ #bkulogin { min-width: 190px; - min-height: 155px; + min-height: 170px; } .setAssertionButton_full { @@ -616,6 +616,12 @@ top: 40px; } + + #ssoSessionTransferBlock { + font-size: 0.8em; + margin-left: 5px; + margin-bottom: 5px; + } </style> <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions--> @@ -740,7 +746,7 @@ } } function onChangeChecks() { - if (top.innerWidth < 650) { + if (self.innerWidth < 650) { document.getElementById("moaidform").setAttribute("target","_parent"); } else { document.getElementById("moaidform").removeAttribute("target"); @@ -834,7 +840,7 @@ <h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2> </div> <div id="bkulogin" class="hell" role="form"> - <div id="mandateLogin" style=""> + <div id="mandateLogin" style="#MANDATEVISIBLE#"> <div> <input tabindex="1" type="checkbox" name="Mandate" id="mandateCheckBox" class="verticalcenter" role="checkbox" @@ -867,19 +873,20 @@ <input type="hidden" name="bkuURI" value="#LOCAL#"> <input type="hidden" name="useMandate" id="useMandate"> <input type="hidden" name="SSO" id="useSSO"> <input - type="hidden" name="CCC" id="ccc"> <input type="hidden" + type="hidden" name="ccc" id="ccc"> <input type="hidden" name="MODUL" value="#MODUL#"> <input type="hidden" name="ACTION" value="#ACTION#"> <input type="hidden" name="MOASessionID" value="#SESSIONID#"> <input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4" - role="button" onclick="setMandateSelection();" - > - <!--p> - <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small> - </p--> - </form> + role="button" onclick="setMandateSelection();"> + </form> </div> + <!-- Single Sign-On Session transfer functionality --> + <!--div id="ssoSessionTransferBlock"> + <a href="#AUTH_URL#?MOASessionID=#SESSIONID#&restoreSSOSession=true">>Restore SSO Session from Smartphone</a> + </div--> + <div id="stork" align="center" style="#STORKVISIBLE#"> <h2 id="tabheader" class="dunkel">Home Country Selection</h2> <p> @@ -900,7 +907,7 @@ </div> </div> </div> - <div id="validation"> + <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border: 0; width: 88px; height: 31px" src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> @@ -909,7 +916,7 @@ src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="CSS ist valide!" /> </a> - </div> + </div--> </div> </body> </html> diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html index 033a574b9..07d018a94 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html @@ -1,554 +1,617 @@ -<!DOCTYPE html> +<!DOCTYPE html> <html> <head> -<meta content="text/html; charset=utf-8" http-equiv="Content-Type"> -<!-- MOA-ID 2.x BKUSelection Layout CSS --> -<style type="text/css"> -@media screen and (min-width: 650px) { - body { - margin: 0; - padding: 0; - color: #000; - background-color: #fff; - text-align: center; - background-color: #6B7B8B; - } - #localBKU p { - font-size: 0.7em; - } - #localBKU input { - font-size: 0.7em; - border-radius: 5px; - } - #bkuselectionarea button { - font-size: 0.85em; - border-radius: 7px; - margin-bottom: 25px; - } - #mandateLogin { - font-size: 0.85em; - } - #bku_header h2 { - font-size: 0.8em; - } - #page { - display: block; - border: 2px solid rgb(0, 0, 0); - width: 650px; - height: 440px; - margin: 0 auto; - margin-top: 5%; - position: relative; - border-radius: 25px; - background: rgb(255, 255, 255); - } - #page1 { - text-align: center; - } - #main { - /* clear:both; */ - position: relative; - margin: 0 auto; - width: 250px; - text-align: center; - } - .OA_header { - /* background-color: white;*/ - font-size: 20pt; - margin-bottom: 25px; - margin-top: 25px; - } - #leftcontent { - width: 300px; - margin-top: 30px; - padding-bottom: 15px; - margin-bottom: 25px; - text-align: left; - border: 1px solid rgb(0, 0, 0); - } - #selectArea { - font-size: 15px; - padding-bottom: 65px; - } - #selectArea h3 { - margin-bottom: 25px; - } - #bku_header { - height: 5%; - padding-bottom: 3px; - padding-top: 3px; - } - #bkulogin { - overflow: hidden; - min-width: 190px; - min-height: 180px; - /*height: 260px;*/ - } - h2#tabheader { - font-size: 1.1em; - padding-left: 2%; - padding-right: 2%; - position: relative; - } - .setAssertionButton_full { - margin-top: 15px; - width: 100px; - height: 30px; - font-size: 1.3em; - min-height: 1.3em; - /* border-radius: 10px;*/ - } - #leftbutton { - width: 30%; - float: left; - margin-left: 40px; - } - #rightbutton { - width: 30%; - float: right; - margin-right: 45px; - text-align: right; - } - button { - height: 25px; - width: 90px; - margin-bottom: 10px; - } - #validation { - position: absolute; - bottom: 0px; - margin-left: 270px; - padding-bottom: 10px; - } -} - -@media screen and (max-width: 205px) { - #localBKU p { - font-size: 0.6em; - } - #localBKU input { - font-size: 0.7em; - min-width: 70px; - min-height: 1.2em; - border-radius: 5px; - } - #bkuselectionarea button,.setAssertionButton_full { - font-size: 0.8em; - min-width: 65px; - min-height: 1.3em; - /* border-radius: 5px; */ - margin-bottom: 2% - } - #mandateLogin { - font-size: 0.65em; - } - #bku_header h2,#selectArea h3 { - font-size: 0.8em; - margin-top: -0.4em; - } -} - -@media screen and (max-width: 249px) and (min-width: 206px) { - #localBKU p { - font-size: 0.7em; - } - #localBKU input { - font-size: 0.85em; - min-width: 80px; - min-height: 0.95em; - border-radius: 6px; - } - #bkuselectionarea button,.setAssertionButton_full { - font-size: 0.85em; - min-width: 70px; - min-height: 0.95em; - /* border-radius: 6px; */ - margin-bottom: 2% - } - #mandateLogin { - font-size: 0.75em; - } - #bku_header h2,#selectArea h3 { - font-size: 0.9em; - margin-top: -0.45em; - } -} - -@media screen and (max-width: 299px) and (min-width: 250px) { - #localBKU p { - font-size: 0.9em; - } - #localBKU input { - font-size: 0.9em; - min-width: 100px; - border-radius: 6px; - } - #bkuselectionarea button,.setAssertionButton_full { - font-size: 1.0em; - min-height: 1.05em; - /* border-radius: 7px; */ - margin-bottom: 5%; - } - #mandateLogin { - font-size: 1em; - } - #bku_header h2,#selectArea h3 { - font-size: 1.0em; - margin-top: -0.50em; - } -} - -@media screen and (max-width: 399px) and (min-width: 300px) { - #localBKU p { - font-size: 0.9em; - } - #localBKU input { - font-size: 0.9em; - min-width: 100px; - border-radius: 6px; - } - #bkuselectionarea button,.setAssertionButton_full { - font-size: 1.1em; - min-height: 1.2em; - /* border-radius: 8px; */ - margin-bottom: 5%; - } - #mandateLogin { - font-size: 1em; - } - #bku_header h2,#selectArea h3 { - font-size: 1.1em; - margin-top: -0.55em; - } -} - -@media screen and (max-width: 649px) and (min-width: 400px) { - #localBKU p { - font-size: 0.9em; - } - #localBKU input { - font-size: 0.9em; - min-width: 100px; - border-radius: 6px; - } - #bkuselectionarea button,.setAssertionButton_full { - font-size: 1.3em; - min-height: 1.3em; - /* border-radius: 10px; */ - margin-bottom: 5%; - } - #mandateLogin { - font-size: 1.2em; - } - #bku_header h2,#selectArea h3 { - font-size: 1.3em; - margin-top: -0.65em; - } -} - -@media screen and (max-width: 649px) { - body { - margin: 0; - padding: 0; - color: #000; - text-align: center; - font-size: 100%; - background-color: #MAIN_BACKGOUNDCOLOR#; - } - #page { - visibility: hidden; - margin-top: 0%; - } - #page1 { - visibility: hidden; - } - #main { - visibility: hidden; - } - #validation { - visibility: hidden; - display: none; - } - .OA_header { - margin-bottom: 0px; - margin-top: 0px; - font-size: 0pt; - visibility: hidden; - } - #leftcontent { - visibility: visible; - margin-bottom: 0px; - text-align: left; - border: none; - min-width: 190px; - /* min-height: 190px; */ - vertical-align: middle; - } - #bku_header { - height: 10%; - min-height: 1.2em; - margin-top: 1%; - } - h2#tabheader { - padding-left: 2%; - padding-right: 2%; - padding-top: 1%; - position: relative; - top: 50%; - } - #bkulogin { - min-width: 190px; - min-height: 150px; - } - .setAssertionButton_full { - margin-top: 15px; - width: 70%; - height: 11%; - min-width: 60px; - min-height: 25px; - } - #selectArea h3 { - margin-top: 2%; - } - button { - height: 11%; - width: 70%; - } -} - -* { - margin: 0; - padding: 0; - /* border: 0; */ - font-family: #FONTTYPE #; -} - -#selectArea { - padding-top: 10px; - padding-bottom: 55px; - padding-left: 10px; -} - -.setAssertionButton { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 70px; - height: 25px; -} - -#leftbutton { - width: 35%; - float: left; - margin-left: 15px; -} - -#rightbutton { - width: 35%; - float: right; - margin-right: 25px; - text-align: right; -} - -#stork { - margin-bottom: 10px; - margin-top: 5px; -} - -#mandateLogin { - padding-bottom: 2%; - padding-top: 2%; - height: 10%; - position: relative; - text-align: center; -} - -.verticalcenter { - vertical-align: middle; -} - -#mandateLogin>div { - clear: both; - margin-top: -1%; - position: relative; - top: 50%; -} - -#bkuselectionarea { - position: relative; - display: block; -} - -#localBKU { - padding-left: 5%; - padding-right: 2%; - padding-bottom: 2%; - position: relative; - clear: both; -} - -#bkukarte { - float: left; - text-align: center; - width: 40%; - min-height: 70px; - padding-left: 5%; - padding-top: 2%; -} - -#bkuhandy { - float: right; - text-align: center; - width: 40%; - min-height: 90px; - padding-right: 5%; - padding-top: 2%; -} - -.bkuimage { - width: 90%; - height: auto; -} - -#mandate { - text-align: center; - padding: 5px 5px 5px 5px; -} - -button,.sendButton { - /* background: #BUTTON_BACKGROUNDCOLOR#; + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <!-- MOA-ID 2.x BKUSelection Layout CSS --> + <style type="text/css"> + @media screen and (min-width: 650px) { + + body { + margin:0; + padding:0; + color : #000; + background-color : #fff; + text-align: center; + background-color: #6B7B8B; + } + + #localBKU p { + font-size: 0.7em; + } + + #localBKU input{ + font-size: 0.7em; + border-radius: 5px; + } + + #bkuselectionarea button { + font-size: 0.85em; + border-radius: 7px; + margin-bottom: 25px; + } + + #mandateLogin { + font-size: 0.85em; + } + + #bku_header h2 { + font-size: 0.8em; + } + + + #page { + display: block; + border: 2px solid rgb(0,0,0); + width: 650px; + height: 440px; + margin: 0 auto; + margin-top: 5%; + position: relative; + border-radius: 25px; + background: rgb(255,255,255); + } + + #page1 { + text-align: center; + } + + #main { + /* clear:both; */ + position:relative; + margin: 0 auto; + width: 250px; + text-align: center; + } + + .OA_header { + /* background-color: white;*/ + font-size: 20pt; + margin-bottom: 25px; + margin-top: 25px; + } + + #leftcontent { + width: 300px; + margin-top: 30px; + padding-bottom: 15px; + margin-bottom: 25px; + text-align: left; + border: 1px solid rgb(0,0,0); + } + + #selectArea { + font-size: 15px; + padding-bottom: 65px; + } + + #selectArea h3 { + margin-bottom: 25px; + } + + #bku_header { + height: 5%; + padding-bottom: 3px; + padding-top: 3px; + } + + #bkulogin { + overflow:hidden; + min-width: 190px; + min-height: 180px; + /*height: 260px;*/ + } + + h2#tabheader{ + font-size: 1.1em; + padding-left: 2%; + padding-right: 2%; + position: relative; + } + + .setAssertionButton_full { + margin-top: 15px; + width: 100px; + height: 30px; + font-size: 1.3em; + min-height: 1.3em; +/* border-radius: 10px;*/ + } + + #leftbutton { + width: 30%; + float:left; + margin-left: 40px; + } + + #rightbutton { + width: 30%; + float:right; + margin-right: 45px; + text-align: right; + } + + button { + height: 25px; + width: 90px; + margin-bottom: 10px; + } + + #validation { + position: absolute; + bottom: 0px; + margin-left: 270px; + padding-bottom: 10px; + } + + } + + @media screen and (max-width: 205px) { + #localBKU p { + font-size: 0.6em; + } + + #localBKU input { + font-size: 0.7em; + min-width: 70px; + min-height: 1.2em; + border-radius: 5px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 0.8em; + min-width: 65px; + min-height: 1.3em; + /* border-radius: 5px; */ + margin-bottom: 2% + } + + #mandateLogin { + font-size: 0.65em; + } + + #bku_header h2, #selectArea h3 { + font-size: 0.8em; + margin-top: -0.4em; + } + } + + @media screen and (max-width: 249px) and (min-width: 206px) { + #localBKU p { + font-size: 0.7em; + } + + #localBKU input { + font-size: 0.85em; + min-width: 80px; + min-height: 0.95em; + border-radius: 6px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 0.85em; + min-width: 70px; + min-height: 0.95em; + /* border-radius: 6px; */ + margin-bottom: 2% + } + + #mandateLogin { + font-size: 0.75em; + } + + #bku_header h2, #selectArea h3 { + font-size: 0.9em; + margin-top: -0.45em; + } + } + + @media screen and (max-width: 299px) and (min-width: 250px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.9em; + min-width: 100px; + border-radius: 6px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 1.0em; + min-height: 1.05em; + /* border-radius: 7px; */ + margin-bottom: 5%; + } + + #mandateLogin { + font-size: 1em; + } + + #bku_header h2, #selectArea h3 { + font-size: 1.0em; + margin-top: -0.50em; + } + } + + @media screen and (max-width: 399px) and (min-width: 300px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.9em; + min-width: 100px; + border-radius: 6px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 1.1em; + min-height: 1.2em; + /* border-radius: 8px; */ + margin-bottom: 5%; + } + + #mandateLogin { + font-size: 1em; + } + + #bku_header h2, #selectArea h3 { + font-size: 1.1em; + margin-top: -0.55em; + } + } + + @media screen and (max-width: 649px) and (min-width: 400px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.9em; + min-width: 100px; + border-radius: 6px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 1.3em; + min-height: 1.3em; +/* border-radius: 10px; */ + margin-bottom: 5%; + } + + #mandateLogin { + font-size: 1.2em; + } + + #bku_header h2, #selectArea h3 { + font-size: 1.3em; + margin-top: -0.65em; + } + } + + + + @media screen and (max-width: 649px) { + + body { + margin:0; + padding:0; + color : #000; + text-align: center; + font-size: 100%; + background-color: #MAIN_BACKGOUNDCOLOR#; + } + + #page { + visibility: hidden; + margin-top: 0%; + } + + #page1 { + visibility: hidden; + } + + #main { + visibility: hidden; + } + + #validation { + visibility: hidden; + display: none; + } + + .OA_header { + margin-bottom: 0px; + margin-top: 0px; + font-size: 0pt; + visibility: hidden; + } + + #leftcontent { + visibility: visible; + margin-bottom: 0px; + text-align: left; + border:none; + min-width: 190px; +/* min-height: 190px; */ + vertical-align: middle; + + } + + #bku_header { + height: 10%; + min-height: 1.2em; + margin-top: 1%; + } + + h2#tabheader{ + padding-left: 2%; + padding-right: 2%; + padding-top: 1%; + position: relative; + top: 50%; + } + + #bkulogin { + min-width: 190px; + min-height: 150px; + } + + .setAssertionButton_full { + margin-top: 15px; + width: 70%; + height: 11%; + min-width: 60px; + min-height: 25px; + } + + #selectArea h3 { + margin-top: 2%; + } + + button { + height: 11%; + width: 70%; + } + } + + * { + margin: 0; + padding: 0; +/* border: 0; */ + font-family: #FONTTYPE#; + } + + #selectArea { + padding-top: 10px; + padding-bottom: 55px; + padding-left: 10px; + } + + .setAssertionButton { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 70px; + height: 25px; + } + + #leftbutton { + width: 35%; + float:left; + margin-left: 15px; + } + + #rightbutton { + width: 35%; + float:right; + margin-right: 25px; + text-align: right; + } + + #stork { + margin-bottom: 10px; + margin-top: 5px; + } + + #mandateLogin { + padding-bottom: 2%; + padding-top: 2%; + height: 10%; + position: relative; + text-align: center; + } + + .verticalcenter { + vertical-align: middle; + } + + #mandateLogin > div { + clear: both; + margin-top: -1%; + position: relative; + top: 50%; + } + + #bkuselectionarea { + position: relative; + display: block; + } + + #localBKU { + padding-left: 5%; + padding-right: 2%; + padding-bottom: 2%; + position: relative; + clear: both; + } + + #bkukarte { + float:left; + text-align:center; + width:40%; + min-height: 70px; + padding-left: 5%; + padding-top: 2%; + } + + #bkuhandy { + float:right; + text-align:center; + width:40%; + min-height: 90px; + padding-right: 5%; + padding-top: 2%; + } + + .bkuimage { + width: 90%; + height: auto; + } + + #mandate{ + text-align:center; + padding : 5px 5px 5px 5px; + } + + button, .sendButton { +/* background: #BUTTON_BACKGROUNDCOLOR#; color: #BUTTON_COLOR#; */ - cursor: pointer; - - /* border:1px solid #000; + cursor: pointer; + +/* border:1px solid #000; box-shadow: 3px 3px 3px #222222; */ -} - -button:hover,button:focus,button:active,.sendButton:hover,.sendButton:focus,.sendButton:active,#mandateCheckBox:hover,#mandateCheckBox:focus,#mandateCheckBox:active - { - /* background: #BUTTON_BACKGROUNDCOLOR_FOCUS#; - color: #BUTTON_COLOR#; */ - cursor: pointer; - - /* border:1px solid #000; + } + + button:hover, button:focus, button:active, + .sendButton:hover , .sendButton:focus, .sendButton:active, + #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active { +/* background: #BUTTON_BACKGROUNDCOLOR_FOCUS#; + color: #BUTTON_COLOR#; */ + cursor: pointer; + +/* border:1px solid #000; box-shadow: -1px -1px 3px #222222; */ -} - -#installJava,#BrowserNOK { - clear: both; - font-size: 0.8em; - padding: 4px; -} - -.selectText { - -} - -.selectTextHeader { - -} - -#leftcontent a { - text-decoration: none; - color: #000; - /* display:block;*/ - padding: 4px; -} - -#leftcontent a:hover,#leftcontent a:focus,#leftcontent a:active { - text-decoration: underline; - color: #000; -} - -.infobutton { - background-color: #005a00; - color: white; - font-family: serif; - text-decoration: none; - padding-top: 2px; - padding-right: 4px; - padding-bottom: 2px; - padding-left: 4px; - font-weight: bold; -} - -.hell { - background-color: #MAIN_BACKGOUNDCOLOR#; - color: #MAIN_COLOR#; -} - -.dunkel { - background-color: #HEADER_BACKGROUNDCOLOR#; - color: #HEADER_COLOR#; -} - -.main_header { - color: black; - font-size: 32pt; - position: absolute; - right: 10%; - top: 40px; -} -</style> - - -<title>Anmeldung an Online-Applikation</title> + } + + #installJava, #BrowserNOK { + clear:both; + font-size:0.8em; + padding:4px; + } + + .selectText{ + + } + + .selectTextHeader{ + + } + + #leftcontent a { + text-decoration:none; + color: #000; + /* display:block;*/ + padding:4px; + } + + #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active { + text-decoration:underline; + color: #000; + } + + .infobutton { + background-color: #005a00; + color: white; + font-family: serif; + text-decoration: none; + padding-top: 2px; + padding-right: 4px; + padding-bottom: 2px; + padding-left: 4px; + font-weight: bold; + } + + .hell { + background-color : #MAIN_BACKGOUNDCOLOR#; + color: #MAIN_COLOR#; + } + + .dunkel { + background-color: #HEADER_BACKGROUNDCOLOR#; + color: #HEADER_COLOR#; + } + + .main_header { + color: black; + font-size: 32pt; + position: absolute; + right: 10%; + top: 40px; + + } + + </style> + + + <title>Anmeldung an Online-Applikation</title> </head> <body> - <div id="page"> - - <div id="page1" class="case selected-case" role="main"> - - <!-- <h2 class="OA_header">Anmeldung an: #OAName#</h2> --> - - <div id="main"> - <div id="leftcontent" class="hell"> - <div id="bku_header" class="dunkel"> - <h2 id="tabheader" class="dunkel" role="heading"> - Anmeldeinformationen:</h2> - </div> - - <div id="selectArea" class="hell" role="application"> - <h3>Anmeldung an: #OAName#</h3> - - <!-- <div class="hell"> --> - <div id="leftbutton"> - <form method="post" id="moaidform_yes" action="#URL#"> - <input type="hidden" name="value" value="true"> <input - type="hidden" name="mod" value="#MODUL#"> <input - type="hidden" name="action" value="#ACTION#"> <input - type="hidden" name="identifier" value="#ID#"> <input - type="submit" value="Ja" - class="setAssertionButton_full sendButton" role="button"> - </form> - </div> - <div id="rightbutton"> - <form method="post" id="moaidform_no" action="#URL#"> - <input type="hidden" name="value" value="false"> <input - type="hidden" name="mod" value="#MODUL#"> <input - type="hidden" name="action" value="#ACTION#"> <input - type="hidden" name="identifier" value="#ID#"> <input - type="submit" value="Nein" - class="setAssertionButton_full sendButton" role="button"> - </form> - </div> - + <div id="page"> + + <div id="page1" class="case selected-case" role="main"> + +<!-- <h2 class="OA_header">Anmeldung an: #OAName#</h2> --> + + <div id="main"> + <div id="leftcontent" class="hell"> + <div id="bku_header" class="dunkel"> + <h2 id="tabheader" class="dunkel" role="heading"> + Anmeldeinformationen: + </h2> + </div> + + <div id="selectArea" class="hell" role="application"> + <h3>Anmeldung an: #OAName#</h3> + +<!-- <div class="hell"> --> + <div id="leftbutton"> + <form method="post" id="moaidform_yes" action="#URL#"> + <input type="hidden" name="value" value="true"> + <input type="hidden" name="mod" value="#MODUL#"> + <input type="hidden" name="action" value="#ACTION#"> + <input type="hidden" name="identifier" value="#ID#"> + <input type="submit" value="Ja" class="setAssertionButton_full sendButton" role="button"> + </form> + </div> + <div id="rightbutton"> + <form method="post" id="moaidform_no" action="#URL#"> + <input type="hidden" name="value" value="false"> + <input type="hidden" name="mod" value="#MODUL#"> + <input type="hidden" name="action" value="#ACTION#"> + <input type="hidden" name="identifier" value="#ID#"> + <input type="submit" value="Nein" class="setAssertionButton_full sendButton" role="button"> + </form> + </div> + + </div> </div> </div> - </div> - </div> - <div id="validation"> - <a href="http://validator.w3.org/check?uri="> <img - style="border: 0; width: 88px; height: 31px" - src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> - </a> <a href="http://jigsaw.w3.org/css-validator/"> <img - style="border: 0; width: 88px; height: 31px" - src="https://jigsaw.w3.org/css-validator/images/vcss-blue" - alt="CSS ist valide!" /> - </a> </div> + <!--div id="validation"> + <a href="http://validator.w3.org/check?uri="> + <img style="border:0;width:88px;height:31px" + src="#CONTEXTPATH#/img/valid-html5-blue.png" + alt="HTML5 ist valide!" /> + </a> + <a href="http://jigsaw.w3.org/css-validator/"> + <img style="border:0;width:88px;height:31px" + src="http://jigsaw.w3.org/css-validator/images/vcss-blue" + alt="CSS ist valide!" /> + </a> + </div--> </div> </body> </html> diff --git a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html index 8976b2bd6..a9d73e0d3 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html @@ -380,7 +380,21 @@ function sloTimeOut() { window.location.href="$timeoutURL"; - } + } + function RestartAfterDelay() { + var eDate = null; + var MilliSekZeit = 0; + var SysDatumJetzt = new Date(); + var SysDatumJetztMilli = SysDatumJetzt.getTime(); + + do { + eDate = new Date(); + MilliSekZeit = eDate.getTime(); + + } while ((MilliSekZeit-SysDatumJetztMilli) < $timeout); + + sloTimeOut(); + } </script> #end @@ -430,22 +444,21 @@ </div> </div> </div> - <div id="validation"> + <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border: 0; width: 88px; height: 31px" src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> </a> <a href="http://jigsaw.w3.org/css-validator/"> <img style="border: 0; width: 88px; height: 31px" - src="https://jigsaw.w3.org/css-validator/images/vcss-blue" + src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="CSS ist valide!" /> </a> - </div> + </div--> </div> #foreach( $el in $redirectURLs ) <iframe src=$el class="reqframe"></iframe> #end - </body> </html>
\ No newline at end of file diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index a81744edf..d242147f1 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -114,7 +114,19 @@ <version>2.2.11</version> </dependency> - <dependency> + <dependency> + <groupId>org.jvnet.jaxb2_commons</groupId> + <artifactId>jaxb2-commons-lang</artifactId> + <version>2.4</version> + </dependency> + + <dependency> + <groupId>org.jvnet.jaxb2_commons</groupId> + <artifactId>jaxb2-basics-runtime</artifactId> + <version>0.11.0</version> + </dependency> + +<!-- <dependency> <groupId>org.hibernate.javax.persistence</groupId> <artifactId>hibernate-jpa-2.1-api</artifactId> <version>1.0.0.Final</version> @@ -144,7 +156,8 @@ <groupId>org.springframework</groupId> </exclusion> </exclusions> - </dependency> + </dependency> --> + <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> @@ -165,7 +178,7 @@ <artifactId>spring-orm</artifactId> </dependency> - <dependency> + <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> </dependency> @@ -190,12 +203,14 @@ <groupId>cglib</groupId> <artifactId>cglib</artifactId> <version>2.2.2</version> + <scope>test</scope> </dependency> <dependency> <groupId>com.h2database</groupId> <artifactId>h2</artifactId> <version>1.4.178</version> + <scope>test</scope> </dependency> <dependency> @@ -204,6 +219,10 @@ <version>1.4</version> </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-collections4</artifactId> + </dependency> </dependencies> diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java index a04b8f454..a28fe6a7b 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java @@ -61,6 +61,7 @@ public class MOAIDConstants { public static final List<String> ALLOWED_KEYBOXIDENTIFIER; public static final List<String> ALLOWED_REDIRECTTARGETNAMES; public static final List<String> ALLOWED_STORKATTRIBUTEPROVIDERS; + public static final List<String> JDBC_DRIVER_NEEDS_WORKAROUND; static { @@ -105,4 +106,11 @@ public class MOAIDConstants { } + static { + List<String> jdbcDriverWorkaround = new ArrayList<String>(); + jdbcDriverWorkaround.add("oracle.jdbc."); + jdbcDriverWorkaround.add("com.microsoft.sqlserver."); + JDBC_DRIVER_NEEDS_WORKAROUND = Collections.unmodifiableList(jdbcDriverWorkaround); + } + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index d99f826b6..63d8f463c 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -738,6 +738,7 @@ public class ConfigurationMigrationUtils { } dbOA.setIsActive(Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_ISACTIVE))); + dbOA.setIsAdminRequired(false); dbOA.setPublicURLPrefix(oa.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER)); dbOA.setFriendlyName(oa.get(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME)); @@ -1187,6 +1188,9 @@ public class ConfigurationMigrationUtils { result.put(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, authgen.getPublicURLPreFix()); + result.put(MOAIDConfigurationConstants.GENERAL_ISVIRTUALIDPSENABLED, + String.valueOf(authgen.isVirtualPublicURLPrefixEnabled())); + TimeOuts timeouts = authgen.getTimeOuts(); if (timeouts != null) { @@ -1394,41 +1398,46 @@ public class ConfigurationMigrationUtils { // to foreclose lazyloading session timeouts if (stork.getCPEPS() != null) { for (int i=0; i<stork.getCPEPS().size(); i++) { - result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST - + "." + String.valueOf(i) + "." - + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY, - stork.getCPEPS().get(i).getCountryCode()); - result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST - + "." + String.valueOf(i) + "." - + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL, - stork.getCPEPS().get(i).getURL()); - result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST - + "." + String.valueOf(i) + "." - + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_SUPPORT_XMLDSIG, - String.valueOf(stork.getCPEPS().get(i).isSupportsXMLSignature())); + if( !(stork.getCPEPS().get(i).getURL() == null || + MiscUtil.isEmpty(stork.getCPEPS().get(i).getCountryCode()) || + stork.getCPEPS().get(i).getURL().endsWith("http://")) ) { + result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + + "." + String.valueOf(i) + "." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY, + stork.getCPEPS().get(i).getCountryCode()); + result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + + "." + String.valueOf(i) + "." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL, + stork.getCPEPS().get(i).getURL()); + result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + + "." + String.valueOf(i) + "." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_SUPPORT_XMLDSIG, + String.valueOf(stork.getCPEPS().get(i).isSupportsXMLSignature())); + } } } List<StorkAttribute> tmp = stork.getAttributes(); - if(null != tmp) { + if(null != tmp && tmp.size() > 0) { for (int i=0; i<tmp.size(); i++) { - result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST - + "." + String.valueOf(i) + "." - + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME, - tmp.get(i).getName()); - - if (tmp.get(i).isMandatory() != null) - result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST - + "." + String.valueOf(i) + "." - + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY, - tmp.get(i).isMandatory().toString()); - else + if (MiscUtil.isNotEmpty(tmp.get(i).getName())) { result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST + "." + String.valueOf(i) + "." - + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY, - Boolean.FALSE.toString()); + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME, + tmp.get(i).getName()); + if (tmp.get(i).isMandatory() != null) + result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST + + "." + String.valueOf(i) + "." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY, + tmp.get(i).isMandatory().toString()); + else + result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST + + "." + String.valueOf(i) + "." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY, + Boolean.FALSE.toString()); + } } } @@ -1474,6 +1483,16 @@ public class ConfigurationMigrationUtils { dbauthgeneral.setPublicURLPreFix(moaconfig.get(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX)); + if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_ISVIRTUALIDPSENABLED))) { + dbauthgeneral.setVirtualPublicURLPrefixEnabled( + Boolean.valueOf( + moaconfig.get(MOAIDConfigurationConstants.GENERAL_ISVIRTUALIDPSENABLED))); + + } else { + dbauthgeneral.setVirtualPublicURLPrefixEnabled(false); + + } + if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL))) dbauthgeneral.setCertStoreDirectory(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL)); @@ -1679,35 +1698,43 @@ public class ConfigurationMigrationUtils { String index = KeyValueUtils.getFirstChildAfterPrefix(key, MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST); if (!attrMap.containsKey(index)) { StorkAttribute attr = new StorkAttribute(); - attr.setName(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST + String attrName = moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST + "." + index + "." - + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME)); - attr.setMandatory(Boolean.parseBoolean(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST - + "." + index + "." - + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY))); - attr.setHjid(Long.valueOf(index)); - attrMap.put(index, attr); + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME); + if (MiscUtil.isNotEmpty(attrName)) { + attr.setName(attrName); + attr.setMandatory(Boolean.parseBoolean(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST + + "." + index + "." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY))); + attr.setHjid(Long.valueOf(index)); + attrMap.put(index, attr); + } } } else if (key.startsWith(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST)) { String index = KeyValueUtils.getFirstChildAfterPrefix(key, MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST); if (!cpepsMap.containsKey(index)) { CPEPS attr = new CPEPS(); - attr.setCountryCode(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST - + "." + index + "." - + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY)); - - attr.setURL(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + + String countryCode = moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + "." + index + "." - + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL)); + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY); - attr.setSupportsXMLSignature(Boolean.parseBoolean(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + String pepsURL = moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + "." + index + "." - + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_SUPPORT_XMLDSIG))); + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL); - attr.setHjid(Long.valueOf(index)); + if (MiscUtil.isNotEmpty(countryCode) && MiscUtil.isNotEmpty(pepsURL) && + !pepsURL.endsWith("http://")) { + attr.setCountryCode(countryCode); + attr.setURL(pepsURL); + attr.setSupportsXMLSignature(Boolean.parseBoolean(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + + "." + index + "." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_SUPPORT_XMLDSIG))); + attr.setHjid(Long.valueOf(index)); cpepsMap.put(index, attr); + } } } @@ -1774,11 +1801,17 @@ public class ConfigurationMigrationUtils { } // try { - List<TransformsInfoType> trans = new ArrayList<TransformsInfoType>(); - TransformsInfoType elem = new TransformsInfoType(); - elem.setTransformation(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64).getBytes()); - elem.setFilename(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_NAME)); - trans.add(elem); + List<TransformsInfoType> trans = new ArrayList<TransformsInfoType>(); + if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64))) { + TransformsInfoType elem = new TransformsInfoType(); + elem.setTransformation(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64).getBytes()); + elem.setFilename(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_NAME)); + trans.add(elem); + + } else { + Logger.info("No AuthBlock-Transformation found."); + + } seclayertrans.setTransformsInfo(trans); // } catch (IOException e) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java index 4130b2c5d..e24cb8606 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java @@ -27,8 +27,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.STORK; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -import com.fasterxml.jackson.core.JsonProcessingException; - public class ConfigurationUtil { final boolean isOverwriteData; @@ -83,7 +81,7 @@ public class ConfigurationUtil { * is thrown if problem occurred while serializing one of the * database values */ - public static Properties moaIdConfigToJsonProperties(MOAIDConfiguration config) throws JsonProcessingException { + public static Properties moaIdConfigToJsonProperties(MOAIDConfiguration config) { Properties result = new Properties(); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index c338c65ba..7d9fc452a 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -186,6 +186,7 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { //Namespaces for general MOA-ID config public static final String GENERAL_PUBLICURLPREFIX = PREFIX_MOAID_GENERAL + ".publicURLPrefix"; + public static final String GENERAL_ISVIRTUALIDPSENABLED = PREFIX_MOAID_GENERAL + ".isVirtualIDPsEnabled"; private static final String GENERAL_DEFAULTS = PREFIX_MOAID_GENERAL + ".defaults"; private static final String GENERAL_DEFAULTS_BKU = GENERAL_DEFAULTS + "." + BKU; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/JsonMapper.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/JsonMapper.java deleted file mode 100644 index 6138d571b..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/JsonMapper.java +++ /dev/null @@ -1,73 +0,0 @@ -package at.gv.egovernment.moa.id.commons.config.persistence; - -import java.io.IOException; - -import com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility; -import com.fasterxml.jackson.annotation.PropertyAccessor; -import com.fasterxml.jackson.core.JsonParseException; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.JavaType; -import com.fasterxml.jackson.databind.JsonMappingException; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.SerializationFeature; -import com.fasterxml.jackson.databind.type.TypeFactory; - -/** - * Helper class to handle the JSON (de-)serialization. - * - */ -public class JsonMapper { - - private ObjectMapper mapper = new ObjectMapper(); - - /** - * The default constructor where the default pretty printer is disabled. - */ - public JsonMapper() { - this(false); - } - - /** - * The constructor. - * @param prettyPrint enables or disables the default pretty printer - */ - public JsonMapper(boolean prettyPrint) { - mapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE); - mapper.setVisibility(PropertyAccessor.GETTER, Visibility.PUBLIC_ONLY); - mapper.setVisibility(PropertyAccessor.IS_GETTER, Visibility.PUBLIC_ONLY); - if (prettyPrint) { - mapper.enable(SerializationFeature.INDENT_OUTPUT); - } - } - - /** - * Serialize an object to a JSON string. - * @param value the object to serialize - * @return a JSON string - * @throws JsonProcessingException thrown when an error occurs during serialization - */ - public String serialize(Object value) throws JsonProcessingException { - return mapper.writeValueAsString(value); - } - - /** - * Deserialize a JSON string. - * - * @param value the JSON string to deserialize - * @param clazz optional parameter that determines the type of the returned object. If not set, an {@link Object} is returned. - * @return the deserialized JSON string as an object of type {@code clazz} or {@link Object} - * @throws JsonParseException if the JSON string contains invalid content. - * @throws JsonMappingException if the input JSON structure does not match structure expected for result type - * @throws IOException if an I/O problem occurs (e.g. unexpected end-of-input) - */ - public <T> Object deserialize(String value, Class<T> clazz) throws JsonParseException, JsonMappingException, IOException{ - - ObjectMapper mapper = new ObjectMapper(); - if (clazz != null) { - JavaType javaType = TypeFactory.defaultInstance().constructType(clazz); - return mapper.readValue(value, javaType); - } else { - return mapper.readValue(value, Object.class); - } - } -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java deleted file mode 100644 index 3836d5a1e..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java +++ /dev/null @@ -1,403 +0,0 @@ -///******************************************************************************* -// * Copyright 2014 Federal Chancellery Austria -// * MOA-ID has been developed in a cooperation between BRZ, the Federal -// * Chancellery Austria - ICT staff unit, and Graz University of Technology. -// * -// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by -// * the European Commission - subsequent versions of the EUPL (the "Licence"); -// * You may not use this work except in compliance with the Licence. -// * You may obtain a copy of the Licence at: -// * http://www.osor.eu/eupl/ -// * -// * Unless required by applicable law or agreed to in writing, software -// * distributed under the Licence is distributed on an "AS IS" basis, -// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// * See the Licence for the specific language governing permissions and -// * limitations under the Licence. -// * -// * This product combines work with different licenses. See the "NOTICE" text -// * file for details on the various modules and licenses. -// * The "NOTICE" text file is part of the distribution. Any derivative works -// * that you distribute must include a readable copy of the "NOTICE" text file. -// *******************************************************************************/ -//package at.gv.egovernment.moa.id.commons.db; -// -//import java.util.ArrayList; -//import java.util.HashMap; -//import java.util.List; -//import java.util.Map; -// -//import javax.persistence.EntityManager; -// -//import org.apache.commons.lang3.StringEscapeUtils; -// -//import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; -//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -//import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; -//import at.gv.egovernment.moa.logging.Logger; -//import at.gv.egovernment.moa.util.MiscUtil; -////import org.apache.commons.lang.StringEscapeUtils; -// -//import com.fasterxml.jackson.annotation.JsonProperty; -// -///** -// * -// * @author tlenz -// * -// * @deprecated -// */ -// -//@SuppressWarnings("rawtypes") -//public class ConfigurationDBRead { -// -// private static Map<String, String> QUERIES = new HashMap<String, String>(); -// -// static { -// QUERIES.put("getActiveOnlineApplicationWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.publicURLPrefix = SUBSTRING(:id, 1, LENGTH(onlineapplication.publicURLPrefix)) and onlineapplication.isActive = '1'"); -// QUERIES.put("getOnlineApplicationWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.publicURLPrefix = SUBSTRING(:id, 1, LENGTH(onlineapplication.publicURLPrefix))"); -// QUERIES.put("getOnlineApplicationWithDBID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.hjid = :id"); -// QUERIES.put("getAllOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication"); -// QUERIES.put("getAllActiveOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.isActive = '1'"); -// QUERIES.put("getAllNewOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.isActive = '0' and onlineapplication.isAdminRequired = '1'"); -// QUERIES.put("getMOAIDConfiguration", "select moaidconfiguration from MOAIDConfiguration moaidconfiguration"); -// QUERIES.put("getUserWithUserID", "select userdatabase from UserDatabase userdatabase where userdatabase.hjid = :id"); -// QUERIES.put("getNewUserWithUserTokken", "select userdatabase from UserDatabase userdatabase where userdatabase.userRequestTokken = :tokken"); -// QUERIES.put("getAllNewUsers", "select userdatabase from UserDatabase userdatabase where userdatabase.userRequestTokken is null and userdatabase.isAdminRequest = '1' and userdatabase.isMailAddressVerified = '1'"); -// QUERIES.put("getAllOpenUsersRequests", "select userdatabase from UserDatabase userdatabase where userdatabase.userRequestTokken is not null and userdatabase.isAdminRequest = '1' and userdatabase.isMailAddressVerified = '0'"); -// QUERIES.put("getUserWithUserBPKWBPK", "select userdatabase from UserDatabase userdatabase where userdatabase.bpk = :bpk"); -// QUERIES.put("getUserWithUserUsername", "select userdatabase from UserDatabase userdatabase where userdatabase.username = :username"); -// QUERIES.put("getAllUsers", "select userdatabase from UserDatabase userdatabase"); -// QUERIES.put("getUsersWithOADBID", "select userdatabase from UserDatabase userdatabase inner join userdatabase.onlineApplication oa where oa.hjid = :id"); -// QUERIES.put("searchOnlineApplicationsWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.friendlyName like :id"); -// } -// -//// public static OnlineApplication getActiveOnlineApplication(String id) { -//// MiscUtil.assertNotNull(id, "OnlineApplictionID"); -//// Logger.trace("Getting OnlineApplication with ID " + id + " from database."); -//// -//// List result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getActiveOnlineApplicationWithID")); -//// //query.setParameter("id", id+"%"); -//// query.setParameter("id", StringEscapeUtils.escapeHtml4(id)); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.debug("No entries found."); -//// return null; -//// } -//// -//// if (result.size() > 1) { -//// Logger.warn("OAIdentifier match to more then one DB-entry!"); -//// return null; -//// } -//// -//// return (OnlineApplication) result.get(0); -//// } -//// -//// public static OnlineApplication getOnlineApplication(String id) { -//// MiscUtil.assertNotNull(id, "OnlineApplictionID"); -//// Logger.trace("Getting OnlineApplication with ID " + id + " from database."); -//// -//// List result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getOnlineApplicationWithID")); -//// //query.setParameter("id", id+"%"); -//// query.setParameter("id", id); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// -//// if (result.size() > 1) { -//// Logger.warn("OAIdentifier match to more then one DB-entry!"); -//// return null; -//// } -//// -//// return (OnlineApplication) result.get(0); -//// } -//// -//// public static OnlineApplication getOnlineApplication(long dbid) { -//// MiscUtil.assertNotNull(dbid, "OnlineApplictionID"); -//// Logger.trace("Getting OnlineApplication with DBID " + dbid + " from database."); -//// -//// List result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getOnlineApplicationWithDBID")); -//// //query.setParameter("id", id+"%"); -//// query.setParameter("id", dbid); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// -//// return (OnlineApplication) result.get(0); -//// } -//// -//// @JsonProperty("getMOAIDConfiguration") -//// public static MOAIDConfiguration getMOAIDConfiguration() { -//// Logger.trace("Load MOAID Configuration from database."); -//// -//// List<MOAIDConfiguration> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getMOAIDConfiguration")); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found. Create fresh instance."); -//// return null; -//// } -//// -//// return (MOAIDConfiguration) result.get(0); -//// } -//// -//// @JsonProperty("getAllOnlineApplications") -//// public static List<OnlineApplication> getAllOnlineApplications() { -//// Logger.trace("Get All OnlineApplications from database."); -//// -//// List<OnlineApplication> result = null; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getAllOnlineApplications")); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return result; -//// } -//// -//// public static List<OnlineApplication> getAllNewOnlineApplications() { -//// Logger.trace("Get All OnlineApplications from database."); -//// -//// List<OnlineApplication> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getAllNewOnlineApplications")); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return result; -//// } -//// -//// @JsonProperty("getAllUsers") -//// public static List<UserDatabase> getAllUsers() { -//// Logger.trace("Get All OnlineApplications from database."); -//// -//// List<UserDatabase> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getAllUsers")); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return result; -//// } -//// -//// public static List<OnlineApplication> getAllActiveOnlineApplications() { -//// Logger.trace("Get All active OnlineApplications from database."); -//// -//// List<OnlineApplication> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getAllActiveOnlineApplications")); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// result = new ArrayList<OnlineApplication>(); -//// -//// } -//// return result; -//// } -//// -//// @SuppressWarnings("rawtypes") -//// public static List<OnlineApplication> searchOnlineApplications(String id) { -//// MiscUtil.assertNotNull(id, "OnlineApplictionID"); -//// Logger.trace("Getting OnlineApplication with ID " + id + " from database."); -//// -//// List<OnlineApplication> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("searchOnlineApplicationsWithID")); -//// query.setParameter("id", "%" + id + "%"); -//// -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// -//// return result; -//// } -//// -//// public static UserDatabase getUserWithID(long id) { -//// MiscUtil.assertNotNull(id, "UserID"); -//// Logger.trace("Getting Userinformation with ID " + id + " from database."); -//// -//// List<UserDatabase> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getUserWithUserID")); -//// query.setParameter("id", id); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return (UserDatabase) result.get(0); -//// } -//// -//// public static UserDatabase getUsersWithOADBID(long id) { -//// MiscUtil.assertNotNull(id, "OADBID"); -//// Logger.trace("Getting Userinformation with OADBID " + id + " from database."); -//// -//// List<UserDatabase> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getUsersWithOADBID")); -//// query.setParameter("id", id); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return (UserDatabase) result.get(0); -//// } -//// -//// public static UserDatabase getUserWithUserName(String username) { -//// MiscUtil.assertNotNull(username, "UserName"); -//// Logger.trace("Getting Userinformation with ID " + username + " from database."); -//// -//// List<UserDatabase> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getUserWithUserUsername")); -//// query.setParameter("username", username); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return (UserDatabase) result.get(0); -//// } -//// -//// public static UserDatabase getUserWithUserBPKWBPK(String bpkwbpk) { -//// MiscUtil.assertNotNull(bpkwbpk, "bpk/wbpk"); -//// Logger.trace("Getting Userinformation with ID " + bpkwbpk + " from database."); -//// -//// List<UserDatabase> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getUserWithUserBPKWBPK")); -//// query.setParameter("bpk", bpkwbpk); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return (UserDatabase) result.get(0); -//// } -//// -//// public static UserDatabase getNewUserWithTokken(String tokken) { -//// MiscUtil.assertNotNull(tokken, "bpk/wbpk"); -//// Logger.trace("Getting Userinformation with Tokken " + tokken + " from database."); -//// -//// List<UserDatabase> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getNewUserWithUserTokken")); -//// query.setParameter("tokken", tokken); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return (UserDatabase) result.get(0); -//// } -//// -//// public static List<UserDatabase> getAllNewUsers() { -//// Logger.trace("Get all new Users from Database"); -//// -//// List<UserDatabase> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getAllNewUsers")); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return result; -//// } -//// -//// public static List<UserDatabase> getAllOpenUsersRequests() { -//// Logger.trace("Get all new Users from Database"); -//// -//// List<UserDatabase> result; -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// -//// javax.persistence.Query query = session.createQuery(QUERIES.get("getAllOpenUsersRequests")); -//// result = query.getResultList(); -//// -//// Logger.trace("Found entries: " + result.size()); -//// -//// if (result.size() == 0) { -//// Logger.trace("No entries found."); -//// return null; -//// } -//// return result; -//// } -//} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java deleted file mode 100644 index 7f996cca7..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java +++ /dev/null @@ -1,233 +0,0 @@ -///******************************************************************************* -// * Copyright 2014 Federal Chancellery Austria -// * MOA-ID has been developed in a cooperation between BRZ, the Federal -// * Chancellery Austria - ICT staff unit, and Graz University of Technology. -// * -// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by -// * the European Commission - subsequent versions of the EUPL (the "Licence"); -// * You may not use this work except in compliance with the Licence. -// * You may obtain a copy of the Licence at: -// * http://www.osor.eu/eupl/ -// * -// * Unless required by applicable law or agreed to in writing, software -// * distributed under the Licence is distributed on an "AS IS" basis, -// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// * See the Licence for the specific language governing permissions and -// * limitations under the Licence. -// * -// * This product combines work with different licenses. See the "NOTICE" text -// * file for details on the various modules and licenses. -// * The "NOTICE" text file is part of the distribution. Any derivative works -// * that you distribute must include a readable copy of the "NOTICE" text file. -// *******************************************************************************/ -//package at.gv.egovernment.moa.id.commons.db; -// -//import java.util.Properties; -// -//import javax.persistence.EntityManager; -//import javax.persistence.EntityManagerFactory; -//import javax.persistence.EntityTransaction; -//import javax.persistence.Persistence; -// -//import org.hibernate.HibernateException; -// -//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -//import at.gv.egovernment.moa.logging.Logger; -// -//public final class ConfigurationDBUtils { -// -// private static EntityManagerFactory entitymanagerfactory; -// -// @SuppressWarnings("rawtypes") -// private static final ThreadLocal THREAD_LOCAL_CONFIG = new ThreadLocal(); -// private static boolean automaticSessionHandling = false; -// -// protected ConfigurationDBUtils() { } -// -// public static void initHibernate(Properties props) throws MOADatabaseException { -// -//// try { -//// -//// Logger.debug("Creating initial session factory..."); -//// -//// entitymanagerfactory = -//// Persistence.createEntityManagerFactory("at.gv.egovernment.moa.id.commons.db.dao.config", -//// props); -//// -//// Logger.debug("Initial ConfigDB session factory successfully created."); -//// -//// -//// } catch (Throwable ex) { -//// Logger.error("Initial session factory creation failed: " + ex.getMessage()); -//// throw new MOADatabaseException("Initialization of Configuration Hibernate session factory failed.",ex); -//// } -// } -// -// -//// /** -//// * Checks if a session factory is currently available. If necessary a new -//// * session factory is created. -//// * -//// * @return current (or new) session factory -//// * @throws HibernateException -//// * thrown if a hibernate error occurs -//// */ -//// public static EntityManager getCurrentSession() { -//// if (automaticSessionHandling) { -//// -//// return entitymanagerfactory.createEntityManager(); -//// } -//// -//// EntityManager session = (EntityManager) THREAD_LOCAL_CONFIG.get(); -//// -//// if (session != null && session.isOpen()) { -//// -//// //maybe a hack, but sometimes we do not know if the session is closed (session already closed but isOpen()=true) -//// try { -//// javax.persistence.Query query = session.createQuery("select userdatabase from UserDatabase userdatabase"); -//// query.getResultList(); -//// -//// } catch (Throwable e) { -//// Logger.warn("JPA Session Handling Warning!!!! - This error should not occur."); -//// session = getNewSession(); -//// } -//// -//// } else -//// session = getNewSession(); -//// -//// return session; -//// } -//// -//// @SuppressWarnings("unchecked") -//// public static EntityManager getNewSession() { -//// if (automaticSessionHandling) { -//// Logger.warn("Session is being automatically handled by hibernate. Therefore this session maybe not being newly created. Use HibernateUtil.getCurrentSession() instead."); -//// return entitymanagerfactory.createEntityManager(); -//// } -//// EntityManager session = (EntityManager) THREAD_LOCAL_CONFIG.get(); -//// if (session != null ) { -//// Logger.warn("Previous session has not been closed; closing ConfigDB session now."); -//// closeSession(); -//// } -//// Logger.debug("Opening new ConfigDB hibernate session..."); -//// try { -//// session = entitymanagerfactory.createEntityManager(); -//// THREAD_LOCAL_CONFIG.set(session); -//// } catch (HibernateException hex) { -//// Logger.error(hex.getMessage()); -//// } -//// return session; -//// } -// -// /** -// * Closes the current session. -// * -// * @throws HibernateException -// * thrown if session is already closed or a hibernate error -// * occurs. -// * -// * @deprecated -// */ -//@SuppressWarnings("unchecked") -//public static void closeSession() { -// -//} -// -//// /** -//// * Closes the current session. -//// * -//// * @throws HibernateException -//// * thrown if session is already closed or a hibernate error -//// * occurs. -//// */ -//// @SuppressWarnings("unchecked") -//// public static void closeSession() { -//// if (automaticSessionHandling) { -//// Logger.warn("Session is being automatically handled by hibernate. Therefore the current session cannot be closed on demand."); -//// return; -//// } -//// Logger.debug("Closing current ConfigDB hibernate session..."); -//// EntityManager session = (EntityManager) THREAD_LOCAL_CONFIG.get(); -//// THREAD_LOCAL_CONFIG.set(null); -//// if (session != null) { -//// try { -//// session.close(); -//// -//// } catch (HibernateException hex) { -//// Logger.error(hex.getMessage()); -//// } -//// } -//// } -//// -//// public static boolean save(Object dbo) throws MOADatabaseException { -//// EntityTransaction tx = null; -//// -//// try { -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// tx = session.getTransaction(); -//// -//// synchronized (session) { -//// tx.begin(); -//// session.merge(dbo); -//// tx.commit(); -//// -//// session.clear(); -//// } -//// return true; -//// -//// } catch(HibernateException e) { -//// Logger.warn("Error during Config database saveOrUpdate. Rollback.", e); -//// tx.rollback(); -//// throw new MOADatabaseException(e); -//// } -//// } -//// -//// -//// public static boolean saveOrUpdate(Object dbo) throws MOADatabaseException { -//// EntityTransaction tx = null; -//// -//// try { -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// tx = session.getTransaction(); -//// -//// synchronized (session) { -//// tx.begin(); -//// -//// session.merge(dbo); -//// session.flush(); -//// -//// tx.commit(); -//// -//// //session.clear(); -//// } -//// return true; -//// -//// } catch(HibernateException e) { -//// Logger.warn("Error during Config database saveOrUpdate. Rollback.", e); -//// tx.rollback(); -//// throw new MOADatabaseException(e); -//// } -//// } -//// -//// public static boolean delete(Object dbo) { -//// EntityTransaction tx = null; -//// try { -//// EntityManager session = ConfigurationDBUtils.getCurrentSession(); -//// tx = session.getTransaction(); -//// -//// synchronized (session) { -//// tx.begin(); -//// session.remove(session.contains(dbo) ? dbo : session.merge(dbo)); -//// tx.commit(); -//// } -//// -//// return true; -//// -//// } catch(HibernateException e) { -//// Logger.warn("Error during Config database delete. Rollback.", e); -//// tx.rollback(); -//// return false; -//// } -//// } -// -//} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java index 49e0634cb..ecb13ef34 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java @@ -32,7 +32,6 @@ import org.hibernate.Transaction; import org.hibernate.boot.registry.StandardServiceRegistryBuilder; import org.hibernate.cfg.Configuration; import org.hibernate.service.ServiceRegistry; -import org.hibernate.service.ServiceRegistryBuilder; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java index c049eebc4..28c705c71 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java @@ -12,8 +12,6 @@ import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; - -import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBWrite.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBWrite.java deleted file mode 100644 index ccc7f33f1..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBWrite.java +++ /dev/null @@ -1,52 +0,0 @@ -//package at.gv.egovernment.moa.id.commons.db; -// -//import java.util.Date; -//import java.util.List; -// -//import org.springframework.beans.factory.annotation.Autowired; -//import org.springframework.stereotype.Component; -// -//import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -//import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; -//import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral; -//import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.ChainingModes; -//import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.DefaultBKUs; -//import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.GenericConfiguration; -//import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; -//import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.SLRequestTemplates; -//import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; -//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -// -///** -// * This class is used for writing to the key-value database. -// */ -//@Component -//public class NewConfigurationDBWrite { -// -// private static MOAIDConfiguration conf; -// -// @Autowired(required = true) -// public void setConfiguration(MOAIDConfiguration conf) { -// // https://jira.spring.io/browse/SPR-3845 -// NewConfigurationDBWrite.conf = conf; -// } -// -// -// -// /** -// * @param user -// */ -// public void saveOrUpdate(UserDatabase user) throws MOADatabaseException{ -// // TODO Auto-generated method stub -// -// } -// -// /** -// * @param dbuser -// */ -// public void delete(UserDatabase dbuser) { -// // TODO Auto-generated method stub -// -// } -// -//} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java index eac47f93f..7e031cc76 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java @@ -32,7 +32,6 @@ import org.hibernate.Transaction; import org.hibernate.boot.registry.StandardServiceRegistryBuilder; import org.hibernate.cfg.Configuration; import org.hibernate.service.ServiceRegistry; -import org.hibernate.service.ServiceRegistryBuilder; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPS.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPS.java index 11eca81f5..6dacc2ec4 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPS.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPS.java @@ -11,20 +11,10 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; -import javax.persistence.Basic; + import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; import javax.persistence.JoinTable; import javax.persistence.ManyToMany; -import javax.persistence.OneToMany; -import javax.persistence.Table; import javax.persistence.Transient; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; @@ -35,8 +25,7 @@ import javax.xml.bind.annotation.XmlSchemaType; import javax.xml.bind.annotation.XmlType; import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; -import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter; -import org.jvnet.hyperjaxb3.item.ItemUtils; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -46,6 +35,8 @@ import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy; import org.jvnet.jaxb2_commons.locator.ObjectLocator; import org.jvnet.jaxb2_commons.locator.util.LocatorUtils; +import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter; + /** * <p>Java class for anonymous complex type. @@ -99,7 +90,7 @@ public class CPEPS protected Boolean supportsXMLSignature; @XmlAttribute(name = "Hjid") protected Long hjid; - protected transient List<CPEPSAttributeValueItem> attributeValueItems; + // protected transient List<CPEPSAttributeValueItem> attributeValueItems; /** * Gets the value of the attributeValue property. @@ -293,31 +284,31 @@ public class CPEPS this.hjid = value; } - @OneToMany(targetEntity = CPEPSAttributeValueItem.class, cascade = { - CascadeType.ALL - }) - - public List<CPEPSAttributeValueItem> getAttributeValueItems() { - if (this.attributeValueItems == null) { - this.attributeValueItems = new ArrayList<CPEPSAttributeValueItem>(); - } - if (ItemUtils.shouldBeWrapped(this.attributeValue)) { - this.attributeValue = ItemUtils.wrap(this.attributeValue, this.attributeValueItems, CPEPSAttributeValueItem.class); - } - return this.attributeValueItems; - } - - public void setAttributeValueItems(List<CPEPSAttributeValueItem> value) { - this.attributeValue = null; - this.attributeValueItems = null; - this.attributeValueItems = value; - if (this.attributeValueItems == null) { - this.attributeValueItems = new ArrayList<CPEPSAttributeValueItem>(); - } - if (ItemUtils.shouldBeWrapped(this.attributeValue)) { - this.attributeValue = ItemUtils.wrap(this.attributeValue, this.attributeValueItems, CPEPSAttributeValueItem.class); - } - } +// @OneToMany(targetEntity = CPEPSAttributeValueItem.class, cascade = { +// CascadeType.ALL +// }) +// +// public List<CPEPSAttributeValueItem> getAttributeValueItems() { +// if (this.attributeValueItems == null) { +// this.attributeValueItems = new ArrayList<CPEPSAttributeValueItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.attributeValue)) { +// this.attributeValue = ItemUtils.wrap(this.attributeValue, this.attributeValueItems, CPEPSAttributeValueItem.class); +// } +// return this.attributeValueItems; +// } +// +// public void setAttributeValueItems(List<CPEPSAttributeValueItem> value) { +// this.attributeValue = null; +// this.attributeValueItems = null; +// this.attributeValueItems = value; +// if (this.attributeValueItems == null) { +// this.attributeValueItems = new ArrayList<CPEPSAttributeValueItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.attributeValue)) { +// this.attributeValue = ItemUtils.wrap(this.attributeValue, this.attributeValueItems, CPEPSAttributeValueItem.class); +// } +// } public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { if (!(object instanceof CPEPS)) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPSAttributeValueItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPSAttributeValueItem.java deleted file mode 100644 index 0af8c64b4..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPSAttributeValueItem.java +++ /dev/null @@ -1,93 +0,0 @@ -// -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4 -// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> -// Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2015.07.20 at 12:19:30 PM CEST -// - - -package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; - -import java.io.Serializable; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import org.jvnet.hyperjaxb3.item.Item; - -@XmlAccessorType(XmlAccessType.FIELD) - - - -public class CPEPSAttributeValueItem - implements Serializable, Item<String> -{ - - @XmlElement(name = "AttributeValue", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#") - protected String item; - @XmlAttribute(name = "Hjid") - protected Long hjid; - - /** - * Gets the value of the item property. - * - * @return - * possible object is - * {@link String } - * - */ - - - public String getItem() { - return item; - } - - /** - * Sets the value of the item property. - * - * @param value - * allowed object is - * {@link String } - * - */ - public void setItem(String value) { - this.item = value; - } - - /** - * Gets the value of the hjid property. - * - * @return - * possible object is - * {@link Long } - * - */ - - - - public Long getHjid() { - return hjid; - } - - /** - * Sets the value of the hjid property. - * - * @param value - * allowed object is - * {@link Long } - * - */ - public void setHjid(Long value) { - this.hjid = value; - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Contact.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Contact.java index 38835db05..25a9c03ea 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Contact.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Contact.java @@ -11,18 +11,7 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; -import javax.persistence.Basic; -import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; -import javax.persistence.OneToMany; -import javax.persistence.Table; + import javax.persistence.Transient; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; @@ -32,7 +21,7 @@ import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlType; import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; -import org.jvnet.hyperjaxb3.item.ItemUtils; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -41,6 +30,7 @@ import org.jvnet.jaxb2_commons.lang.JAXBEqualsStrategy; import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy; import org.jvnet.jaxb2_commons.locator.ObjectLocator; import org.jvnet.jaxb2_commons.locator.util.LocatorUtils; +//import org.jvnet.hyperjaxb3.item.ItemUtils; /** @@ -109,8 +99,8 @@ public class Contact protected List<String> phone; @XmlAttribute(name = "Hjid") protected Long hjid; - protected transient List<ContactMailItem> mailItems; - protected transient List<ContactPhoneItem> phoneItems; +// protected transient List<ContactMailItem> mailItems; +// protected transient List<ContactPhoneItem> phoneItems; /** * Gets the value of the surName property. @@ -319,57 +309,57 @@ public class Contact this.hjid = value; } - @OneToMany(targetEntity = ContactMailItem.class, cascade = { - CascadeType.ALL - }) - - public List<ContactMailItem> getMailItems() { - if (this.mailItems == null) { - this.mailItems = new ArrayList<ContactMailItem>(); - } - if (ItemUtils.shouldBeWrapped(this.mail)) { - this.mail = ItemUtils.wrap(this.mail, this.mailItems, ContactMailItem.class); - } - return this.mailItems; - } - - public void setMailItems(List<ContactMailItem> value) { - this.mail = null; - this.mailItems = null; - this.mailItems = value; - if (this.mailItems == null) { - this.mailItems = new ArrayList<ContactMailItem>(); - } - if (ItemUtils.shouldBeWrapped(this.mail)) { - this.mail = ItemUtils.wrap(this.mail, this.mailItems, ContactMailItem.class); - } - } - - @OneToMany(targetEntity = ContactPhoneItem.class, cascade = { - CascadeType.ALL - }) - - public List<ContactPhoneItem> getPhoneItems() { - if (this.phoneItems == null) { - this.phoneItems = new ArrayList<ContactPhoneItem>(); - } - if (ItemUtils.shouldBeWrapped(this.phone)) { - this.phone = ItemUtils.wrap(this.phone, this.phoneItems, ContactPhoneItem.class); - } - return this.phoneItems; - } - - public void setPhoneItems(List<ContactPhoneItem> value) { - this.phone = null; - this.phoneItems = null; - this.phoneItems = value; - if (this.phoneItems == null) { - this.phoneItems = new ArrayList<ContactPhoneItem>(); - } - if (ItemUtils.shouldBeWrapped(this.phone)) { - this.phone = ItemUtils.wrap(this.phone, this.phoneItems, ContactPhoneItem.class); - } - } +// @OneToMany(targetEntity = ContactMailItem.class, cascade = { +// CascadeType.ALL +// }) +// +// public List<ContactMailItem> getMailItems() { +// if (this.mailItems == null) { +// this.mailItems = new ArrayList<ContactMailItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.mail)) { +// this.mail = ItemUtils.wrap(this.mail, this.mailItems, ContactMailItem.class); +// } +// return this.mailItems; +// } +// +// public void setMailItems(List<ContactMailItem> value) { +// this.mail = null; +// this.mailItems = null; +// this.mailItems = value; +// if (this.mailItems == null) { +// this.mailItems = new ArrayList<ContactMailItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.mail)) { +// this.mail = ItemUtils.wrap(this.mail, this.mailItems, ContactMailItem.class); +// } +// } +// +// @OneToMany(targetEntity = ContactPhoneItem.class, cascade = { +// CascadeType.ALL +// }) +// +// public List<ContactPhoneItem> getPhoneItems() { +// if (this.phoneItems == null) { +// this.phoneItems = new ArrayList<ContactPhoneItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.phone)) { +// this.phone = ItemUtils.wrap(this.phone, this.phoneItems, ContactPhoneItem.class); +// } +// return this.phoneItems; +// } +// +// public void setPhoneItems(List<ContactPhoneItem> value) { +// this.phone = null; +// this.phoneItems = null; +// this.phoneItems = value; +// if (this.phoneItems == null) { +// this.phoneItems = new ArrayList<ContactPhoneItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.phone)) { +// this.phone = ItemUtils.wrap(this.phone, this.phoneItems, ContactPhoneItem.class); +// } +// } public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { if (!(object instanceof Contact)) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactMailItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactMailItem.java deleted file mode 100644 index d7c656bd7..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactMailItem.java +++ /dev/null @@ -1,93 +0,0 @@ -// -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4 -// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> -// Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2015.07.20 at 12:19:30 PM CEST -// - - -package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; - -import java.io.Serializable; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import org.jvnet.hyperjaxb3.item.Item; - -@XmlAccessorType(XmlAccessType.FIELD) - - - -public class ContactMailItem - implements Serializable, Item<String> -{ - - @XmlElement(name = "Mail", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#") - protected String item; - @XmlAttribute(name = "Hjid") - protected Long hjid; - - /** - * Gets the value of the item property. - * - * @return - * possible object is - * {@link String } - * - */ - - - public String getItem() { - return item; - } - - /** - * Sets the value of the item property. - * - * @param value - * allowed object is - * {@link String } - * - */ - public void setItem(String value) { - this.item = value; - } - - /** - * Gets the value of the hjid property. - * - * @return - * possible object is - * {@link Long } - * - */ - - - - public Long getHjid() { - return hjid; - } - - /** - * Sets the value of the hjid property. - * - * @param value - * allowed object is - * {@link Long } - * - */ - public void setHjid(Long value) { - this.hjid = value; - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactPhoneItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactPhoneItem.java deleted file mode 100644 index ae9c57ea0..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactPhoneItem.java +++ /dev/null @@ -1,93 +0,0 @@ -// -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4 -// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> -// Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2015.07.20 at 12:19:30 PM CEST -// - - -package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; - -import java.io.Serializable; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import org.jvnet.hyperjaxb3.item.Item; - -@XmlAccessorType(XmlAccessType.FIELD) - - - -public class ContactPhoneItem - implements Serializable, Item<String> -{ - - @XmlElement(name = "Phone", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#") - protected String item; - @XmlAttribute(name = "Hjid") - protected Long hjid; - - /** - * Gets the value of the item property. - * - * @return - * possible object is - * {@link String } - * - */ - - - public String getItem() { - return item; - } - - /** - * Sets the value of the item property. - * - * @param value - * allowed object is - * {@link String } - * - */ - public void setItem(String value) { - this.item = value; - } - - /** - * Gets the value of the hjid property. - * - * @return - * possible object is - * {@link Long } - * - */ - - - - public Long getHjid() { - return hjid; - } - - /** - * Sets the value of the hjid property. - * - * @param value - * allowed object is - * {@link Long } - * - */ - public void setHjid(Long value) { - this.hjid = value; - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/GeneralConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/GeneralConfiguration.java index 883245da8..d3e454e51 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/GeneralConfiguration.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/GeneralConfiguration.java @@ -27,6 +27,7 @@ import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlType; import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter; @@ -107,6 +108,9 @@ public class GeneralConfiguration @XmlAttribute(name = "Hjid") protected Long hjid; + @XmlTransient + protected boolean virtualPublicURLPrefixEnabled = false; + /** * Gets the value of the timeOuts property. * @@ -322,7 +326,24 @@ public class GeneralConfiguration return true; } - public boolean equals(Object object) { + + + /** + * @return the virtualPublicURLPrefixEnabled + */ + public boolean isVirtualPublicURLPrefixEnabled() { + return virtualPublicURLPrefixEnabled; + } + + /** + * @param virtualPublicURLPrefixEnabled the virtualPublicURLPrefixEnabled to set + */ + public void setVirtualPublicURLPrefixEnabled( + boolean virtualPublicURLPrefixEnabled) { + this.virtualPublicURLPrefixEnabled = virtualPublicURLPrefixEnabled; + } + + public boolean equals(Object object) { final EqualsStrategy strategy = JAXBEqualsStrategy.INSTANCE; return equals(null, null, object, strategy); } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSigners.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSigners.java index c48d4522d..90f46efe1 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSigners.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSigners.java @@ -11,24 +11,14 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; -import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; -import javax.persistence.OneToMany; -import javax.persistence.Table; + import javax.persistence.Transient; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlType; -import org.jvnet.hyperjaxb3.item.ItemUtils; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -73,7 +63,7 @@ public class IdentityLinkSigners protected List<String> x509SubjectName; @XmlAttribute(name = "Hjid") protected Long hjid; - protected transient List<IdentityLinkSignersX509SubjectNameItem> x509SubjectNameItems; +// protected transient List<IdentityLinkSignersX509SubjectNameItem> x509SubjectNameItems; /** * Gets the value of the x509SubjectName property. @@ -140,31 +130,31 @@ public class IdentityLinkSigners this.hjid = value; } - @OneToMany(targetEntity = IdentityLinkSignersX509SubjectNameItem.class, cascade = { - CascadeType.ALL - }) - - public List<IdentityLinkSignersX509SubjectNameItem> getX509SubjectNameItems() { - if (this.x509SubjectNameItems == null) { - this.x509SubjectNameItems = new ArrayList<IdentityLinkSignersX509SubjectNameItem>(); - } - if (ItemUtils.shouldBeWrapped(this.x509SubjectName)) { - this.x509SubjectName = ItemUtils.wrap(this.x509SubjectName, this.x509SubjectNameItems, IdentityLinkSignersX509SubjectNameItem.class); - } - return this.x509SubjectNameItems; - } - - public void setX509SubjectNameItems(List<IdentityLinkSignersX509SubjectNameItem> value) { - this.x509SubjectName = null; - this.x509SubjectNameItems = null; - this.x509SubjectNameItems = value; - if (this.x509SubjectNameItems == null) { - this.x509SubjectNameItems = new ArrayList<IdentityLinkSignersX509SubjectNameItem>(); - } - if (ItemUtils.shouldBeWrapped(this.x509SubjectName)) { - this.x509SubjectName = ItemUtils.wrap(this.x509SubjectName, this.x509SubjectNameItems, IdentityLinkSignersX509SubjectNameItem.class); - } - } +// @OneToMany(targetEntity = IdentityLinkSignersX509SubjectNameItem.class, cascade = { +// CascadeType.ALL +// }) +// +// public List<IdentityLinkSignersX509SubjectNameItem> getX509SubjectNameItems() { +// if (this.x509SubjectNameItems == null) { +// this.x509SubjectNameItems = new ArrayList<IdentityLinkSignersX509SubjectNameItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.x509SubjectName)) { +// this.x509SubjectName = ItemUtils.wrap(this.x509SubjectName, this.x509SubjectNameItems, IdentityLinkSignersX509SubjectNameItem.class); +// } +// return this.x509SubjectNameItems; +// } +// +// public void setX509SubjectNameItems(List<IdentityLinkSignersX509SubjectNameItem> value) { +// this.x509SubjectName = null; +// this.x509SubjectNameItems = null; +// this.x509SubjectNameItems = value; +// if (this.x509SubjectNameItems == null) { +// this.x509SubjectNameItems = new ArrayList<IdentityLinkSignersX509SubjectNameItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.x509SubjectName)) { +// this.x509SubjectName = ItemUtils.wrap(this.x509SubjectName, this.x509SubjectNameItems, IdentityLinkSignersX509SubjectNameItem.class); +// } +// } public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { if (!(object instanceof IdentityLinkSigners)) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSignersX509SubjectNameItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSignersX509SubjectNameItem.java deleted file mode 100644 index c0679df1c..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSignersX509SubjectNameItem.java +++ /dev/null @@ -1,93 +0,0 @@ -// -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4 -// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> -// Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2015.07.20 at 12:19:30 PM CEST -// - - -package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; - -import java.io.Serializable; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import org.jvnet.hyperjaxb3.item.Item; - -@XmlAccessorType(XmlAccessType.FIELD) - - - -public class IdentityLinkSignersX509SubjectNameItem - implements Serializable, Item<String> -{ - - @XmlElement(name = "X509SubjectName", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#") - protected String item; - @XmlAttribute(name = "Hjid") - protected Long hjid; - - /** - * Gets the value of the item property. - * - * @return - * possible object is - * {@link String } - * - */ - - - public String getItem() { - return item; - } - - /** - * Sets the value of the item property. - * - * @param value - * allowed object is - * {@link String } - * - */ - public void setItem(String value) { - this.item = value; - } - - /** - * Gets the value of the hjid property. - * - * @return - * possible object is - * {@link Long } - * - */ - - - - public Long getHjid() { - return hjid; - } - - /** - * Sets the value of the hjid property. - * - * @param value - * allowed object is - * {@link Long } - * - */ - public void setHjid(Long value) { - this.hjid = value; - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowed.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowed.java index 12a48c88e..1a45642d1 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowed.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowed.java @@ -11,24 +11,14 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; -import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; -import javax.persistence.OneToMany; -import javax.persistence.Table; + import javax.persistence.Transient; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlType; -import org.jvnet.hyperjaxb3.item.ItemUtils; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -73,7 +63,7 @@ public class LegacyAllowed protected List<String> protocolName; @XmlAttribute(name = "Hjid") protected Long hjid; - protected transient List<LegacyAllowedProtocolNameItem> protocolNameItems; +// protected transient List<LegacyAllowedProtocolNameItem> protocolNameItems; /** * Gets the value of the protocolName property. @@ -140,31 +130,31 @@ public class LegacyAllowed this.hjid = value; } - @OneToMany(targetEntity = LegacyAllowedProtocolNameItem.class, cascade = { - CascadeType.ALL - }) - - public List<LegacyAllowedProtocolNameItem> getProtocolNameItems() { - if (this.protocolNameItems == null) { - this.protocolNameItems = new ArrayList<LegacyAllowedProtocolNameItem>(); - } - if (ItemUtils.shouldBeWrapped(this.protocolName)) { - this.protocolName = ItemUtils.wrap(this.protocolName, this.protocolNameItems, LegacyAllowedProtocolNameItem.class); - } - return this.protocolNameItems; - } - - public void setProtocolNameItems(List<LegacyAllowedProtocolNameItem> value) { - this.protocolName = null; - this.protocolNameItems = null; - this.protocolNameItems = value; - if (this.protocolNameItems == null) { - this.protocolNameItems = new ArrayList<LegacyAllowedProtocolNameItem>(); - } - if (ItemUtils.shouldBeWrapped(this.protocolName)) { - this.protocolName = ItemUtils.wrap(this.protocolName, this.protocolNameItems, LegacyAllowedProtocolNameItem.class); - } - } +// @OneToMany(targetEntity = LegacyAllowedProtocolNameItem.class, cascade = { +// CascadeType.ALL +// }) +// +// public List<LegacyAllowedProtocolNameItem> getProtocolNameItems() { +// if (this.protocolNameItems == null) { +// this.protocolNameItems = new ArrayList<LegacyAllowedProtocolNameItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.protocolName)) { +// this.protocolName = ItemUtils.wrap(this.protocolName, this.protocolNameItems, LegacyAllowedProtocolNameItem.class); +// } +// return this.protocolNameItems; +// } +// +// public void setProtocolNameItems(List<LegacyAllowedProtocolNameItem> value) { +// this.protocolName = null; +// this.protocolNameItems = null; +// this.protocolNameItems = value; +// if (this.protocolNameItems == null) { +// this.protocolNameItems = new ArrayList<LegacyAllowedProtocolNameItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.protocolName)) { +// this.protocolName = ItemUtils.wrap(this.protocolName, this.protocolNameItems, LegacyAllowedProtocolNameItem.class); +// } +// } public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { if (!(object instanceof LegacyAllowed)) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowedProtocolNameItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowedProtocolNameItem.java deleted file mode 100644 index 91aae9742..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowedProtocolNameItem.java +++ /dev/null @@ -1,93 +0,0 @@ -// -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4 -// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> -// Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2015.07.20 at 12:19:30 PM CEST -// - - -package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; - -import java.io.Serializable; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import org.jvnet.hyperjaxb3.item.Item; - -@XmlAccessorType(XmlAccessType.FIELD) - - - -public class LegacyAllowedProtocolNameItem - implements Serializable, Item<String> -{ - - @XmlElement(name = "ProtocolName", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#") - protected String item; - @XmlAttribute(name = "Hjid") - protected Long hjid; - - /** - * Gets the value of the item property. - * - * @return - * possible object is - * {@link String } - * - */ - - - public String getItem() { - return item; - } - - /** - * Sets the value of the item property. - * - * @param value - * allowed object is - * {@link String } - * - */ - public void setItem(String value) { - this.item = value; - } - - /** - * Gets the value of the hjid property. - * - * @return - * possible object is - * {@link Long } - * - */ - - - - public Long getHjid() { - return hjid; - } - - /** - * Sets the value of the hjid property. - * - * @param value - * allowed object is - * {@link Long } - * - */ - public void setHjid(Long value) { - this.hjid = value; - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java index 64e4be82b..810139c84 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java @@ -12,19 +12,10 @@ import java.io.Serializable; import java.util.ArrayList; import java.util.Date; import java.util.List; -import javax.persistence.Basic; + import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; import javax.persistence.OneToMany; -import javax.persistence.Table; import javax.persistence.Temporal; import javax.persistence.TemporalType; import javax.persistence.Transient; @@ -37,8 +28,7 @@ import javax.xml.bind.annotation.XmlSchemaType; import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlType; import javax.xml.datatype.XMLGregorianCalendar; -import org.jvnet.hyperjaxb3.xml.bind.annotation.adapters.XMLGregorianCalendarAsDateTime; -import org.jvnet.hyperjaxb3.xml.bind.annotation.adapters.XmlAdapterUtils; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -511,22 +501,24 @@ public class MOAIDConfiguration @Temporal(TemporalType.TIMESTAMP) public Date getTimestampItem() { - return XmlAdapterUtils.unmarshall(XMLGregorianCalendarAsDateTime.class, this.getTimestamp()); + //return XmlAdapterUtils.unmarshall(XMLGregorianCalendarAsDateTime.class, this.getTimestamp()); + return new Date(); } public void setTimestampItem(Date target) { - setTimestamp(XmlAdapterUtils.marshall(XMLGregorianCalendarAsDateTime.class, target)); + //setTimestamp(XmlAdapterUtils.marshall(XMLGregorianCalendarAsDateTime.class, target)); } @Temporal(TemporalType.TIMESTAMP) public Date getPvp2RefreshItem() { - return XmlAdapterUtils.unmarshall(XMLGregorianCalendarAsDateTime.class, this.getPvp2Refresh()); + //return XmlAdapterUtils.unmarshall(XMLGregorianCalendarAsDateTime.class, this.getPvp2Refresh()); + return new Date(); } public void setPvp2RefreshItem(Date target) { - setPvp2Refresh(XmlAdapterUtils.marshall(XMLGregorianCalendarAsDateTime.class, target)); + //setPvp2Refresh(XmlAdapterUtils.marshall(XMLGregorianCalendarAsDateTime.class, target)); } public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Mandates.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Mandates.java index 247be940c..a87a6d1f6 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Mandates.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Mandates.java @@ -11,25 +11,14 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; -import javax.persistence.Basic; -import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; -import javax.persistence.OneToMany; -import javax.persistence.Table; + import javax.persistence.Transient; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlType; -import org.jvnet.hyperjaxb3.item.ItemUtils; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -38,6 +27,7 @@ import org.jvnet.jaxb2_commons.lang.JAXBEqualsStrategy; import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy; import org.jvnet.jaxb2_commons.locator.ObjectLocator; import org.jvnet.jaxb2_commons.locator.util.LocatorUtils; +//import org.jvnet.hyperjaxb3.item.ItemUtils; /** @@ -78,7 +68,7 @@ public class Mandates protected List<String> profileName; @XmlAttribute(name = "Hjid") protected Long hjid; - protected transient List<MandatesProfileNameItem> profileNameItems; +// protected transient List<MandatesProfileNameItem> profileNameItems; /** * Gets the value of the profiles property. @@ -171,31 +161,31 @@ public class Mandates this.hjid = value; } - @OneToMany(targetEntity = MandatesProfileNameItem.class, cascade = { - CascadeType.ALL - }) - - public List<MandatesProfileNameItem> getProfileNameItems() { - if (this.profileNameItems == null) { - this.profileNameItems = new ArrayList<MandatesProfileNameItem>(); - } - if (ItemUtils.shouldBeWrapped(this.profileName)) { - this.profileName = ItemUtils.wrap(this.profileName, this.profileNameItems, MandatesProfileNameItem.class); - } - return this.profileNameItems; - } - - public void setProfileNameItems(List<MandatesProfileNameItem> value) { - this.profileName = null; - this.profileNameItems = null; - this.profileNameItems = value; - if (this.profileNameItems == null) { - this.profileNameItems = new ArrayList<MandatesProfileNameItem>(); - } - if (ItemUtils.shouldBeWrapped(this.profileName)) { - this.profileName = ItemUtils.wrap(this.profileName, this.profileNameItems, MandatesProfileNameItem.class); - } - } +// @OneToMany(targetEntity = MandatesProfileNameItem.class, cascade = { +// CascadeType.ALL +// }) +// +// public List<MandatesProfileNameItem> getProfileNameItems() { +// if (this.profileNameItems == null) { +// this.profileNameItems = new ArrayList<MandatesProfileNameItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.profileName)) { +// this.profileName = ItemUtils.wrap(this.profileName, this.profileNameItems, MandatesProfileNameItem.class); +// } +// return this.profileNameItems; +// } +// +// public void setProfileNameItems(List<MandatesProfileNameItem> value) { +// this.profileName = null; +// this.profileNameItems = null; +// this.profileNameItems = value; +// if (this.profileNameItems == null) { +// this.profileNameItems = new ArrayList<MandatesProfileNameItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.profileName)) { +// this.profileName = ItemUtils.wrap(this.profileName, this.profileNameItems, MandatesProfileNameItem.class); +// } +// } public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { if (!(object instanceof Mandates)) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MandatesProfileNameItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MandatesProfileNameItem.java deleted file mode 100644 index 0ef09c0dc..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MandatesProfileNameItem.java +++ /dev/null @@ -1,93 +0,0 @@ -// -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4 -// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> -// Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2015.07.20 at 12:19:30 PM CEST -// - - -package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; - -import java.io.Serializable; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import org.jvnet.hyperjaxb3.item.Item; - -@XmlAccessorType(XmlAccessType.FIELD) - - - -public class MandatesProfileNameItem - implements Serializable, Item<String> -{ - - @XmlElement(name = "ProfileName", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#") - protected String item; - @XmlAttribute(name = "Hjid") - protected Long hjid; - - /** - * Gets the value of the item property. - * - * @return - * possible object is - * {@link String } - * - */ - - - public String getItem() { - return item; - } - - /** - * Sets the value of the item property. - * - * @param value - * allowed object is - * {@link String } - * - */ - public void setItem(String value) { - this.item = value; - } - - /** - * Gets the value of the hjid property. - * - * @return - * possible object is - * {@link Long } - * - */ - - - - public Long getHjid() { - return hjid; - } - - /** - * Sets the value of the hjid property. - * - * @param value - * allowed object is - * {@link Long } - * - */ - public void setHjid(Long value) { - this.hjid = value; - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OAPVP2.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OAPVP2.java index d5cee7b83..ea34d7a06 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OAPVP2.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OAPVP2.java @@ -10,16 +10,8 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.Date; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; + import javax.persistence.Lob; -import javax.persistence.Table; import javax.persistence.Temporal; import javax.persistence.TemporalType; import javax.persistence.Transient; @@ -31,8 +23,7 @@ import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlSchemaType; import javax.xml.bind.annotation.XmlType; import javax.xml.datatype.XMLGregorianCalendar; -import org.jvnet.hyperjaxb3.xml.bind.annotation.adapters.XMLGregorianCalendarAsDateTime; -import org.jvnet.hyperjaxb3.xml.bind.annotation.adapters.XmlAdapterUtils; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -196,11 +187,12 @@ public class OAPVP2 @Temporal(TemporalType.TIMESTAMP) public Date getUpdateRequiredItem() { - return XmlAdapterUtils.unmarshall(XMLGregorianCalendarAsDateTime.class, this.getUpdateRequired()); + //return XmlAdapterUtils.unmarshall(XMLGregorianCalendarAsDateTime.class, this.getUpdateRequired()); + return new Date(); } public void setUpdateRequiredItem(Date target) { - setUpdateRequired(XmlAdapterUtils.marshall(XMLGregorianCalendarAsDateTime.class, target)); + //setUpdateRequired(XmlAdapterUtils.marshall(XMLGregorianCalendarAsDateTime.class, target)); } public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentials.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentials.java index 2e80cb0d5..673e7b9ce 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentials.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentials.java @@ -11,18 +11,7 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; -import javax.persistence.Basic; -import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; -import javax.persistence.OneToMany; -import javax.persistence.Table; + import javax.persistence.Transient; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; @@ -31,8 +20,7 @@ import javax.xml.bind.annotation.XmlSchemaType; import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlType; import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; -import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter; -import org.jvnet.hyperjaxb3.item.ItemUtils; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -42,6 +30,8 @@ import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy; import org.jvnet.jaxb2_commons.locator.ObjectLocator; import org.jvnet.jaxb2_commons.locator.util.LocatorUtils; +import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter; + /** * <p>Java class for anonymous complex type. @@ -81,7 +71,7 @@ public class TestCredentials protected Boolean enableTestCredentials; @XmlAttribute(name = "Hjid") protected Long hjid; - protected transient List<TestCredentialsCredentialOIDItem> credentialOIDItems; + //protected transient List<TestCredentialsCredentialOIDItem> credentialOIDItems; @XmlTransient protected boolean useTestIDLTrustStore; @@ -185,31 +175,31 @@ public class TestCredentials this.hjid = value; } - @OneToMany(targetEntity = TestCredentialsCredentialOIDItem.class, cascade = { - CascadeType.ALL - }) - - public List<TestCredentialsCredentialOIDItem> getCredentialOIDItems() { - if (this.credentialOIDItems == null) { - this.credentialOIDItems = new ArrayList<TestCredentialsCredentialOIDItem>(); - } - if (ItemUtils.shouldBeWrapped(this.credentialOID)) { - this.credentialOID = ItemUtils.wrap(this.credentialOID, this.credentialOIDItems, TestCredentialsCredentialOIDItem.class); - } - return this.credentialOIDItems; - } - - public void setCredentialOIDItems(List<TestCredentialsCredentialOIDItem> value) { - this.credentialOID = null; - this.credentialOIDItems = null; - this.credentialOIDItems = value; - if (this.credentialOIDItems == null) { - this.credentialOIDItems = new ArrayList<TestCredentialsCredentialOIDItem>(); - } - if (ItemUtils.shouldBeWrapped(this.credentialOID)) { - this.credentialOID = ItemUtils.wrap(this.credentialOID, this.credentialOIDItems, TestCredentialsCredentialOIDItem.class); - } - } +// @OneToMany(targetEntity = TestCredentialsCredentialOIDItem.class, cascade = { +// CascadeType.ALL +// }) +// +// public List<TestCredentialsCredentialOIDItem> getCredentialOIDItems() { +// if (this.credentialOIDItems == null) { +// this.credentialOIDItems = new ArrayList<TestCredentialsCredentialOIDItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.credentialOID)) { +// this.credentialOID = ItemUtils.wrap(this.credentialOID, this.credentialOIDItems, TestCredentialsCredentialOIDItem.class); +// } +// return this.credentialOIDItems; +// } +// +// public void setCredentialOIDItems(List<TestCredentialsCredentialOIDItem> value) { +// this.credentialOID = null; +// this.credentialOIDItems = null; +// this.credentialOIDItems = value; +// if (this.credentialOIDItems == null) { +// this.credentialOIDItems = new ArrayList<TestCredentialsCredentialOIDItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.credentialOID)) { +// this.credentialOID = ItemUtils.wrap(this.credentialOID, this.credentialOIDItems, TestCredentialsCredentialOIDItem.class); +// } +// } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentialsCredentialOIDItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentialsCredentialOIDItem.java deleted file mode 100644 index 3e386be66..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentialsCredentialOIDItem.java +++ /dev/null @@ -1,93 +0,0 @@ -// -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4 -// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> -// Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2015.07.20 at 12:19:30 PM CEST -// - - -package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; - -import java.io.Serializable; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import org.jvnet.hyperjaxb3.item.Item; - -@XmlAccessorType(XmlAccessType.FIELD) - - - -public class TestCredentialsCredentialOIDItem - implements Serializable, Item<String> -{ - - @XmlElement(name = "credentialOID", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#") - protected String item; - @XmlAttribute(name = "Hjid") - protected Long hjid; - - /** - * Gets the value of the item property. - * - * @return - * possible object is - * {@link String } - * - */ - - - public String getItem() { - return item; - } - - /** - * Sets the value of the item property. - * - * @param value - * allowed object is - * {@link String } - * - */ - public void setItem(String value) { - this.item = value; - } - - /** - * Gets the value of the hjid property. - * - * @return - * possible object is - * {@link Long } - * - */ - - - - public Long getHjid() { - return hjid; - } - - /** - * Sets the value of the hjid property. - * - * @param value - * allowed object is - * {@link Long } - * - */ - public void setHjid(Long value) { - this.hjid = value; - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlock.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlock.java index 155863b03..01a5c9b1b 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlock.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlock.java @@ -11,18 +11,7 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; -import javax.persistence.Basic; -import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; -import javax.persistence.OneToMany; -import javax.persistence.Table; + import javax.persistence.Transient; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; @@ -30,7 +19,7 @@ import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlType; -import org.jvnet.hyperjaxb3.item.ItemUtils; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -39,6 +28,7 @@ import org.jvnet.jaxb2_commons.lang.JAXBEqualsStrategy; import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy; import org.jvnet.jaxb2_commons.locator.ObjectLocator; import org.jvnet.jaxb2_commons.locator.util.LocatorUtils; +//import org.jvnet.hyperjaxb3.item.ItemUtils; /** @@ -79,7 +69,7 @@ public class VerifyAuthBlock protected List<String> verifyTransformsInfoProfileID; @XmlAttribute(name = "Hjid") protected Long hjid; - protected transient List<VerifyAuthBlockVerifyTransformsInfoProfileIDItem> verifyTransformsInfoProfileIDItems; +// protected List<VerifyAuthBlockVerifyTransformsInfoProfileIDItem> verifyTransformsInfoProfileIDItems; @XmlTransient protected String TestTrustProfileID; @@ -192,31 +182,31 @@ public class VerifyAuthBlock this.hjid = value; } - @OneToMany(targetEntity = VerifyAuthBlockVerifyTransformsInfoProfileIDItem.class, cascade = { - CascadeType.ALL - }) +// @OneToMany(targetEntity = VerifyAuthBlockVerifyTransformsInfoProfileIDItem.class, cascade = { +// CascadeType.ALL +// }) - public List<VerifyAuthBlockVerifyTransformsInfoProfileIDItem> getVerifyTransformsInfoProfileIDItems() { - if (this.verifyTransformsInfoProfileIDItems == null) { - this.verifyTransformsInfoProfileIDItems = new ArrayList<VerifyAuthBlockVerifyTransformsInfoProfileIDItem>(); - } - if (ItemUtils.shouldBeWrapped(this.verifyTransformsInfoProfileID)) { - this.verifyTransformsInfoProfileID = ItemUtils.wrap(this.verifyTransformsInfoProfileID, this.verifyTransformsInfoProfileIDItems, VerifyAuthBlockVerifyTransformsInfoProfileIDItem.class); - } - return this.verifyTransformsInfoProfileIDItems; - } - - public void setVerifyTransformsInfoProfileIDItems(List<VerifyAuthBlockVerifyTransformsInfoProfileIDItem> value) { - this.verifyTransformsInfoProfileID = null; - this.verifyTransformsInfoProfileIDItems = null; - this.verifyTransformsInfoProfileIDItems = value; - if (this.verifyTransformsInfoProfileIDItems == null) { - this.verifyTransformsInfoProfileIDItems = new ArrayList<VerifyAuthBlockVerifyTransformsInfoProfileIDItem>(); - } - if (ItemUtils.shouldBeWrapped(this.verifyTransformsInfoProfileID)) { - this.verifyTransformsInfoProfileID = ItemUtils.wrap(this.verifyTransformsInfoProfileID, this.verifyTransformsInfoProfileIDItems, VerifyAuthBlockVerifyTransformsInfoProfileIDItem.class); - } - } +// public List<VerifyAuthBlockVerifyTransformsInfoProfileIDItem> getVerifyTransformsInfoProfileIDItems() { +// if (this.verifyTransformsInfoProfileIDItems == null) { +// this.verifyTransformsInfoProfileIDItems = new ArrayList<VerifyAuthBlockVerifyTransformsInfoProfileIDItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.verifyTransformsInfoProfileID)) { +// this.verifyTransformsInfoProfileID = ItemUtils.wrap(this.verifyTransformsInfoProfileID, this.verifyTransformsInfoProfileIDItems, VerifyAuthBlockVerifyTransformsInfoProfileIDItem.class); +// } +// return this.verifyTransformsInfoProfileIDItems; +// } +// +// public void setVerifyTransformsInfoProfileIDItems(List<VerifyAuthBlockVerifyTransformsInfoProfileIDItem> value) { +// this.verifyTransformsInfoProfileID = null; +// this.verifyTransformsInfoProfileIDItems = null; +// this.verifyTransformsInfoProfileIDItems = value; +// if (this.verifyTransformsInfoProfileIDItems == null) { +// this.verifyTransformsInfoProfileIDItems = new ArrayList<VerifyAuthBlockVerifyTransformsInfoProfileIDItem>(); +// } +// if (ItemUtils.shouldBeWrapped(this.verifyTransformsInfoProfileID)) { +// this.verifyTransformsInfoProfileID = ItemUtils.wrap(this.verifyTransformsInfoProfileID, this.verifyTransformsInfoProfileIDItems, VerifyAuthBlockVerifyTransformsInfoProfileIDItem.class); +// } +// } public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { if (!(object instanceof VerifyAuthBlock)) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlockVerifyTransformsInfoProfileIDItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlockVerifyTransformsInfoProfileIDItem.java deleted file mode 100644 index 8955525dd..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlockVerifyTransformsInfoProfileIDItem.java +++ /dev/null @@ -1,93 +0,0 @@ -// -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4 -// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> -// Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2015.07.20 at 12:19:30 PM CEST -// - - -package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; - -import java.io.Serializable; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import org.jvnet.hyperjaxb3.item.Item; - -@XmlAccessorType(XmlAccessType.FIELD) - - - -public class VerifyAuthBlockVerifyTransformsInfoProfileIDItem - implements Serializable, Item<String> -{ - - @XmlElement(name = "VerifyTransformsInfoProfileID", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#") - protected String item; - @XmlAttribute(name = "Hjid") - protected Long hjid; - - /** - * Gets the value of the item property. - * - * @return - * possible object is - * {@link String } - * - */ - - - public String getItem() { - return item; - } - - /** - * Sets the value of the item property. - * - * @param value - * allowed object is - * {@link String } - * - */ - public void setItem(String value) { - this.item = value; - } - - /** - * Gets the value of the hjid property. - * - * @return - * possible object is - * {@link Long } - * - */ - - - - public Long getHjid() { - return hjid; - } - - /** - * Sets the value of the hjid property. - * - * @param value - * allowed object is - * {@link Long } - * - */ - public void setHjid(Long value) { - this.hjid = value; - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java index 7b298a7d9..54216edc4 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java @@ -62,6 +62,9 @@ public class InterfederationSessionStore implements Serializable{ @Column(name = "QAALevel", unique=false, nullable=false) private String QAALevel; + @Column(name = "authURL", unique=false, nullable=false) + private String authURL; + @Column(name = "attributesRequested", unique=false, nullable=true) private boolean attributesRequested; @@ -207,6 +210,20 @@ public class InterfederationSessionStore implements Serializable{ this.storeSSOInformation = storeSSOInformation; } + /** + * @return the authURL + */ + public String getAuthURL() { + return authURL; + } + + /** + * @param authURL the authURL to set + */ + public void setAuthURL(String authURL) { + this.authURL = authURL; + } + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java index 0daeba40e..8b720e901 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java @@ -65,6 +65,9 @@ public class OASessionStore implements Serializable{ @Column(name = "protocolType", unique=false, nullable=true) private String protocolType; + @Column(name = "authURL", unique=false, nullable=false) + private String authURL; + @Column(name = "attributequeryused", unique=false, nullable=false) private boolean attributeQueryUsed = false; @@ -183,6 +186,20 @@ public class OASessionStore implements Serializable{ this.userNameIDFormat = userNameIDFormat; } + /** + * @return the authURL + */ + public String getAuthURL() { + return authURL; + } + + /** + * @param authURL the authURL to set + */ + public void setAuthURL(String authURL) { + this.authURL = authURL; + } + diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java index 8f3a8402d..cbdd13d0e 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java @@ -31,6 +31,8 @@ import java.util.Map; import java.util.Map.Entry; import java.util.Set; +import org.apache.commons.lang3.StringUtils; + import at.gv.egovernment.moa.util.MiscUtil; /** @@ -40,6 +42,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class KeyValueUtils { public static final String KEY_DELIMITER = "."; + public static final String CSV_DELIMITER = ","; /** * Extract the first child of an input key after a the prefix @@ -237,7 +240,8 @@ public class KeyValueUtils { * Normalize a CSV encoded list of value of an key/value pair * * This method removes all whitespace at the begin or the - * end of CSV values + * end of CSV values and remove newLine signs at the end of value. + * The ',' is used as list delimiter * * @param value CSV encoded input data * @return normalized CSV encoded data or null if {value} is null or empty @@ -245,7 +249,7 @@ public class KeyValueUtils { public static String normalizeCSVValueString(String value) { String normalizedCodes = null; if (MiscUtil.isNotEmpty(value)) { - String[] codes = value.split(","); + String[] codes = value.split(CSV_DELIMITER); for (String el: codes) { if (normalizedCodes == null) normalizedCodes = el.trim(); @@ -256,4 +260,39 @@ public class KeyValueUtils { } return normalizedCodes; } + + + /** + * Check a String if it is a comma separated list of values + * + * This method uses the ',' as list delimiter. + * + * @param value CSV encoded input data + * @return true if the input data contains a ',' and has more then 1 list element, otherwise false + */ + public static boolean isCSVValueString(String value) { + if (MiscUtil.isNotEmpty(value)) { + String[] codes = value.split(CSV_DELIMITER); + if (codes.length >= 2) { + if (MiscUtil.isNotEmpty(codes[1].trim())) + return true; + + } + } + + return false; + } + + + /** + * This method remove all newline delimiter (\n or \r\n) from input data + * + * @param value Input String + * @return Input String without newline characters + */ + public static String removeAllNewlineFromString(String value) { + return value.replaceAll("(\\t|\\r?\\n)+", ""); + + } + } diff --git a/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java index 758209193..edf7ce268 100644 --- a/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java +++ b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java @@ -50,7 +50,7 @@ public class MOAHttpClient extends HttpClient { else port = url.getPort(); - Protocol authhttps = new Protocol("https", protoSocketFactory, port); + Protocol authhttps = new Protocol("https", protoSocketFactory, 443); getHostConfiguration().setHost(url.getHost(), port, authhttps); } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml index a65d02070..49293420c 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml @@ -51,6 +51,12 @@ <artifactId>junit</artifactId> <scope>test</scope> </dependency> + + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-lang3</artifactId> + </dependency> + </dependencies> </project>
\ No newline at end of file diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 0850bb676..11917d0c3 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -371,6 +371,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * containg the authentication block, meant to be returned to the security * layer implementation</li> * </ul> + * @param pendingReq * * @param sessionID ID of associated authentication session data * @param infoboxReadResponseParameters The parameters from the response returned from the BKU @@ -379,7 +380,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * <code><CreateXMLSignatureRequest></code> */ public String verifyCertificate(AuthenticationSession session, - X509Certificate certificate) throws AuthenticationException, + X509Certificate certificate, IRequest pendingReq) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException, MOAIDException { @@ -409,7 +410,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, - authConf, oaParam); + authConf, oaParam, pendingReq); return returnvalue; } @@ -471,6 +472,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @param session * @param authConf * @param oaParam + * @param pendingReq * @return * @throws ConfigurationException * @throws BuildException @@ -478,7 +480,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { */ public String getCreateXMLSignatureRequestAuthBlockOrRedirect( AuthenticationSession session, AuthConfiguration authConf, - OAAuthParameter oaParam) throws ConfigurationException, + OAAuthParameter oaParam, IRequest pendingReq) throws ConfigurationException, BuildException, ValidateException { // // check for intermediate processing of the infoboxes @@ -493,7 +495,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { session.getPublicOAURLPrefix()); // builds the AUTH-block - String authBlock = buildAuthenticationBlock(session, oaParam); + String authBlock = buildAuthenticationBlock(session, oaParam, pendingReq); // builds the <CreateXMLSignatureRequest> List<String> transformsInfos = authConf.getTransformsInfos(); @@ -665,12 +667,13 @@ public class AuthenticationServer extends BaseAuthenticationServer { * given session data. * * @param session authentication session + * @param pendingReq * @return <code><saml:Assertion></code> as a String * @throws BuildException If an error occurs on serializing an extended SAML attribute * to be appended to the AUTH-Block. */ private String buildAuthenticationBlock(AuthenticationSession session, - OAAuthParameter oaParam) throws BuildException { + OAAuthParameter oaParam, IRequest pendingReq) throws BuildException { IdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getName(); @@ -726,15 +729,10 @@ public class AuthenticationServer extends BaseAuthenticationServer { if (session.isSsoRequested()) { - String oaURL = new String(); - try { - oaURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); - - if (MiscUtil.isNotEmpty(oaURL)) - oaURL = oaURL.replaceAll("&", "&"); + String oaURL = pendingReq.getAuthURL(); + if (MiscUtil.isNotEmpty(oaURL)) + oaURL = oaURL.replaceAll("&", "&"); - } catch (ConfigurationException e) { - } String authBlock = new AuthenticationBlockAssertionBuilder() .buildAuthBlockSSO(issuer, issueInstant, authURL, target, targetFriendlyName, identificationValue, @@ -1087,9 +1085,9 @@ public class AuthenticationServer extends BaseAuthenticationServer { } // validates <CreateXMLSignatureResponse> if (session.isSsoRequested()) - new CreateXMLSignatureResponseValidator().validateSSO(csresp, session); + new CreateXMLSignatureResponseValidator().validateSSO(csresp, session, pendingReq); else - new CreateXMLSignatureResponseValidator().validate(csresp, session); + new CreateXMLSignatureResponseValidator().validate(csresp, session, pendingReq); // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index 20f102571..307074ee2 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -1,6 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID; import java.io.PrintWriter; @@ -21,7 +21,6 @@ import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; - import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestStorage; @@ -119,7 +118,7 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { } catch (MOAIDException ex) { -// handleError(null, ex, req, resp, pendingRequestID); + Logger.info("GetIdentityLink request generation FAILED. Reason:" + ex.getMessage()); throw new TaskExecutionException(ex.getMessage(), ex); } catch (Exception e) { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index feab1ec66..1dd4780f7 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -36,7 +36,6 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAAuthDataType; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; @@ -158,7 +157,8 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { ccc, moasession.getModul(), moasession.getAction(), - request); + request, + pendingReq); } } @@ -175,6 +175,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { } catch (MOADatabaseException | MOAIDException e) { + Logger.info("Initialize BKUAuthentication FAILED. Reason:" + e.getMessage()); throw new TaskExecutionException(e.getMessage(), e); } catch (Exception e) { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index 469ca91a9..49888c136 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -17,6 +17,8 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; @@ -66,7 +68,9 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { } pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - + IRequest pendingReq = RequestStorage.getPendingRequest( + (String) executionContext.get("pendingRequestID")); + AuthenticationSession session = AuthenticationServer.getSession(sessionID); // change MOASessionID @@ -77,7 +81,7 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { AuthConfiguration authConf = AuthConfigurationProviderFactory.getInstance(); String createXMLSignatureRequest = AuthenticationServer.getInstance() - .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); + .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam, pendingReq); AuthenticationSessionStoreage.storeSession(session); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index d99ba873d..2734d1027 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -110,7 +110,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { if (useMandate) { // verify certificate for OrganWalter - String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert); + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert, pendingReq); try { AuthenticationSessionStoreage.storeSession(session); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index e1ab0025e..8a9c19c80 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -67,6 +67,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; @@ -124,9 +125,10 @@ public class CreateXMLSignatureResponseValidator { * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse} * @param createXMLSignatureResponse * @param session + * @param pendingReq * @throws ValidateException */ - public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session) + public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session, IRequest pendingReq) throws ValidateException { // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier @@ -411,20 +413,15 @@ public class CreateXMLSignatureResponseValidator { * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse} * @param createXMLSignatureResponse * @param session + * @param pendingReq * @throws ValidateException */ - public void validateSSO(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session) + public void validateSSO(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session, IRequest pendingReq) throws ValidateException { - // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier - - String oaURL; - try { - oaURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); - } catch (ConfigurationException e1) { - oaURL = new String(); - } - + // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier + String oaURL = pendingReq.getAuthURL(); + IdentityLink identityLink = session.getIdentityLink(); Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index 2a953bcab..080d5ae0b 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -20,6 +20,12 @@ <dependencies> <dependency> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + <version>1.10</version> + </dependency> + + <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <scope>test</scope> @@ -35,13 +41,13 @@ <dependency> <groupId>com.google.http-client</groupId> <artifactId>google-http-client-jackson2</artifactId> - <version>1.19.0</version> + <version>1.21.0</version> <scope>test</scope> </dependency> <dependency> <groupId>com.google.oauth-client</groupId> <artifactId>google-oauth-client-jetty</artifactId> - <version>1.19.0</version> + <version>1.21.0</version> <scope>test</scope> <exclusions> <exclusion> @@ -67,11 +73,11 @@ </exclusions> </dependency> - <dependency> +<!-- <dependency> <groupId>com.google.guava</groupId> <artifactId>guava</artifactId> - <version>18.0</version> - </dependency> + <version>19.0</version> + </dependency> --> <!-- TestNG --> <dependency> diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index 94a1d14d0..88e26da76 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -105,7 +105,7 @@ class OAuth20AuthAction implements IAction { //TODO: maybe add bPK / wbPK to SLO information - SLOInformationInterface sloInformation = new SLOInformationImpl(accessToken, null, null, req.requestedModule()); + SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), accessToken, null, null, req.requestedModule()); return sloInformation; } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index b9556b815..e5d8db873 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -48,6 +48,15 @@ import at.gv.egovernment.moa.logging.Logger; public class OAuth20AuthRequest extends OAuth20BaseRequest { + /** + * @param req + * @throws ConfigurationException + */ + public OAuth20AuthRequest(HttpServletRequest req) + throws ConfigurationException { + super(req); + } + private static final long serialVersionUID = 1L; private String responseType; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index bd3fdb3e8..5fcac0b2f 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -31,8 +31,6 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringUtils; -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; @@ -52,8 +50,8 @@ abstract class OAuth20BaseRequest extends RequestImpl { protected Set<String> allowedParameters = new HashSet<String>(); - protected OAuth20BaseRequest() { - + public OAuth20BaseRequest(HttpServletRequest req) throws ConfigurationException { + super(req); } protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception { @@ -124,15 +122,21 @@ abstract class OAuth20BaseRequest extends RequestImpl { public static OAuth20BaseRequest newInstance(final String action, final HttpServletRequest request, String sessionId, String transactionId) throws OAuth20Exception { OAuth20BaseRequest res; - - if (action.equals(OAuth20Protocol.AUTH_ACTION)) { - res = new OAuth20AuthRequest(); + try { + if (action.equals(OAuth20Protocol.AUTH_ACTION)) { + res = new OAuth20AuthRequest(request); - } else if (action.equals(OAuth20Protocol.TOKEN_ACTION)) { - res = new OAuth20TokenRequest(); + } else if (action.equals(OAuth20Protocol.TOKEN_ACTION)) { + res = new OAuth20TokenRequest(request); - } else { + } else { + throw new OAuth20InvalidRequestException(); + } + + } catch (ConfigurationException e) { + Logger.warn(e.getMessage()); throw new OAuth20InvalidRequestException(); + } res.setAction(action); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 56d86df72..70c29359e 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -104,7 +104,7 @@ public class OAuth20Protocol implements IModulInfo { // get error code and description String errorCode; String errorDescription; - String errorUri = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + String errorUri = protocolRequest.getAuthURL() +"/" + OAuth20Constants.ERRORPAGE; String moaError = null; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index 6bebe5a6a..abfe4ce15 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -41,6 +41,15 @@ import at.gv.egovernment.moa.logging.Logger; class OAuth20TokenRequest extends OAuth20BaseRequest { + /** + * @param req + * @throws ConfigurationException + */ + public OAuth20TokenRequest(HttpServletRequest req) + throws ConfigurationException { + super(req); + } + private static final long serialVersionUID = 1L; private String code; diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml index 61af328d3..a6399391a 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -15,6 +15,24 @@ <artifactId>qrgen</artifactId> <version>1.4</version> </dependency> + + <!-- JSON JWT implementation --> + <dependency> + <groupId>com.googlecode.jsontoken</groupId> + <artifactId>jsontoken</artifactId> + <version>1.1</version> + <exclusions> + <exclusion> + <groupId>javax.servlet</groupId> + <artifactId>servlet-api</artifactId> + </exclusion> + <exclusion> + <artifactId>google-collections</artifactId> + <groupId>com.google.collections</groupId> + </exclusion> + </exclusions> + </dependency> + </dependencies> </project>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java index fa7d59beb..fae1b6f4d 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java @@ -31,10 +31,6 @@ import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import net.glxn.qrgen.QRCode; -import net.glxn.qrgen.image.ImageType; - -import org.apache.commons.codec.binary.Base64OutputStream; import org.apache.velocity.VelocityContext; import com.google.gson.JsonObject; @@ -46,17 +42,17 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import net.glxn.qrgen.QRCode; +import net.glxn.qrgen.image.ImageType; @@ -93,13 +89,21 @@ public class SSOTransferGUIServlet extends AuthServlet { } else { //create first step of SSO Transfer GUI + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). + contains(authURL)) { + Logger.warn("Requested URL is not allowed.");; + resp.sendError(500, "Requested URL is not allowed."); + + } + String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid); if (MiscUtil.isNotEmpty(moaSessionID)) { AuthenticationSession authSession = AuthenticationSessionStoreage .getSession(moaSessionID); if(authSession != null) { Date now = new Date(); - String encodedSSOContainer = SSOContainerUtils.generateSignedAndEncryptedSSOContainer(authSession, now); + String encodedSSOContainer = SSOContainerUtils.generateSignedAndEncryptedSSOContainer(authURL, authSession, now); String token = Random.nextRandom(); AssertionStorage.getInstance().put(token, encodedSSOContainer); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index 884633a1e..270264099 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -26,8 +26,6 @@ import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID; import java.io.BufferedReader; import java.io.IOException; -import java.util.Enumeration; -import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -35,7 +33,6 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.BooleanUtils; import org.apache.velocity.VelocityContext; import org.joda.time.DateTime; -import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.Response; import com.google.gson.JsonObject; @@ -52,7 +49,6 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; @@ -127,7 +123,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { if (PVPConfiguration.getInstance().getIDPPublicPath().equals(entityID)) { // stored SSO session data is from this IDP - start local session reconstruction Response ssoInformation = SSOContainerUtils.validateReceivedSSOContainer(sessionBlob); - SSOContainerUtils.parseSSOContainerToMOASessionDataObject(moasession, ssoInformation); + SSOContainerUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moasession, ssoInformation); // store MOASession into database try { diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 8980d3ea7..861dcbf58 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -22,8 +22,6 @@ */ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils; -import iaik.x509.X509Certificate; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.StringWriter; @@ -87,7 +85,6 @@ import org.w3c.dom.NodeList; import com.google.gson.JsonObject; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; @@ -100,10 +97,10 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; @@ -116,6 +113,7 @@ import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate; /** * @author tlenz @@ -142,10 +140,10 @@ public class SSOContainerUtils { REQUIRED_ATTRIBUTES = Collections.unmodifiableList(tmp); } - public static void parseSSOContainerToMOASessionDataObject(AuthenticationSession moasession, Response ssoInformation) throws AssertionAttributeExtractorExeption, ConfigurationException { + public static void parseSSOContainerToMOASessionDataObject(IRequest pendingReq, AuthenticationSession moasession, Response ssoInformation) throws AssertionAttributeExtractorExeption, ConfigurationException { AssertionAttributeExtractor attributeExtractor = new AssertionAttributeExtractor(ssoInformation); - String authServiceURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + String authServiceURL = pendingReq.getAuthURL(); if (authServiceURL.endsWith("/")) moasession.setAuthURL(authServiceURL); else @@ -313,10 +311,10 @@ public class SSOContainerUtils { } - public static String generateSignedAndEncryptedSSOContainer( + public static String generateSignedAndEncryptedSSOContainer(String authURL, AuthenticationSession authSession, Date date) { try { - String entityID = PVPConfiguration.getInstance().getIDPPublicPath(); + String entityID = authURL; AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); @@ -347,6 +345,7 @@ public class SSOContainerUtils { IAuthData authData = new SSOTransferAuthenticationData(authSession); Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion( + authURL, entityID, new DateTime(date.getTime()), authnContextClassRef, @@ -356,7 +355,7 @@ public class SSOContainerUtils { sessionIndex, subjectConfirmationData.getNotOnOrAfter()); - String ssoDataBlob = buildSSOContainerObject(assertion, new DateTime(date.getTime())); + String ssoDataBlob = buildSSOContainerObject(authURL, assertion, new DateTime(date.getTime())); JsonObject container = new JsonObject(); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, "SSO"); @@ -377,13 +376,13 @@ public class SSOContainerUtils { return null; } - private static String buildSSOContainerObject(Assertion assertion, DateTime date) throws ConfigurationException, EncryptionException, CredentialsNotAvailableException, SecurityException, ParserConfigurationException, MarshallingException, SignatureException, TransformerFactoryConfigurationError, TransformerException, IOException { + private static String buildSSOContainerObject(String authURL, Assertion assertion, DateTime date) throws ConfigurationException, EncryptionException, CredentialsNotAvailableException, SecurityException, ParserConfigurationException, MarshallingException, SignatureException, TransformerFactoryConfigurationError, TransformerException, IOException { Response authResponse = SAML2Utils.createSAMLObject(Response.class); Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); //change to entity value from entity name to IDP EntityID (URL) - nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + nissuer.setValue(authURL); nissuer.setFormat(NameID.ENTITY); authResponse.setIssuer(nissuer); diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index 26a082431..9c43ae277 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -18,6 +18,22 @@ </properties> <dependencies> + + <dependency> + <groupId>MOA.id.server</groupId> + <artifactId>moa-id-lib</artifactId> + <scope>test</scope> + <type>test-jar</type> + <version>3.0.3-Snapshot</version> + </dependency> + + <dependency> + <groupId>MOA</groupId> + <artifactId>moa-common</artifactId> + <type>test-jar</type> + <scope>test</scope> + </dependency> + <dependency> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-modul-citizencard_authentication</artifactId> diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index b94348856..d4e73690f 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -80,7 +80,7 @@ public class GetArtifactAction implements IAction { String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID); if (authData.isSsoSession()) { - String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet"; + String url = req.getAuthURL() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8")); if (!oaParam.getBusinessService()) url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, URLEncoder.encode(req.getTarget(), "UTF-8")); @@ -109,7 +109,7 @@ public class GetArtifactAction implements IAction { } SLOInformationInterface sloInformation = - new SLOInformationImpl(authData.getAssertionID(), null, null, req.requestedModule()); + new SLOInformationImpl(req.getAuthURL(), authData.getAssertionID(), null, null, req.requestedModule()); return sloInformation; diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index eb869756e..04e50baac 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -38,9 +38,6 @@ import org.apache.commons.lang3.StringEscapeUtils; import org.w3c.dom.Element; import org.xml.sax.SAXException; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; - import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; @@ -77,6 +74,8 @@ import at.gv.util.xsd.persondata.IdentificationType.Value; import at.gv.util.xsd.persondata.PersonNameType; import at.gv.util.xsd.persondata.PersonNameType.FamilyName; import at.gv.util.xsd.persondata.PhysicalPersonType; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; public class SAML1AuthenticationServer extends AuthenticationServer { @@ -108,7 +107,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { samlArtifact, ex.toString() }); } Throwable error = null; - synchronized (authenticationDataStore) { + //synchronized (authenticationDataStore) { try { error = authenticationDataStore .get(samlArtifact, Throwable.class); @@ -120,7 +119,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { throw new AuthenticationException("1206", new Object[] { samlArtifact }); } - } + //} return error; } @@ -179,7 +178,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { samlArtifact, ex.toString() }); } String authData = null; - synchronized (authenticationDataStore) { + //synchronized (authenticationDataStore) { // System.out.println("assertionHandle: " + assertionHandle); try { @@ -190,7 +189,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); } - } + //} authenticationDataStore.remove(samlArtifact); @@ -617,11 +616,11 @@ public class SAML1AuthenticationServer extends AuthenticationServer { new Object[] { samlArtifact }); parser.parseAssertionHandle(); - synchronized (authenticationDataStore) { + //synchronized (authenticationDataStore) { Logger.debug("Assertion stored for SAML Artifact: " + samlArtifact); authenticationDataStore.put(samlArtifact, samlAssertion); - } + //} } catch (AuthenticationException ex) { throw ex; diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 7416dfb00..6573270e4 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -101,7 +101,7 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action, String sessionId, String transactionId) throws MOAIDException { - SAML1RequestImpl config = new SAML1RequestImpl(); + SAML1RequestImpl config = new SAML1RequestImpl(request); if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) { Logger.info("SAML1 is deaktivated!"); @@ -185,7 +185,7 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace(); String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest); - String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet"; + String url = protocolRequest.getAuthURL() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = response.encodeRedirectURL(url); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java index 5370573a7..3da7cab80 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java @@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.util.ArrayList; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.opensaml.saml2.core.Attribute; import at.gv.egovernment.moa.id.config.ConfigurationException; @@ -42,6 +44,16 @@ import at.gv.egovernment.moa.logging.Logger; */ public class SAML1RequestImpl extends RequestImpl { + /** + * @param req + * @throws ConfigurationException + */ + public SAML1RequestImpl(HttpServletRequest req) + throws ConfigurationException { + super(req); + + } + private static final long serialVersionUID = -4961979968425683115L; private String sourceID = null; diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java index 9896f2454..13fb59038 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java @@ -93,7 +93,7 @@ public class DatabaseTestModule implements TestModuleInterface{ private String testMOAConfigurationDatabase() throws Exception{ - String publicURLPreFix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + List<String> publicURLPreFix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); if (MiscUtil.isEmpty(publicURLPreFix)) return ("MOA-ID 2.x configuration can not be loaded from Database."); diff --git a/id/server/modules/module-stork/pom.xml b/id/server/modules/module-stork/pom.xml index 234c8d28a..b52c10391 100644 --- a/id/server/modules/module-stork/pom.xml +++ b/id/server/modules/module-stork/pom.xml @@ -22,6 +22,33 @@ <dependencies> <dependency> + <groupId>eu.stork</groupId> + <artifactId>DocumentService</artifactId> + <version>0.0.1-SNAPSHOT</version> + <classifier>classes</classifier> + <exclusions> + <exclusion> + <artifactId>axis</artifactId> + <groupId>org.apache.axis</groupId> + </exclusion> + <exclusion> + <artifactId>bcprov-jdk16</artifactId> + <groupId>org.bouncycastle</groupId> + </exclusion> + <exclusion> + <artifactId>jaxws-tools</artifactId> + <groupId>com.sun.xml.ws</groupId> + </exclusion> + </exclusions> + </dependency> + + <dependency> + <groupId>eu.stork</groupId> + <artifactId>SamlEngine</artifactId> + <version>1.5.1</version> + </dependency> + + <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <scope>test</scope> diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java index ef61739f8..138776976 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java @@ -1,6 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID;
import java.io.IOException;
import java.io.StringWriter;
@@ -17,7 +17,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.velocity.Template;
@@ -27,22 +26,8 @@ import org.opensaml.common.IdentifierGenerator; import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.w3c.dom.DOMException;
-import eu.stork.oasisdss.api.AdditionalProfiles;
-import eu.stork.oasisdss.api.ApiUtils;
-import eu.stork.oasisdss.api.Profiles;
-import eu.stork.oasisdss.api.QualityLevels;
-import eu.stork.oasisdss.api.SignatureTypes;
-import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
-import eu.stork.oasisdss.profile.AnyType;
-import eu.stork.oasisdss.profile.DocumentType;
-import eu.stork.oasisdss.profile.SignRequest;
-import eu.stork.peps.auth.commons.PEPSUtil;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.PersonalAttributeList;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
-import eu.stork.peps.auth.engine.STORKSAMLEngine;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -51,7 +36,6 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -59,9 +43,6 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
-
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -69,6 +50,21 @@ import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.oasisdss.api.AdditionalProfiles;
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.api.Profiles;
+import eu.stork.oasisdss.api.QualityLevels;
+import eu.stork.oasisdss.api.SignatureTypes;
+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
+import eu.stork.oasisdss.profile.AnyType;
+import eu.stork.oasisdss.profile.DocumentType;
+import eu.stork.oasisdss.profile.SignRequest;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
/**
* Creates a SAML2 STORK authentication request, embeds it in a form (in order to satisfy saml post binging) and returns the form withing the HttpServletResponse.<p/>
@@ -118,6 +114,8 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { sessionID = (String) executionContext.get(PARAM_SESSIONID);
pendingRequestID = (String) executionContext.get("pendingRequestID");
+ String ccc = (String) executionContext.get("CCC");
+
// check parameter
if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
@@ -126,7 +124,7 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { AuthenticationSession moasession = BaseAuthenticationServer.getSession(sessionID);
IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
- if (StringUtils.isEmpty(moasession.getCcc())) {
+ if (StringUtils.isEmpty(ccc)) {
// illegal state; task should not have been executed without a selected country
throw new AuthenticationException("stork.22", new Object[] { sessionID });
@@ -140,10 +138,13 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { // STORK authentication
// cpeps cannot be null
- CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());
+ CPEPS cpeps = storkConfig.getCPEPS(ccc);
Logger.debug("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
executionContext.put(PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED, cpeps.isXMLSignatureSupported());
+ //add selected Country-Code to MOASession DAO
+ moasession.setCcc(ccc);
+
Logger.info("Starting STORK authentication for a citizen of country: " + moasession.getCcc());
startSTORKAuthentication(req, resp, moasession, pendingReq);
@@ -202,7 +203,7 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { Logger.debug("C-PEPS URL: " + destination);
- String issuerValue = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+ String issuerValue = pendingReq.getAuthURL();
// String acsURL = new DataURLBuilder().buildDataURL(issuerValue,
// PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID());
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java index 304e5f495..e84c33d5d 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java @@ -32,7 +32,9 @@ import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
@@ -185,7 +187,8 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep // throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
-
+ IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
+
// load MOASession from database
AuthenticationSession moaSession = BaseAuthenticationServer.getSession(moaSessionID);
// change MOASessionID
@@ -289,7 +292,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep // set return url to PEPSConnectorWithLocalSigningServlet and add newMOASessionID
// signRequest
- String issuerValue = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+ String issuerValue = pendingReq.getAuthURL();
String acsURL = issuerValue
+ AbstractPepsConnectorWithLocalSigningTask.PEPSCONNECTOR_SERVLET_URL_PATTERN;
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 25cb952d7..2e72f216a 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -83,7 +83,7 @@ public class AttributeCollector implements IAction { if (httpReq.getParameter("SAMLResponse") != null) { Logger.info("Got SAML response from external attribute provider."); - MOASTORKResponse STORK2Response = new MOASTORKResponse(); + MOASTORKResponse STORK2Response = new MOASTORKResponse(httpReq); //extract STORK Response from HTTP Request byte[] decSamlToken; @@ -173,7 +173,7 @@ public class AttributeCollector implements IAction { SLOInformationImpl sloInfo = (SLOInformationImpl) processRequest(container, httpReq, httpResp, authData, oaParam); if (sloInfo == null) { - sloInfo = new SLOInformationImpl(null, null, null, req.requestedModule()); + sloInfo = new SLOInformationImpl(req.getAuthURL(), null, null, null, req.requestedModule()); } return sloInfo; @@ -297,7 +297,7 @@ public class AttributeCollector implements IAction { Logger.info(e.getAp().getClass().getSimpleName() + " is going to ask an external service provider for the requested attributes"); // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, request, response, oaParam); + e.getAp().performRedirect(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().get(0) + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, request, response, oaParam); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 4d3c01bee..f16f7c9a8 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -85,7 +85,7 @@ public class AuthenticationRequest implements IAction { if (oaParam == null) throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()}); - MOASTORKResponse moaStorkResponse = new MOASTORKResponse(); + MOASTORKResponse moaStorkResponse = new MOASTORKResponse(httpReq); // check if it is attribute query if (moaStorkRequest.isAttrRequest()) { @@ -217,9 +217,9 @@ public class AuthenticationRequest implements IAction { String destinationURL = null; try { - issuer = new URL(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()).toString(); + issuer = new URL(moaStorkRequest.getAuthURL()).toString(); destinationURL = AuthConfigurationProviderFactory.getInstance().getStorkConfig().getCPEPS(citizenCountryCode).getPepsURL().toString(); - publicURLPrefix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + publicURLPrefix = moaStorkRequest.getAuthURL(); assertionConsumerURL = publicURLPrefix + "/stork2/SendPEPSAuthnRequest"; } catch (MalformedURLException ex) { Logger.error("Wrong PublicURLPrefix setting of MOA instance: " + AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(), ex); diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index 947accf8e..2b7d4e045 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -145,7 +145,7 @@ public class ConsentEvaluator implements IAction { Template template = velocityEngine.getTemplate("/resources/templates/stork2_consent.html"); VelocityContext context = new VelocityContext(); - context.put("action", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/stork2/GetConsent?" + ARTIFACT_ID + "=" + newArtifactId); + context.put("action", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().get(0) + "/stork2/GetConsent?" + ARTIFACT_ID + "=" + newArtifactId); // assemble table String table = ""; diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index 11eb01453..4e666c21c 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -26,6 +26,8 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.opensaml.saml2.core.Attribute; import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder; @@ -52,6 +54,15 @@ import eu.stork.peps.auth.commons.STORKAuthnResponse; */ public class MOASTORKRequest extends RequestImpl { + /** + * @param req + * @throws ConfigurationException + */ + public MOASTORKRequest(HttpServletRequest req) + throws ConfigurationException { + super(req); + } + public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList( new String[] { PVPConstants.BPK_NAME, diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java index d2cf2e813..a233835bf 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java @@ -22,6 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.stork2; +import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.logging.Logger; @@ -33,6 +34,8 @@ import eu.stork.peps.auth.commons.STORKAuthnResponse; import java.io.Serializable; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.opensaml.saml2.core.Attribute; /** @@ -43,6 +46,15 @@ import org.opensaml.saml2.core.Attribute; public class MOASTORKResponse extends RequestImpl { /** + * @param req + * @throws ConfigurationException + */ + public MOASTORKResponse(HttpServletRequest req) + throws ConfigurationException { + super(req); + } + + /** * The Constant serialVersionUID. */ private static final long serialVersionUID = -5798803155055518747L; diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java index e58fe804f..2351450e4 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java @@ -92,7 +92,7 @@ public class MandateRetrievalRequest implements IAction { if (oaParam == null) throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()}); - MOASTORKResponse moaStorkResponse = new MOASTORKResponse(); + MOASTORKResponse moaStorkResponse = new MOASTORKResponse(httpReq); STORKAttrQueryResponse attrResponse = new STORKAttrQueryResponse(); this.authData = authData; diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 071b5ae8a..c4f9658e4 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -91,8 +91,8 @@ public class STORKProtocol extends MOAIDAuthConstants implements IModulInfo { Logger.debug("Request content length: " + request.getContentLength()); Logger.debug("Initiating action: " + action); - MOASTORKRequest STORK2Request = new MOASTORKRequest(); - MOASTORKResponse STORK2Response = new MOASTORKResponse(); + MOASTORKRequest STORK2Request = new MOASTORKRequest(request); + MOASTORKResponse STORK2Response = new MOASTORKResponse(request); if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluator.class.getSimpleName().equals(action)) diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index 094f3954b..1018abf9c 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -41,6 +41,10 @@ <groupId>ch.qos.logback</groupId> <artifactId>logback-classic</artifactId> </exclusion> + <exclusion> + <artifactId>DocumentService</artifactId> + <groupId>eu.stork</groupId> + </exclusion> </exclusions> </dependency> <dependency> |