aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
Diffstat (limited to 'id/server')
-rw-r--r--id/server/doc/handbook/config/config.html10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java28
3 files changed, 51 insertions, 4 deletions
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index 21d146b4d..57ed9a760 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -713,6 +713,16 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
<td>password</td>
<td>Passwort des Schl&uuml;ssels mit dem die PVP 2.1 Assertion durch MOA-ID-Auth unterschieben wird</td>
</tr>
+ <tr>
+ <td>protocols.pvp2.sp.ks.assertion.encryption.alias</td>
+ <td>pvp_encryption</td>
+ <td>Name des Schl&uuml;ssels mit dem PVP 2.1 Assertion f&uuml;r MOA-ID-Auth als Service Provider durch einen weiteren IDP Verschl&uuml;sselt werden sollen (siehe Kapitel <a href="./../interfederation/interfederation.html">Interfederation</a>)</td>
+ </tr>
+ <tr>
+ <td>protocols.pvp2.sp.ks.assertion.encryption.keypassword</td>
+ <td>password</td>
+ <td>Passwort des Schl&uuml;ssels mit dem PVP 2.1 Assertion f&uuml;r MOA-ID-Auth als Service Provider durch einen weiteren IDP Verschl&uuml;sselt werden sollen (siehe Kapitel <a href="./../interfederation/interfederation.html">Interfederation</a>)</td>
+ </tr>
</table>
<p>&nbsp;</p>
<h5><a name="basisconfig_moa_id_auth_param_protocol_openid" id="uebersicht_bekanntmachung11"></a>2.2.2.3.2 OpenID Connect</h5>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 9f2ad2e1b..c189d44a6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -69,9 +69,9 @@ public class PVPConfiguration {
return instance;
}
- public static final String PVP2_METADATA = "/pvp2/metadata";
- public static final String PVP2_REDIRECT = "/pvp2/redirect";
- public static final String PVP2_POST = "/pvp2/post";
+ public static final String PVP2_METADATA = "/pvp2/metadata";
+ public static final String PVP2_REDIRECT = "/pvp2/redirect";
+ public static final String PVP2_POST = "/pvp2/post";
public static final String PVP_CONFIG_FILE = "pvp2config.properties";
@@ -84,6 +84,9 @@ public class PVPConfiguration {
public static final String IDP_KEYALIASASSERTION = "idp.ks.assertion.sign.alias";
public static final String IDP_KEY_PASSASSERTION = "idp.ks.assertion.sign.keypassword";
+ public static final String IDP_KEYALIASENCRYTPION = "sp.ks.assertion.encryption.alias";
+ public static final String IDP_KEY_PASSENCRYTPION = "sp.ks.assertion.encryption.keypassword";
+
public static final String IDP_ISSUER_NAME = "idp.issuer.name";
public static final String METADATA_FILE = "md.dir";
@@ -173,6 +176,14 @@ public class PVPConfiguration {
return props.getProperty(IDP_KEY_PASSASSERTION);
}
+ public String getIDPKeyAliasAssertionEncryption() {
+ return props.getProperty(IDP_KEYALIASASSERTION);
+ }
+
+ public String getIDPKeyPasswordAssertionEncryption() {
+ return props.getProperty(IDP_KEY_PASSASSERTION);
+ }
+
public String getIDPIssuerName() throws ConfigurationException {
if (moaIDVersion == null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
index d95e21a0e..48e435777 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
@@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.KeyStoreUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
public class CredentialProvider {
@@ -86,7 +87,32 @@ public class CredentialProvider {
throw new CredentialsNotAvailableException(e.getMessage(), null);
}
}
-
+
+ public static X509Credential getIDPAssertionEncryptionCredential()
+ throws CredentialsNotAvailableException {
+ PVPConfiguration config = PVPConfiguration.getInstance();
+ try {
+ if (keyStore == null)
+ keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(),
+ config.getIDPKeyStorePassword());
+
+ //if no encryption key is configured return null
+ if (MiscUtil.isEmpty(config.getIDPKeyAliasAssertionEncryption()))
+ return null;
+
+ MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
+ keyStore, config.getIDPKeyAliasAssertionEncryption(), config
+ .getIDPKeyPasswordAssertionEncryption().toCharArray());
+
+ credentials.setUsageType(UsageType.ENCRYPTION);
+ return (X509Credential) credentials;
+ } catch (Exception e) {
+ Logger.error("Failed to generate IDP Assertion Encryption credentials");
+ e.printStackTrace();
+ throw new CredentialsNotAvailableException(e.getMessage(), null);
+ }
+ }
+
public static Signature getIDPSignature(Credential credentials) {
PrivateKey privatekey = credentials.getPrivateKey();