aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
Diffstat (limited to 'id/server')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java145
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java14
2 files changed, 122 insertions, 37 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index 348b1c45a..94353fb6b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -18,6 +18,7 @@ import java.util.Map;
import java.util.Properties;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.transaction.annotation.Transactional;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.MOAIDConstants;
@@ -38,13 +39,13 @@ import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl;
import at.gv.egovernment.moa.id.config.ConfigurationUtils;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.ConnectionParameterForeign;
import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP;
import at.gv.egovernment.moa.id.config.ConnectionParameterMandate;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.pki.revocation.RevocationSourceTypes;
/**
* A class providing access to the Auth Part of the MOA-ID configuration data.
@@ -196,6 +197,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getPropertiesWithPrefix(java.lang.String)
*/
@Override
+ @Transactional
public Map<String, String> getConfigurationWithPrefix(String Prefix) {
try {
return configuration.getPropertySubset(Prefix);
@@ -212,6 +214,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getPropertiesWithPrefix(java.lang.String)
*/
@Override
+ @Transactional
public Map<String, String> getConfigurationWithWildCard(String key) {
try {
return configuration.searchPropertiesWithWildcard(key);
@@ -228,23 +231,33 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
}
+ public String getBasicMOAIDConfiguration(final String key, final String defaultValue) {
+ return properties.getProperty(key, defaultValue);
+
+ }
+
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getPropertyWithKey(java.lang.String)
*/
@Override
+ @Transactional
public String getConfigurationWithKey(String key) {
try {
- return configuration.getStringValue(key).trim();
-
- } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
- return null;
- }
+ String value = configuration.getStringValue(key);
+ if (value != null)
+ return value.trim();
+
+ } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {}
+
+ return null;
}
/**
* Returns the general pvp2 properties config. NOTE: may be empty but never {@code null}.
* @return the general pvp2 properties config.
*/
+ @Transactional
public Properties getGeneralPVP2ProperiesConfig() {
return this.getGeneralProperiesConfig("protocols.pvp2.");
}
@@ -253,6 +266,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* Returns the general oauth20 properties config. NOTE: may be empty but never {@code null}.
* @return the general oauth20 properties config.
*/
+ @Transactional
public Properties getGeneralOAuth20ProperiesConfig() {
return this.getGeneralProperiesConfig("protocols.oauth20.");
}
@@ -262,6 +276,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
*
* @return the allowed protocols or {@code null}.
*/
+ @Transactional
public ProtocolAllowed getAllowedProtocols() {
try {
ProtocolAllowed allowedProtcols = new ProtocolAllowed();
@@ -287,6 +302,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getTransactionTimeOut()
*/
@Override
+ @Transactional
public int getTransactionTimeOut() {
try {
return configuration.getIntegerValue(
@@ -302,6 +318,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getSSOCreatedTimeOut()
*/
@Override
+ @Transactional
public int getSSOCreatedTimeOut() {
try {
return configuration.getIntegerValue(
@@ -317,6 +334,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getSSOUpdatedTimeOut()
*/
@Override
+ @Transactional
public int getSSOUpdatedTimeOut() {
try {
return configuration.getIntegerValue(
@@ -334,6 +352,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @return an alternative source ID or {@code null}.
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}
*/
+ @Transactional
public String getAlternativeSourceID() throws ConfigurationException {
try {
return configuration.getStringValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_SOURCEID);
@@ -349,6 +368,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
*
* @return the list of protocols.
*/
+ @Transactional
public List<String> getLegacyAllowedProtocols() {
List<String> legacy = new ArrayList<String>();
@@ -380,6 +400,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @param oaURL URL requested for an online application
* @return an <code>OAAuthParameter</code>, or <code>null</code> if none is applicable
*/
+ @Transactional
public OAAuthParameter getOnlineApplicationParameter(String oaURL) {
Map<String, String> oa = getActiveOnlineApplication(oaURL);
if (oa == null) {
@@ -395,6 +416,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @return a string with a url-reference to the VerifyAuthBlock trust profile ID.
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}.
*/
+ @Transactional
public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException {
if (useTestTrustStore)
return getMoaSpAuthBlockTestTrustProfileID();
@@ -451,6 +473,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @return a list of strings containing all urls to the verify transform info IDs.
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}.
*/
+ @Transactional
public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException {
try {
return Arrays.asList(configuration.getStringValue(
@@ -468,6 +491,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @return ConnectionParameter of the authentication component moa-sp element.
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}.
*/
+ @Transactional
public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException {
ConnectionParameter result = null;
String moaspURL;
@@ -494,24 +518,34 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @return the connection parameter.
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}.
*/
- public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException {
- ConnectionParameter result = null;
- String serviceURL;
+ @Transactional
+ public ConnectionParameter getForeignIDConnectionParameter(IOAAuthParameters oaParameters) throws ConfigurationException {
+ String serviceURL = null;
try {
- serviceURL = configuration.getStringValue(
- MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL);
- if (serviceURL != null) {
- result =
- new ConnectionParameterForeign(serviceURL, this.getProperties(), this.getRootConfigFileDir());
+ //load OA specific MIS service URL if OA configuration exists
+ if (oaParameters != null)
+ serviceURL = oaParameters.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL);
+ //get first entry from general configuration if no OA specific URL exists
+ if (MiscUtil.isEmpty(serviceURL)) {
+ List<String> serviceURLs = KeyValueUtils.getListOfCSVValues(
+ configuration.getStringValue(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL));
+ if (serviceURLs.size() > 0)
+ serviceURL = serviceURLs.get(0);
+
}
+ if (MiscUtil.isNotEmpty(serviceURL))
+ return new ConnectionParameterMandate(serviceURL, this.getProperties(), this.getRootConfigFileDir());
+
+ else
+ throw new ConfigurationException("service.09", new Object[]{"NO SZR-GW Service URL"});
+
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
- Logger.warn("Loading SZRGW Service URL from configuration FAILED.", e);
+ Logger.warn("Initialize SZR-GW service connection parameters FAILED.", e);
+ throw new ConfigurationException("service.09", new Object[]{e.getMessage()}, e);
- }
-
- return result;
+ }
}
/**
@@ -520,24 +554,35 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @return the connection parameter.
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}
*/
- public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException {
- ConnectionParameter result = null;
- String serviceURL;
+ @Transactional
+ public ConnectionParameter getOnlineMandatesConnectionParameter(IOAAuthParameters oaParameters) throws ConfigurationException {
+ String serviceURL = null;
try {
- serviceURL = configuration.getStringValue(
- MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL);
- if (serviceURL != null) {
- result =
- new ConnectionParameterMandate(serviceURL, this.getProperties(), this.getRootConfigFileDir());
+ //load OA specific MIS service URL if OA configuration exists
+ if (oaParameters != null)
+ serviceURL = oaParameters.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_MIS_SERVICE_URL);
+ //get first entry from general configuration if no OA specific URL exists
+ if (MiscUtil.isEmpty(serviceURL)) {
+ List<String> serviceURLs = KeyValueUtils.getListOfCSVValues(
+ configuration.getStringValue(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL));
+ if (serviceURLs.size() > 0)
+ serviceURL = serviceURLs.get(0);
+
}
+ if (MiscUtil.isNotEmpty(serviceURL))
+ return new ConnectionParameterMandate(serviceURL, this.getProperties(), this.getRootConfigFileDir());
+
+ else
+ throw new ConfigurationException("service.06", new Object[]{"NO MIS Service URL"});
+
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
- Logger.warn("Loading SZRGW Service URL from configuration FAILED.", e);
+ Logger.warn("Initialize MIS service connection parameters FAILED.", e);
+ throw new ConfigurationException("service.06", new Object[]{e.getMessage()}, e);
}
-
- return result;
+
}
/**
@@ -563,6 +608,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @return a list of transform infos.
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link SecurityLayer}.
*/
+ @Transactional
public List<String> getTransformsInfos() throws ConfigurationException {
try {
String securityLayer = configuration.getStringValue(
@@ -595,6 +641,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
*
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}
*/
+ @Transactional
public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException {
ArrayList<String> identityLinkX509SubjectNames = new ArrayList<String>();
@@ -616,6 +663,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @return list of default SLRequestTemplates.
* @throws ConfigurationException is never thrown
*/
+ @Transactional
public List<String> getSLRequestTemplates() throws ConfigurationException {
List<String> templatesList = new ArrayList<String>();
@@ -642,6 +690,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
*
* @throws ConfigurationException is never thrown
*/
+ @Transactional
public String getSLRequestTemplates(String type) throws ConfigurationException {
String slRequestTemplate = null;
@@ -677,6 +726,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @return list of default BKUURLs.
* @throws ConfigurationException is never thrown
*/
+ @Transactional
public List<String> getDefaultBKUURLs() throws ConfigurationException {
List<String> bkuurlsList = new ArrayList<String>();
try {
@@ -702,6 +752,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
*
* @throws ConfigurationException is never thrown
*/
+ @Transactional
public String getDefaultBKUURL(String type) throws ConfigurationException {
String defaultBKUUrl = null;
try {
@@ -736,6 +787,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @return the SSOTagetIdentifier or {@code null}
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}
*/
+ @Transactional
public String getSSOTagetIdentifier() throws ConfigurationException {
try {
String value = configuration.getStringValue(
@@ -756,6 +808,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
*
* @return the SSOFriendlyName or a default String
*/
+ @Transactional
public String getSSOFriendlyName() {
try {
return configuration.getStringValue(
@@ -772,6 +825,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
*
* @return the SSOSpecialText or an empty String
*/
+ @Transactional
public String getSSOSpecialText() {
try {
String text = configuration.getStringValue(
@@ -858,6 +912,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
return Boolean.valueOf(prop);
}
+ @Transactional
public List<String> getPublicURLPrefix() throws ConfigurationException{
try {
String publicURLPrefixList = configuration.getStringValue(
@@ -923,6 +978,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @return a new STORK Configuration or {@code null}
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}
*/
+ @Transactional
public IStorkConfig getStorkConfig() throws ConfigurationException {
IStorkConfig result = null;
try {
@@ -1009,6 +1065,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @return {@code true} if enable, {@code false} if disabled
*/
@Override
+ @Transactional
public boolean isTrustmanagerrevoationchecking() {
try {
@@ -1027,6 +1084,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @return the path to the certstore directory or {@code null}
*/
@Override
+ @Transactional
public String getCertstoreDirectory() {
try {
String path = rootConfigFileDir + configuration.getStringValue(
@@ -1047,6 +1105,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
}
@Override
+ @Transactional
public String getTrustedCACertificates() {
try {
String path = rootConfigFileDir + configuration.getStringValue(
@@ -1073,6 +1132,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @param id the id of the requested online application
* @return the requested online application or {@code null}
*/
+ @Transactional
public Map<String, String> getActiveOnlineApplication(String id) {
Logger.trace("Get active OnlineApplication with ID " + id + " from database.");
Map<String, String> oaConfig = null;
@@ -1174,9 +1234,34 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
}
/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.commons.api.AuthConfiguration#getRevocationMethodOrder()
+ */
+ @Override
+ public String[] getRevocationMethodOrder() {
+ final String[] DEFAULTORDER = new String[] {RevocationSourceTypes.OCSP, RevocationSourceTypes.CRL};
+ List<String> result = new ArrayList<String>();
+
+ String prop = properties.getProperty("configuration.ssl.validation.revocation.method.order");
+ if (MiscUtil.isNotEmpty(prop)) {
+ String[] configOrder = prop.split(",");
+ for (String el : configOrder) {
+ if (RevocationSourceTypes.ALL.contains(el.trim())) {
+ result.add(el.trim());
+ }
+ }
+ }
+
+ if (result.isEmpty())
+ return DEFAULTORDER;
+ else
+ return result.toArray(new String[result.size()]);
+ }
+
+ /* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getDefaultRevisionsLogEventCodes()
*/
@Override
+ @Transactional
public List<Integer> getDefaultRevisionsLogEventCodes() {
try {
String eventcodes = configuration.getStringValue(MOAIDConfigurationConstants.GENERAL_REVERSION_LOGS_EVENTCODES);
@@ -1209,6 +1294,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getMoaSpIdentityLinkTrustProfileID(boolean)
*/
@Override
+ @Transactional
public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore)
throws ConfigurationException {
if (useTestTrustStore)
@@ -1221,6 +1307,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#isVirtualIDPsEnabled()
*/
@Override
+ @Transactional
public boolean isVirtualIDPsEnabled() {
try {
String value = configuration.getStringValue(
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index 8153fa2a8..c5d2a9553 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -23,7 +23,6 @@
package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
import java.util.List;
-import java.util.Timer;
import javax.xml.namespace.QName;
@@ -54,7 +53,8 @@ import at.gv.egovernment.moa.util.MiscUtil;
*/
@Service("ELGAMandate_MetadataProvider")
-public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider {
+public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider
+ implements IDestroyableObject {
@Autowired AuthConfiguration authConfig;
@@ -74,6 +74,8 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
public void destroy() {
fullyDestroy();
+ }
+
/* (non-Javadoc)
* @see org.opensaml.saml2.metadata.provider.MetadataProvider#requireValidMetadata()
*/
@@ -239,17 +241,13 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
Logger.error("Create ELGA Mandate-Service Client FAILED: No trustProfileID to verify PVP metadata." );
throw new MetadataProviderException("No trustProfileID to verify PVP metadata.");
}
-
- //initialize Timer if it is null
- if (timer == null)
- timer = new Timer(true);
-
+
//create metadata validation filter chain
MetadataFilterChain filter = new MetadataFilterChain();
filter.addFilter(new SchemaValidationFilter(true));
filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID));
- metadataProvider = createNewHTTPMetaDataProvider(metdataURL,
+ HTTPMetadataProvider idpMetadataProvider = createNewHTTPMetaDataProvider(metdataURL,
filter,
ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING);