aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
Diffstat (limited to 'id')
-rw-r--r--id/ConfigWebTool/pom.xml6
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java6
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java5
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java15
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java20
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java15
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java7
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java7
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_de.properties2
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_en.properties2
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp9
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp10
-rw-r--r--id/moa-id-webgui/pom.xml4
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java15
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java22
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java2
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java3
-rw-r--r--id/moa-spss-container/pom.xml239
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java4
-rw-r--r--id/oa/src/main/webapp/WEB-INF/web.xml10
-rw-r--r--id/server/auth-edu/pom.xml10
-rw-r--r--id/server/auth-final/pom.xml10
-rw-r--r--id/server/data/deploy/conf/moa-id/moa-id.properties46
-rw-r--r--id/server/doc/handbook/protocol/protocol.html6
-rw-r--r--id/server/idserverlib/pom.xml44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/DummyStatisticLogger.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/IStatisticLogger.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java29
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java36
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IGarbageCollectorProcessing.java)2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java93
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/MOAGarbageCollector.java77
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java29
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java289
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java190
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java180
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java104
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java377
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java122
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java10
-rw-r--r--id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml42
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties11
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties3
-rw-r--r--id/server/idserverlib/src/main/resources/session.common.beans.xml74
-rw-r--r--id/server/idserverlib/src/main/resources/session.db.beans.xml20
-rw-r--r--id/server/idserverlib/src/main/resources/session.redis.beans.xml37
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java4
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java147
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java2
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java2
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java122
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/RedisTransactionMultiThreadTest.java130
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/RedisTransactionStorageTest.java116
-rw-r--r--id/server/idserverlib/src/test/java/test/tlenz/simpletest.java197
-rw-r--r--id/server/idserverlib/src/test/java/testBeans.xml130
-rw-r--r--id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml13
-rw-r--r--id/server/moa-id-commons/pom.xml16
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java14
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java10
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java7
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java5
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java32
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/SpringProfileConstants.java8
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java156
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java184
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java35
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java32
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java17
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java4
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java7
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java18
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java49
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java20
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java25
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java44
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java82
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java67
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java70
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java80
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java13
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java3
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java244
-rw-r--r--id/server/moa-id-commons/src/main/resources/META-INF/persistence.xml16
-rw-r--r--id/server/moa-id-commons/src/main/resources/configuration.beans.xml1
-rw-r--r--id/server/moa-id-commons/src/main/resources/hibernate_moasession.cfg.xml15
-rw-r--r--id/server/moa-id-commons/src/main/resources/hibernate_statistic.cfg.xml11
-rw-r--r--id/server/moa-id-commons/src/main/resources/statistic.logging.beans.xml75
-rw-r--r--id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java2
-rw-r--r--id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java181
-rw-r--r--id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java166
-rw-r--r--id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java23
-rw-r--r--id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java11
-rw-r--r--id/server/moa-id-spring-initializer/src/main/resources/applicationContext.xml3
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/pom.xml7
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java2
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java16
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java22
-rw-r--r--id/server/modules/moa-id-module-eIDAS/pom.xml22
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java81
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOASWSigner.java56
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java34
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java57
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java83
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAEidasProtocolProcesser.java (renamed from id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java)32
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java69
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java44
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASAuthnRequestProcessingException.java (renamed from id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java)10
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASAuthnRequestValidationException.java (renamed from id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java)4
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASException.java (renamed from id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java)6
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASResponseBuildException.java (renamed from id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java)6
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASResponseNotSuccessException.java (renamed from id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java)6
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java60
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java187
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java68
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAOrderedAttributeIterator.java66
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAPersonalAttributeList.java343
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAProtocolEngineFactory.java99
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java621
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java91
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java68
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java25
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java230
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java46
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java229
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml3
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java23
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java4
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java2
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java3
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java3
-rw-r--r--id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java10
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java2
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java2
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java4
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java10
-rw-r--r--id/server/modules/moa-id-modules-saml1/pom.xml7
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java18
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java83
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java3
-rw-r--r--id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java (renamed from id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java)88
-rw-r--r--id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java13
-rw-r--r--id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/MonitoringSpringResourceProvider.java29
-rw-r--r--id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java60
-rw-r--r--id/server/modules/module-monitoring/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider1
-rw-r--r--id/server/modules/module-monitoring/src/main/resources/moaid_monitoring.beans.xml16
179 files changed, 5319 insertions, 2995 deletions
diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml
index c672d32a6..28c0a9fe4 100644
--- a/id/ConfigWebTool/pom.xml
+++ b/id/ConfigWebTool/pom.xml
@@ -64,12 +64,6 @@
<dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-commons</artifactId>
- <exclusions>
- <exclusion>
- <artifactId>hibernate-c3p0</artifactId>
- <groupId>org.hibernate</groupId>
- </exclusion>
- </exclusions>
</dependency>
<dependency>
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
index f549db9f3..3062a61e3 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
@@ -22,11 +22,10 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.configuration;
+import java.util.Collections;
import java.util.Hashtable;
import java.util.Map;
-import java.util.Collections;
-
public class Constants {
public static final String DEFAULT_VERSION = "1.x";
@@ -96,6 +95,7 @@ public class Constants {
public static final String IDENIFICATIONTYPE_ERSB = "ERSB";
public static final String IDENIFICATIONTYPE_ZVR = "ZVR";
public static final String IDENIFICATIONTYPE_STORK = "STORK";
+ public static final String IDENIFICATIONTYPE_EIDAS = "eIDAS";
public static final String IDENIFICATIONTYPE_BASEID = "urn:publicid:gv.at:baseid+";
public static final String IDENIFICATIONTYPE_BASEID_FN = IDENIFICATIONTYPE_BASEID + "X" + IDENIFICATIONTYPE_FN;
@@ -103,6 +103,7 @@ public class Constants {
public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+";
public static final String PREFIX_STORK = "urn:publicid:gv.at:storkid+";
+ public static final String PREFIX_EIDAS = "urn:publicid:gv.at:eidasid+";
public static final Map<String, String> BUSINESSSERVICENAMES;
@@ -113,6 +114,7 @@ public class Constants {
tmp.put(IDENIFICATIONTYPE_ZVR, "Vereinsnummer");
tmp.put(IDENIFICATIONTYPE_ERSB, "ERsB Kennzahl");
tmp.put(IDENIFICATIONTYPE_STORK, "STORK");
+ tmp.put(IDENIFICATIONTYPE_EIDAS, "eIDAS");
BUSINESSSERVICENAMES = Collections.unmodifiableMap(tmp);
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index ab6c22858..41a82fe1e 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -22,8 +22,6 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.configuration.config;
-import iaik.x509.X509Certificate;
-
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
@@ -65,6 +63,7 @@ import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUse
import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.x509.X509Certificate;
public class ConfigurationProvider {
@@ -590,7 +589,7 @@ public class ConfigurationProvider {
}
}
- idpMetadataProvider = new HTTPMetadataProvider(new Timer(), httpClient, metadataurl);
+ idpMetadataProvider = new HTTPMetadataProvider(new Timer(true), httpClient, metadataurl);
idpMetadataProvider.setRequireValidMetadata(true);
idpMetadataProvider.setParserPool(new BasicParserPool());
idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential));
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
index e71bad299..b5c996c72 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
@@ -27,6 +27,7 @@ import java.util.List;
import org.apache.log4j.Logger;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.ForeignIdentities;
@@ -40,7 +41,7 @@ public class GeneralStorkConfig {
private List<CPEPS> cpepslist;
private List<StorkAttribute> attributes;
- private int qaa;
+ private String qaa;
private static final Logger log = Logger.getLogger(GeneralStorkConfig.class);
private MOAIDConfiguration dbconfig = null;
@@ -91,10 +92,10 @@ public class GeneralStorkConfig {
}
try {
- qaa = stork.getQualityAuthenticationAssuranceLevel();
+ qaa = stork.getGeneral_eIDAS_LOA();
} catch(NullPointerException e) {
- qaa = 4;
+ qaa = MOAIDConstants.eIDAS_LOA_HIGH;
}
}
@@ -114,6 +115,10 @@ public class GeneralStorkConfig {
attributes.add(new StorkAttribute());
}
+ public List<String> getAllowedLoALevels() {
+ return MOAIDConstants.ALLOWED_eIDAS_LOA;
+ }
+
public List<CPEPS> getRawCPEPSList() {
return cpepslist;
}
@@ -161,11 +166,11 @@ public class GeneralStorkConfig {
this.attributes = attributes;
}
- public int getDefaultQaa() {
+ public String getDefaultQaa() {
return qaa;
}
- public void setDefaultQaa(int qaa) {
+ public void setDefaultQaa(String qaa) {
this.qaa = qaa;
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
index c0e1eaaf7..fb096a2a0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
@@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS;
@@ -49,7 +50,7 @@ public class OASTORKConfig implements IOnlineApplicationData{
private static final Logger log = Logger.getLogger(OASTORKConfig.class);
private boolean isStorkLogonEnabled = false;
- private int qaa;
+ private String qaa;
private List<AttributeHelper> attributes = null;
@@ -107,14 +108,14 @@ public class OASTORKConfig implements IOnlineApplicationData{
setStorkLogonEnabled(config.isStorkLogonEnabled());
try {
- setQaa(config.getQaa());
+ setQaa(config.geteIDAS_LOA());
} catch(NullPointerException e) {
// if there is no configuration available for the OA, get the default qaa level
try {
- setQaa(dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getQualityAuthenticationAssuranceLevel());
+ setQaa(dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getGeneral_eIDAS_LOA());
} catch (NullPointerException e1) {
- setQaa(4);
+ setQaa(MOAIDConstants.eIDAS_LOA_HIGH);
}
}
@@ -208,7 +209,7 @@ public class OASTORKConfig implements IOnlineApplicationData{
}
// transfer the incoming data to the database model
stork.setStorkLogonEnabled(isStorkLogonEnabled());
- stork.setQaa(getQaa());
+ stork.seteIDAS_LOA(getQaa());
stork.setOAAttributes(getAttributes());
stork.setVidpEnabled(isVidpEnabled());
stork.setRequireConsent(isRequireConsent());
@@ -227,11 +228,11 @@ public class OASTORKConfig implements IOnlineApplicationData{
this.isStorkLogonEnabled = enabled;
}
- public int getQaa() {
+ public String getQaa() {
return qaa;
}
- public void setQaa(int qaa) {
+ public void setQaa(String qaa) {
this.qaa = qaa;
}
@@ -282,6 +283,11 @@ public class OASTORKConfig implements IOnlineApplicationData{
return citizenCountries;
}
+
+ public List<String> getAllowedLoALevels() {
+ return MOAIDConstants.ALLOWED_eIDAS_LOA;
+ }
+
public List<String> getEnabledCitizenCountries() {
return enabledCitizenCountries;
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
index 19671e502..f660b5feb 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
@@ -65,7 +65,8 @@ public class OATargetConfiguration implements IOnlineApplicationData {
Constants.IDENIFICATIONTYPE_FN,
Constants.IDENIFICATIONTYPE_ZVR,
Constants.IDENIFICATIONTYPE_ERSB,
- Constants.IDENIFICATIONTYPE_STORK);
+ Constants.IDENIFICATIONTYPE_STORK,
+ Constants.IDENIFICATIONTYPE_EIDAS);
}
@@ -120,6 +121,12 @@ public class OATargetConfiguration implements IOnlineApplicationData {
if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) {
identificationType = split[1];
identificationNumber = split[2];
+
+ } else if (Constants.PREFIX_EIDAS.startsWith(split[0]) && split.length >= 2) {
+ //identificationType = split[1]; // setting at as iden category ?
+ identificationType = Constants.IDENIFICATIONTYPE_EIDAS;
+ identificationNumber = split[1] + "+" + split[2]; // setting sp country as ident type -> sp ident
+
} else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) {
//identificationType = split[1]; // setting at as iden category ?
identificationType = Constants.IDENIFICATIONTYPE_STORK;
@@ -185,7 +192,11 @@ public class OATargetConfiguration implements IOnlineApplicationData {
if (idnumber == null)
idnumber = new IdentificationNumber();
- if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) {
+ if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_EIDAS)) {
+ idnumber.setValue(Constants.PREFIX_EIDAS + num);
+ idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType()));
+
+ } else if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) {
idnumber.setValue(Constants.PREFIX_STORK + "AT" + "+" + num);
idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType()));
} else {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
index 40e9b1a90..5e348f91b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
@@ -553,7 +553,7 @@ public class EditGeneralConfigAction extends BasicAction {
try {
log.error("QAAAA " + storkconfig.getDefaultQaa());
- stork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa());
+ stork.setGeneral_eIDAS_LOA(storkconfig.getDefaultQaa());
if (storkconfig.getAttributes() != null) {
List<StorkAttribute> dbStorkAttr = new ArrayList<StorkAttribute>();
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
index 6b5c51e3f..ed2c2f903 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
@@ -7,6 +7,7 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
@@ -82,9 +83,9 @@ public class StorkConfigValidator {
}
// check qaa
- int qaa = form.getDefaultQaa();
- if(1 > qaa && 4 < qaa) {
- log.warn("QAA is out of range : " + qaa);
+ String qaa = form.getDefaultQaa();
+ if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) {
+ log.warn("eIDAS LoA is not allowed : " + qaa);
errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
new Object[] {qaa}, request ));
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
index 5c451c06a..6a03bf194 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
@@ -30,6 +30,7 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig;
@@ -45,9 +46,9 @@ public class OASTORKConfigValidation {
List<String> errors = new ArrayList<String>();
// check qaa
- int qaa = oageneral.getQaa();
- if(1 > qaa && 4 < qaa) {
- log.warn("QAA is out of range : " + qaa);
+ String qaa = oageneral.getQaa();
+ if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) {
+ log.warn("eIDAS LoA is not allowed : " + qaa);
errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
new Object[] {qaa}, request ));
}
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index b77097e70..ae2678c8a 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -501,7 +501,7 @@ validation.stork.cpeps.empty=CPEPS Konfiguration ist unvollst\u00E4ndig
validation.stork.cpeps.url=CPEPS URL ist ung\u00FCltig
validation.stork.cpeps.duplicate=L\u00E4ndercodes sind nicht eindeutig
validation.stork.requestedattributes=STORK Attribute sind fehlerhaft. Bsp.: attr1, attr2
-validation.stork.qaa.outofrange=G\u00FCltige QAA Werte sind 1, 2, 3, und 4
+validation.stork.qaa.outofrange=Ung\u00FCltiger LoA Werte {0}
validation.stork.attributes.empty=Es muss mindestens ein Attribut definiert sein
validation.stork.ap.url.valid=Ung\u00FCltige AttributProvider Url
validation.stork.ap.name.empty=Ung\u00FCltiger AttributProvider Name
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index d62ce3807..d09301dab 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -499,7 +499,7 @@ validation.stork.cpeps.empty=CPEPS configuration is incomplete
validation.stork.cpeps.url=CPEPS URL is invalid
validation.stork.cpeps.duplicate=Country codes are not unique
validation.stork.requestedattributes=STORK attributes are incorrect. Example: attr1, attr2
-validation.stork.qaa.outofrange=Valid QAA values are 1, 2, 3, and 4
+validation.stork.qaa.outofrange=Not valid LoA value {0}
validation.stork.attributes.empty=Only one attribute can be provided
validation.stork.ap.url.valid=Invalid URL of AttributeProvider
validation.stork.ap.name.empty=Invalid name of AttributeProvider
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
index 45ea159e4..c54e386a2 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
@@ -277,14 +277,15 @@
<div class="oa_config_block">
<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %></h3>
- <s:select list="#{1:'1', 2:'2', 3:'3', 4:'4'}"
- value="#{storkconfig.defaultQaa}"
+ <s:select list="storkconfig.allowedLoALevels"
+ value="%{storkconfig.defaultQaa}"
name="storkconfig.defaultQaa"
key="webpages.moaconfig.stork.qaa.default"
- labelposition="left" />
+ labelposition="left"
+ cssClass="textfield_long" />
<h4><%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %></h4>
<table id="stork_pepslist">
- <tr><td>Country Shortcode</td><td style="text-align:center;">PEPS URL</td><td>Supports XMLSignatures</td></tr>
+ <tr><td>Country Shortcode</td><td style="text-align:center;">PEPS URL</td><td>Supports XMLEncryption</td></tr>
<s:iterator value="storkconfig.cpepslist" status="stat">
<tr>
<td style="display:none;"><s:textfield name="storkconfig.cpepslist[%{#stat.index}].hjid" value="%{hjid}" cssStyle="display:none;"/></td>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
index 78fdf8921..76c8d069b 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
@@ -14,11 +14,15 @@
onclick="oaStork();"
id="OAuseSTORKLogon" />
<div id="stork_block">
- <s:select list="#{1:'1', 2:'2', 3:'3', 4:'4'}"
- value="#{storkOA.qaa}"
+
+ <s:select list="storkOA.allowedLoALevels"
+ value="%{storkOA.qaa}"
name="storkOA.qaa"
key="webpages.moaconfig.stork.qaa"
- labelposition="left" />
+ labelposition="left"
+ cssClass="textfield_long"/>
+
+
<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.enabledcpeps", request) %></h4>
<s:checkboxlist name="storkOA.enabledCitizenCountries" list="storkOA.availableCitizenCountries" value="storkOA.enabledCitizenCountries" />
<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.header", request) %></h4>
diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml
index 8d35abd20..31247efc1 100644
--- a/id/moa-id-webgui/pom.xml
+++ b/id/moa-id-webgui/pom.xml
@@ -58,10 +58,6 @@
<artifactId>hyperjaxb3-ejb-runtime</artifactId>
<groupId>org.jvnet.hyperjaxb3</groupId>
</exclusion>
- <exclusion>
- <artifactId>hibernate-c3p0</artifactId>
- <groupId>org.hibernate</groupId>
- </exclusion>
</exclusions>
</dependency>
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
index 8a1a2925b..6d1dafd6c 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
@@ -37,6 +37,7 @@ import org.slf4j.LoggerFactory;
import at.gv.egiz.components.configuration.api.Configuration;
import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
@@ -185,20 +186,20 @@ public static final List<String> KEYWHITELIST;
// check qaa
try {
- int qaa = Integer.valueOf(input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)));
- if(1 > qaa && 4 < qaa) {
- log.warn("QAA is out of range : " + qaa);
+ String eIDAS_LOA = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
+ if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(eIDAS_LOA)) {
+ log.warn("eIDAS LoA is not allowed : " + eIDAS_LOA);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA,
- "STORK - QAA Level",
+ "eIDAS - LoA Level",
LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
- new Object[] {qaa})));
+ new Object[] {eIDAS_LOA})));
}
} catch (Exception e) {
- log.warn("STORK QAA can not parsed : " + input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA));
+ log.warn("eIDAS LoA can not parsed : " + input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA));
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA,
- "STORK - QAA Level",
+ "eIDAS - LoA Level",
LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
new Object[] {input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA)})));
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
index 087334c4b..7f5e93ff9 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
@@ -37,6 +37,7 @@ import org.slf4j.LoggerFactory;
import at.gv.egiz.components.configuration.api.Configuration;
import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
@@ -253,26 +254,15 @@ public class ServicesAuthenticationSTORKTask extends AbstractTaskValidator imple
// check qaa
String qaaString = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL);
- if (MiscUtil.isNotEmpty(qaaString)) {
- try {
- int qaa = Integer.parseInt(qaaString);
- if(1 > qaa && 4 < qaa) {
- log.warn("QAA is out of range : " + qaa);
- errors.add(new ValidationObjectIdentifier(
- MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL,
- "STORK - minimal QAA level",
- LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
- new Object[] {qaa})));
- }
-
- } catch (NumberFormatException e) {
- log.warn("QAA level is not a number: " + qaaString);
+ if (MiscUtil.isNotEmpty(qaaString)) {
+ if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaaString)) {
+ log.warn("eIDAS-LoA is not allowed: " + qaaString);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL,
- "STORK - minimal QAA level",
+ "eIDAS - LoA is not allowed",
LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
new Object[] {qaaString})));
- }
+ }
}
if (!errors.isEmpty())
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java
index c55c35da0..d69157553 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java
@@ -186,7 +186,7 @@ public class ServicesProtocolPVP2XTask extends AbstractTaskValidator implements
BasicX509Credential credential = new BasicX509Credential();
credential.setEntityCertificate(cert);
- timer = new Timer();
+ timer = new Timer(true);
httpClient = new MOAHttpClient();
if (metadataURL.startsWith("https:"))
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java
index c7a74d1a1..eb881d465 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java
@@ -190,7 +190,8 @@ public class ServicesProtocolSTORKTask extends AbstractTaskValidator implements
// if (MiscUtil.isEmpty(identificationType) ||
// !MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK.equals(identificationType)) {
if (MiscUtil.isNotEmpty(identificationType) &&
- !MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK.equals(identificationType)) {
+ !(MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK.equals(identificationType)
+ || MOAIDConfigurationConstants.IDENIFICATIONTYPE_EIDAS.equals(identificationType))) {
log.info("STORK V-IDP only allowes identification numbers with STORK prefix.");
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE,
diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml
index 49557d83e..9980fdd60 100644
--- a/id/moa-spss-container/pom.xml
+++ b/id/moa-spss-container/pom.xml
@@ -8,7 +8,6 @@
<groupId>MOA.id</groupId>
<artifactId>moa-spss-container</artifactId>
<version>${moa-id-version}</version>
- <packaging>pom</packaging>
<name>MOA-SPSS-Container-for-MOA-ID</name>
<description>This module holds MOA-SPSS and all required library</description>
@@ -16,157 +15,150 @@
<repositoryPath>${basedir}/../../repository</repositoryPath>
</properties>
- <profiles>
- <profile>
- <id>default</id>
- <activation>
- <activeByDefault>true</activeByDefault>
- </activation>
- <repositories>
- <repository>
- <id>local</id>
- <name>local</name>
- <url>file:${basedir}/../../repository</url>
- </repository>
- <repository>
- <id>egiz-commons</id>
- <url>https://demo.egiz.gv.at/int-repo/</url>
- <releases>
- <enabled>true</enabled>
- </releases>
- </repository>
- </repositories>
- </profile>
- </profiles>
+ <repositories>
+ <repository>
+ <id>MOA</id>
+ <name>MOA Dependencies</name>
+ <releases>
+ <enabled>true</enabled>
+ <checksumPolicy>ignore</checksumPolicy>
+ </releases>
+ <layout>default</layout>
+ <url>file://${repositoryPath}</url>
+ </repository>
+ </repositories>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <includes>
+ <include>${basedir}/../../repository/MOA/spss/ext_libs/*.jar</include>
+ </includes>
+ </configuration>
+ </plugin>
+ </plugins>
+
+ </build>
<dependencies>
- <!-- we need Axis 1.1 here, 1.0 is included in SPSS -->
<dependency>
<groupId>MOA.spss.server</groupId>
- <artifactId>moa-spss-lib</artifactId>
+ <artifactId>moa-sig-lib</artifactId>
+ <version>3.0.0</version>
<exclusions>
- <exclusion>
- <artifactId>iaik_pki_module</artifactId>
- <groupId>iaik</groupId>
- </exclusion>
- <exclusion>
+ <exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
<exclusion>
- <artifactId>axis-wsdl4j</artifactId>
+ <artifactId>*</artifactId>
<groupId>axis</groupId>
</exclusion>
</exclusions>
</dependency>
-
+
+
+<!-- MOA-SPSS 3.x -->
<dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_ixsil</artifactId>
- </dependency>
+ <groupId>MOA.spss</groupId>
+ <artifactId>common</artifactId>
+ <version>3.0.0</version>
+ </dependency>
<dependency>
<groupId>iaik.prod</groupId>
- <artifactId>iaik_X509TrustManager</artifactId>
- </dependency>
-
-<!-- <dependency>
- <groupId>axis</groupId>
- <artifactId>axis</artifactId>
- </dependency> -->
-
-<!-- <dependency>
- <groupId>axis</groupId>
- <artifactId>axis</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.axis</groupId>
- <artifactId>axis-jaxrpc</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.axis</groupId>
- <artifactId>axis-saaj</artifactId>
- </dependency> -->
+ <artifactId>iaik_cms</artifactId>
+ <version>5.1</version>
+ </dependency>
<dependency>
- <groupId>commons-discovery</groupId>
- <artifactId>commons-discovery</artifactId>
- </dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_cpades</artifactId>
+ <version>2.2b3_tmp</version>
+ </dependency>
<dependency>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_eccelerate</artifactId>
+ <version>3.1_eval</version>
+ </dependency>
<dependency>
- <groupId>javax.activation</groupId>
- <artifactId>activation</artifactId>
- </dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_eccelerate_addon</artifactId>
+ <version>3.01_eval</version>
+ </dependency>
<dependency>
- <groupId>javax.mail</groupId>
- <artifactId>mail</artifactId>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_eccelerate_cms</artifactId>
+ <version>3.01</version>
</dependency>
<dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
-
-<!-- <dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- </dependency> -->
-<!-- <dependency>
- <groupId>org.apache.logging.log4j</groupId>
- <artifactId>log4j-core</artifactId>
- </dependency> -->
-
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_jce_full</artifactId>
+ <scope>provided</scope>
+ </dependency>
<dependency>
- <groupId>org.postgresql</groupId>
- <artifactId>postgresql</artifactId>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_jsse</artifactId>
+ <version>4.4</version>
</dependency>
<dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>javax.servlet-api</artifactId>
- <scope>provided</scope>
- </dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_moa</artifactId>
+ <version>2.01</version>
+ </dependency>
<dependency>
- <groupId>xalan-bin-dist</groupId>
- <artifactId>xalan</artifactId>
- <!-- <scope>provided</scope> -->
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_pki_module</artifactId>
+ <version>1.1.1_moa</version>
</dependency>
<dependency>
- <groupId>xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- <!-- <scope>provided</scope> -->
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_sva</artifactId>
+ <version>1.0.1_moa</version>
</dependency>
<dependency>
- <groupId>xalan-bin-dist</groupId>
- <artifactId>xml-apis</artifactId>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_tsl</artifactId>
+ <version>1.1_moa</version>
</dependency>
<dependency>
- <groupId>xalan-bin-dist</groupId>
- <artifactId>serializer</artifactId>
- <!-- <scope>provided</scope> -->
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_tsp</artifactId>
+ <version>2.31_eval</version>
</dependency>
<dependency>
<groupId>iaik.prod</groupId>
- <artifactId>iaik_moa</artifactId>
- </dependency>
+ <artifactId>iaik_util</artifactId>
+ <version>0.23</version>
+ </dependency>
<dependency>
<groupId>iaik.prod</groupId>
- <artifactId>iaik_ixsil</artifactId>
+ <artifactId>iaik_xades</artifactId>
+ <version>2.11_moa</version>
</dependency>
<dependency>
<groupId>iaik.prod</groupId>
- <artifactId>iaik_jce_full</artifactId>
- <scope>compile</scope>
+ <artifactId>iaik_xsect</artifactId>
+ <version>2.11_moa</version>
+ </dependency>
+
+
+
+
+ <dependency>
+ <groupId>javax.mail</groupId>
+ <artifactId>mail</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_ecc</artifactId>
- <scope>compile</scope>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_cms</artifactId>
- <scope>runtime</scope>
+ <groupId>org.postgresql</groupId>
+ <artifactId>postgresql</artifactId>
</dependency>
+
<dependency>
<groupId>iaik.prod</groupId>
<artifactId>iaik_Pkcs11Provider</artifactId>
@@ -228,38 +220,7 @@
<!-- should be provided by the container or jre -->
<scope>provided</scope>
</dependency>
- <dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_jce_full</artifactId>
- <!-- should be in the ext directory of the jre -->
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_ecc</artifactId>
- <!-- should be in the ext directory of the jre -->
- <scope>provided</scope>
- </dependency>
-
- <dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik_tsl</artifactId>
- <exclusions>
- <exclusion>
- <artifactId>iaik_pki_module</artifactId>
- <groupId>iaik</groupId>
- </exclusion>
- <exclusion>
- <artifactId>iaik_ecc_signed</artifactId>
- <groupId>iaik</groupId>
- </exclusion>
- <exclusion>
- <artifactId>iaik_jce_eval_signed</artifactId>
- <groupId>iaik</groupId>
- </exclusion>
- </exclusions>
- </dependency>
-
+
</dependencies>
</project> \ No newline at end of file
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
index 85f16e11f..9be73b3f1 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
@@ -255,7 +255,9 @@ public class Configuration {
}
//load IDP metadata into metadataprovider
- idpMetadataProvider = new HTTPMetadataProvider(new Timer(), new HttpClient(), metadataurl);
+ idpMetadataProvider = new HTTPMetadataProvider(
+ new Timer("demoOA", true),
+ new HttpClient(), metadataurl);
idpMetadataProvider.setRequireValidMetadata(true);
idpMetadataProvider.setParserPool(new BasicParserPool());
idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential));
diff --git a/id/oa/src/main/webapp/WEB-INF/web.xml b/id/oa/src/main/webapp/WEB-INF/web.xml
index a42985c95..89553915a 100644
--- a/id/oa/src/main/webapp/WEB-INF/web.xml
+++ b/id/oa/src/main/webapp/WEB-INF/web.xml
@@ -5,8 +5,8 @@
<description>MOA PVP2.1 Sample OA</description>
<servlet>
+ <display-name>PVP 2.1 Authentication request builder</display-name>
<servlet-name>pvp2login</servlet-name>
- <display-name>PVP 2.1 Authentication request builder</display-name>
<servlet-class>at.gv.egovernment.moa.id.demoOA.servlet.pvp2.Authenticate</servlet-class>
</servlet>
@@ -16,8 +16,8 @@
</servlet-mapping>
<servlet>
- <servlet-name>pvp2slo</servlet-name>
<display-name>PVP 2.1 Single Log-Out request builder</display-name>
+ <servlet-name>pvp2slo</servlet-name>
<servlet-class>at.gv.egovernment.moa.id.demoOA.servlet.pvp2.SingleLogOut</servlet-class>
</servlet>
@@ -27,8 +27,8 @@
</servlet-mapping>
<servlet>
+ <display-name>Metadata</display-name>
<servlet-name>pvp2metadata</servlet-name>
- <display-name>Metadata</display-name>
<servlet-class>at.gv.egovernment.moa.id.demoOA.servlet.pvp2.BuildMetadata</servlet-class>
</servlet>
@@ -38,8 +38,8 @@
</servlet-mapping>
<servlet>
+ <display-name>Secure area</display-name>
<servlet-name>pvp2demooa</servlet-name>
- <display-name>Secure area</display-name>
<servlet-class>at.gv.egovernment.moa.id.demoOA.servlet.pvp2.DemoApplication</servlet-class>
</servlet>
@@ -49,8 +49,8 @@
</servlet-mapping>
<servlet>
+ <display-name>Mainpage</display-name>
<servlet-name>index</servlet-name>
- <display-name>Mainpage</display-name>
<servlet-class>at.gv.egovernment.moa.id.demoOA.servlet.pvp2.Index</servlet-class>
</servlet>
diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml
index 43e87f2ab..b550249e9 100644
--- a/id/server/auth-edu/pom.xml
+++ b/id/server/auth-edu/pom.xml
@@ -96,10 +96,6 @@
<type>pom</type>
<exclusions>
<exclusion>
- <artifactId>iaik_pki_module</artifactId>
- <groupId>iaik</groupId>
- </exclusion>
- <exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
@@ -219,12 +215,12 @@
<!-- should be in the ext directory of the jre -->
<scope>provided</scope>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>iaik.prod</groupId>
<artifactId>iaik_ecc</artifactId>
- <!-- should be in the ext directory of the jre -->
+ should be in the ext directory of the jre
<scope>provided</scope>
- </dependency>
+ </dependency> -->
<dependency>
<groupId>iaik.prod</groupId>
<artifactId>iaik_Pkcs11Provider</artifactId>
diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml
index 0c42c9deb..b2f542880 100644
--- a/id/server/auth-final/pom.xml
+++ b/id/server/auth-final/pom.xml
@@ -80,10 +80,6 @@
<type>pom</type>
<exclusions>
<exclusion>
- <artifactId>iaik_pki_module</artifactId>
- <groupId>iaik</groupId>
- </exclusion>
- <exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
@@ -187,12 +183,12 @@
<!-- should be in the ext directory of the jre -->
<scope>provided</scope>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>iaik.prod</groupId>
<artifactId>iaik_ecc</artifactId>
- <!-- should be in the ext directory of the jre -->
+ should be in the ext directory of the jre
<scope>provided</scope>
- </dependency>
+ </dependency> -->
<dependency>
<groupId>iaik.prod</groupId>
<artifactId>iaik_Pkcs11Provider</artifactId>
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index 784f66602..554d0b522 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -79,12 +79,19 @@ moasession.hibernate.transaction.flush_before_completion=true
moasession.hibernate.transaction.auto_close_session=true
moasession.hibernate.show_sql=false
moasession.hibernate.format_sql=true
-moasession.hibernate.c3p0.acquire_increment=3
-moasession.hibernate.c3p0.idle_test_period=60
-moasession.hibernate.c3p0.timeout=60
-moasession.hibernate.c3p0.max_size=20
-moasession.hibernate.c3p0.max_statements=0
-moasession.hibernate.c3p0.min_size=3
+
+moasession.dbcp.connectionProperties=
+moasession.dbcp.initialSize=5
+moasession.dbcp.maxActive=20
+moasession.dbcp.maxIdle=8
+moasession.dbcp.minIdle=5
+moasession.dbcp.maxWaitMillis=-1
+moasession.dbcp.testOnBorrow=true
+moasession.dbcp.testOnReturn=false
+moasession.dbcp.testWhileIdle=false
+moasession.dbcp.validationQuery=select 1
+moasession.jpaVendorAdapter.generateDdl=true
+
#Hibnerate configuration for MOA-ID 3.x configuration
configuration.hibernate.dialect=org.hibernate.dialect.MySQLDialect
@@ -122,14 +129,19 @@ advancedlogging.hibernate.current_session_context_class=thread
advancedlogging.hibernate.transaction.auto_close_session=true
advancedlogging.hibernate.show_sql=false
advancedlogging.hibernate.format_sql=true
-advancedlogging.hibernate.connection.provider_class=org.hibernate.service.jdbc.connections.internal.C3P0ConnectionProvider
-advancedlogging.hibernate.c3p0.acquire_increment=3
-advancedlogging.hibernate.c3p0.idle_test_period=60
-advancedlogging.hibernate.c3p0.timeout=300
-advancedlogging.hibernate.c3p0.max_size=20
-advancedlogging.hibernate.c3p0.max_statements=0
-advancedlogging.hibernate.c3p0.min_size=3
-
+advancedlogging.hibernate.transaction.flush_before_completion=true
+
+advancedlogging.dbcp.connectionProperties=
+advancedlogging.dbcp.initialSize=3
+advancedlogging.dbcp.maxActive=20
+advancedlogging.dbcp.maxIdle=8
+advancedlogging.dbcp.minIdle=3
+advancedlogging.dbcp.maxWaitMillis=-1
+advancedlogging.dbcp.testOnBorrow=true
+advancedlogging.dbcp.testOnReturn=false
+advancedlogging.dbcp.testWhileIdle=false
+advancedlogging.dbcp.validationQuery=select 1
+advancedlogging.jpaVendorAdapter.generateDdl=true
################ Additonal eID-modul configuration ####################################
## This additional eID moduls add special functionality to MOA-ID-Auth.
@@ -165,6 +177,12 @@ modules.federatedAuth.request.sign.password=password
modules.federatedAuth.response.encryption.alias=pvp_assertion
modules.federatedAuth.response.encryption.password=password
+#Redis Settings, if Redis is used as a backend for session data.
+#has to be enabled with the following parameter
+#redis.active=true
+redis.use-pool=true
+redis.host-name=localhost
+redis.port=6379
################SZR Client configuration####################################
## The SZR client is only required if MOA-ID-Auth should be
diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html
index 58474b635..5a578a5aa 100644
--- a/id/server/doc/handbook/protocol/protocol.html
+++ b/id/server/doc/handbook/protocol/protocol.html
@@ -685,7 +685,11 @@ Redirect Binding</td>
</tr>
<tr>
<td>1306</td>
- <td>Generierung dereIDAS Metadaten fehlgeschlagen</td>
+ <td>Generierung der eIDAS Metadaten fehlgeschlagen</td>
+ </tr>
+ <tr>
+ <td>1307</td>
+ <td>Generierung der eIDAS Response fehlgeschlagen</td>
</tr>
<tr>
<td>1399</td>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index fb6ba1bc6..4a2125c85 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -85,11 +85,11 @@
</exclusion>
</exclusions>
</dependency>
- <dependency>
+ <!-- dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-c3p0</artifactId>
<version>${hibernate.version}</version>
- </dependency>
+ </dependency-->
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
@@ -315,6 +315,13 @@
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_ixsil</artifactId>
+ <version>1.2.2.5</version>
+ <scope>test</scope>
+ </dependency>
+
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
@@ -386,7 +393,35 @@
<artifactId>spring-test</artifactId>
<scope>test</scope>
</dependency>
-
+
+ <!-- Redis -->
+ <dependency>
+ <groupId>org.springframework.data</groupId>
+ <artifactId>spring-data-redis</artifactId>
+ <version>1.6.4.RELEASE</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-pool2</artifactId>
+ <version>2.4.2</version>
+ </dependency>
+ <dependency>
+ <groupId>redis.clients</groupId>
+ <artifactId>jedis</artifactId>
+ <version>2.8.1</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.codehaus.jackson</groupId>
+ <artifactId>jackson-core-asl</artifactId>
+ <version>1.9.13</version>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.jackson</groupId>
+ <artifactId>jackson-mapper-asl</artifactId>
+ <version>1.9.13</version>
+ </dependency>
</dependencies>
<build>
@@ -457,6 +492,9 @@
<goals>
<goal>jar</goal>
</goals>
+ <configuration>
+ <additionalparam>-Xdoclint:none</additionalparam>
+ </configuration>
</execution>
</executions>
</plugin>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/DummyStatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/DummyStatisticLogger.java
new file mode 100644
index 000000000..5a1b7205d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/DummyStatisticLogger.java
@@ -0,0 +1,49 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.advancedlogging;
+
+
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.logging.Logger;
+
+@Service("StatisticLogger")
+public class DummyStatisticLogger implements IStatisticLogger{
+
+ @Override
+ public void logSuccessOperation(IRequest protocolRequest,
+ IAuthData authData, boolean isSSOSession) {
+ Logger.trace("Dummy-logSuccessOperation");
+ }
+
+ @Override
+ public void logErrorOperation(Throwable throwable) {
+ Logger.trace("Dummy-logErrorOperation");
+ }
+
+ @Override
+ public void logErrorOperation(Throwable throwable, IRequest errorRequest) {
+ Logger.trace("Dummy-logErrorOperation");
+ }}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/IStatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/IStatisticLogger.java
new file mode 100644
index 000000000..2d97d7258
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/IStatisticLogger.java
@@ -0,0 +1,37 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.advancedlogging;
+
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.data.IAuthData;
+
+
+public interface IStatisticLogger {
+
+ public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSSOSession);
+
+ public void logErrorOperation(Throwable throwable);
+
+ public void logErrorOperation(Throwable throwable, IRequest errorRequest);
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index 0171f9d90..34bdd350b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -33,6 +33,7 @@ import javax.xml.bind.Unmarshaller;
import org.apache.commons.lang3.StringEscapeUtils;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Profile;
import org.springframework.stereotype.Service;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
@@ -48,6 +49,7 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.config.SpringProfileConstants;
import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -60,7 +62,7 @@ import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@Service("StatisticLogger")
-public class StatisticLogger {
+public class StatisticLogger implements IStatisticLogger{
private static final String GENERIC_LOCALBKU = ":3496/https-security-layer-request";
private static final String GENERIC_HANDYBKU = "https://www.handy-signatur.at/";
@@ -79,6 +81,7 @@ public class StatisticLogger {
@Autowired AuthConfiguration authConfig;
@Autowired IAuthenticationSessionStoreage authenticatedSessionStorage;
+ @Autowired StatisticLogDBUtils statisticLogDBUtils;
public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSSOSession) {
@@ -191,7 +194,7 @@ public class StatisticLogger {
try {
- StatisticLogDBUtils.saveOrUpdate(dblog);
+ statisticLogDBUtils.saveOrUpdate(dblog);
} catch (MOADatabaseException e) {
Logger.warn("Statistic Log can not be stored into Database", e);
@@ -217,7 +220,7 @@ public class StatisticLogger {
try {
- StatisticLogDBUtils.saveOrUpdate(dblog);
+ statisticLogDBUtils.saveOrUpdate(dblog);
} catch (MOADatabaseException e) {
Logger.warn("Statistic Log can not be stored into Database", e);
@@ -268,7 +271,7 @@ public class StatisticLogger {
try {
- StatisticLogDBUtils.saveOrUpdate(dblog);
+ statisticLogDBUtils.saveOrUpdate(dblog);
} catch (MOADatabaseException e) {
Logger.warn("Statistic Log can not be stored into Database", e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
index e0552c337..bbb322a4f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
@@ -8,6 +8,8 @@ import java.util.List;
import org.hibernate.HibernateException;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.scheduling.annotation.EnableScheduling;
+import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
@@ -29,6 +31,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @version $Id$
*/
@Service("AuthenticationSessionCleaner")
+@EnableScheduling
public class AuthenticationSessionCleaner implements Runnable {
@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
@@ -36,7 +39,7 @@ public class AuthenticationSessionCleaner implements Runnable {
@Autowired protected AuthConfiguration authConfig;
/** interval the <code>AuthenticationSessionCleaner</code> is run in */
- private static final long SESSION_CLEANUP_INTERVAL = 5 * 60; // 5 min
+ private static final long SESSION_CLEANUP_INTERVAL = 5 * 60 *1000 ; // 5 min
/**
* Runs the thread. Cleans the <code>AuthenticationServer</code> session store
@@ -45,8 +48,8 @@ public class AuthenticationSessionCleaner implements Runnable {
* Cleans up expired session and authentication data stores.
*
*/
+ @Scheduled(fixedRate = SESSION_CLEANUP_INTERVAL)
public void run() {
- while (true) {
try {
Logger.debug("AuthenticationSessionCleaner run");
Date now = new Date();
@@ -66,7 +69,7 @@ public class AuthenticationSessionCleaner implements Runnable {
try {
try {
Object entry = transactionStorage.get(entryKey);
- //if entry is an exception --> log it because is could be unhandled
+ //if entry is an exception --> log it because it could be unhandled
if (entry != null && entry instanceof ExceptionContainer) {
ExceptionContainer exContainer = (ExceptionContainer) entry;
@@ -115,12 +118,6 @@ public class AuthenticationSessionCleaner implements Runnable {
} catch (Exception e) {
Logger.error(MOAIDMessageProvider.getInstance().getMessage("cleaner.01", null), e);
}
- try {
- Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000);
- }
- catch (InterruptedException e) {
- }
- }
}
/**
@@ -143,18 +140,4 @@ public class AuthenticationSessionCleaner implements Runnable {
}
}
}
-
- /**
- * start the sessionCleaner
- */
- public static void start(Runnable clazz) {
- // start the session cleanup thread
- Thread sessionCleaner =
- new Thread(clazz, "AuthenticationSessionCleaner");
- sessionCleaner.setName("SessionCleaner");
- sessionCleaner.setDaemon(true);
- sessionCleaner.setPriority(Thread.MIN_PRIORITY);
- sessionCleaner.start();
- }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java
new file mode 100644
index 000000000..6f98357e2
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IDestroyableObject {
+ /**
+ * Manually deep destroy a Java object with all child objects like timers and threads
+ *
+ */
+ public void fullyDestroy();
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IGarbageCollectorProcessing.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java
index a1008e883..27d142f2c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IGarbageCollectorProcessing.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java
@@ -20,7 +20,7 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-package at.gv.egovernment.moa.id.config.auth;
+package at.gv.egovernment.moa.id.auth;
/**
* @author tlenz
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
new file mode 100644
index 000000000..52e30a2f0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
@@ -0,0 +1,93 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.auth;
+
+
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.scheduling.annotation.EnableScheduling;
+import org.springframework.scheduling.annotation.Scheduled;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+@Service("MOAGarbageCollector")
+@EnableScheduling
+public class MOAGarbageCollector implements Runnable {
+
+ @Autowired ApplicationContext context;
+
+ private static final long INTERVAL = 24 * 60 * 60 * 1000; // 24 hours
+ //private static final long INITAL_DELAY = 12 * 60 * 60 * 1000; // 12 hours
+
+ private static final long INITAL_DELAY = 2 * 60 * 1000; // 12 hours
+
+// private static final List<IGarbageCollectorProcessing> processModules =
+// new ArrayList<IGarbageCollectorProcessing>();
+
+
+ @Scheduled(fixedRate = INTERVAL, initialDelay = INITAL_DELAY)
+ public void run() {
+
+ Map<String, IGarbageCollectorProcessing> processModules =
+ context.getBeansOfType(IGarbageCollectorProcessing.class);
+
+ if (processModules != null) {
+ Iterator<Entry<String, IGarbageCollectorProcessing>> interator = processModules.entrySet().iterator();
+ while (interator.hasNext()) {
+ try {
+ interator.next().getValue().runGarbageCollector();
+
+ } catch (Throwable e1) {
+ Logger.warn("Garbage collection FAILED in some module.", e1);
+
+ }
+
+ }
+ }
+ }
+
+// /**
+// * Add a module to MOA internal garbage collector. Every module is executed once a day
+// *
+// * @param modul Module which should be executed by the garbage collector.
+// */
+// public static void addModulForGarbageCollection(IGarbageCollectorProcessing modul) {
+// processModules.add(modul);
+//
+// }
+
+// public static void start() {
+// // start the session cleanup thread
+// Thread configLoader = new Thread(new MOAGarbageCollector(), "MOAGarbageCollector");
+// configLoader.setName("MOAGarbageCollectorr");
+// configLoader.setDaemon(true);
+// configLoader.setPriority(Thread.MIN_PRIORITY);
+// configLoader.start();
+// }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index d1cf3338a..11f47052e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -36,18 +36,16 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.logging.LoggingContext;
-import at.gv.egovernment.moa.logging.LoggingContextManager;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
-import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moaspss.logging.LoggingContext;
+import at.gv.egovernment.moaspss.logging.LoggingContextManager;
import iaik.pki.PKIException;
-import iaik.security.ecc.provider.ECCProvider;
+import iaik.security.ec.provider.ECCelerate;
import iaik.security.provider.IAIK;
/**
@@ -104,17 +102,11 @@ public class MOAIDAuthInitializer {
Logger.info("Loading Java security providers.");
IAIK.addAsProvider();
- ECCProvider.addAsProvider();
+ ECCelerate.addAsProvider();
// Initializes SSLSocketFactory store
SSLUtils.initialize();
- // Initializes Namespace Map
- Constants.nSMap.put(Constants.SAML_PREFIX, Constants.SAML_NS_URI);
- Constants.nSMap.put(Constants.ECDSA_PREFIX,
- "http://www.w3.org/2001/04/xmldsig-more#");
- Constants.nSMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
-
//seed the random number generator
Random.seedRandom();
Logger.debug("Random-number generator is seeded.");
@@ -147,7 +139,12 @@ public class MOAIDAuthInitializer {
//ECCProvider.addAsProvider();
Security.insertProviderAt(IAIK.getInstance(), 0);
- Security.addProvider(new ECCProvider());
+
+ ECCelerate eccProvider = ECCelerate.getInstance();
+ if (Security.getProvider(eccProvider.getName()) != null)
+ Security.removeProvider(eccProvider.getName());
+
+ Security.addProvider(new ECCelerate());
if (Logger.isDebugEnabled()) {
Logger.debug("Loaded Security Provider:");
@@ -156,12 +153,5 @@ public class MOAIDAuthInitializer {
Logger.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion());
}
-
-
- // Starts the session cleaner thread to remove unpicked authentication data
- AuthenticationSessionCleaner sessioncleaner = rootContext.getBean("AuthenticationSessionCleaner", AuthenticationSessionCleaner.class);
- AuthenticationSessionCleaner.start(sessioncleaner);
-
- MOAGarbageCollector.start();
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 908c7e7b6..16d320ea5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -106,6 +106,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
@Autowired protected AuthConfiguration authConfig;
@Autowired private AttributQueryBuilder attributQueryBuilder;
@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
public IAuthData buildAuthenticationData(IRequest pendingReq,
@@ -222,7 +223,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
try {
samlVerificationEngine.verifyIDPResponse(intfResp,
TrustEngineFactory.getSignatureKnownKeysTrustEngine(
- MOAMetadataProvider.getInstance()));
+ metadataProvider));
//create assertion attribute extractor from AttributeQuery response
return new AssertionAttributeExtractor(intfResp);
@@ -1106,10 +1107,15 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
String eIDASOutboundCountry = pendingReq.getGenericData(RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, String.class);
+ //TODO: maybe find a better solution
+ String cititzenCountryCode =
+ authConfig.getBasicMOAIDConfiguration("moa.id.protocols.eIDAS.node.countrycode",
+ MOAIDAuthConstants.COUNTRYCODE_AUSTRIA);
+
if (Constants.URN_PREFIX_BASEID.equals(baseIDType)) {
- if (MiscUtil.isNotEmpty(eIDASOutboundCountry) && !COUNTRYCODE_AUSTRIA.equals(eIDASOutboundCountry)) {
+ if (MiscUtil.isNotEmpty(eIDASOutboundCountry) && !cititzenCountryCode.equals(eIDASOutboundCountry)) {
Pair<String, String> eIDASID = new BPKBuilder().buildeIDASIdentifer(baseIDType, baseID,
- COUNTRYCODE_AUSTRIA, eIDASOutboundCountry);
+ cititzenCountryCode, eIDASOutboundCountry);
Logger.debug("Authenticate user with bPK:" + eIDASID.getFirst() + " Type:" + eIDASID.getSecond());
return eIDASID;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
index 718c35df3..ab3d2cae2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
@@ -73,6 +73,10 @@ public class MISSimpleClientException extends MOAIDException {
super(message, null, cause);
}
+ public MISSimpleClientException(String message, Object[] params, Throwable cause) {
+ super(message, params, cause);
+ }
+
/**
* @return the bkuErrorCode
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index e3efdeac0..1431911a3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -33,10 +33,9 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.ExceptionHandler;
import com.google.common.net.MediaType;
-
+import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
@@ -71,7 +70,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
public static final String ERROR_CODE_PARAM = "errorid";
- @Autowired protected StatisticLogger statisticLogger;
+ @Autowired protected IStatisticLogger statisticLogger;
@Autowired protected IRequestStorage requestStorage;
@Autowired protected ITransactionStorage transactionStorage;
@Autowired protected MOAReversionLogger revisionsLogger;
@@ -141,12 +140,12 @@ public abstract class AbstractController extends MOAIDAuthConstants {
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR);
transactionStorage.put(key,
new ExceptionContainer(pendingReq.getUniqueSessionIdentifier(),
- pendingReq.getUniqueTransactionIdentifier(), loggedException));
+ pendingReq.getUniqueTransactionIdentifier(), loggedException),-1);
} else {
transactionStorage.put(key,
new ExceptionContainer(null,
- null, loggedException));
+ null, loggedException),-1);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 66e8757ad..5e09380ae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -179,7 +179,7 @@ public class IDPSingleLogOutServlet extends AbstractController {
else
statusCode = MOAIDAuthConstants.SLOSTATUS_ERROR;
- transactionStorage.put(artifact, statusCode);
+ transactionStorage.put(artifact, statusCode, -1);
redirectURL = HTTPUtils.addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
index 5c2f86732..67ad4762c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
@@ -46,6 +46,7 @@
package at.gv.egovernment.moa.id.config;
+import java.util.ArrayList;
import java.util.Map;
import java.util.Properties;
@@ -53,6 +54,7 @@ import org.hibernate.cfg.Configuration;
import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.config.SpringProfileConstants;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
@@ -185,6 +187,10 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider
String propertyName = key.toString().substring(propPrefix.length());
moaSessionProp.put(propertyName, props.get(key.toString()));
}
+ if (key.toString().startsWith(propPrefix+"dbcp")) {
+ String propertyName = "hibernate."+(key.toString().substring(propPrefix.length()));
+ moaSessionProp.put(propertyName, props.get(key.toString()));
+ }
}
// read Config Hibernate properties
@@ -222,17 +228,17 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider
config.addAnnotatedClass(InterfederationSessionStore.class);
//config.addAnnotatedClass(ProcessInstanceStore.class);
config.addProperties(moaSessionProp);
- MOASessionDBUtils.initHibernate(config, moaSessionProp);
+ //MOASessionDBUtils.initHibernate(config, moaSessionProp);
//initial advanced logging
- if (Boolean.valueOf(props.getProperty("configuration.advancedlogging.active", "false"))) {
- Logger.info("Advanced statistic log is activated, starting initialization process ...");
- Configuration statisticconfig = new Configuration();
- statisticconfig.addAnnotatedClass(StatisticLog.class);
- statisticconfig.addProperties(statisticProps);
- StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps);
- Logger.info("Advanced statistic log is initialized.");
- }
+// if (Boolean.valueOf(props.getProperty("configuration.advancedlogging.active", "false"))) {
+// Logger.info("Advanced statistic log is activated, starting initialization process ...");
+// Configuration statisticconfig = new Configuration();
+// statisticconfig.addAnnotatedClass(StatisticLog.class);
+// statisticconfig.addProperties(statisticProps);
+// StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps);
+// Logger.info("Advanced statistic log is initialized.");
+// }
}
Logger.trace("Hibernate initialization finished.");
@@ -267,6 +273,7 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider
eGovUtilsConfig =
new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, rootConfigFileDir);
}
+ this.generateActiveProfiles(props);
}
@@ -277,5 +284,24 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider
public EgovUtilPropertiesConfiguration geteGovUtilsConfig() {
return eGovUtilsConfig;
}
+
+ private ArrayList<String> activeProfiles = new ArrayList<String>();
+
+ public void generateActiveProfiles(Properties props){
+ if (Boolean.valueOf(props.getProperty("configuration.advancedlogging.active", "false"))) {
+ activeProfiles.add(SpringProfileConstants.ADVANCED_LOG);
+ }else{
+ activeProfiles.add("advancedLogOff");
+ }
+ if (Boolean.valueOf(props.getProperty("redis.active", "false"))) {
+ activeProfiles.add(SpringProfileConstants.REDIS_BACKEND);
+ }else{
+ activeProfiles.add(SpringProfileConstants.DB_BACKEND);
+ }
+ }
+
+ public String[] getActiveProfiles(){
+ return activeProfiles.toArray(new String[0]);
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/MOAGarbageCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/MOAGarbageCollector.java
deleted file mode 100644
index 1072bec5c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/MOAGarbageCollector.java
+++ /dev/null
@@ -1,77 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.config.auth;
-
-
-import java.util.ArrayList;
-import java.util.List;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-public class MOAGarbageCollector implements Runnable {
-
- private static final long INTERVAL = 24 * 60 * 60; // 24 hours
- private static final List<IGarbageCollectorProcessing> processModules =
- new ArrayList<IGarbageCollectorProcessing>();
-
- public void run() {
- while (true) {
- try {
- Thread.sleep(INTERVAL * 1000);
-
- try {
- for (IGarbageCollectorProcessing element : processModules)
- element.runGarbageCollector();
-
- } catch (Throwable e1) {
- Logger.warn("Garbage collection FAILED in some module.", e1);
- }
-
- } catch (Throwable e) {
- Logger.warn("MOA-ID garbage collection is not possible, actually.", e);
-
- } finally {
-
- }
- }
- }
-
- /**
- * Add a module to MOA internal garbage collector. Every module is executed once a day
- *
- * @param modul Module which should be executed by the garbage collector.
- */
- public static void addModulForGarbageCollection(IGarbageCollectorProcessing modul) {
- processModules.add(modul);
-
- }
-
- public static void start() {
- // start the session cleanup thread
- Thread configLoader = new Thread(new MOAGarbageCollector(), "MOAGarbageCollector");
- configLoader.setName("MOAGarbageCollectorr");
- configLoader.setDaemon(true);
- configLoader.setPriority(Thread.MIN_PRIORITY);
- configLoader.start();
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index b1bba6c17..6a6359058 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -122,7 +122,10 @@ public String getIdentityLinkDomainIdentifier() {
if (MiscUtil.isNotEmpty(type) && MiscUtil.isNotEmpty(value)) {
if (MOAIDConstants.IDENIFICATIONTYPE_STORK.equals(type)) {
return MOAIDConstants.PREFIX_STORK + "AT" + "+" + value;
-
+
+ } else if (MOAIDConstants.IDENIFICATIONTYPE_EIDAS.equals(type)) {
+ return MOAIDConstants.PREFIX_EIDAS + value;
+
} else {
return MOAIDConstants.PREFIX_WPBK + type + "+" + value;
@@ -395,25 +398,13 @@ public boolean isOnlyMandateAllowed() {
* @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
*/
@Override
-public Integer getQaaLevel() {
- try {
- Integer storkQAALevel = Integer.parseInt(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL));
-
- if (storkQAALevel >= 1 &&
- storkQAALevel <= 4)
- return storkQAALevel;
-
- else {
- Logger.info("STORK minimal QAA level is not in a valid range. Use minimal QAA 4");
- return 4;
+public String getQaaLevel() {
+ String eidasLoALevel = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL);
+ if (MiscUtil.isEmpty(eidasLoALevel))
+ return MOAIDConstants.eIDAS_LOA_HIGH;
+ else
+ return eidasLoALevel;
- }
-
- } catch (NumberFormatException e) {
- Logger.warn("STORK minimal QAA level is not a number.", e);
- return 4;
-
- }
}
/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index 348b1c45a..e62a4a8d5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -228,6 +228,12 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
}
+ public String getBasicMOAIDConfiguration(final String key, final String defaultValue) {
+ return properties.getProperty(key, defaultValue);
+
+ }
+
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getPropertyWithKey(java.lang.String)
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index 8d70b1444..9fd58b5c7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -201,7 +201,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
* @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
*/
@Override
- public Integer getQaaLevel() {
+ public String getQaaLevel() {
// TODO Auto-generated method stub
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index a1f2c6558..34b250bf0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -104,7 +104,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
@Autowired private SingleLogOutBuilder sloBuilder;
@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
@Autowired private IGUIFormBuilder guiBuilder;
-
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
+
public void performSingleLogOut(HttpServletRequest httpReq,
HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
performSingleLogOut(httpReq, httpResp, session, pvpReq, null);
@@ -527,7 +528,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
} else {
samlVerificationEngine.verifySLOResponse(sloResp,
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(MOAMetadataProvider.getInstance()));
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
}
@@ -569,7 +570,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
//put SLO process-information into transaction storage
- transactionStorage.put(relayState, sloContainer);
+ transactionStorage.put(relayState, sloContainer, -1);
if (MiscUtil.isEmpty(authURL))
authURL = pvpReq.getAuthURL();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index 85e4dc99b..ffc6012c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -32,6 +32,8 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
@@ -52,7 +54,12 @@ public abstract class RequestImpl implements IRequest, Serializable{
public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes";
public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID";
+ public static final String DATAID_REQUESTER_IP_ADDRESS = "requesterIP";
+
public static final String eIDAS_GENERIC_REQ_DATA_COUNTRY = "country";
+ public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_LoA";
+
+
private static final long serialVersionUID = 1L;
@@ -91,10 +98,10 @@ public abstract class RequestImpl implements IRequest, Serializable{
*/
public final void initialize(HttpServletRequest req) throws ConfigurationException {
//set requestID
- requestID = Random.nextRandom();
+ requestID = Random.nextLongRandom();
//set unique transaction identifier for logging
- uniqueTransactionIdentifer = Random.nextRandom();
+ uniqueTransactionIdentifer = Random.nextLongRandom();
TransactionIDUtils.setTransactionId(uniqueTransactionIdentifer);
@@ -167,6 +174,15 @@ public abstract class RequestImpl implements IRequest, Serializable{
else
Logger.warn("No unique session-identifier FOUND, but it should be allready set into request!?!");
+ //set requester's IP address
+ try {
+ setGenericDataToSession(DATAID_REQUESTER_IP_ADDRESS, req.getRemoteAddr());
+
+ } catch (SessionDataStorageException e) {
+ Logger.warn("Can not store remote IP address to 'pendingRequest' during an exception." , e);
+
+ }
+
}
/**
@@ -174,7 +190,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
*
* @return List of PVP 2.1 attribute names with maps all protocol specific attributes
*/
- public abstract Collection<String> getRequestedAttributes();
+ public abstract Collection<String> getRequestedAttributes(MetadataProvider metadataProvider);
public void setOAURL(String value) {
oaURL = value;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
index 1b550881e..eec48e0f3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
@@ -68,7 +68,7 @@ public class RequestStorage implements IRequestStorage{
public void storePendingRequest(IRequest pendingRequest) throws MOAIDException {
try {
if (pendingRequest instanceof IRequest) {
- transactionStorage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest);
+ transactionStorage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest, -1);
} else {
throw new MOAIDException("auth.20", null);
@@ -123,6 +123,7 @@ public class RequestStorage implements IRequestStorage{
((RequestImpl)pendingRequest).setRequestID(newRequestID);
transactionStorage.changeKey(oldRequestID, newRequestID, pendingRequest);
+ //only delete oldRequestID, no change.
return newRequestID;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index bc7dd272b..0799760ce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -63,6 +63,7 @@ public class SSOManager {
@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
@Autowired protected AuthConfiguration authConfig;
+ @Autowired private MOASessionDBUtils moaSessionDBUtils;
/**
* Check if interfederation IDP is requested via HTTP GET parameter or if interfederation cookie exists.
@@ -159,7 +160,7 @@ public class SSOManager {
} else {
Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
- MOASessionDBUtils.delete(storedSession);
+ moaSessionDBUtils.delete(storedSession);
}
}
@@ -200,7 +201,7 @@ public class SSOManager {
public String existsOldSSOSession(String ssoId) {
Logger.trace("Check that the SSOID has already been used");
- Session session = MOASessionDBUtils.getCurrentSession();
+ Session session = moaSessionDBUtils.getCurrentSession();
List<OldSSOSessionIDStore> result;
@@ -289,7 +290,7 @@ public class SSOManager {
//no local SSO session exist -> request interfederated IDP
Logger.info("Delete interfederated IDP " + selectedIDP.getIdpurlprefix()
+ " from MOASession " + storedSession.getSessionid());
- MOASessionDBUtils.delete(selectedIDP);
+ moaSessionDBUtils.delete(selectedIDP);
} else {
Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
index a9a9322ad..428931b5e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
@@ -22,7 +22,7 @@ public class ProcessInstanceStoreDAOImpl implements ProcessInstanceStoreDAO {
@Override
public void saveOrUpdate(ProcessInstanceStore pIStore) throws MOADatabaseException {
try {
- transactionStorage.put(pIStore.getProcessInstanceId(), pIStore);
+ transactionStorage.put(pIStore.getProcessInstanceId(), pIStore, -1);
// MOASessionDBUtils.saveOrUpdate(pIStore);
log.debug("Store process instance with='{}' in the database.", pIStore.getProcessInstanceId());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index 2168316ab..6375f26a3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -80,6 +80,8 @@ public class AttributQueryAction implements IAction {
@Autowired private AuthenticationDataBuilder authDataBuilder;
@Autowired private IDPCredentialProvider pvpCredentials;
@Autowired private AuthConfiguration authConfig;
+ @Autowired private MOASessionDBUtils moaSessionDBUtils;
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
new String[]{PVPConstants.EID_STORK_TOKEN_NAME});
@@ -139,7 +141,7 @@ public class AttributQueryAction implements IAction {
//build PVP 2.1 response
Response authResponse = AuthResponseBuilder.buildResponse(
- MOAMetadataProvider.getInstance(), issuerEntityID, attrQuery, date,
+ metadataProvider, issuerEntityID, attrQuery, date,
assertion, authConfig.isPVP2AssertionEncryptionActive());
SoapBinding decoder = new SoapBinding();
@@ -198,7 +200,7 @@ public class AttributQueryAction implements IAction {
((PVPTargetConfiguration) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) {
try {
activeOA.setAttributeQueryUsed(true);
- MOASessionDBUtils.saveOrUpdate(activeOA);
+ moaSessionDBUtils.saveOrUpdate(activeOA);
} catch (MOADatabaseException e) {
Logger.error("MOASession interfederation information can not stored to database.", e);
@@ -251,11 +253,11 @@ public class AttributQueryAction implements IAction {
//mark attribute request as used
if (nextIDPInformation.isStoreSSOInformation()) {
nextIDPInformation.setAttributesRequested(true);
- MOASessionDBUtils.saveOrUpdate(nextIDPInformation);
+ moaSessionDBUtils.saveOrUpdate(nextIDPInformation);
//delete federated IDP from Session
} else {
- MOASessionDBUtils.delete(nextIDPInformation);
+ moaSessionDBUtils.delete(nextIDPInformation);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index 8de44a2e8..aac49844e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -61,6 +61,7 @@ import at.gv.egovernment.moa.logging.Logger;
public class AuthenticationAction implements IAction {
@Autowired IDPCredentialProvider pvpCredentials;
@Autowired AuthConfiguration authConfig;
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
@@ -70,7 +71,7 @@ public class AuthenticationAction implements IAction {
//get basic information
MOARequest moaRequest = (MOARequest) pvpRequest.getRequest();
AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
- EntityDescriptor peerEntity = moaRequest.getEntityMetadata();
+ EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);
AssertionConsumerService consumerService =
SAML2Utils.createSAMLObject(AssertionConsumerService.class);
@@ -94,7 +95,7 @@ public class AuthenticationAction implements IAction {
peerEntity, date, consumerService, sloInformation);
Response authResponse = AuthResponseBuilder.buildResponse(
- MOAMetadataProvider.getInstance(), issuerEntityID, authnRequest,
+ metadataProvider, issuerEntityID, authnRequest,
date, assertion, authConfig.isPVP2AssertionEncryptionActive());
IEncoder binding = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 350690f82..f09a3c30c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -104,6 +104,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
@Autowired IDPCredentialProvider pvpCredentials;
@Autowired SAMLVerificationEngineSP samlVerificationEngine;
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
public static final String NAME = PVP2XProtocol.class.getName();
public static final String PATH = "id_pvp2x";
@@ -187,7 +188,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
//get POST-Binding decoder implementation
InboundMessage msg = (InboundMessage) new PostBinding().decode(
- req, resp, MOAMetadataProvider.getInstance(), false,
+ req, resp, metadataProvider, false,
new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL())));
pendingReq.setRequest(msg);
@@ -240,7 +241,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
//get POST-Binding decoder implementation
InboundMessage msg = (InboundMessage) new RedirectBinding().decode(
- req, resp, MOAMetadataProvider.getInstance(), false,
+ req, resp, metadataProvider, false,
new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService(pendingReq.getAuthURL())));
pendingReq.setRequest(msg);
@@ -294,7 +295,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
//get POST-Binding decoder implementation
InboundMessage msg = (InboundMessage) new SoapBinding().decode(
- req, resp, MOAMetadataProvider.getInstance(), false,
+ req, resp, metadataProvider, false,
new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL())));
pendingReq.setRequest(msg);
@@ -336,7 +337,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
if(!msg.isVerified()) {
samlVerificationEngine.verify(msg,
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(MOAMetadataProvider.getInstance()));
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
msg.setVerified(true);
}
@@ -494,7 +495,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
msg = (MOARequest) inMsg;
- EntityDescriptor metadata = msg.getEntityMetadata();
+ EntityDescriptor metadata = msg.getEntityMetadata(metadataProvider);
if(metadata == null) {
throw new NoMetadataInformationException();
}
@@ -526,7 +527,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
boolean isAllowedDestination = false;
for (String prefix : allowedPublicURLPrefix) {
- if (!resp.getDestination().startsWith(
+ if (resp.getDestination().startsWith(
prefix)) {
isAllowedDestination = true;
break;
@@ -644,7 +645,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
throw new MOAIDException("Unsupported request", new Object[] {});
}
- EntityDescriptor metadata = moaRequest.getEntityMetadata();
+ EntityDescriptor metadata = moaRequest.getEntityMetadata(metadataProvider);
if(metadata == null) {
throw new NoMetadataInformationException();
}
@@ -736,7 +737,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
}
}
- String oaURL = moaRequest.getEntityMetadata().getEntityID();
+ String oaURL = moaRequest.getEntityMetadata(metadataProvider).getEntityID();
oaURL = StringEscapeUtils.escapeHtml(oaURL);
IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
index 0dd309154..62105abda 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
@@ -49,7 +49,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
samlMessage);
try {
- transactionStorage.put(artifact, assertion);
+ transactionStorage.put(artifact, assertion, -1);
} catch (MOADatabaseException e) {
// TODO Insert Error Handling, if Assertion could not be stored
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index e7f2a7d4b..caf66942e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -32,6 +32,7 @@ import org.opensaml.saml2.core.impl.AuthnRequestImpl;
import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
@@ -54,7 +55,6 @@ public class PVPTargetConfiguration extends RequestImpl {
private static final long serialVersionUID = 4889919265919638188L;
-
InboundMessage request;
String binding;
String consumerURL;
@@ -88,14 +88,14 @@ public class PVPTargetConfiguration extends RequestImpl {
* @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
*/
@Override
- public Collection<String> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
Map<String, String> reqAttr = new HashMap<String, String>();
for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
reqAttr.put(el, "");
try {
- SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata().getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+ SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS);
if (spSSODescriptor.getAttributeConsumingServices() != null &&
spSSODescriptor.getAttributeConsumingServices().size() > 0) {
@@ -139,5 +139,6 @@ public class PVPTargetConfiguration extends RequestImpl {
}
- }
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index 52bf16247..c762e2505 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -24,17 +24,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
-import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.SerializationUtils;
-import org.hibernate.HibernateException;
-import org.hibernate.Query;
-import org.hibernate.Session;
-import org.hibernate.Transaction;
-import org.hibernate.resource.transaction.spi.TransactionStatus;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.metadata.SingleLogoutService;
@@ -49,7 +43,6 @@ import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.data.IAuthData;
@@ -83,8 +76,8 @@ public class SingleLogOutAction implements IAction {
@Autowired private ITransactionStorage transactionStorage;
@Autowired private SingleLogOutBuilder sloBuilder;
@Autowired private MOAReversionLogger revisionsLogger;
-
-
+
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
*/
@@ -94,142 +87,148 @@ public class SingleLogOutAction implements IAction {
IAuthData authData) throws MOAIDException {
PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req;
-
+
if (pvpReq.getRequest() instanceof MOARequest &&
((MOARequest)pvpReq.getRequest()).getSamlRequest() instanceof LogoutRequest) {
Logger.debug("Process Single LogOut request");
MOARequest samlReq = (MOARequest) pvpReq.getRequest();
LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
-
+
AuthenticationSession session =
authenticationSessionStorage.searchMOASessionWithNameIDandOAID(
logOutReq.getIssuer().getValue(),
logOutReq.getNameID().getValue());
-
- if (session == null) {
- Logger.warn("Can not find active SSO session with nameID "
- + logOutReq.getNameID().getValue() + " and OA "
- + logOutReq.getIssuer().getValue());
- Logger.info("Search active SSO session with SSO session cookie");
- String ssoID = ssomanager.getSSOSessionID(httpReq);
- if (MiscUtil.isEmpty(ssoID)) {
+
+ if (session == null) {
+ Logger.warn("Can not find active SSO session with nameID "
+ + logOutReq.getNameID().getValue() + " and OA "
+ + logOutReq.getIssuer().getValue());
+ Logger.info("Search active SSO session with SSO session cookie");
+ String ssoID = ssomanager.getSSOSessionID(httpReq);
+ if (MiscUtil.isEmpty(ssoID)) {
+ Logger.info("Can not find active Session. Single LogOut not possible!");
+ SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
+ //LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
+ LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null);
+ Logger.info("Sending SLO success message to requester ...");
+ sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ return null;
+
+ } else {
+ String moasession = ssomanager.getMOASession(ssoID);
+ try {
+ session = authenticationSessionStorage.getSession(moasession);
+
+ if (session == null)
+ throw new MOADatabaseException();
+
+ } catch (MOADatabaseException e) {
Logger.info("Can not find active Session. Single LogOut not possible!");
SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
//LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null);
Logger.info("Sending SLO success message to requester ...");
- sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
return null;
-
- } else {
- String moasession = ssomanager.getMOASession(ssoID);
- try {
- session = authenticationSessionStorage.getSession(moasession);
-
- if (session == null)
- throw new MOADatabaseException();
-
- } catch (MOADatabaseException e) {
- Logger.info("Can not find active Session. Single LogOut not possible!");
- SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
- //LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
- LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null);
- Logger.info("Sending SLO success message to requester ...");
- sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
- return null;
-
- }
- }
+
+ }
+ }
+ }
+
+ authManager.performSingleLogOut(httpReq, httpResp, session, pvpReq);
+
+ } else if (pvpReq.getRequest() instanceof MOAResponse &&
+ ((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
+ Logger.debug("Process Single LogOut response");
+ LogoutResponse logOutResp = (LogoutResponse) ((MOAResponse)pvpReq.getRequest()).getResponse();
+
+ //Transaction tx = null;
+
+ try {
+ String relayState = pvpReq.getRequest().getRelayState();
+ if (MiscUtil.isEmpty(relayState)) {
+ Logger.warn("SLO Response from " + logOutResp.getIssuer().getValue()
+ + " has no SAML2 RelayState.");
+ throw new SLOException("pvp2.19", null);
+
}
-
- authManager.performSingleLogOut(httpReq, httpResp, session, pvpReq);
-
- } else if (pvpReq.getRequest() instanceof MOAResponse &&
- ((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
- Logger.debug("Process Single LogOut response");
- LogoutResponse logOutResp = (LogoutResponse) ((MOAResponse)pvpReq.getRequest()).getResponse();
-
- Transaction tx = null;
-
- try {
- String relayState = pvpReq.getRequest().getRelayState();
- if (MiscUtil.isEmpty(relayState)) {
- Logger.warn("SLO Response from " + logOutResp.getIssuer().getValue()
- + " has no SAML2 RelayState.");
- throw new SLOException("pvp2.19", null);
-
- }
-
- Session session = MOASessionDBUtils.getCurrentSession();
- boolean storageSuccess = false;
- int counter = 0;
-
- //TODO: add counter to prevent deadlock
-
+
+ //Session session = MOASessionDBUtils.getCurrentSession();
+ boolean storageSuccess = false;
+ int counter = 0;
+
+ //TODO: add counter to prevent deadlock
+ synchronized(this){
while (!storageSuccess) {
- tx = session.beginTransaction();
-
- List result;
- Query query = session.getNamedQuery("getAssertionWithArtifact");
- query.setParameter("artifact", relayState);
- result = query.list();
- Logger.trace("Found entries: " + result.size());
-
- //Assertion requires an unique artifact
- if (result.size() != 1) {
+ // tx = session.beginTransaction();
+ //
+ // List result;
+ // Query query = session.getNamedQuery("getAssertionWithArtifact");
+ // query.setParameter("artifact", relayState);
+ // result = query.list();
+ //
+ //
+ // Logger.trace("Found entries: " + result.size());
+ //
+ // //Assertion requires an unique artifact
+ // if (result.size() != 1) {
+ // Logger.trace("No entries found.");
+ // throw new MOADatabaseException("No sessioninformation found with this ID");
+ // }
+ //
+ // AssertionStore element = (AssertionStore) result.get(0);
+ // Object data = SerializationUtils.deserialize(element.getAssertion());
+ Logger.debug("Current Thread getAssertionStore: "+Thread.currentThread().getId());
+ Object o = transactionStorage.getAssertionStore(relayState);
+ if(o==null){
Logger.trace("No entries found.");
- throw new MOADatabaseException("No sessioninformation found with this ID");
+ throw new MOADatabaseException("No sessioninformation found with this ID");
}
-
- AssertionStore element = (AssertionStore) result.get(0);
- Object data = SerializationUtils.deserialize(element.getAssertion());
-
+ AssertionStore element = (AssertionStore) o;
+ Object data = SerializationUtils.deserialize(element.getAssertion());
+
if (data instanceof SLOInformationContainer) {
ISLOInformationContainer sloContainer = (ISLOInformationContainer) data;
-
+
//check status
sloBuilder.checkStatusCode(sloContainer, logOutResp);
-
+
if (sloContainer.hasFrontChannelOA()) {
try {
//some response are open
byte[] serializedSLOContainer = SerializationUtils.serialize((Serializable) sloContainer);
element.setAssertion(serializedSLOContainer);
element.setType(sloContainer.getClass().getName());
-
- session.saveOrUpdate(element);
- tx.commit();
-
+
+ // session.saveOrUpdate(element);
+ // tx.commit();
+ Logger.debug("Current Thread putAssertionStore: "+Thread.currentThread().getId());
+ transactionStorage.putAssertionStore(element);
+
//sloContainer could be stored to database
storageSuccess = true;
-
- } catch(HibernateException e) {
- tx.rollback();
+
+ } catch(MOADatabaseException e) {
+ //tx.rollback();
counter++;
Logger.debug("SLOContainter could not stored to database. Wait some time and restart storage process ... ");
java.util.Random rand = new java.util.Random();
-
+
try {
Thread.sleep(rand.nextInt(20)*10);
-
+
} catch (InterruptedException e1) {
Logger.warn("Thread could not stopped. ReStart storage process immediately", e1);
}
}
-
+
} else {
- //last response received.
- try {
- session.delete(element);
- tx.commit();
-
- } catch(HibernateException e) {
- tx.rollback();
- Logger.error("SLOContainter could not deleted from database. ");
-
- }
-
+ Logger.debug("Current Thread removeElement by Artifact: "+Thread.currentThread().getId());
+ transactionStorage.remove(element.getArtifact());
+ // session.delete(element);
+ // tx.commit();
+
storageSuccess = true;
String redirectURL = null;
if (sloContainer.getSloRequest() != null) {
@@ -237,70 +236,72 @@ public class SingleLogOutAction implements IAction {
SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(sloContainer.getSloRequest());
LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, sloContainer.getSloRequest().getRequest().getRelayState());
-
+
} else {
//print SLO information directly
redirectURL = req.getAuthURL() + "/idpSingleLogout";
-
+
String artifact = Random.nextRandom();
-
- String statusCode = null;
+
+ String statusCode = null;
if (sloContainer.getSloFailedOAs() == null ||
- sloContainer.getSloFailedOAs().size() == 0) {
- statusCode = MOAIDAuthConstants.SLOSTATUS_SUCCESS;
- revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(),
- MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
-
+ sloContainer.getSloFailedOAs().size() == 0) {
+ statusCode = MOAIDAuthConstants.SLOSTATUS_SUCCESS;
+ revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(),
+ MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
+
} else {
revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(),
MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
- statusCode = MOAIDAuthConstants.SLOSTATUS_ERROR;
-
+ statusCode = MOAIDAuthConstants.SLOSTATUS_ERROR;
+
}
- transactionStorage.put(artifact, statusCode);
- redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact);
-
+ transactionStorage.put(artifact, statusCode, -1);
+ redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact);
+
}
//redirect to Redirect Servlet
String url = req.getAuthURL() + "/RedirectServlet";
url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(redirectURL, "UTF-8"));
url = httpResp.encodeRedirectURL(url);
-
+
httpResp.setContentType("text/html");
httpResp.setStatus(302);
httpResp.addHeader("Location", url);
-
+
}
} else {
Logger.warn("Sessioninformation Cast-Exception by using Artifact=" + relayState);
throw new MOADatabaseException("Sessioninformation Cast-Exception");
-
+
}
}
-
- } catch (MOADatabaseException e) {
- Logger.error("MOA AssertionDatabase ERROR", e);
- throw new SLOException("pvp2.19", null);
-
- } catch (UnsupportedEncodingException e) {
- Logger.error("Finale SLO redirct not possible.", e);
- throw new AuthenticationException("pvp2.13", new Object[]{});
-
- } finally {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) {
- tx.commit();
-
- }
}
-
-
-
- } else {
- Logger.error("Process SingleLogOutAction but request is NOT of type LogoutRequest or LogoutResponse.");
- throw new MOAIDException("pvp2.13", null);
-
- }
-
+ } catch (MOADatabaseException e) {
+ Logger.error("MOA AssertionDatabase ERROR", e);
+ throw new SLOException("pvp2.19", null);
+
+ } catch (UnsupportedEncodingException e) {
+ Logger.error("Finale SLO redirct not possible.", e);
+ throw new AuthenticationException("pvp2.13", new Object[]{});
+
+ }
+
+ // finally {
+ // if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) {
+ // tx.commit();
+ //
+ // }
+ // }
+
+
+
+ } else {
+ Logger.error("Process SingleLogOutAction but request is NOT of type LogoutRequest or LogoutResponse.");
+ throw new MOAIDException("pvp2.13", null);
+
+ }
+
return null;
}
@@ -320,7 +321,7 @@ public class SingleLogOutAction implements IAction {
public String getDefaultActionName() {
return PVP2XProtocol.SINGLELOGOUT;
}
-
+
protected static String addURLParameter(String url, String paramname,
String paramvalue) {
String param = paramname + "=" + paramvalue;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index 25b22f0ad..94d91694a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -62,6 +62,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class SoapBinding implements IDecoder, IEncoder {
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
@Autowired private IDPCredentialProvider credentialProvider;
public InboundMessageInterface decode(HttpServletRequest req,
@@ -109,7 +110,7 @@ public class SoapBinding implements IDecoder, IEncoder {
RequestAbstractType attributeRequest = (RequestAbstractType) attrReq;
try {
if (MiscUtil.isNotEmpty(attributeRequest.getIssuer().getValue()) &&
- MOAMetadataProvider.getInstance().getRole(
+ metadataProvider.getRole(
attributeRequest.getIssuer().getValue(),
SPSSODescriptor.DEFAULT_ELEMENT_NAME) != null)
request.setEntityID(attributeRequest.getIssuer().getValue());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
index 855925272..e2f8664d8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
@@ -24,8 +24,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
import java.io.IOException;
import java.io.StringWriter;
-import java.security.PrivateKey;
-import java.security.interfaces.RSAPrivateKey;
import java.util.List;
import javax.xml.parsers.DocumentBuilder;
@@ -66,7 +64,6 @@ import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
import org.opensaml.xml.signature.SignatureException;
import org.opensaml.xml.signature.Signer;
import org.springframework.stereotype.Service;
@@ -74,6 +71,7 @@ import org.w3c.dom.Document;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
@@ -153,7 +151,7 @@ public class PVPMetadataBuilder {
//set metadata signature parameters
Credential metadataSignCred = config.getMetadataSigningCredentials();
- Signature signature = getIDPSignature(metadataSignCred);
+ Signature signature = AbstractCredentialProvider.getIDPSignature(metadataSignCred);
SecurityHelper.prepareSignatureParams(signature, metadataSignCred, null, null);
@@ -437,27 +435,5 @@ public class PVPMetadataBuilder {
return idpSSODescriptor;
}
-
- private Signature getIDPSignature(Credential credentials) {
- PrivateKey privatekey = credentials.getPrivateKey();
- Signature signer = SAML2Utils.createSAMLObject(Signature.class);
- if (privatekey instanceof RSAPrivateKey) {
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-
- } else if (privatekey instanceof iaik.security.ecc.ecdsa.ECPrivateKey) {
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1);
-
- } else {
- Logger.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential.");
-
-
- }
-
- signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
- signer.setSigningCredential(credentials);
- return signer;
-
- }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index e5c897aa6..de59e6055 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -94,8 +94,9 @@ import at.gv.egovernment.moa.logging.Logger;
@Service("PVP_SingleLogOutBuilder")
public class SingleLogOutBuilder {
+ @Autowired(required=true) private MOAMetadataProvider metadataProvider;
@Autowired private IDPCredentialProvider credentialProvider;
-
+
public void checkStatusCode(ISLOInformationContainer sloContainer, LogoutResponse logOutResp) {
Status status = logOutResp.getStatus();
if (!status.getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
@@ -353,7 +354,7 @@ public class SingleLogOutBuilder {
public SingleLogoutService getRequestSLODescriptor(String entityID) throws NOSLOServiceDescriptorException {
try {
- EntityDescriptor entity = MOAMetadataProvider.getInstance().getEntityDescriptor(entityID);
+ EntityDescriptor entity = metadataProvider.getEntityDescriptor(entityID);
SSODescriptor spsso = entity.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
SingleLogoutService sloService = null;
@@ -394,7 +395,7 @@ public class SingleLogOutBuilder {
public SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
MOARequest moaReq = (MOARequest) spRequest.getRequest();
- EntityDescriptor metadata = moaReq.getEntityMetadata();
+ EntityDescriptor metadata = moaReq.getEntityMetadata(metadataProvider);
SSODescriptor ssodesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
if (ssodesc == null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 200429093..55d8fa1ff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -459,8 +459,15 @@ public class PVP2AssertionBuilder implements PVPConstants {
subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime()));
// subjectConfirmationData.setNotBefore(date);
+ //set 'recipient' attribute in subjectConformationData
subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());
+ //set IP address of the user machine as 'Address' attribute in subjectConformationData
+ String usersIPAddress = pendingReq.getGenericData(
+ PVPTargetConfiguration.DATAID_REQUESTER_IP_ADDRESS, String.class);
+ if (MiscUtil.isNotEmpty(usersIPAddress))
+ subjectConfirmationData.setAddress(usersIPAddress);
+
//set SLO information
sloInformation.setUserNameIdentifier(subjectNameID.getValue());
sloInformation.setNameIDFormat(subjectNameID.getFormat());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
index 332caf967..8c8345bbf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
@@ -25,11 +25,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
import java.io.Serializable;
import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -46,10 +46,12 @@ public class InboundMessage implements InboundMessageInterface, Serializable{
private String relayState = null;
- public EntityDescriptor getEntityMetadata() throws NoMetadataInformationException {
-
+ public EntityDescriptor getEntityMetadata(MetadataProvider metadataProvider) throws NoMetadataInformationException {
try {
- return MOAMetadataProvider.getInstance().getEntityDescriptor(this.entityID);
+ if (metadataProvider == null)
+ throw new NullPointerException("No PVP MetadataProvider found.");
+
+ return metadataProvider.getEntityDescriptor(this.entityID);
} catch (MetadataProviderException e) {
Logger.warn("No Metadata for EntitiyID " + entityID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 3002ca179..19adfe4c4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -44,13 +44,14 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
import org.opensaml.xml.XMLObject;
+import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.auth.IDestroyableObject;
+import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing;
-import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
@@ -58,65 +59,85 @@ import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
+@Service("PVPMetadataProvider")
public class MOAMetadataProvider extends SimpleMOAMetadataProvider
- implements ObservableMetadataProvider, IGarbageCollectorProcessing, IMOARefreshableMetadataProvider {
+ implements ObservableMetadataProvider, IGarbageCollectorProcessing,
+ IMOARefreshableMetadataProvider, IDestroyableObject {
- private static MOAMetadataProvider instance = null;
+ //private static final int METADATA_GARBAGE_TIMEOUT_SEC = 604800; //7 days
+
+// private static MOAMetadataProvider instance = null;
+ MetadataProvider internalProvider = null;
private static Object mutex = new Object();
+ //private Map<String, Date> lastAccess = null;
- public static MOAMetadataProvider getInstance() {
- if (instance == null) {
- synchronized (mutex) {
- if (instance == null) {
- instance = new MOAMetadataProvider();
-
- //add this to MOA garbage collector
- MOAGarbageCollector.addModulForGarbageCollection(instance);
-
- }
- }
- }
- return instance;
+ public MOAMetadataProvider() {
+ internalProvider = new ChainingMetadataProvider();
+ //lastAccess = new HashMap<String, Date>();
+
}
+// public static MOAMetadataProvider getInstance() {
+// if (instance == null) {
+// synchronized (mutex) {
+// if (instance == null) {
+// instance = new MOAMetadataProvider();
+//
+// //add this to MOA garbage collector
+// MOAGarbageCollector.addModulForGarbageCollection(instance);
+//
+// }
+// }
+// }
+// return instance;
+// }
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
*/
@Override
public void runGarbageCollector() {
- reInitialize();
-
- }
-
- private static void reInitialize() {
synchronized (mutex) {
/**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
- if (instance != null)
- try {
- Logger.trace("Check consistence of PVP2X metadata");
- instance.addAndRemoveMetadataProvider();
+ try {
+ Logger.trace("Check consistence of PVP2X metadata");
+ addAndRemoveMetadataProvider();
- } catch (ConfigurationException e) {
- Logger.error("Access to MOA-ID configuration FAILED.", e);
+ } catch (ConfigurationException e) {
+ Logger.error("Access to MOA-ID configuration FAILED.", e);
- }
- else
- Logger.info("MOAMetadataProvider is not loaded.");
+ }
}
+
}
- public static void destroy() {
- if (instance != null) {
- instance.internalDestroy();
+
+// private static void reInitialize() {
+// synchronized (mutex) {
+//
+// /**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
+// if (instance != null)
+// try {
+// Logger.trace("Check consistence of PVP2X metadata");
+// instance.addAndRemoveMetadataProvider();
+//
+// } catch (ConfigurationException e) {
+// Logger.error("Access to MOA-ID configuration FAILED.", e);
+//
+// }
+// else
+// Logger.info("MOAMetadataProvider is not loaded.");
+// }
+// }
+
+ public void fullyDestroy() {
+ internalDestroy();
- } else {
- Logger.info("MOAMetadataProvider is not loaded. Accordingly it can not be destroyed");
- }
}
- MetadataProvider internalProvider;
+
@Override
public boolean refreshMetadataProvider(String entityID) {
@@ -208,7 +229,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
private void addAndRemoveMetadataProvider() throws ConfigurationException {
if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
- Logger.info("Relaod MOAMetaDataProvider.");
+ Logger.info("Reload MOAMetaDataProvider.");
/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
*The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
@@ -217,7 +238,19 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
//get all actually loaded metadata providers
Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
-
+
+ /* TODO: maybe add metadata provider destroy after timeout.
+ * But could be a problem if one Metadataprovider load an EntitiesDescriptor
+ * with more the multiple EntityDescriptors. If one of this EntityDesciptors
+ * are expired the full EntitiesDescriptor is removed.
+ *
+ * Timeout requires a better solution in this case!
+ */
+// Date now = new Date();
+// Date expioredate = new Date(now.getTime() - (METADATA_GARBAGE_TIMEOUT_SEC * 1000));
+// Logger.debug("Starting PVP Metadata garbag collection (Expioredate:"
+// + expioredate + ")");
+
//load all PVP2 OAs form ConfigurationDatabase and
//compare actually loaded Providers with configured PVP2 OAs
Map<String, String> allOAs = AuthConfigurationProviderFactory.getInstance().getConfigurationWithWildCard(
@@ -238,30 +271,31 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
HTTPMetadataProvider httpProvider = null;
try {
if (MiscUtil.isNotEmpty(metadataurl)) {
- if (loadedproviders.containsKey(metadataurl)) {
+ if (loadedproviders.containsKey(metadataurl)) {
// PVP2 OA is actually loaded, to nothing
providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
loadedproviders.remove(metadataurl);
- } else if ( MiscUtil.isNotEmpty(metadataurl) &&
- !providersinuse.containsKey(metadataurl) ) {
- //PVP2 OA is new, add it to MOAMetadataProvider
- String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
- if (MiscUtil.isNotEmpty(certBase64)) {
- byte[] cert = Base64Utils.decode(certBase64, false);
- String oaFriendlyName = oaParam.getFriendlyName();
-
-
- Logger.info("Loading metadata for: " + oaFriendlyName);
- httpProvider = createNewHTTPMetaDataProvider(
- metadataurl,
- buildMetadataFilterChain(oaParam, metadataurl, cert),
- oaFriendlyName);
-
- if (httpProvider != null)
- providersinuse.put(metadataurl, httpProvider);
- }
+ //INFO: load metadata dynamically if they are requested
+// } else if ( MiscUtil.isNotEmpty(metadataurl) &&
+// !providersinuse.containsKey(metadataurl) ) {
+// //PVP2 OA is new, add it to MOAMetadataProvider
+// String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
+// if (MiscUtil.isNotEmpty(certBase64)) {
+// byte[] cert = Base64Utils.decode(certBase64, false);
+// String oaFriendlyName = oaParam.getFriendlyName();
+//
+//
+// Logger.info("Loading metadata for: " + oaFriendlyName);
+// httpProvider = createNewHTTPMetaDataProvider(
+// metadataurl,
+// buildMetadataFilterChain(oaParam, metadataurl, cert),
+// oaFriendlyName);
+//
+// if (httpProvider != null)
+// providersinuse.put(metadataurl, httpProvider);
+// }
}
}
@@ -339,15 +373,21 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
}
}
- instance = null;
+ internalProvider = new ChainingMetadataProvider();
} else {
Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
}
}
- private MOAMetadataProvider() {
+ @Deprecated
+ /**
+ * Load all PVP metadata from OA configuration
+ *
+ * This method is deprecated because OA metadata should be loaded dynamically
+ * if the corresponding OA is requested.
+ */
+ private void loadAllPVPMetadataFromKonfiguration() {
ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
-
Logger.info("Loading metadata");
Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
try {
@@ -417,14 +457,15 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
+ e.getMessage(), e);
}
+ internalProvider = chainProvider;
+
} catch (ConfigurationException e) {
Logger.error("Access MOA-ID configuration FAILED.", e);
}
-
- internalProvider = chainProvider;
+
}
-
+
private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException {
PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
filterChain.getFilters().add(new SchemaValidationFilter());
@@ -505,17 +546,30 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
}
+// if (entityDesc != null)
+// lastAccess.put(entityID, new Date());
+
return entityDesc;
}
public List<RoleDescriptor> getRole(String entityID, QName roleName)
- throws MetadataProviderException {
- return internalProvider.getRole(entityID, roleName);
+ throws MetadataProviderException {
+ List<RoleDescriptor> result = internalProvider.getRole(entityID, roleName);
+
+// if (result != null)
+// lastAccess.put(entityID, new Date());
+
+ return result;
}
public RoleDescriptor getRole(String entityID, QName roleName,
String supportedProtocol) throws MetadataProviderException {
- return internalProvider.getRole(entityID, roleName, supportedProtocol);
+ RoleDescriptor result = internalProvider.getRole(entityID, roleName, supportedProtocol);
+
+// if (result != null)
+// lastAccess.put(entityID, new Date());
+
+ return result;
}
/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
index 442455d4b..8261a86c1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
@@ -81,7 +81,7 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
}
}
- timer = new Timer();
+ timer = new Timer(true);
httpProvider = new HTTPMetadataProvider(timer, httpClient,
metadataURL);
httpProvider.setParserPool(new BasicParserPool());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
index bf4cfd480..77cc7228b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
import java.security.KeyStore;
import java.security.PrivateKey;
+import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import org.opensaml.xml.security.credential.Credential;
@@ -198,7 +199,7 @@ public abstract class AbstractCredentialProvider {
if (privatekey instanceof RSAPrivateKey) {
signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
- } else if (privatekey instanceof iaik.security.ecc.ecdsa.ECPrivateKey) {
+ } else if (privatekey instanceof ECPrivateKey) {
signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1);
} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index f384dd511..f6104bdeb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -41,6 +41,7 @@ import org.opensaml.xml.security.criteria.EntityIDCriteria;
import org.opensaml.xml.security.criteria.UsageCriteria;
import org.opensaml.xml.signature.SignatureTrustEngine;
import org.opensaml.xml.validation.ValidationException;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
@@ -56,6 +57,8 @@ import at.gv.egovernment.moa.util.MiscUtil;
@Service("SAMLVerificationEngine")
public class SAMLVerificationEngine {
+
+ @Autowired(required=true) MOAMetadataProvider metadataProvider;
public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
try {
@@ -72,7 +75,8 @@ public class SAMLVerificationEngine {
}
Logger.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + msg.getEntityID());
- if (!MOAMetadataProvider.getInstance().refreshMetadataProvider(msg.getEntityID()))
+
+ if (metadataProvider == null || !metadataProvider.refreshMetadataProvider(msg.getEntityID()))
throw e;
else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
index 3d69b0380..6e97913bf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
@@ -102,6 +102,7 @@ public class MOASPMetadataSignatureFilter implements MetadataFilter {
}
+ Logger.debug("SAML metadata for entityID:" + entityDes.getEntityID() + " is valid");
} catch (MOAIDException | TransformerFactoryConfigurationError | TransformerException | IOException e) {
Logger.error("Metadata verification has an interal error.", e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index 094e25040..4d7936f25 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -35,6 +35,7 @@ import org.hibernate.Transaction;
import org.hibernate.resource.transaction.spi.TransactionStatus;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
import com.fasterxml.jackson.core.JsonProcessingException;
@@ -65,7 +66,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class DBAuthenticationSessionStoreage implements IAuthenticationSessionStoreage{
@Autowired AuthConfiguration authConfig;
-
+ @Autowired MOASessionDBUtils moaSessionDBUtils;
private static JsonMapper mapper = new JsonMapper();
@Override
@@ -74,7 +75,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
AuthenticatedSessionStore session;
try {
- session = searchInDatabase(moaSessionID, true);
+ session = searchInDatabase(moaSessionID);
return session.isAuthenticated();
} catch (MOADatabaseException e) {
@@ -104,7 +105,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
encryptSession(session, dbsession);
//store AssertionStore element to Database
- MOASessionDBUtils.saveOrUpdate(dbsession);
+ moaSessionDBUtils.saveOrUpdate(dbsession);
Logger.info("Create MOASession with sessionID: " + id);
return session;
@@ -128,7 +129,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
return null;
try {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
return decryptSession(dbsession);
} catch (MOADatabaseException e) {
@@ -143,7 +144,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
@Override
public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
if (MiscUtil.isNotEmpty(dbsession.getAdditionalInformation())) {
try {
@@ -161,12 +162,12 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
@Override
public void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException {
try {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
dbsession.setAdditionalInformation(
mapper.serialize(sessionExtensions));
- MOASessionDBUtils.saveOrUpdate(dbsession);
+ moaSessionDBUtils.saveOrUpdate(dbsession);
Logger.debug("MOASession with sessionID=" + sessionID + " is stored in Database");
@@ -185,7 +186,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
@Override
public void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
try {
- AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true);
+ AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
encryptSession(session, dbsession);
@@ -193,7 +194,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
dbsession.setAuthenticated(session.isAuthenticated());
dbsession.setUpdated(new Date());
- MOASessionDBUtils.saveOrUpdate(dbsession);
+ moaSessionDBUtils.saveOrUpdate(dbsession);
Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
} catch (MOADatabaseException e) {
@@ -205,7 +206,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
@Override
public void destroySession(String moaSessionID) throws MOADatabaseException {
- Session session = MOASessionDBUtils.getCurrentSession();
+ Session session = moaSessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
Transaction tx = null;
@@ -216,6 +217,8 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
Query query = session.getNamedQuery("getSessionWithID");
query.setParameter("sessionid", moaSessionID);
result = query.list();
+
+
Logger.trace("Found entries: " + result.size());
@@ -243,7 +246,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
@Override
public String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, MOADatabaseException {
- AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true);
+ AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
Logger.debug("Change SessionID from " + session.getSessionID()
+ "to " + newSessionID);
@@ -257,7 +260,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
dbsession.setUpdated(new Date());
- MOASessionDBUtils.saveOrUpdate(dbsession);
+ moaSessionDBUtils.saveOrUpdate(dbsession);
Logger.trace("Change SessionID complete.");
@@ -279,9 +282,9 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
AuthenticatedSessionStore session;
try {
- session = searchInDatabase(moaSessionID, true);
+ session = searchInDatabase(moaSessionID);
session.setAuthenticated(isAuthenticated);
- MOASessionDBUtils.saveOrUpdate(session);
+ moaSessionDBUtils.saveOrUpdate(session);
} catch (MOADatabaseException e) {
@@ -293,7 +296,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
public String getMOASessionSSOID(String SSOSessionID) {
MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");
Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
+ Session session = moaSessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
Transaction tx = null;
@@ -331,7 +334,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
@Override
public boolean isSSOSession(String sessionID) throws MOADatabaseException {
try {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
return dbsession.isSSOSession();
} catch (MOADatabaseException e) {
@@ -346,7 +349,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
//TODO: is this method really needed??
MiscUtil.assertNotNull(SSOId, "SSOSessionID");
Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
+ Session session = moaSessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
Transaction tx = null;
@@ -387,7 +390,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
try {
- Session session = MOASessionDBUtils.getCurrentSession();
+ Session session = moaSessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
Logger.trace("Add SSO information to session " + moaSessionID);
@@ -487,63 +490,63 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
@Override
public List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession) {
MiscUtil.assertNotNull(moaSession, "MOASession");
- Session session = null;
-
- try {
- List<OASessionStore> oas = new ArrayList<OASessionStore>();
-
- AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false);
- oas.addAll(dbsession.getActiveOAsessions());
-
- session = MOASessionDBUtils.getCurrentSession();
- session.getTransaction().commit();
-
- return oas;
-
- } catch (MOADatabaseException e) {
- Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e);
-
- } catch (Exception e) {
- if (session != null && session.getTransaction() != null
- && !session.getTransaction().getStatus().equals(TransactionStatus.COMMITTED)) {
- session.getTransaction().rollback();
- throw e;
-
- }
-
- }
-
- return null;
+
+ Logger.trace("Get OAs for moaSession " + moaSession.getSessionID() + " from database.");
+ Session session = moaSessionDBUtils.getCurrentSession();
+
+ List<OASessionStore> result;
+ Transaction tx = null;
+ try {
+ synchronized (session) {
+ tx = session.beginTransaction();
+ Query query = session.getNamedQuery("getAllActiveOAsForSessionID");
+ query.setParameter("sessionID", moaSession.getSessionID());
+ result = query.list();
+
+ //send transaction
+ tx.commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ return result;
+
+ } catch (Exception e) {
+ if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
+ tx.rollback();
+ throw e;
+ }
}
@Override
public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) {
MiscUtil.assertNotNull(moaSession, "MOASession");
- Session session = null;
- try {
- List<InterfederationSessionStore> idps = new ArrayList<InterfederationSessionStore>();
- AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false);
- idps.addAll(dbsession.getInderfederation());
-
- session = MOASessionDBUtils.getCurrentSession();
- session.getTransaction().commit();
-
- return idps;
-
- } catch (MOADatabaseException e) {
- Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e);
-
- } catch (Exception e) {
- if (session != null && session.getTransaction() != null
- && !session.getTransaction().getStatus().equals(TransactionStatus.COMMITTED)) {
- session.getTransaction().rollback();
- throw e;
-
- }
-
- }
-
- return null;
+
+ Logger.trace("Get active IDPs for moaSession " + moaSession.getSessionID() + " from database.");
+ Session session = moaSessionDBUtils.getCurrentSession();
+
+ List<InterfederationSessionStore> result;
+ Transaction tx = null;
+ try {
+ synchronized (session) {
+ tx = session.beginTransaction();
+ Query query = session.getNamedQuery("getAllActiveIDPsForSessionID");
+ query.setParameter("sessionID", moaSession.getSessionID());
+ result = query.list();
+
+ //send transaction
+ tx.commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ return result;
+
+ } catch (Exception e) {
+ if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
+ tx.rollback();
+ throw e;
+ }
}
@Override
@@ -552,7 +555,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
MiscUtil.assertNotNull(userNameID, "userNameID");
Logger.trace("Get moaSession for userNameID " + userNameID + " and OA "
+ oaID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
+ Session session = moaSessionDBUtils.getCurrentSession();
Transaction tx = null;
List<AuthenticatedSessionStore> result = null;;
@@ -598,7 +601,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
MiscUtil.assertNotNull(protocolType, "usedProtocol");
Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID "
+ oaID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
+ Session session = moaSessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
Transaction tx = null;
@@ -640,7 +643,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
try {
MiscUtil.assertNotNull(nameID, "nameID");
Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
+ Session session = moaSessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
@@ -677,7 +680,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) {
MiscUtil.assertNotNull(sessionID, "MOASession");
Logger.trace("Get interfederated IDP for SSO with sessionID " + sessionID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
+ Session session = moaSessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
Transaction tx = null;
@@ -714,7 +717,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
MiscUtil.assertNotNull(sessionID, "MOASession");
MiscUtil.assertNotNull(idpID, "Interfederated IDP ID");
Logger.trace("Get interfederated IDP "+ idpID + " for SSO with sessionID " + sessionID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
+ Session session = moaSessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
Transaction tx = null;
@@ -756,7 +759,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
String moaSession = getMOASessionSSOID(req.getMOASessionIdentifier());
if (MiscUtil.isNotEmpty(moaSession)) {
try {
- dbsession = searchInDatabase(moaSession, true);
+ dbsession = searchInDatabase(moaSession);
}catch (MOADatabaseException e) {
Logger.error("NO MOASession found but MOASession MUST already exist!");
@@ -818,7 +821,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
//store AssertionStore element to Database
try {
- MOASessionDBUtils.saveOrUpdate(dbsession);
+ moaSessionDBUtils.saveOrUpdate(dbsession);
} catch (MOADatabaseException e) {
Logger.warn("MOASession could not be created.");
@@ -831,7 +834,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
public InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(String moaSessionID) {
MiscUtil.assertNotNull(moaSessionID, "MOASessionID");
Logger.trace("Get interfederated IDP for AttributeQuery with sessionID " + moaSessionID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
+ Session session = moaSessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
Transaction tx = null;
@@ -872,7 +875,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID");
Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
+ Session session = moaSessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
@@ -907,7 +910,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
}
- MOASessionDBUtils.saveOrUpdate(authsession);
+ moaSessionDBUtils.saveOrUpdate(authsession);
return true;
} catch (Throwable e) {
@@ -922,7 +925,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
Date expioredateupdate = new Date(now.getTime() - authDataTimeOutUpdated);
List<AuthenticatedSessionStore> results;
- Session session = MOASessionDBUtils.getCurrentSession();
+ Session session = moaSessionDBUtils.getCurrentSession();
Transaction tx = null;
try {
synchronized (session) {
@@ -972,26 +975,26 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
- private static void cleanDelete(AuthenticatedSessionStore result) {
+ private void cleanDelete(AuthenticatedSessionStore result) {
try {
result.setSession("blank".getBytes());
- MOASessionDBUtils.saveOrUpdate(result);
+ moaSessionDBUtils.saveOrUpdate(result);
} catch (MOADatabaseException e) {
Logger.warn("Blank authenticated session with sessionID=" + result.getSessionid() + " FAILED.", e);
} finally {
- if (!MOASessionDBUtils.delete(result))
+ if (!moaSessionDBUtils.delete(result))
Logger.error("Authenticated session with sessionID=" + result.getSessionid() + " not removed! (Error during Database communication)");
}
}
@SuppressWarnings("rawtypes")
- private static AuthenticatedSessionStore searchInDatabase(String sessionID, boolean commit) throws MOADatabaseException {
+ private AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException {
MiscUtil.assertNotNull(sessionID, "moasessionID");
Logger.trace("Get authenticated session with sessionID " + sessionID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
+ Session session = moaSessionDBUtils.getCurrentSession();
List result;
Transaction tx = null;
@@ -1003,8 +1006,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
result = query.list();
//send transaction
- if (commit)
- tx.commit();
+ tx.commit();
}
Logger.trace("Found entries: " + result.size());
@@ -1019,7 +1021,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
return (AuthenticatedSessionStore) result.get(0);
} catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED) && commit)
+ if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
tx.rollback();
throw e;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
index c2b3b0fc5..f17e4a99a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
@@ -27,24 +27,31 @@ import java.util.ArrayList;
import java.util.Date;
import java.util.List;
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+import javax.persistence.PersistenceException;
+import javax.persistence.Query;
+
import org.apache.commons.lang.SerializationUtils;
import org.hibernate.HibernateException;
-import org.hibernate.Query;
-import org.hibernate.Session;
-import org.springframework.stereotype.Service;
+import org.springframework.stereotype.Repository;
+import org.springframework.transaction.annotation.Transactional;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-@Service("TransactionStorage")
+@Repository
+@Transactional("sessionTransactionManager")
public class DBTransactionStorage implements ITransactionStorage {
-
+
+ @PersistenceContext(unitName="session")
+ private EntityManager entityManager;
+
public boolean containsKey(String key) {
- try {
+ try {
searchInDatabase(key);
return true;
@@ -73,7 +80,7 @@ public class DBTransactionStorage implements ITransactionStorage {
}
- public void put(String key, Object value) throws MOADatabaseException {
+ public void put(String key, Object value, int timeout_ms) throws MOADatabaseException {
//search if key already exists
AssertionStore element = searchInDatabase(key);
@@ -97,7 +104,11 @@ public class DBTransactionStorage implements ITransactionStorage {
Logger.error("This exeption should not occur!!!!", e);
return null;
- }
+ }
+ }
+
+ public Object getAssertionStore(String key) throws MOADatabaseException{
+ return searchInDatabase(key);
}
public Object get(String key) throws MOADatabaseException {
@@ -151,16 +162,12 @@ public class DBTransactionStorage implements ITransactionStorage {
List<AssertionStore> results;
List<String> returnValues = new ArrayList<String>();;
- Session session = MOASessionDBUtils.getCurrentSession();
- synchronized (session) {
- session.beginTransaction();
- Query query = session.getNamedQuery("getAssertionWithTimeOut");
- query.setTimestamp("timeout", expioredate);
- results = query.list();
- session.getTransaction().commit();
- }
+ Query query = entityManager.createNamedQuery("getAssertionWithTimeOut");
+ query.setParameter("timeout", expioredate);
+ results = query.getResultList();
+
if (results != null) {
for (AssertionStore el : results)
returnValues.add(el.getArtifact());
@@ -187,24 +194,21 @@ public class DBTransactionStorage implements ITransactionStorage {
Logger.info("Sessioninformation not removed! (Message:"+ e.getMessage() + ")");
} catch (HibernateException e) {
- Logger.warn("Sessioninformation not removed! (Error during Database communication)", e);
+ Logger.warn("Sessioninformation not removed! (Erreor during Database communication)", e);
}
}
private void cleanDelete(AssertionStore element) {
- try {
- element.setAssertion("blank".getBytes());
- MOASessionDBUtils.saveOrUpdate(element);
-
- } catch (MOADatabaseException e) {
- Logger.warn("Blank shortTime session with artifact=" + element.getArtifact() + " FAILED.", e);
+
- } finally {
- if (!MOASessionDBUtils.delete(element))
+ try{
+ element.setAssertion("blank".getBytes());
+ entityManager.merge(element);
+ entityManager.remove(element);
+ }catch(PersistenceException e){
Logger.error("ShortTime session with artifact=" + element.getArtifact()
+ " not removed! (Error during Database communication)");
-
- }
+ }
}
@@ -212,29 +216,23 @@ public class DBTransactionStorage implements ITransactionStorage {
private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException {
MiscUtil.assertNotNull(artifact, "artifact");
Logger.trace("Getting sessioninformation with ID " + artifact + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
- List result;
+ List<AssertionStore> results;
- synchronized (session) {
- session.beginTransaction();
- Query query = session.getNamedQuery("getAssertionWithArtifact");
- query.setParameter("artifact", artifact);
- result = query.list();
+ Query query = entityManager.createNamedQuery("getAssertionWithArtifact");
+ query.setParameter("artifact", artifact);
- //send transaction
- session.getTransaction().commit();
- }
+ results = query.getResultList();
- Logger.trace("Found entries: " + result.size());
+ Logger.trace("Found entries: " + results.size());
//Assertion requires an unique artifact
- if (result.size() != 1) {
+ if (results.size() != 1) {
Logger.debug("No transaction information with ID:" + artifact + " found.");
return null;
}
- return (AssertionStore) result.get(0);
+ return results.get(0);
}
private void put(AssertionStore element, String key, Object value) throws MOADatabaseException {
@@ -253,15 +251,23 @@ public class DBTransactionStorage implements ITransactionStorage {
element.setAssertion(data);
//store AssertionStore element to Database
- try {
- MOASessionDBUtils.saveOrUpdate(element);
+ //try {
+ entityManager.persist(element);
+ //MOASessionDBUtils.saveOrUpdate(element);
Logger.debug(value.getClass().getName() + " with ID: " + key + " is stored in Database");
-
- } catch (MOADatabaseException e) {
- Logger.warn("Sessioninformation could not be stored.");
- throw new MOADatabaseException(e);
-
- }
+//
+// } catch (MOADatabaseException e) {
+// Logger.warn("Sessioninformation could not be stored.");
+// throw new MOADatabaseException(e);
+//
+// }
+
+ }
+
+ @Override
+ public void putAssertionStore(Object element) throws MOADatabaseException{
+ // TODO Auto-generated method stub
+ entityManager.merge(element);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
index 493f24ee8..53a7f4f5e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
@@ -48,9 +48,10 @@ public interface ITransactionStorage {
* @param key Id which identifiers the data object
* @param value Data object which should be stored.
* This data must implement the <code>java.io.Serializable</code> interface
+ * @param timeout_ms Defines the period of time a data object is kept within the storage
* @throws MOADatabaseException In case of store operation failed
*/
- public void put(String key, Object value) throws MOADatabaseException;
+ public void put(String key, Object value, int timeout_ms) throws MOADatabaseException;
/**
* Get a data object from transaction storage
@@ -110,4 +111,21 @@ public interface ITransactionStorage {
*/
public List<String> clean(Date now, long dataTimeOut);
+
+ /**
+ * Get whole AssertionStoreObject, required for SLO
+ *
+ * @param key key Id which identifiers the data object
+ * @return The transaction-data object, or null
+ * @throws MOADatabaseException In case of load operation failed
+ */
+ public Object getAssertionStore(String key) throws MOADatabaseException;
+
+ /**
+ * Put whole AssertionStoreObject to db, required for SLO
+ *
+ * @param element assertion store object
+ */
+ public void putAssertionStore(Object element) throws MOADatabaseException;
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
new file mode 100644
index 000000000..c17bff358
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
@@ -0,0 +1,377 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.storage;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.Random;
+import java.util.concurrent.TimeUnit;
+
+import org.apache.commons.lang.SerializationUtils;
+import org.hibernate.HibernateException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.dao.DataAccessException;
+import org.springframework.data.redis.core.RedisOperations;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.SessionCallback;
+import org.springframework.data.redis.serializer.JacksonJsonRedisSerializer;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+@Service("TransactionStorage")
+public class RedisTransactionStorage implements ITransactionStorage {
+
+ @Autowired
+ private RedisTemplate<String, Object> redisTemplate;
+
+ @Autowired
+ protected AuthConfiguration authConfig;
+
+ @Autowired
+ private JacksonJsonRedisSerializer assertionStoreSerializer;
+
+ public RedisTemplate<String, Object> getTemplate(){
+ return this.redisTemplate;
+ }
+
+ public void setTemplate(RedisTemplate<String, Object> t){
+ this.redisTemplate = t;
+ }
+
+ public boolean containsKey(String key) {
+ try {
+ searchInDatabase(key);
+ return true;
+
+ } catch (MOADatabaseException e) {
+ return false;
+ }
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.storage.ITransactionStorage#changeKey(java.lang.String, java.lang.String, java.lang.Object)
+ */
+ @Override
+ public void changeKey(String oldKey, String newKey, Object value) throws MOADatabaseException {
+
+ //search if key already exists
+ final int expTime = redisTemplate.getExpire(oldKey, TimeUnit.MILLISECONDS).intValue();
+ //AssertionStore element = searchInDatabase(oldKey);
+ if (expTime < 0) {
+ Logger.info("No transaction-data with oldKey:" + oldKey
+ + " found. Process gets stopped.");
+ throw new MOADatabaseException("No transaction-data with oldKey:" + oldKey
+ + " found. Process gets stopped.");
+
+ }
+
+ //Important: Rename not working here, because the new ID also has to be put into the
+ //value object.
+ //redisTemplate.rename(oldKey, newKey);
+
+ final String old_key = oldKey;
+
+ //redisTemplate.delete(oldKey);
+ //put(null, newKey, value, expTime);
+ final AssertionStore assertion = prepareAssertion(null, newKey, value);
+ List<Object> txResults = redisTemplate.execute(new SessionCallback<List<Object>>() {
+ public List<Object> execute(RedisOperations operations) throws DataAccessException {
+ operations.multi();
+ operations.delete(old_key);
+ operations.opsForValue().set(assertion.getArtifact(), new String(assertionStoreSerializer.serialize(assertion)),expTime,TimeUnit.MILLISECONDS);
+ // This will contain the results of all ops in the transaction
+ return operations.exec();
+ }
+ });
+
+ int a= txResults.size();
+ }
+
+ public void put(String key, Object value, int timeoutms) throws MOADatabaseException {
+
+ //search if key already exists
+ AssertionStore element = searchInDatabase(key);
+
+ //create a new entry if key does not exists already
+ if (element == null) {
+ element = new AssertionStore();
+
+ }
+
+ put(element, key, value, timeoutms);
+ }
+
+ public <T> T get(String key,
+ final Class<T> clazz) throws MOADatabaseException {
+
+ try {
+ return get(key, clazz, -1);
+
+ } catch (AuthenticationException e) {
+ //this execption only occurs if an additional timeOut is used
+ Logger.error("This exeption should not occur!!!!", e);
+ return null;
+
+ }
+ }
+
+ public Object get(String key) throws MOADatabaseException {
+ AssertionStore element = searchInDatabase(key);
+
+ if (element == null)
+ return null;
+
+ return SerializationUtils.deserialize(element.getAssertion());
+
+
+ }
+
+ public <T> T get(String key, final Class<T> clazz, long dataTimeOut) throws MOADatabaseException, AuthenticationException {
+
+ AssertionStore element = searchInDatabase(key);
+
+ if (element == null)
+ return null;
+
+// dataTimeOut = -1;
+// if (dataTimeOut > -1) {
+// //check timeout
+// long now = new Date().getTime();
+//
+// if (now - element.getDatatime().getTime() > dataTimeOut) {
+// Logger.info("Transaction-Data with key: " + key + " is out of time.");
+// throw new AuthenticationException("1207", new Object[] { key });
+//
+// }
+// }
+
+
+ //Deserialize Assertion
+ Object data = SerializationUtils.deserialize(element.getAssertion());
+
+ //check if assertion has the correct class type
+ try {
+ @SuppressWarnings("unchecked")
+ T test = (T) Class.forName(element.getType()).cast(data);
+ return test;
+
+ } catch (Exception e) {
+ Logger.warn("Sessioninformation Cast-Exception by using Artifact=" + key);
+ throw new MOADatabaseException("Sessioninformation Cast-Exception");
+
+ }
+ }
+
+ //NOT USED with REDIS
+ public List<String> clean(Date now, long dataTimeOut) {
+
+ //redis enables to set TTL when creating new values, so we don't need this function anymore
+
+// Date expioredate = new Date(now.getTime() - dataTimeOut);
+//
+// List<AssertionStore> results;
+ List<String> returnValues = new ArrayList<String>();
+// Session session = MOASessionDBUtils.getCurrentSession();
+//
+// synchronized (session) {
+// session.beginTransaction();
+// Query query = session.getNamedQuery("getAssertionWithTimeOut");
+// query.setTimestamp("timeout", expioredate);
+// results = query.list();
+// session.getTransaction().commit();
+// }
+//
+// if (results != null) {
+// for (AssertionStore el : results)
+// returnValues.add(el.getArtifact());
+//
+// }
+ return returnValues;
+ }
+
+ public void remove(String key) {
+
+ try {
+
+ AssertionStore element = searchInDatabase(key);
+ if (element == null) {
+ Logger.debug("Sessioninformation not removed! (Sessioninformation with ID=" + key
+ + "not found)");
+ return;
+ }
+
+ redisTemplate.delete(key);
+ //cleanDelete(element);
+ Logger.debug("Removed stored information with ID: " + key);
+
+
+ } catch (MOADatabaseException e) {
+ Logger.info("Sessioninformation not removed! (Message:"+ e.getMessage() + ")");
+
+ } catch (HibernateException e) {
+ Logger.warn("Sessioninformation not removed! (Error during Database communication)", e);
+ }
+ }
+
+ //Not used within REDIS store
+ private void cleanDelete(AssertionStore element) {
+// try {
+// element.setAssertion("blank".getBytes());
+// MOASessionDBUtils.saveOrUpdate(element);
+//
+// } catch (MOADatabaseException e) {
+// Logger.warn("Blank shortTime session with artifact=" + element.getArtifact() + " FAILED.", e);
+//
+// } finally {
+// if (!MOASessionDBUtils.delete(element))
+// Logger.error("ShortTime session with artifact=" + element.getArtifact()
+// + " not removed! (Error during Database communication)");
+//
+// }
+
+ }
+
+ //name="getAssertionWithArtifact", query = "select assertionstore from AssertionStore assertionstore where assertionstore.artifact = :artifact"),
+ //@NamedQuery(name="getAssertionWithTimeOut", query = "select assertionstore from AssertionStore assertionstore where assertionstore.timestamp < :timeout")
+
+ @SuppressWarnings("rawtypes")
+ private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException {
+ MiscUtil.assertNotNull(artifact, "artifact");
+ Logger.trace("Getting sessioninformation with ID " + artifact + " from database.");
+
+
+// Session session = MOASessionDBUtils.getCurrentSession();
+// List result;
+//
+// synchronized (session) {
+// session.beginTransaction();
+// Query query = session.getNamedQuery("getAssertionWithArtifact");
+// query.setParameter("artifact", artifact);
+// result = query.list();
+//
+// //send transaction
+// session.getTransaction().commit();
+// }
+ //String id = (String) redisTemplate.opsForSet().pop(artifact);
+ String assertion = (String) redisTemplate.opsForValue().get(artifact);
+ //String id = (String) redisTemplate.opsForValue().get(artifact);
+ if(assertion == null){
+ Logger.debug("No transaction information with ID:" + artifact + " found.");
+ return null;
+ }
+
+ AssertionStore as = (AssertionStore) assertionStoreSerializer.deserialize(assertion.getBytes());
+ //delete the timestamp entry
+// String ts = as.getDatatime().toString();
+// redisTemplate.opsForSet().pop(ts);
+
+ if(as == null){
+ Logger.debug("No transaction information with ID:" + artifact + " found.");
+ return null;
+ }
+ return as;
+
+ //Assertion requires an unique artifact
+// if (result.size() != 1) {
+// Logger.debug("No transaction information with ID:" + artifact + " found.");
+//
+//
+// }
+//
+// return (AssertionStore) result.get(0);
+ }
+
+ private void put(AssertionStore element, String key, Object value, int timeoutms) throws MOADatabaseException {
+
+ element = prepareAssertion(element, key, value);
+
+ int authDataTimeOut = authConfig.getTransactionTimeOut() * 1000;
+
+ if(timeoutms != -1){
+ authDataTimeOut = timeoutms;
+ }
+ redisTemplate.opsForValue().set(element.getArtifact(), new String(assertionStoreSerializer.serialize(element)),authDataTimeOut,TimeUnit.MILLISECONDS);
+ //MOASessionDBUtils.saveOrUpdate(element);
+ Logger.debug(value.getClass().getName() + " with ID: " + key + " is stored in Database");
+
+ }
+
+private AssertionStore prepareAssertion(AssertionStore element, String key, Object value) throws MOADatabaseException {
+
+ if(element == null)
+ element = new AssertionStore();
+
+ element.setArtifact(key);
+ element.setType(value.getClass().getName());
+ element.setDatatime(new Date());
+
+ if (!Serializable.class.isInstance(value)) {
+ Logger.warn("Transaction-Storage can only store objects which implements the 'Seralizable' interface");
+ throw new MOADatabaseException("Transaction-Storage can only store objects which implements the 'Seralizable' interface", null);
+ }
+
+ //serialize the Assertion for Database storage
+ byte[] data = SerializationUtils.serialize((Serializable) value);
+ element.setAssertion(data);
+
+ long id = new Random().nextLong();
+ element.setId(id);
+
+ return element;
+
+ }
+
+@Override
+public Object getAssertionStore(String key) throws MOADatabaseException {
+ return searchInDatabase(key);
+}
+
+@Override
+public void putAssertionStore(Object element) throws MOADatabaseException {
+ // TODO Auto-generated method stub
+ AssertionStore as = (AssertionStore)element;
+ final int expTime = redisTemplate.getExpire(as.getArtifact(), TimeUnit.MILLISECONDS).intValue();
+ //AssertionStore element = searchInDatabase(oldKey);
+ if (expTime < 0) {
+ Logger.info("No transaction-data with oldKey:" + as.getArtifact()
+ + " found. Process gets stopped.");
+ throw new MOADatabaseException("No transaction-data with oldKey:" + as.getArtifact()
+ + " found. Process gets stopped.");
+
+ }
+ redisTemplate.opsForValue().set(as.getArtifact(), new String(assertionStoreSerializer.serialize(element)),expTime,TimeUnit.MILLISECONDS);
+
+}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
index 2c0a82708..f37ae0b0b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
@@ -20,48 +20,15 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
package at.gv.egovernment.moa.id.util;
-import iaik.security.ecc.ecdsa.ECDSAParameter;
-import iaik.security.ecc.ecdsa.ECPublicKey;
-import iaik.security.ecc.math.ecgroup.AffineCoordinate;
-import iaik.security.ecc.math.ecgroup.Coordinate;
-import iaik.security.ecc.math.ecgroup.CoordinateTypes;
-import iaik.security.ecc.math.ecgroup.ECGroupFactory;
-import iaik.security.ecc.math.ecgroup.ECPoint;
-import iaik.security.ecc.math.ecgroup.EllipticCurve;
-import iaik.security.ecc.math.field.Field;
-import iaik.security.ecc.math.field.FieldElement;
-import iaik.security.ecc.math.field.PrimeField;
-import iaik.security.ecc.parameter.ECCParameterFactory;
-import iaik.security.ecc.spec.ECCParameterSpec;
-
import java.math.BigInteger;
import java.security.PublicKey;
+import java.security.spec.ECField;
+import java.security.spec.ECFieldF2m;
+import java.security.spec.ECFieldFp;
+import java.security.spec.ECPoint;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Vector;
@@ -72,6 +39,15 @@ import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
+import at.gv.egovernment.moa.logging.Logger;
+import iaik.security.ec.common.ECParameterSpec;
+import iaik.security.ec.common.ECPublicKey;
+import iaik.security.ec.common.ECStandardizedParameterFactory;
+import iaik.security.ec.common.EllipticCurve;
+import iaik.security.ec.math.field.Field;
+import iaik.security.ec.math.field.FieldElement;
+import iaik.security.ec.math.field.PrimeField;
+
public class ECDSAKeyValueConverter
{
@@ -94,15 +70,13 @@ public class ECDSAKeyValueConverter
if (domainParams == null) throw new Exception("Domain parameters must not be implicit.");
Element namedCurve = getChildElement(domainParams, ecdsaNS, "NamedCurve", 1);
- ECCParameterSpec eccParameterSpec;
+ ECParameterSpec eccParameterSpec;
if (namedCurve != null)
{
// URL curveNameURN = new URL(namedCurve.getAttributeNS(null, "URN"));
String curveNameOID = namedCurve.getAttributeNS(null, "URN").substring(8);
- ECCParameterFactory eccParamFactory = ECCParameterFactory.getInstance();
- // eccParameterSpec = eccParamFactory.getParameterByOID(curveNameURN.getPath().substring(4));
- eccParameterSpec = eccParamFactory.getParameterByOID(curveNameOID);
+ eccParameterSpec = ECStandardizedParameterFactory.getParametersByOID(curveNameOID);
}
else
{
@@ -167,14 +141,21 @@ public class ECDSAKeyValueConverter
String cofactorStr = getChildElementText(basePointParams, ecdsaNS, "Cofactor", 1);
BigInteger cofactor = (cofactorStr != null) ? new BigInteger(cofactorStr, 10) : null;
+ BigInteger a = new BigInteger(aStr, 10);
+ BigInteger b = new BigInteger(bStr, 10);
+ BigInteger basePointX = new BigInteger(basePointXStr, 10);
+ BigInteger basePointY = new BigInteger(basePointYStr, 10);
+
if (fieldParamsType == FIELD_TYPE_PRIME)
- {
- BigInteger a = new BigInteger(aStr, 10);
- BigInteger b = new BigInteger(bStr, 10);
- BigInteger basePointX = new BigInteger(basePointXStr, 10);
- BigInteger basePointY = new BigInteger(basePointYStr, 10);
- eccParameterSpec = new ECCParameterSpec(p, cofactor, order, seed, null, a, b, basePointX,
- basePointY, null);
+ {
+ ECField javaECField = new ECFieldFp(p);
+ java.security.spec.EllipticCurve curve =
+ new java.security.spec.EllipticCurve(javaECField, a, b, seed.toByteArray());
+ java.security.spec.ECPoint javaECbasePoint =
+ new java.security.spec.ECPoint(basePointX, basePointY);
+ java.security.spec.ECParameterSpec javaECSpec =
+ new java.security.spec.ECParameterSpec(curve, javaECbasePoint, order, cofactor.intValue());
+ eccParameterSpec = ECParameterSpec.getParameterSpec(javaECSpec);
}
else
{
@@ -193,9 +174,19 @@ public class ECDSAKeyValueConverter
irreducible[k1/32] += 1 << k1 % 32;
irreducible[0] += 1;
}
- eccParameterSpec = new ECCParameterSpec(irreducible, cofactor, order, octetString2IntArray(aStr),
- octetString2IntArray(bStr), octetString2IntArray(basePointXStr),
- octetString2IntArray(basePointYStr), null);
+
+ ECField javaECField = new ECFieldF2m(m, irreducible);
+ java.security.spec.EllipticCurve curve =
+ new java.security.spec.EllipticCurve(javaECField, a, b, seed.toByteArray());
+ java.security.spec.ECPoint javaECbasePoint =
+ new java.security.spec.ECPoint(basePointX, basePointY);
+ java.security.spec.ECParameterSpec javaECSpec =
+ new java.security.spec.ECParameterSpec(curve, javaECbasePoint, order, cofactor.intValue());
+ eccParameterSpec = ECParameterSpec.getParameterSpec(javaECSpec);
+
+// eccParameterSpec = new ECCParameterSpec(irreducible, cofactor, order, octetString2IntArray(aStr),
+// octetString2IntArray(bStr), octetString2IntArray(basePointXStr),
+// octetString2IntArray(basePointYStr), null);
}
}
@@ -206,10 +197,14 @@ public class ECDSAKeyValueConverter
Element publicKeyYElem = getChildElement(publicKeyElem, ecdsaNS, "Y", 1);
String publicKeyYStr = publicKeyYElem.getAttributeNS(null, "Value");
- ECDSAParameter ecdsaParams = new ECDSAParameter(eccParameterSpec, CoordinateTypes.PROJECTIVE_COORDINATES);
- ECGroupFactory ecGroupFactory = ECGroupFactory.getInstance();
- EllipticCurve eCurve = ecGroupFactory.getCurve(eccParameterSpec.getA(),
- eccParameterSpec.getB(), eccParameterSpec.getR(), CoordinateTypes.PROJECTIVE_COORDINATES);
+ //ECParameterSpec ecdsaParams = new ECParameterSpec(eccParameterSpec, CoordinateTypes.PROJECTIVE_COORDINATES);
+ //ECGroupFactory ecGroupFactory = ECGroupFactory.getInstance();
+
+ EllipticCurve eCurve = eccParameterSpec.getCurve();
+
+// EllipticCurve eCurve = ecGroupFactory.getCurve(eccParameterSpec.getA(),
+// eccParameterSpec.getB(), eccParameterSpec.getR(), CoordinateTypes.PROJECTIVE_COORDINATES);
+
Field field = eCurve.getField();
// Detect type of public key field elements
@@ -239,10 +234,19 @@ public class ECDSAKeyValueConverter
}
// ProjectiveCoordinate publicKeyPointCoordinate = new ProjectiveCoordinate(publicKeyPointX,
// publicKeyPointY, field.getONEelement());
- Coordinate publicKeyPointCoordinate = new AffineCoordinate(publicKeyPointX,
- publicKeyPointY).toProjective();
- ECPoint publicKeyPoint = eCurve.newPoint(publicKeyPointCoordinate);
- ECPublicKey publicKey = new ECPublicKey(ecdsaParams, publicKeyPoint);
+// Coordinate publicKeyPointCoordinate = new AffineCoordinate(publicKeyPointX,
+// publicKeyPointY).toProjective();
+
+ ECPoint publicKeyPointECPoint = new ECPoint(publicKeyPointX.toBigInteger(),
+ publicKeyPointY.toBigInteger());
+
+ if (!eCurve.containsPoint(publicKeyPointECPoint)) {
+ Logger.error("IDL ECC parameter extraction FAILED! Public-Key ECPoint is not on the curve!");
+ throw new Exception("IDL ECC parameter extraction FAILED! Public-Key ECPoint is not on the curve!");
+
+ }
+
+ ECPublicKey publicKey = new ECPublicKey(eccParameterSpec, publicKeyPointECPoint);
return publicKey;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index f0cec1d61..caf7f570f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -46,9 +46,6 @@
package at.gv.egovernment.moa.id.util;
-import iaik.pki.PKIException;
-import iaik.security.provider.IAIK;
-
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.IOException;
@@ -57,7 +54,6 @@ import java.io.InputStreamReader;
import java.io.Reader;
import java.net.URL;
import java.security.GeneralSecurityException;
-import java.security.Security;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocketFactory;
@@ -71,6 +67,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import iaik.pki.PKIException;
/**
@@ -86,7 +83,7 @@ public class SSLUtils {
public static void initialize() {
// JSSE Abhängigkeit
//Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
- Security.addProvider(new IAIK());
+ //Security.addProvider(new IAIK());
//System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
@@ -126,8 +123,7 @@ public class SSLUtils {
//INFO: MOA-ID 2.x always use defaultChainingMode
try {
- SSLSocketFactory ssf =
- at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
+ SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
connParam.getUrl(),
conf.getCertstoreDirectory(),
trustStoreURL,
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
index 11d92cea3..ba8c47304 100644
--- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -4,10 +4,17 @@
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:task="http://www.springframework.org/schema/task"
xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
- http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
+ http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.0.xsd">
+
+ <task:annotation-driven executor="MOA-ID-Auth_TaskExecutor" scheduler="MOA-ID-Auth_Scheduler"/>
+ <task:executor id="MOA-ID-Auth_TaskExecutor" pool-size="5"/>
+ <task:scheduler id="MOA-ID-Auth_Scheduler" pool-size="10"/>
<bean id="processEngine" class="at.gv.egovernment.moa.id.process.ProcessEngineImpl">
<property name="transitionConditionExpressionEvaluator">
@@ -35,8 +42,7 @@
<bean id="MOAID_SSOManager"
class="at.gv.egovernment.moa.id.moduls.SSOManager"/>
- <bean id="TransactionStorage"
- class="at.gv.egovernment.moa.id.storage.DBTransactionStorage"/>
+
<bean id="AuthenticationSessionStoreage"
class="at.gv.egovernment.moa.id.storage.DBAuthenticationSessionStoreage"/>
@@ -47,14 +53,20 @@
<bean id="ProcessInstanceStoreage"
class="at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl"/>
- <bean id="StatisticLogger"
- class="at.gv.egovernment.moa.id.advancedlogging.StatisticLogger"/>
-
<bean id="MOAReversionLogger"
class="at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger"/>
<bean id="AuthenticationSessionCleaner"
- class="at.gv.egovernment.moa.id.auth.AuthenticationSessionCleaner"/>
+ class="at.gv.egovernment.moa.id.auth.AuthenticationSessionCleaner"/>
+
+ <bean id="MOAGarbageCollector"
+ class="at.gv.egovernment.moa.id.auth.MOAGarbageCollector"/>
+
+<!-- <bean id="taskExecutor" class="org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor">
+ <property name="corePoolSize" value="5" />
+ <property name="maxPoolSize" value="10" />
+ <property name="queueCapacity" value="25" />
+ </bean> -->
<!-- Authentication Process Tasks -->
<bean id="GenerateBKUSelectionFrameTask"
@@ -79,6 +91,18 @@
<bean id="EvaluateSSOConsentsTaskImpl"
class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.EvaluateSSOConsentsTaskImpl"
- scope="prototype"/>
+ scope="prototype"/>
-</beans> \ No newline at end of file
+ <beans profile="advancedLogOn">
+ <bean id="StatisticLogger"
+ class="at.gv.egovernment.moa.id.advancedlogging.StatisticLogger"/>
+ </beans>
+
+ <beans profile="advancedLogOff">
+ <bean id="StatisticLogger"
+ class="at.gv.egovernment.moa.id.advancedlogging.DummyStatisticLogger"/>
+ </beans>
+
+</beans>
+
+
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 400b0bc25..36f1392d5 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -113,9 +113,9 @@ service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
service.02=Fehler beim Aufruf des Web Service, Status {0}: {1}
service.03=Fehler beim Aufruf des SPSS-API: {0}
-service.04=Das Online-Vollmachten Service ist unter {0} nicht erreichbar.
+service.04=Das Online-Vollmachten Service ist unter {0} nicht erreichbar. Ursache:{1}
service.05=Fehler beim Anfragen des Online-Vollmachen Service: {0} / {1}
-service.06=Allgemeiner Fehler beim Anfragen des Online-Vollmachten Service
+service.06=Allgemeiner Fehler beim Anfragen des Online-Vollmachten Service. Ursache:{0}
service.07=Der SZR-Gateway ist unter {0} nicht erreichbar.
service.08=Die Eintragung der ausländischen Person am SZR-Gateway ist fehlgeschlagen.
service.09=Der SZR-Gateway Client konnte nicht initialisiert werden.
@@ -258,7 +258,7 @@ stork.29=Fehler bei der Generierung von STORK-Attribut (eIdentifier/eLPIdentifie
eIDAS.00=eIDAS Engine initialization FAILED. Reason:{0}
eIDAS.01=Received eIDAS AuthnRequest is not valid. Reason:{0}
-eIDAS.02=Generate eIDAS AuthnRequest FAILED. Reason:{0}
+eIDAS.02=Generation of eIDAS AuthnRequest FAILED. Reason:{0}
eIDAS.03=Can not connect to eIDAS Node. Reason:No CitizenCountry selected.
eIDAS.04=Can not connect to eIDAS Node. Reason:{0} is not a valid CitizenCountry.
eIDAS.05=Can not generate eIDAS metadata. Reason:{0}
@@ -267,7 +267,10 @@ eIDAS.07=Missing eIDAS-Attribute:{0}
eIDAS.08=No valid eIDAs-Node configuration for enityID:{0}
eIDAS.09=Received eIDAS Response is not valid. Reason:{0}
eIDAS.10=Internal server error. Reason:{0}
-eIDAS.11=Received eIDAS Error-Response. Reason:{0}
+eIDAS.11=Received eIDAS Error-Response. Reason:{0}
+eIDAS.12=Received eIDAS AuthnRequest is not valid. Reason:{0}
+eIDAS.13=Generation of eIDAS Response FAILED. Reason:{0}
+eIDAS.14=eIDAS Response validation FAILED: LevelOfAssurance {0} is to low.
pvp2.01=Fehler beim kodieren der PVP2 Antwort
pvp2.02=Ungueltiges Datumsformat
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index bfaf5ffb1..e72a28046 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -225,6 +225,9 @@ eIDAS.08=1304
eIDAS.09=1301
eIDAS.10=9199
eIDAS.11=1302
+eIDAS.12=1305
+eIDAS.13=1307
+eIDAS.14=1301
pvp2.01=6100
pvp2.06=6100
diff --git a/id/server/idserverlib/src/main/resources/session.common.beans.xml b/id/server/idserverlib/src/main/resources/session.common.beans.xml
new file mode 100644
index 000000000..defa47ec0
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/session.common.beans.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans
+ xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <context:property-placeholder location="${moa.id.configuration}"/>
+ <context:annotation-config/>
+
+ <bean id="sessionDataSource" class="org.apache.commons.dbcp2.BasicDataSource" lazy-init="true" destroy-method="close">
+ <aop:scoped-proxy/>
+ <property name="driverClassName" value="${moasession.hibernate.connection.driver_class}" />
+ <property name="url" value="${moasession.hibernate.connection.url}"/>
+ <property name="username" value="${moasession.hibernate.connection.username}" />
+ <property name="password" value="${moasession.hibernate.connection.password}" />
+
+ <property name="connectionProperties" value="${moasession.dbcp.connectionProperties}" />
+ <property name="initialSize" value="${moasession.dbcp.initialSize}" />
+ <property name="maxTotal" value="${moasession.dbcp.maxActive}" />
+ <property name="maxIdle" value="${moasession.dbcp.maxIdle}" />
+ <property name="minIdle" value="${moasession.dbcp.minIdle}" />
+ <!-- property name="maxWait" value="${moasession.dbcp.maxWaitMillis}" / -->
+ <property name="testOnBorrow" value="${moasession.dbcp.testOnBorrow}" />
+ <property name="testOnReturn" value="${moasession.dbcp.testOnReturn}" />
+ <property name="testWhileIdle" value="${moasession.dbcp.testWhileIdle}" />
+ <property name="validationQuery" value="${moasession.dbcp.validationQuery}" />
+ </bean>
+
+ <bean id="sessionSessionFactory" class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
+ <property name="dataSource" ref="sessionDataSource"/>
+ <property name="packagesToScan" value="at.gv.egovernment.moa.id.commons.db.dao.session" />
+ <property name="hibernateProperties">
+ <props>
+ <prop key="hibernate.dialect">${moasession.hibernate.dialect}</prop>
+ <prop key="hibernate.show_sql">${moasession.hibernate.show_sql}</prop>
+ <prop key="hibernate.hbm2ddl.auto">${moasession.hibernate.hbm2ddl.auto}</prop>
+ <prop key="current_session_context_class">${moasession.hibernate.current_session_context_class}</prop>
+ <prop key="hibernate.transaction.flush_before_completion">${moasession.hibernate.transaction.flush_before_completion}</prop>
+ <prop key="hibernate.transaction.auto_close_session">${moasession.hibernate.transaction.auto_close_session}</prop>
+ </props>
+ </property>
+ </bean>
+
+ <!-- MYSQL Conector -->
+ <tx:annotation-driven transaction-manager="sessionTransactionManager"/>
+
+ <bean id="sessionJpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
+ <property name="showSql" value="${moasession.hibernate.show_sql}" />
+ <property name="generateDdl" value="${moasession.jpaVendorAdapter.generateDdl}" />
+ <property name="databasePlatform" value="${moasession.hibernate.dialect}" />
+ </bean>
+
+ <bean name="session" id="session" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean" depends-on="sessionDataSource">
+ <property name="dataSource" ref="sessionDataSource" />
+ <property name="jpaVendorAdapter" ref="sessionJpaVendorAdapter" />
+ <property name="packagesToScan" value="at.gv.egovernment.moa.id.commons.db.dao.session" />
+ <property name="persistenceUnitName" value="session" />
+ </bean>
+
+ <bean name="sessionTransactionManager" id="sessionTransactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
+ <property name="entityManagerFactory" ref="session" />
+ </bean>
+
+ <bean id="moaSessionDBUtils" class="at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils">
+ </bean>
+
+</beans> \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/session.db.beans.xml b/id/server/idserverlib/src/main/resources/session.db.beans.xml
new file mode 100644
index 000000000..5ed390ffe
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/session.db.beans.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans profile="dbBackend"
+ xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <context:property-placeholder location="${moa.id.configuration}"/>
+
+ <bean id="TransactionStorage"
+ class="at.gv.egovernment.moa.id.storage.DBTransactionStorage"
+ />
+
+</beans> \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/session.redis.beans.xml b/id/server/idserverlib/src/main/resources/session.redis.beans.xml
new file mode 100644
index 000000000..feda9b273
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/session.redis.beans.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans profile="redisBackend"
+ xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <context:property-placeholder location="${moa.id.configuration}"/>
+
+ <bean id="TransactionStorage"
+ class="at.gv.egovernment.moa.id.storage.RedisTransactionStorage"/>
+
+ <!-- Redis Beans -->
+ <bean id="jedisConnFactory"
+ class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory"
+ p:use-pool="${redis.use-pool}"
+ p:host-name="${redis.host-name}"
+ p:port="${redis.port}"/>
+
+ <bean id="RedisStringSerializer" class="org.springframework.data.redis.serializer.StringRedisSerializer" />
+ <bean id="assertionStoreSerializer" class="org.springframework.data.redis.serializer.JacksonJsonRedisSerializer">
+ <constructor-arg type="java.lang.Class" value="at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore"/>
+ </bean>
+
+ <bean id="redisTemplate"
+ class="org.springframework.data.redis.core.RedisTemplate"
+ p:connection-factory-ref="jedisConnFactory"
+ p:value-serializer-ref="RedisStringSerializer"
+ p:key-serializer-ref="RedisStringSerializer"/>
+
+</beans> \ No newline at end of file
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
index 66dffe311..0b5128c8b 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
@@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.module.test;
import java.util.Collection;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
@@ -254,7 +256,7 @@ public class TestRequestImpl implements IRequest {
* @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedAttributes()
*/
@Override
- public Collection<String> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
// TODO Auto-generated method stub
return null;
}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java
new file mode 100644
index 000000000..ab08c0f5c
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java
@@ -0,0 +1,147 @@
+package at.gv.egovernment.moa.id.process.spring.test;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.sql.DataSource;
+
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Dummy DataSource implementation for convenience in test cases where a
+ * database connection will never actually be acquired.
+ *
+ * @see DataSource
+ * @author Chris Beams
+ */
+public class DummyTransactionStorage implements ITransactionStorage {
+
+ public class DummyDBEntry{
+ public DummyDBEntry(String key, Object value){
+ this.obj =value;
+ this.key = key;
+ }
+ public String getKey() {
+ return key;
+ }
+ public void setKey(String key) {
+ this.key = key;
+ }
+ public Object getObj() {
+ return obj;
+ }
+ public void setObj(Object obj) {
+ this.obj = obj;
+ }
+ private String key;
+ private Object obj;
+ }
+
+ private ArrayList<DummyDBEntry> ds = new ArrayList<DummyDBEntry>();
+
+
+
+ @Override
+ public boolean containsKey(String key) {
+ // TODO Auto-generated method stub
+ Iterator<DummyDBEntry> it = ds.iterator();
+ while(it.hasNext()){
+ DummyDBEntry t = it.next();
+ if(t.getKey().equals(key))
+ return true;
+ }
+ return false;
+ }
+
+ @Override
+ public void put(String key, Object value, int timeout_ms)
+ throws MOADatabaseException {
+ // TODO Auto-generated method stub
+ this.remove(key);
+ this.ds.add(new DummyDBEntry(key, value));
+
+ }
+
+ @Override
+ public Object get(String key) throws MOADatabaseException {
+ // TODO Auto-generated method stub
+ Iterator<DummyDBEntry> it = ds.iterator();
+ while(it.hasNext()){
+ DummyDBEntry t = it.next();
+ if(t.getKey().equals(key))
+ return t;
+ }
+ return null;
+ }
+
+ @Override
+ public <T> T get(String key, Class<T> clazz) throws MOADatabaseException {
+
+ DummyDBEntry o = (DummyDBEntry) get(key);
+ if(o == null)
+ return null;
+ try {
+ @SuppressWarnings("unchecked")
+ T test = (T) (clazz.cast(o.getObj()));
+ return test;
+
+ } catch (Exception e) {
+ Logger.warn("Sessioninformation Cast-Exception by using Artifact=" + key);
+ throw new MOADatabaseException("Sessioninformation Cast-Exception");
+
+ }
+ }
+
+ @Override
+ public <T> T get(String key, Class<T> clazz, long dataTimeOut)
+ throws MOADatabaseException, AuthenticationException {
+ // TODO Auto-generated method stub
+ return get(key,clazz);
+ }
+
+ @Override
+ public void changeKey(String oldKey, String newKey, Object value)
+ throws MOADatabaseException {
+ this.remove(oldKey);
+ this.put(newKey, value, -1);
+
+ }
+
+ @Override
+ public void remove(String key) {
+ Iterator<DummyDBEntry> it = ds.iterator();
+ while(it.hasNext()){
+ DummyDBEntry t = it.next();
+ if(t.getKey().equals(key)){
+ this.ds.remove(t);
+ return;
+ }
+ }
+
+ }
+
+ @Override
+ public List<String> clean(Date now, long dataTimeOut) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Object getAssertionStore(String key) throws MOADatabaseException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public void putAssertionStore(Object element) throws MOADatabaseException {
+ // TODO Auto-generated method stub
+
+ }
+
+
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
index 2cb2a3278..b308e2fa8 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
@@ -78,7 +78,7 @@ public class SpringExpressionAwareProcessEngineTest {
config.addProperties(props);
//config.addAnnotatedClass(ProcessInstanceStore.class);
config.addAnnotatedClass(AssertionStore.class);
- MOASessionDBUtils.initHibernate(config, props);
+ //MOASessionDBUtils.initHibernate(config, props);
} catch (Exception e) {
e.printStackTrace();
}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
index a7e351e25..197627a66 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
@@ -73,7 +73,7 @@ public class ProcessEngineTest {
config.addProperties(props);
//config.addAnnotatedClass(ProcessInstanceStore.class);
config.addAnnotatedClass(AssertionStore.class);
- MOASessionDBUtils.initHibernate(config, props);
+ //MOASessionDBUtils.initHibernate(config, props);
} catch (Exception e) {
e.printStackTrace();
}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java
new file mode 100644
index 000000000..4b7f61ef5
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java
@@ -0,0 +1,122 @@
+package at.gv.egovernment.moa.id.storage.test;
+
+import java.io.IOException;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.context.support.FileSystemXmlApplicationContext;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.DBTransactionStorage;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.util.DOMUtils;
+
+public class DBTransactionStorageTest {
+
+ public static void main (String[] args) throws SAXException, IOException, ParserConfigurationException, MOADatabaseException{
+ DBTransactionStorageTest t = new DBTransactionStorageTest();
+ t.test();
+ }
+
+ @Autowired
+ DBTransactionStorage rts;
+
+ public DBTransactionStorageTest(){
+
+ }
+
+
+ public void test() throws SAXException, IOException, ParserConfigurationException, MOADatabaseException{
+
+
+ ApplicationContext context = new FileSystemXmlApplicationContext("src/test/java/testBeans.xml");
+
+
+ String requestString =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "<samlp:AssertionArtifact>WRONGARTIFACT</samlp:AssertionArtifact>" +
+ "</samlp:Request>";
+ Element request = DOMUtils.parseDocument(requestString, false, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+
+ ITransactionStorage rts = (ITransactionStorage) context.getBean("DBTransactionStorage");
+ //GenericToStringSerializer redisStringSerializer = (GenericToStringSerializer) context.getBean("valueObjectSerializer");
+
+ // rts.getTemplate().setValueSerializer(new GenericToStringSerializer<Object>(Object.class));
+ // rts.getTemplate().setHashValueSerializer(new GenericToStringSerializer<Object>(Object.class));
+
+ int cnt = 10;
+ int averageCnt = 10;
+ long putTime = 0, getTime = 0, changeTime = 0, removeTime = 0;
+ long total = 0;
+ for(int a=0;a<averageCnt;a++){
+ long totalPerRound = 0;
+
+ System.out.println("Starting MySql store operation.");
+ long start = System.currentTimeMillis();
+ for(int i=0; i<cnt;i++)
+ rts.put("test"+i, request,-1);
+ long end = System.currentTimeMillis();
+ putTime += end-start;
+ System.out.println("MySql store operation done in "+(end-start)+" ms.");
+ totalPerRound+=(end-start);
+
+ Element test;
+ System.out.println("Starting MySql get operation.");
+ start = System.currentTimeMillis();
+ for(int i=0; i<cnt;i++)
+ test = (Element)rts.get("test"+i);
+ end = System.currentTimeMillis();
+ getTime += end-start;
+ System.out.println("MySql get operation done in "+(end-start)+" ms.");
+ totalPerRound+=(end-start);
+ //Element test = (Element)rts.get("test0");
+ //System.out.println("Read Element from Redis Store: "+test.getTextContent());
+
+ String requestString2 =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"test_new\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "<samlp:AssertionArtifact>WRONGARTIFACT</samlp:AssertionArtifact>" +
+ "</samlp:Request>";
+ Element request2 = DOMUtils.parseDocument(requestString2, false, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+
+ System.out.println("Starting MySql change operation.");
+ start = System.currentTimeMillis();
+ for(int i=0; i<cnt;i++)
+ rts.changeKey("test"+i, "test_new"+i, request2);
+ end = System.currentTimeMillis();
+ changeTime += end-start;
+ System.out.println("MySql change operation done in "+(end-start)+" ms.");
+ totalPerRound+=(end-start);
+
+
+
+ System.out.println("Starting MySql remove operation.");
+ start = System.currentTimeMillis();
+ for(int i=0; i<cnt;i++)
+ rts.remove("test_new"+i);
+ end = System.currentTimeMillis();
+ removeTime += end-start;
+ System.out.println("MySql remove operation done in "+(end-start)+" ms.");
+ totalPerRound+=(end-start);
+ total+=totalPerRound;
+
+ System.out.println("Redis Total Time in this round: "+totalPerRound+" ms.");
+ System.out.println("______________________________________________________");
+ }
+ System.out.println("______________________________________________________");
+ System.out.println("Redis average get time over " + averageCnt +" rounds: "+getTime/averageCnt+" ms.");
+ System.out.println("Redis average put time over " + averageCnt +" rounds: "+putTime/averageCnt+" ms.");
+ System.out.println("Redis average change time over " + averageCnt +" rounds: "+changeTime/averageCnt+" ms.");
+ System.out.println("Redis average remove time over " + averageCnt +" rounds: "+removeTime/averageCnt+" ms.");
+ System.out.println("Redis average total time over " + averageCnt +" rounds: "+total/averageCnt+" ms.");
+ ((ConfigurableApplicationContext)context).close();
+ }
+
+}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/RedisTransactionMultiThreadTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/RedisTransactionMultiThreadTest.java
new file mode 100644
index 000000000..60b55f497
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/RedisTransactionMultiThreadTest.java
@@ -0,0 +1,130 @@
+package at.gv.egovernment.moa.id.storage.test;
+
+import java.io.IOException;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.context.support.FileSystemXmlApplicationContext;
+import org.springframework.core.task.TaskExecutor;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.RedisTransactionStorage;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.util.DOMUtils;
+
+public class RedisTransactionMultiThreadTest {
+
+ private ApplicationContext context;
+
+ public RedisTransactionMultiThreadTest() throws SAXException, IOException, ParserConfigurationException, MOADatabaseException{
+ this.context = new FileSystemXmlApplicationContext("src/test/java/testBeans.xml");
+ TaskExecutor te = (TaskExecutor) context.getBean("taskExecutor");
+
+ for(int i=0;i<50;i++){
+ te.execute(new RedisTask("Task"+i));
+ }
+
+
+ }
+
+ public static void main(String[] args) throws SAXException, IOException, ParserConfigurationException, MOADatabaseException{
+
+ RedisTransactionMultiThreadTest t = new RedisTransactionMultiThreadTest();
+ System.out.println("End");
+
+// String requestString =
+// "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+// "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+// "<samlp:AssertionArtifact>WRONGARTIFACT</samlp:AssertionArtifact>" +
+// "</samlp:Request>";
+// Element request = DOMUtils.parseDocument(requestString, false, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+//
+//
+//
+//
+// RedisTransactionStorage rts = (RedisTransactionStorage) context.getBean("TransactionStorage");
+// //GenericToStringSerializer redisStringSerializer = (GenericToStringSerializer) context.getBean("valueObjectSerializer");
+//
+//// rts.getTemplate().setValueSerializer(new GenericToStringSerializer<Object>(Object.class));
+//// rts.getTemplate().setHashValueSerializer(new GenericToStringSerializer<Object>(Object.class));
+//
+//
+// rts.put("test", request,-1);
+// System.out.println("Redis store operation done!");
+//
+// Element test = (Element)rts.get("test");
+// System.out.println("Read Element from Redis Store: "+test.getTextContent());
+//
+// String requestString2 =
+// "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+// "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"test_new\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+// "<samlp:AssertionArtifact>WRONGARTIFACT</samlp:AssertionArtifact>" +
+// "</samlp:Request>";
+// Element request2 = DOMUtils.parseDocument(requestString2, false, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+//
+//
+// rts.changeKey("test", "test_new", request2);
+//
+// rts.remove("test");
+// rts.remove("test_new");
+//
+// ((ConfigurableApplicationContext)context).close();
+ }
+
+ private class RedisTask implements Runnable {
+
+ private String message;
+
+ public RedisTask(String message) throws SAXException, IOException, ParserConfigurationException, MOADatabaseException {
+
+ this.message = message;
+
+
+
+ }
+
+ public void run() {
+ String requestString =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "<samlp:AssertionArtifact>WRONGARTIFACT</samlp:AssertionArtifact>" +
+ "</samlp:Request>";
+
+ Element request = null;
+ try {
+ request = DOMUtils.parseDocument(requestString, false, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ } catch (SAXException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ return;
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ return;
+ } catch (ParserConfigurationException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ return;
+ }
+
+ RedisTransactionStorage rts = (RedisTransactionStorage) context.getBean("RedisTransactionStorage");
+
+ try {
+ rts.put(message, request,-1);
+ rts.changeKey(message, message+"n", request);
+ } catch (MOADatabaseException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ return;
+ }
+ System.out.println("Done with task "+message);
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/RedisTransactionStorageTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/RedisTransactionStorageTest.java
new file mode 100644
index 000000000..e957ffe05
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/RedisTransactionStorageTest.java
@@ -0,0 +1,116 @@
+package at.gv.egovernment.moa.id.storage.test;
+
+import java.io.IOException;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.context.support.FileSystemXmlApplicationContext;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.DBTransactionStorage;
+import at.gv.egovernment.moa.id.storage.RedisTransactionStorage;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.util.DOMUtils;
+
+public class RedisTransactionStorageTest {
+
+
+ public RedisTransactionStorageTest(){
+
+ }
+
+ public static void main(String[] args) throws SAXException, IOException, ParserConfigurationException, MOADatabaseException{
+
+
+ ApplicationContext context = new FileSystemXmlApplicationContext("src/test/java/testBeans.xml");
+
+
+ String requestString =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "<samlp:AssertionArtifact>WRONGARTIFACT</samlp:AssertionArtifact>" +
+ "</samlp:Request>";
+ Element request = DOMUtils.parseDocument(requestString, false, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+
+ RedisTransactionStorage rts = (RedisTransactionStorage) context.getBean("RedisTransactionStorage");
+ //GenericToStringSerializer redisStringSerializer = (GenericToStringSerializer) context.getBean("valueObjectSerializer");
+
+ // rts.getTemplate().setValueSerializer(new GenericToStringSerializer<Object>(Object.class));
+ // rts.getTemplate().setHashValueSerializer(new GenericToStringSerializer<Object>(Object.class));
+
+ int cnt = 100;
+ int averageCnt = 10;
+ long putTime = 0, getTime = 0, changeTime = 0, removeTime = 0;
+ long total = 0;
+ for(int a=0;a<averageCnt;a++){
+ long totalPerRound = 0;
+
+ System.out.println("Starting Redis store operation.");
+ long start = System.currentTimeMillis();
+ for(int i=0; i<cnt;i++)
+ rts.put("test"+i, request,-1);
+ long end = System.currentTimeMillis();
+ putTime += end-start;
+ System.out.println("Redis store operation done in "+(end-start)+" ms.");
+ totalPerRound+=(end-start);
+
+ Element test;
+ System.out.println("Starting Redis get operation.");
+ start = System.currentTimeMillis();
+ for(int i=0; i<cnt;i++)
+ test = (Element)rts.get("test"+i);
+ end = System.currentTimeMillis();
+ getTime += end-start;
+ System.out.println("Redis get operation done in "+(end-start)+" ms.");
+ totalPerRound+=(end-start);
+ //Element test = (Element)rts.get("test0");
+ //System.out.println("Read Element from Redis Store: "+test.getTextContent());
+
+ String requestString2 =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"test_new\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "<samlp:AssertionArtifact>WRONGARTIFACT</samlp:AssertionArtifact>" +
+ "</samlp:Request>";
+ Element request2 = DOMUtils.parseDocument(requestString2, false, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+
+ System.out.println("Starting Redis change operation.");
+ start = System.currentTimeMillis();
+ for(int i=0; i<cnt;i++)
+ rts.changeKey("test"+i, "test_new"+i, request2);
+ end = System.currentTimeMillis();
+ changeTime += end-start;
+ System.out.println("Redis change operation done in "+(end-start)+" ms.");
+ totalPerRound+=(end-start);
+
+
+
+ System.out.println("Starting Redis remove operation.");
+ start = System.currentTimeMillis();
+ for(int i=0; i<cnt;i++)
+ rts.remove("test_new"+i);
+ end = System.currentTimeMillis();
+ removeTime += end-start;
+ System.out.println("Redis remove operation done in "+(end-start)+" ms.");
+ totalPerRound+=(end-start);
+ total+=totalPerRound;
+
+ System.out.println("Redis Total Time in this round: "+totalPerRound+" ms.");
+ System.out.println("______________________________________________________");
+ }
+ System.out.println("______________________________________________________");
+ System.out.println("Redis average get time over " + averageCnt +" rounds: "+getTime/averageCnt+" ms.");
+ System.out.println("Redis average put time over " + averageCnt +" rounds: "+putTime/averageCnt+" ms.");
+ System.out.println("Redis average change time over " + averageCnt +" rounds: "+changeTime/averageCnt+" ms.");
+ System.out.println("Redis average remove time over " + averageCnt +" rounds: "+removeTime/averageCnt+" ms.");
+ System.out.println("Redis average total time over " + averageCnt +" rounds: "+total/averageCnt+" ms.");
+
+ ((ConfigurableApplicationContext)context).close();
+
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java
index 2c80b7ffd..05cd74ed2 100644
--- a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java
+++ b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java
@@ -1,23 +1,23 @@
package test.tlenz;
-import java.io.File;
import java.io.FileInputStream;
-import java.io.InputStream;
-import java.io.ObjectInputStream;
-import java.net.URI;
-import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.List;
-import org.w3c.dom.Element;
+import org.apache.commons.io.IOUtils;
+import org.w3c.dom.NodeList;
-import iaik.asn1.structures.Name;
-import iaik.utils.RFC2253NameParser;
-import iaik.utils.RFC2253NameParserException;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.data.AuthenticationRole;
-import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
-import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
-import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.ContentBinary;
+import at.gv.egovernment.moa.spss.api.common.ContentXML;
+import at.gv.egovernment.moa.spss.api.common.InputData;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
/*******************************************************************************
* Copyright 2014 Federal Chancellery Austria
@@ -62,71 +62,130 @@ import at.gv.egovernment.moa.util.DOMUtils;
public class simpletest {
//
public static void main(String[] args) {
-
- URI fileURI = null;
- try {
- fileURI = new URI("file:c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
- File propertiesFile = new File(fileURI);
+ try {
+ FileInputStream sigDocFIS = null;
+ sigDocFIS = new FileInputStream("D:/idl_test/identity_link.xml");
- InputStream in = new FileInputStream(propertiesFile);
- ObjectInputStream testOIS = new ObjectInputStream(in);
+ SPSSFactory spssFac = SPSSFactory.getInstance();
+ SignatureVerificationService sigVerifyService = SignatureVerificationService.getInstance();
+ Content sigDocContent = spssFac.createContent(sigDocFIS, null);
+
+
+ // Position der zu pruefenden Signatur
+ HashMap nSMap = new HashMap();
+ nSMap.put("dsig", "http://www.w3.org/2000/09/xmldsig#");
+ VerifySignatureLocation sigLocation = spssFac.createVerifySignatureLocation("//dsig:Signature", nSMap);
+
+ // Pruefrequest zusammenstellen
+ VerifySignatureInfo sigInfo = spssFac.createVerifySignatureInfo(sigDocContent, sigLocation);
+ VerifyXMLSignatureRequest verifyRequest = spssFac.createVerifyXMLSignatureRequest(
+ null, // Verwende aktuelle Zeit als Pruefzeit
+ sigInfo,
+ null, // Keine Ergaenzungsobjekte
+ null, // Signaturmanifest-Pruefung soll nicht durchgefuehrt werden
+ true, // Hash-Inputdaten, d.h. tatsaechlich signierte Daten werden nicht zurueckgeliefert
+ "MOAIDBuergerkarteAuthentisierungsDaten");
+
+
+ VerifyXMLSignatureResponse verifyResponse = null;
+ verifyResponse = sigVerifyService.verifyXMLSignature(verifyRequest);
+
+ SignerInfo signerInfo = verifyResponse.getSignerInfo();
+ String signerCertificateEncoded = null;
+
+ List hashInputDatas = verifyResponse.getHashInputDatas();
+ if (hashInputDatas != null && !hashInputDatas.isEmpty()) {
+ for (Object el : hashInputDatas) {
+ InputData inputData = (InputData) el;
+ switch (inputData.getContentType()) {
+ case Content.XML_CONTENT :
+ ContentXML contentXml = (ContentXML) inputData;
+ NodeList input_XML = contentXml.getXMLContent();
+
+ break;
+ case Content.BINARY_CONTENT :
+ ContentBinary contentBinary = (ContentBinary) inputData;
+ String input_Binary = IOUtils.toString(contentBinary.getBinaryContent());
+
+ }
+ }
+ }
+
+
- Object test = testOIS.readObject();
+ } catch (Exception e) {
- } catch (Exception e1) {
- e1.printStackTrace();
- }
-
- try {
- fileURI = new URI("file:/c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
- File propertiesFile = new File(fileURI);
- } catch (Exception e1) {
- e1.printStackTrace();
- }
-
- try {
- fileURI = new URI("file://c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
- File propertiesFile = new File(fileURI);
- } catch (Exception e1) {
- e1.printStackTrace();
- }
-
- try {
- fileURI = new URI("file:///c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
- File propertiesFile = new File(fileURI);
- } catch (Exception e1) {
- e1.printStackTrace();
}
- try {
- InputStream s = new FileInputStream("D:/idl_test/identity_link.xml");
- Element idlTemplate = DOMUtils.parseXmlValidating(s);
-
- //resign IDL
- IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
- Element resignedilAssertion = identitylinkresigner.resignIdentityLink(idlTemplate, "IDLSigning");
- IdentityLink identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink();
-
- } catch (Exception e) {
- System.out.println(e.getMessage());
-
- }
- String subjectName = "serialNumber=896929130327, givenName=OCSP, SN=Responder 03-1, CN=OCSP Responder 03-1, C=AT";
- try {
- Name test = new RFC2253NameParser(subjectName).parse();
-
- System.out.println(test.getRFC2253String());
-
- } catch (RFC2253NameParserException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
+// URI fileURI = null;
+// try {
+// fileURI = new URI("file:c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
+// File propertiesFile = new File(fileURI);
+//
+// InputStream in = new FileInputStream(propertiesFile);
+// ObjectInputStream testOIS = new ObjectInputStream(in);
+//
+// Object test = testOIS.readObject();
+//
+//
+// } catch (Exception e1) {
+// e1.printStackTrace();
+// }
+//
+// try {
+// fileURI = new URI("file:/c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
+// File propertiesFile = new File(fileURI);
+// } catch (Exception e1) {
+// e1.printStackTrace();
+// }
+//
+// try {
+// fileURI = new URI("file://c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
+// File propertiesFile = new File(fileURI);
+// } catch (Exception e1) {
+// e1.printStackTrace();
+// }
+//
+// try {
+// fileURI = new URI("file:///c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
+// File propertiesFile = new File(fileURI);
+// } catch (Exception e1) {
+// e1.printStackTrace();
+// }
+//
+//
+//
+// try {
+// InputStream s = new FileInputStream("D:/idl_test/identity_link.xml");
+// Element idlTemplate = DOMUtils.parseXmlValidating(s);
+//
+// //resign IDL
+// IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+// Element resignedilAssertion = identitylinkresigner.resignIdentityLink(idlTemplate, "IDLSigning");
+// IdentityLink identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink();
+//
+// } catch (Exception e) {
+// System.out.println(e.getMessage());
+//
+// }
+//
+// String subjectName = "serialNumber=896929130327, givenName=OCSP, SN=Responder 03-1, CN=OCSP Responder 03-1, C=AT";
+//
+// try {
+// Name test = new RFC2253NameParser(subjectName).parse();
+//
+// System.out.println(test.getRFC2253String());
+//
+// } catch (RFC2253NameParserException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// }
// AuthenticationRole test = AuthenticationRoleFactory.buildFormPVPole("ecas-demo-EUROPEAN_COMMISSION(key=A\\,B)");
diff --git a/id/server/idserverlib/src/test/java/testBeans.xml b/id/server/idserverlib/src/test/java/testBeans.xml
new file mode 100644
index 000000000..238a571cb
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/testBeans.xml
@@ -0,0 +1,130 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+<context:annotation-config />
+ <bean id="configPropertyDao"
+ class="at.gv.egovernment.moa.id.commons.db.dao.config.DatabaseConfigPropertyImpl"/>
+
+ <bean id="moaidconfig" class="at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfigurationImpl" />
+
+ <bean name="config" id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+ <property name="dataSource" ref="dataSource" />
+ <property name="jpaVendorAdapter" ref="jpaVendorAdapter" />
+ <property name="persistenceUnitName" value="config" />
+ </bean>
+
+ <bean name="transactionManager" id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
+ <property name="entityManagerFactory" ref="entityManagerFactory" />
+ </bean>
+ <tx:annotation-driven transaction-manager="transactionManager"/>
+
+ <bean id="RedisTransactionStorage"
+ class="at.gv.egovernment.moa.id.storage.RedisTransactionStorage"/>
+
+ <bean id="DBTransactionStorage"
+ class="at.gv.egovernment.moa.id.storage.DBTransactionStorage"/>
+
+ <!-- Redis Beans -->
+ <bean id="jedisConnFactory"
+ class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory"
+ p:use-pool="true"
+ p:poolConfig-ref="jedisPoolConfig"/>
+
+ <bean id="jedisPoolConfig"
+ class="redis.clients.jedis.JedisPoolConfig"
+ p:maxTotal="100"
+ p:maxIdle="10"/>
+
+ <bean id="RedisStringSerializer" class="org.springframework.data.redis.serializer.StringRedisSerializer" />
+ <bean id="assertionStoreSerializer" class="org.springframework.data.redis.serializer.JacksonJsonRedisSerializer">
+ <constructor-arg type="java.lang.Class" value="at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore"/>
+ </bean>
+
+ <bean id="redisTemplate"
+ class="org.springframework.data.redis.core.RedisTemplate"
+ p:connection-factory-ref="jedisConnFactory"
+ p:value-serializer-ref="RedisStringSerializer"
+ p:key-serializer-ref="RedisStringSerializer"
+ p:enableTransactionSupport="true"/>
+
+ <context:property-placeholder location="${moa.id.configuration}"/>
+
+ <bean id="moaidauthconfig" class="at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider">
+ <constructor-arg value="#{systemProperties['moa.id.configuration']}"/>
+ </bean>
+
+ <bean id="dataSource" class="org.apache.commons.dbcp2.BasicDataSource" lazy-init="true" destroy-method="close">
+ <aop:scoped-proxy/>
+ <property name="driverClassName" value="${configuration.hibernate.connection.driver_class}" />
+ <property name="url" value="${configuration.hibernate.connection.url}"/>
+ <property name="username" value="${configuration.hibernate.connection.username}" />
+ <property name="password" value="${configuration.hibernate.connection.password}" />
+
+ <property name="connectionProperties" value="${configuration.dbcp.connectionProperties}" />
+ <property name="initialSize" value="${configuration.dbcp.initialSize}" />
+ <property name="maxTotal" value="${configuration.dbcp.maxActive}" />
+ <property name="maxIdle" value="${configuration.dbcp.maxIdle}" />
+ <property name="minIdle" value="${configuration.dbcp.minIdle}" />
+ <!-- property name="maxWait" value="${configuration.dbcp.maxWaitMillis}" / -->
+ <property name="testOnBorrow" value="${configuration.dbcp.testOnBorrow}" />
+ <property name="testOnReturn" value="${configuration.dbcp.testOnReturn}" />
+ <property name="testWhileIdle" value="${configuration.dbcp.testWhileIdle}" />
+ <property name="validationQuery" value="${configuration.dbcp.validationQuery}" />
+ </bean>
+
+ <bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
+ <property name="showSql" value="${configuration.hibernate.show_sql}" />
+ <property name="generateDdl" value="${configuration.jpaVendorAdapter.generateDdl}" />
+ <property name="databasePlatform" value="${configuration.hibernate.dialect}" />
+ </bean>
+
+ <bean id="taskExecutor" class="org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor">
+ <property name="corePoolSize" value="1" />
+ <property name="maxPoolSize" value="50" />
+ <property name="queueCapacity" value="50" />
+ </bean>
+
+ <bean id="sessionDataSource" class="org.apache.commons.dbcp2.BasicDataSource" lazy-init="true" destroy-method="close">
+ <aop:scoped-proxy/>
+ <property name="driverClassName" value="${moasession.hibernate.connection.driver_class}" />
+ <property name="url" value="${moasession.hibernate.connection.url}"/>
+ <property name="username" value="${moasession.hibernate.connection.username}" />
+ <property name="password" value="${moasession.hibernate.connection.password}" />
+
+ <property name="connectionProperties" value="${moasession.dbcp.connectionProperties}" />
+ <property name="initialSize" value="${moasession.dbcp.initialSize}" />
+ <property name="maxTotal" value="${moasession.dbcp.maxActive}" />
+ <property name="maxIdle" value="${moasession.dbcp.maxIdle}" />
+ <property name="minIdle" value="${moasession.dbcp.minIdle}" />
+ <!-- property name="maxWait" value="${moasession.dbcp.maxWaitMillis}" / -->
+ <property name="testOnBorrow" value="${moasession.dbcp.testOnBorrow}" />
+ <property name="testOnReturn" value="${moasession.dbcp.testOnReturn}" />
+ <property name="testWhileIdle" value="${moasession.dbcp.testWhileIdle}" />
+ <property name="validationQuery" value="${moasession.dbcp.validationQuery}" />
+ </bean>
+
+ <bean id="sessionJpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
+ <property name="showSql" value="${moasession.hibernate.show_sql}" />
+ <property name="generateDdl" value="${moasession.jpaVendorAdapter.generateDdl}" />
+ <property name="databasePlatform" value="${moasession.hibernate.dialect}" />
+ </bean>
+
+ <bean name="sessionEntityManagerFactory" id="sessionEntityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+ <property name="dataSource" ref="sessionDataSource" />
+ <property name="jpaVendorAdapter" ref="sessionJpaVendorAdapter" />
+ <property name="persistenceUnitName" value="session" />
+ </bean>
+
+ <bean name="sessionTransactionManager" id="sessionTransactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
+ <property name="entityManagerFactory" ref="sessionEntityManagerFactory" />
+ </bean>
+</beans> \ No newline at end of file
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
index bf47c0445..7d9db0ab7 100644
--- a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
+++ b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
@@ -1,9 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:task="http://www.springframework.org/schema/task"
- xsi:schemaLocation="http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
<bean id="springElAwareExpressionEvaluator" class="at.gv.egovernment.moa.id.process.spring.SpringExpressionEvaluator" />
@@ -12,7 +16,7 @@
</bean>
<bean id="TransactionStorage"
- class="at.gv.egovernment.moa.id.storage.DBTransactionStorage"/>
+ class="at.gv.egovernment.moa.id.process.spring.test.DummyTransactionStorage"/>
<bean id="ProcessInstanceStoreage"
class="at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl"/>
@@ -40,4 +44,5 @@
<bean id="ValidateSignedAuthBlockTask"
class="at.gv.egovernment.moa.id.process.spring.test.task.ValidateSignedAuthBlockTask"/>
+
</beans>
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index ea9e06fd6..4e8d77a4f 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -97,16 +97,18 @@
<groupId>iaik.prod</groupId>
<artifactId>iaik_jce_full</artifactId>
</dependency>
- <dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_moa</artifactId>
- </dependency>
+ <dependency>
+ <groupId>MOA.id</groupId>
+ <artifactId>moa-spss-container</artifactId>
+ <version>${moa-id-version}</version>
+ </dependency>
+
<dependency>
<groupId>iaik.prod</groupId>
<artifactId>iaik_X509TrustManager</artifactId>
</dependency>
-
+
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
@@ -143,11 +145,11 @@
<artifactId>hibernate-core</artifactId>
<version>${hibernate.version}</version>
</dependency>
- <dependency>
+ <!-- dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-c3p0</artifactId>
<version>${hibernate.version}</version>
- </dependency>
+ </dependency-->
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
index 6726aacb5..6d573efe8 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
@@ -40,11 +40,13 @@ public class MOAIDConstants {
public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+";
public static final String PREFIX_STORK = "urn:publicid:gv.at:storkid+";
+ public static final String PREFIX_EIDAS = "urn:publicid:gv.at:eidasid+";
public static final String IDENIFICATIONTYPE_FN = "FN";
public static final String IDENIFICATIONTYPE_ERSB = "ERSB";
public static final String IDENIFICATIONTYPE_ZVR = "ZVR";
public static final String IDENIFICATIONTYPE_STORK = "STORK";
+ public static final String IDENIFICATIONTYPE_EIDAS = "eIDAS";
public static final String KEYBOXIDENTIFIER_SECURE = "SecureSignatureKeypair";
public static final String KEYBOXIDENTIFIER_CERTIFIED = "CertifiedKeypair";
@@ -61,16 +63,22 @@ public class MOAIDConstants {
public static final List<String> ALLOWED_KEYBOXIDENTIFIER;
public static final List<String> ALLOWED_REDIRECTTARGETNAMES;
public static final List<String> ALLOWED_STORKATTRIBUTEPROVIDERS;
+ public static final List<String> ALLOWED_eIDAS_LOA;
public static final List<String> JDBC_DRIVER_NEEDS_WORKAROUND;
public static final String UNIQUESESSIONIDENTIFIER = "uniqueSessionIdentifier";
+ public static final String eIDAS_LOA_LOW = "http://eidas.europa.eu/LoA/low";
+ public static final String eIDAS_LOA_SUBSTANTIAL = "http://eidas.europa.eu/LoA/substantial";
+ public static final String eIDAS_LOA_HIGH = "http://eidas.europa.eu/LoA/high";
+
static {
Hashtable<String, String> tmp = new Hashtable<String, String>();
tmp.put(IDENIFICATIONTYPE_FN, "Firmenbuchnummer");
tmp.put(IDENIFICATIONTYPE_ZVR, "Vereinsnummer");
tmp.put(IDENIFICATIONTYPE_ERSB, "ERsB Kennzahl");
tmp.put(IDENIFICATIONTYPE_STORK, "STORK");
+ tmp.put(IDENIFICATIONTYPE_EIDAS, "eIDAS");
BUSINESSSERVICENAMES = Collections.unmodifiableMap(tmp);
List<String> awbpk = new ArrayList<String>();
@@ -87,6 +95,12 @@ public class MOAIDConstants {
keyboxIDs.add(KEYBOXIDENTIFIER_CERTIFIED);
ALLOWED_KEYBOXIDENTIFIER = Collections.unmodifiableList(keyboxIDs);
+ List<String> eIDASLOA = new ArrayList<String>();
+ eIDASLOA.add(eIDAS_LOA_LOW);
+ eIDASLOA.add(eIDAS_LOA_SUBSTANTIAL);
+ eIDASLOA.add(eIDAS_LOA_HIGH);
+ ALLOWED_eIDAS_LOA = Collections.unmodifiableList(eIDASLOA);
+
List<String> redirectTargets = new ArrayList<String>();
redirectTargets.add(REDIRECTTARGET_BLANK);
redirectTargets.add(REDIRECTTARGET_PARENT);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
index fa08dcab6..d8938e353 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
@@ -30,6 +30,16 @@ public interface AuthConfiguration extends ConfigurationProvider{
*/
public String getBasicMOAIDConfiguration(final String key);
+
+ /**
+ * Get a configuration value from basic file based MOA-ID configuration
+ *
+ * @param key configuration key
+ * @param defaultValue Default value if no value with this key is found
+ * @return configuration value
+ */
+ public String getBasicMOAIDConfiguration(final String key, final String defaultValue);
+
public int getTransactionTimeOut();
public int getSSOCreatedTimeOut();
public int getSSOUpdatedTimeOut();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index be6d34275..1aea8d7b6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -152,7 +152,12 @@ public interface IOAAuthParameters {
*/
public boolean isShowStorkLogin();
- public Integer getQaaLevel();
+ /**
+ * Return the eIDAS LoA which is minimum required
+ *
+ * @return eIDAS LoA as URL identifier
+ */
+ public String getQaaLevel();
public boolean isRequireConsentForStorkAttributes();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java
index b23b4474b..25919a937 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java
@@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.commons.api;
import java.util.Collection;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
public interface IRequest {
@@ -193,9 +195,10 @@ public interface IRequest {
/**
* This method get a Set of PVP 2.1 attribute, which are request by this pending-request.
+ * @param metadataProvider SAML2 Metadata Provider, or null if no metadata provider is required
*
* @return A set of PVP attribute names or null if no attributes are requested
* or the Service Provider, which sends this request needs no attributes
*/
- public Collection<String> getRequestedAttributes();
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider);
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index a221d30e4..8472d7c06 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -32,6 +32,7 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
@@ -184,6 +185,10 @@ public class ConfigurationMigrationUtils {
if (MOAIDConfigurationConstants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) {
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, split[1]);
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, split[2]);
+
+ } else if (MOAIDConfigurationConstants.PREFIX_EIDAS.startsWith(split[0]) && split.length >= 2) {
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, MOAIDConfigurationConstants.IDENIFICATIONTYPE_EIDAS);
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, split[1] + "+" + split[2]);
} else if (MOAIDConfigurationConstants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) {
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK);
@@ -350,10 +355,11 @@ public class ConfigurationMigrationUtils {
else
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED, Boolean.FALSE.toString());
- if (config.getQaa() != null)
- result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, config.getQaa().toString());
+ if (config.geteIDAS_LOA() != null)
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, config.geteIDAS_LOA());
else
- result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, "4");
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL,
+ MOAIDConstants.eIDAS_LOA_HIGH);
// fetch vidp config
@@ -759,9 +765,15 @@ public class ConfigurationMigrationUtils {
if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE) != null &&
oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE) != null) {
- if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE).equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK)) {
+
+ if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE).equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_EIDAS)) {
+ idnumber.setValue(MOAIDConfigurationConstants.PREFIX_EIDAS + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE));
+ idnumber.setType(MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE)));
+
+ } else if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE).equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK)) {
idnumber.setValue(MOAIDConfigurationConstants.PREFIX_STORK + "AT" + "+" + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE));
idnumber.setType(MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE)));
+
} else {
idnumber.setValue(MOAIDConfigurationConstants.PREFIX_WPBK + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE) + "+" + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE));
idnumber.setType(MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE)));
@@ -953,7 +965,7 @@ public class ConfigurationMigrationUtils {
// transfer the incoming data to the database model
stork.setStorkLogonEnabled(Boolean.parseBoolean(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED)));
if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL)))
- stork.setQaa(Integer.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL)));
+ stork.seteIDAS_LOA(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL));
if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES))
&& oa.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES).equals(MOAIDConfigurationConstants.PREFIX_VIDP))
@@ -1458,11 +1470,11 @@ public class ConfigurationMigrationUtils {
try {
result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA,
- String.valueOf(stork.getQualityAuthenticationAssuranceLevel()));
+ stork.getGeneral_eIDAS_LOA());
} catch(NullPointerException e) {
result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA,
- String.valueOf(4));
+ MOAIDConstants.eIDAS_LOA_HIGH);
}
}
@@ -1705,6 +1717,12 @@ public class ConfigurationMigrationUtils {
}
+ //set eIDAS default LoA from general configuration
+ String eIDASDefaultLOA = moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA);
+ if (MiscUtil.isNotEmpty(eIDASDefaultLOA))
+ stork.setGeneral_eIDAS_LOA(eIDASDefaultLOA);
+
+
Map<String, StorkAttribute> attrMap = new HashMap<String, StorkAttribute>();
Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/SpringProfileConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/SpringProfileConstants.java
new file mode 100644
index 000000000..14824b1f8
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/SpringProfileConstants.java
@@ -0,0 +1,8 @@
+package at.gv.egovernment.moa.id.commons.config;
+
+public final class SpringProfileConstants {
+
+ public static final String ADVANCED_LOG = "advancedLogOn";
+ public static final String REDIS_BACKEND = "redisBackend";
+ public static final String DB_BACKEND = "dbBackend";
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java
index ecb13ef34..5cdd607ac 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java
@@ -24,62 +24,34 @@ package at.gv.egovernment.moa.id.commons.db;
import java.util.Properties;
-import org.apache.commons.lang3.StringUtils;
import org.hibernate.HibernateException;
import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.hibernate.Transaction;
-import org.hibernate.boot.registry.StandardServiceRegistryBuilder;
import org.hibernate.cfg.Configuration;
-import org.hibernate.service.ServiceRegistry;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.transaction.annotation.Propagation;
+import org.springframework.transaction.annotation.Transactional;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.logging.Logger;
-public final class MOASessionDBUtils {
+@Transactional("sessionTransactionManager")
+public class MOASessionDBUtils {
- private static SessionFactory sessionFactory;
- private static ServiceRegistry serviceRegistry;
-
- @SuppressWarnings("rawtypes")
- private static final ThreadLocal THREAD_LOCAL = new ThreadLocal();
- private static boolean automaticSessionHandling = false;
- private static final String[] AUTOMATIC_SESSION_HANDLING_VALUES = new String[] { "jta", "thread" };
- private static final String SESSION_HANDLING_KEY = "hibernate.current_session_context_class";
-
- protected MOASessionDBUtils() { }
+ private SessionFactory sessionFactory;
+
+ @Autowired
+ @Qualifier("sessionSessionFactory")
+ public void setSessionFactory(SessionFactory sessionFactory) {
+ this.sessionFactory = sessionFactory;
+ }
- public static void initHibernate(Configuration config, Properties hibernateProperties) {
-
- String scm = StringUtils.trimToNull(hibernateProperties.getProperty(SESSION_HANDLING_KEY));
- if (scm != null) {
- automaticSessionHandling = scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[0]) != -1 || scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[1]) != -1;
- }
- Logger.debug("Evaluating hibernate property \"" + SESSION_HANDLING_KEY + "\".");
- if (automaticSessionHandling) {
- Logger.info("Hibernate is automatically handling session context management.");
- } else {
- Logger.info("Hibernate is NOT automatically handling session context management. Using build-in ThreadLocal session handling.");
- }
- try {
- //Create the SessionFactory
- Logger.debug("Creating initial MOASession session factory...");
-
- config.configure("hibernate_moasession.cfg.xml");
- //serviceRegistry = new ServiceRegistryBuilder().applySettings(config.getProperties()).buildServiceRegistry();
-
- serviceRegistry = new StandardServiceRegistryBuilder().
- applySettings(config.getProperties()).build();
-
- sessionFactory = config.buildSessionFactory(serviceRegistry);
- Logger.debug("Initial MOASession session factory successfully created.");
-
- } catch (Throwable ex) {
- Logger.error("Initial MOASession session factory creation failed: " + ex.getMessage());
- throw new ExceptionInInitializerError(ex);
- }
- }
+ public void initHibernate(Configuration config, Properties hibernateProperties) {
+
+ }
/**
* Checks if a session factory is currently available. If necessary a new
@@ -89,102 +61,32 @@ public final class MOASessionDBUtils {
* @throws HibernateException
* thrown if a hibernate error occurs
*/
- public static Session getCurrentSession() {
- if (automaticSessionHandling) {
- return sessionFactory.getCurrentSession();
- }
- Session session = (Session) THREAD_LOCAL.get();
- // Open a new Session, if this Thread has none yet
- if (session == null || !session.isConnected()) {
- session = getNewSession();
- }
- return session;
- }
-
- @SuppressWarnings("unchecked")
- public static Session getNewSession() {
- if (automaticSessionHandling) {
- Logger.warn("Session is being automatically handled by hibernate. Therefore this session maybe not being newly created. Use HibernateUtil.getCurrentSession() instead.");
- return sessionFactory.getCurrentSession();
- }
- Session session = (Session) THREAD_LOCAL.get();
- if (session != null) {
- Logger.warn("Previous MOASession session has not been closed; closing session now.");
- closeSession();
- }
- Logger.debug("Opening new MOASession hibernate session...");
- try {
- session = sessionFactory.openSession();
- THREAD_LOCAL.set(session);
- } catch (HibernateException hex) {
- Logger.error(hex.getMessage());
- }
- return session;
- }
-
- /**
- * Closes the current session.
- *
- * @throws HibernateException
- * thrown if session is already closed or a hibernate error
- * occurs.
- */
- @SuppressWarnings("unchecked")
- public static void closeSession() {
- if (automaticSessionHandling) {
- Logger.warn("Session is being automatically handled by hibernate. Therefore the current session cannot be closed on demand.");
- return;
- }
- Logger.debug("Closing current MOASession hibernate session...");
- Session session = (Session) THREAD_LOCAL.get();
- THREAD_LOCAL.set(null);
- if (session != null) {
- try {
- session.close();
-
- } catch (HibernateException hex) {
- Logger.error(hex.getMessage());
- }
- }
+ public Session getCurrentSession() {
+ return sessionFactory.getCurrentSession();
}
- public static boolean saveOrUpdate(Object dbo) throws MOADatabaseException {
- Transaction tx = null;
+ public boolean saveOrUpdate(Object dbo) throws MOADatabaseException {
try {
- Session session = MOASessionDBUtils.getCurrentSession();
-
- synchronized (session) {
- tx = session.beginTransaction();
- session.saveOrUpdate(dbo);
- tx.commit();
- }
- return true;
+ Session session = sessionFactory.getCurrentSession();
+ session.merge(dbo);
+ return true;
} catch(HibernateException e) {
- Logger.warn("Error during MOASession database saveOrUpdate. Rollback.", e);
- if (tx != null)
- tx.rollback();
+ Logger.warn("Error during MOASession database saveOrUpdate.", e);
+
throw new MOADatabaseException(e);
}
}
- public static boolean delete(Object dbo) {
- Transaction tx = null;
+ public boolean delete(Object dbo) {
+
try {
- Session session = MOASessionDBUtils.getCurrentSession();
-
- synchronized (session) {
- tx = session.beginTransaction();
- session.delete(dbo);
- tx.commit();
- }
-
+ Session session = sessionFactory.getCurrentSession();
+ session.delete(dbo);
return true;
} catch(HibernateException e) {
- Logger.warn("Error during MOASession database delete. Rollback.", e);
- if (tx != null)
- tx.rollback();
+ Logger.warn("Error during MOASession database delete. Rollback.");
return false;
}
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java
index 7e031cc76..51bb0eb6d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java
@@ -24,169 +24,65 @@ package at.gv.egovernment.moa.id.commons.db;
import java.util.Properties;
-import org.apache.commons.lang3.StringUtils;
import org.hibernate.HibernateException;
import org.hibernate.Session;
import org.hibernate.SessionFactory;
-import org.hibernate.Transaction;
-import org.hibernate.boot.registry.StandardServiceRegistryBuilder;
import org.hibernate.cfg.Configuration;
-import org.hibernate.service.ServiceRegistry;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.transaction.annotation.Transactional;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.logging.Logger;
-public final class StatisticLogDBUtils {
+@Transactional("statisticLogTransactionManager")
+public class StatisticLogDBUtils {
+
+ private SessionFactory sessionFactory;
- private static SessionFactory sessionFactory;
- private static ServiceRegistry serviceRegistry;
-
- @SuppressWarnings("rawtypes")
- private static final ThreadLocal THREAD_LOCAL_STATISTIC = new ThreadLocal();
- private static boolean automaticSessionHandling = false;
+ @Autowired
+ @Qualifier("statisticLogSessionFactory")
+ public void setstatisticLogSessionFactory(SessionFactory sessionFactory) {
+ this.sessionFactory = sessionFactory;
+ }
- private static final String[] AUTOMATIC_SESSION_HANDLING_VALUES = new String[] { "jta", "thread" };
- private static final String SESSION_HANDLING_KEY = "hibernate.current_session_context_class";
-
- protected StatisticLogDBUtils() { }
public static void initHibernate(Configuration config, Properties hibernateProperties) {
- String scm = StringUtils.trimToNull(hibernateProperties.getProperty(SESSION_HANDLING_KEY));
- if (scm != null) {
- automaticSessionHandling = scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[0]) != -1 || scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[1]) != -1;
- }
- Logger.debug("Evaluating hibernate property \"" + SESSION_HANDLING_KEY + "\".");
- if (automaticSessionHandling) {
- Logger.info("Hibernate is automatically handling session context management.");
- } else {
- Logger.info("Hibernate is NOT automatically handling session context management. Using build-in ThreadLocal session handling.");
- }
- try {
- //Create the SessionFactory
- Logger.debug("Creating initial StatisicLogger session factory...");
-
- config.configure("hibernate_statistic.cfg.xml");
- //serviceRegistry = new ServiceRegistryBuilder().applySettings(config.getProperties()).buildServiceRegistry();
-
- serviceRegistry = new StandardServiceRegistryBuilder().
- applySettings(config.getProperties()).build();
-
- sessionFactory = config.buildSessionFactory(serviceRegistry);
- Logger.debug("Initial StatisicLogger session factory successfully created.");
-
- } catch (Throwable ex) {
- Logger.error("Initial StatisicLogger session factory creation failed: " + ex.getMessage());
- throw new ExceptionInInitializerError(ex);
- }
- }
-
- /**
- * Checks if a session factory is currently available. If necessary a new
- * session factory is created.
- *
- * @return current (or new) session factory
- * @throws HibernateException
- * thrown if a hibernate error occurs
- */
- public static Session getCurrentSession() {
- if (automaticSessionHandling) {
- return sessionFactory.getCurrentSession();
- }
- Session session = (Session) THREAD_LOCAL_STATISTIC.get();
- // Open a new Session, if this Thread has none yet
- if (session == null || !session.isConnected()) {
- session = getNewSession();
- }
- return session;
}
- @SuppressWarnings("unchecked")
- public static Session getNewSession() {
- if (automaticSessionHandling) {
- Logger.warn("Session is being automatically handled by hibernate. Therefore this session maybe not being newly created. Use HibernateUtil.getCurrentSession() instead.");
- return sessionFactory.getCurrentSession();
- }
- Session session = (Session) THREAD_LOCAL_STATISTIC.get();
- if (session != null) {
- Logger.warn("Previous StatisicLogger session has not been closed; closing session now.");
- closeSession();
- }
- Logger.debug("Opening new StatisicLogger hibernate session...");
- try {
- session = sessionFactory.openSession();
- THREAD_LOCAL_STATISTIC.set(session);
- } catch (HibernateException hex) {
- Logger.error(hex.getMessage());
- }
- return session;
- }
-
- /**
- * Closes the current session.
- *
- * @throws HibernateException
- * thrown if session is already closed or a hibernate error
- * occurs.
- */
- @SuppressWarnings("unchecked")
- public static void closeSession() {
- if (automaticSessionHandling) {
- Logger.warn("Session is being automatically handled by hibernate. Therefore the current session cannot be closed on demand.");
- return;
- }
- Logger.debug("Closing current StatisicLogger hibernate session...");
- Session session = (Session) THREAD_LOCAL_STATISTIC.get();
- THREAD_LOCAL_STATISTIC.set(null);
- if (session != null) {
- try {
- session.close();
-
- } catch (HibernateException hex) {
- Logger.error(hex.getMessage());
- }
- }
- }
-
- public static boolean saveOrUpdate(Object dbo) throws MOADatabaseException {
- Transaction tx = null;
- try {
- Session session = StatisticLogDBUtils.getCurrentSession();
-
- synchronized (session) {
- tx = session.beginTransaction();
- session.saveOrUpdate(dbo);
- tx.commit();
- }
-
- Logger.info("Insert advanced statistic log entry into database");
- return true;
-
- } catch(HibernateException e) {
- Logger.warn("Error during StatisicLogger database saveOrUpdate. Rollback.", e);
- tx.rollback();
- throw new MOADatabaseException(e);
- }
- }
+ public boolean saveOrUpdate(Object dbo) throws MOADatabaseException {
- public static boolean delete(Object dbo) {
- Transaction tx = null;
- try {
- Session session = StatisticLogDBUtils.getCurrentSession();
-
- synchronized (session) {
- tx = session.beginTransaction();
- session.delete(dbo);
- tx.commit();
- }
-
- return true;
+ try {
+ Session session = sessionFactory.getCurrentSession();
+ session.saveOrUpdate(dbo);
+ //session.persist(dbo);
+ return true;
} catch(HibernateException e) {
- Logger.warn("Error during StatisicLogger database delete. Rollback.", e);
- tx.rollback();
- return false;
+ Logger.warn("Error during StatisicLogger database saveOrUpdate.", e);
+
+ throw new MOADatabaseException(e);
}
+
}
+
+ public boolean delete(Object dbo) {
+ try {
+ Session session = sessionFactory.getCurrentSession();
+ session.delete(dbo);
+ return true;
+
+ } catch(HibernateException e) {
+ Logger.warn("Error during StatisicLogger database delete. Rollback.");
+ return false;
+ }
+ }
+
+
+ public Session getCurrentSession() {
+ // TODO Auto-generated method stub
+ return sessionFactory.getCurrentSession();
+ }
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java
index 397fd828b..0f76c4e63 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java
@@ -11,29 +11,21 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
-import javax.persistence.Basic;
+
import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.ManyToMany;
import javax.persistence.OneToMany;
-import javax.persistence.Table;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlTransient;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
-import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter;
+
import org.jvnet.jaxb2_commons.lang.Equals;
import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -43,6 +35,8 @@ import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy;
import org.jvnet.jaxb2_commons.locator.ObjectLocator;
import org.jvnet.jaxb2_commons.locator.util.LocatorUtils;
+import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter;
+
/**
* <p>Java class for anonymous complex type.
@@ -110,6 +104,9 @@ public class OASTORK
@XmlAttribute(name = "Hjid")
protected Long hjid;
+ @XmlTransient
+ protected String eIDAS_LOA = null;
+
/**
* Gets the value of the storkLogonEnabled property.
*
@@ -162,7 +159,23 @@ public class OASTORK
this.qaa = value;
}
+
+
/**
+ * @return the eIDAS_LOA
+ */
+ public String geteIDAS_LOA() {
+ return eIDAS_LOA;
+ }
+
+ /**
+ * @param eIDAS_LOA the eIDAS_LOA to set
+ */
+ public void seteIDAS_LOA(String eIDAS_LOA) {
+ this.eIDAS_LOA = eIDAS_LOA;
+ }
+
+ /**
* Gets the value of the oaAttributes property.
*
* <p>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java
index 59b300e95..bcd159702 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java
@@ -11,25 +11,18 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
-import javax.persistence.Basic;
+
import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.OneToMany;
-import javax.persistence.Table;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlTransient;
import javax.xml.bind.annotation.XmlType;
+
import org.jvnet.jaxb2_commons.lang.Equals;
import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -94,6 +87,9 @@ public class STORK
@XmlAttribute(name = "Hjid")
protected Long hjid;
+ @XmlTransient
+ protected String general_eIDAS_LOA = null;
+
/**
* Gets the value of the cpeps property.
*
@@ -257,7 +253,21 @@ public class STORK
this.hjid = value;
}
- public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) {
+ /**
+ * @return the general_eIDAS_LOA
+ */
+ public String getGeneral_eIDAS_LOA() {
+ return general_eIDAS_LOA;
+ }
+
+ /**
+ * @param general_eIDAS_LOA the general_eIDAS_LOA to set
+ */
+ public void setGeneral_eIDAS_LOA(String general_eIDAS_LOA) {
+ this.general_eIDAS_LOA = general_eIDAS_LOA;
+ }
+
+ public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) {
if (!(object instanceof STORK)) {
return false;
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
index 46683a928..4c6cd16c0 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
@@ -37,6 +37,8 @@ import javax.persistence.Table;
import org.hibernate.annotations.DynamicUpdate;
+import com.fasterxml.jackson.annotation.JsonCreator;
+
@Entity
@@ -48,11 +50,22 @@ import org.hibernate.annotations.DynamicUpdate;
})
public class AssertionStore implements Serializable{
+ /**
+ *
+ */
+ private static final long serialVersionUID = 2804964892915004185L;
+
+
+
+ @JsonCreator
+ public AssertionStore(){
+
+ }
+
- private static final long serialVersionUID = 1L;
@Id
- @GeneratedValue(strategy = GenerationType.AUTO)
+ @GeneratedValue(strategy = GenerationType.AUTO)
@Column(name = "id", unique=true, nullable=false)
private long id;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
index 128dd79df..eeaf03544 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
@@ -59,7 +59,9 @@ import org.hibernate.annotations.DynamicUpdate;
@NamedQuery(name="getMOASessionWithNameIDandOAID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.oaurlprefix = :oaID and activeOAsessions.userNameID = :nameID"),
@NamedQuery(name="getInterfederatedIDPForAttributeQueryWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is false and authenticatedsessionstore.sessionid = :sessionID"),
@NamedQuery(name="getInterfederatedIDPForSSOWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and inderfederations.storeSSOInformation is true and authenticatedsessionstore.sessionid = :sessionID order by inderfederations.QAALevel DESC"),
- @NamedQuery(name="getInterfederatedIDPForSSOWithSessionIDIDPID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID and inderfederations.idpurlprefix = :idpID")
+ @NamedQuery(name="getInterfederatedIDPForSSOWithSessionIDIDPID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID and inderfederations.idpurlprefix = :idpID"),
+ @NamedQuery(name="getAllActiveOAsForSessionID", query = "select activeOAsessions from AuthenticatedSessionStore authenticatedsessionstore join authenticatedsessionstore.activeOAsessions activeOAsessions where authenticatedsessionstore.sessionid = :sessionID "),
+ @NamedQuery(name="getAllActiveIDPsForSessionID", query = "select inderfederation from AuthenticatedSessionStore authenticatedsessionstore join authenticatedsessionstore.inderfederation inderfederation where authenticatedsessionstore.sessionid = :sessionID ")
})
public class AuthenticatedSessionStore implements Serializable{
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
index 97f26812f..ba48f8caf 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
@@ -39,7 +39,7 @@ import org.hibernate.annotations.DynamicUpdate;
@Entity
-@DynamicUpdate(value=true)
+//@DynamicUpdate(value=true)
@Table(name = "statisticlog")
@NamedQueries({
@NamedQuery(name="getAllEntriesNotBeforeTimeStamp", query = "select statisiclog from StatisticLog statisiclog where statisiclog.timestamp > :timeout")
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
index 2ade63c1c..142e9a23a 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -22,15 +22,12 @@
*/
package at.gv.egovernment.moa.id.commons.utils;
-import iaik.pki.PKIException;
-
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
-import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import org.apache.commons.httpclient.ConnectTimeoutException;
@@ -39,7 +36,7 @@ import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
-import at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils;
+import iaik.pki.PKIException;
/**
* @author tlenz
@@ -62,7 +59,7 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
super();
try {
- this.sslfactory = SSLUtils.getSSLSocketFactory(
+ this.sslfactory = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
url,
certStoreRootDirParam,
trustStoreURL,
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
index 00e750f58..d65cea08c 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
@@ -46,14 +46,16 @@
package at.gv.egovernment.moa.id.commons.utils.ssl;
+import java.io.File;
+import java.util.Collections;
+import java.util.Set;
+
import at.gv.egovernment.moa.logging.Logger;
import iaik.pki.store.certstore.CertStoreConfiguration;
import iaik.pki.store.certstore.CertStoreParameters;
import iaik.pki.store.certstore.CertStoreTypes;
import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
-import java.io.File;
-
/**
* Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
*
@@ -128,7 +130,7 @@ public class CertStoreConfigurationImpl extends ObservableImpl
* @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
*/
public boolean createNew() {
- return false;
+ return true;
}
/**
@@ -153,4 +155,14 @@ public class CertStoreConfigurationImpl extends ObservableImpl
return CertStoreTypes.DIRECTORY;
}
+ /* (non-Javadoc)
+ * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getVirtualStores()
+ */
+ @Override
+ public Set getVirtualStores() {
+ //TODO: only for Testing and not complete !!!Ask Harald !!!!
+ return Collections.EMPTY_SET;
+
+ }
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
index eaef3f1d4..e0304f928 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
@@ -57,9 +57,14 @@ import java.util.ArrayList;
import java.util.List;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.logging.LoggingContext;
-import at.gv.egovernment.moa.logging.LoggingContextManager;
-
+import at.gv.egovernment.moaspss.logging.LoggingContext;
+import at.gv.egovernment.moaspss.logging.LoggingContextManager;
+import iaik.logging.TransactionId;
+import iaik.logging.impl.TransactionIdImpl;
+import iaik.pki.PKIConfiguration;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
+import iaik.pki.PKIProfile;
import iaik.pki.jsse.IAIKX509TrustManager;
/**
@@ -95,14 +100,14 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
* Fixes a bug occuring in the case MOA-SP is called by API.
* In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP.
* This method must be called before a MOAIDTrustManager is constructed,
- * from every thread.
- */
+ * from every thread.
+ */
public static void initializeLoggingContext() {
if (LoggingContextManager.getInstance().getLoggingContext() == null)
LoggingContextManager.getInstance().setLoggingContext(
new LoggingContext(Thread.currentThread().getName()));
}
-
+
/**
* Builds an Array of accepted server certificates from an URL,
@@ -161,4 +166,36 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
{
return true;
}
+
+ public void init(PKIConfiguration pkiConfig, PKIProfile pkiProfile) throws PKIException {
+ if (pkiProfile == null) {
+ throw new NullPointerException("pkiConfig parameter must not be null");
+
+ }
+
+ TransactionId tid = new TransactionIdImpl("Init");
+ log_.info(tid, "Setting up IAIKX509TrustManager", null);
+ if (pkiConfig != null) {
+ PKIFactory.getInstance().configure(pkiConfig, tid);
+// log_.info(tid, "Registering LDAP protocol handler", null);
+// String protocolHandlers =
+// System.getProperty("java.protocol.handler.pkgs");
+// if (protocolHandlers == null) {
+// protocolHandlers = "iaik.pki";
+//
+// } else {
+// protocolHandlers = protocolHandlers + "|iaik.pki";
+//
+// }
+//
+// System.setProperty("java.protocol.handler.pkgs", protocolHandlers);
+// log_.info(tid, "Registered protocol handlers: " + protocolHandlers, null);
+
+ }
+
+ pkiProfile_ = pkiProfile;
+ pkiFactory_ = PKIFactory.getInstance();
+ initialized_ = true;
+ }
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
index 5d8c7a54e..3eb4707c8 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
@@ -60,6 +60,10 @@ import iaik.pki.store.revocation.archive.ArchiveConfiguration;
* @version $Id$
*/
public class PKIConfigurationImpl implements PKIConfiguration {
+
+ private static final int TIMEOUT_READ = 60; //[sec]
+ private static final int TIMEOUT_CONNECTION = 60; //[sec]
+
/** The configuration for the CertStore */
private CertStoreConfiguration certStoreConfiguration;
/** The configuration for the RevocationChecks */
@@ -108,11 +112,19 @@ public class PKIConfigurationImpl implements PKIConfiguration {
}
/* (non-Javadoc)
- * @see iaik.pki.PKIConfiguration#getTimeout()
+ * @see iaik.pki.PKIConfiguration#getConnectTimeout()
*/
- public int getTimeout() {
- // TODO Auto-generated method stub
- return 0;
+@Override
+public int getConnectTimeout() {
+ return TIMEOUT_CONNECTION * 1000;
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.PKIConfiguration#getReadTimeout()
+ */
+@Override
+public int getReadTimeout() {
+ return TIMEOUT_READ * 1000;
}
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
index 59994a257..a34fa9b8b 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
@@ -96,13 +96,6 @@ public class PKIProfileImpl extends ObservableImpl
}
/**
- * @see iaik.pki.PKIProfile#autoAddCertificates()
- */
- public boolean autoAddCertificates() {
- return true;
- }
-
- /**
* @see iaik.pki.PKIProfile#getRevocationProfile()
*/
public RevocationProfile getRevocationProfile() {
@@ -227,4 +220,22 @@ public class PKIProfileImpl extends ObservableImpl
public void setId(String id) {
this.id = id;
}
+
+/* (non-Javadoc)
+ * @see iaik.pki.PKIProfile#autoAddCertificates()
+ */
+@Override
+public int autoAddCertificates() {
+ //TODO: ask harald!!!!!
+ return 1;
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.PKIProfile#getIndirectRevocationTrustStoreProfile()
+ */
+@Override
+public TrustStoreProfile getIndirectRevocationTrustStoreProfile() {
+ //TODO: ask harald!!!!!
+ return null;
+}
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
index b5e0543db..449f77209 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
@@ -46,13 +46,14 @@
package at.gv.egovernment.moa.id.commons.utils.ssl;
-import iaik.pki.revocation.RevocationConfiguration;
-
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Set;
+import iaik.pki.revocation.RevocationConfiguration;
+import iaik.pki.revocation.dbcrl.config.DBCrlConfig;
+
/**
* Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
* @author Paul Ivancsics
@@ -81,4 +82,43 @@ public class RevocationConfigurationImpl extends ObservableImpl implements Revoc
return null;
}
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#getKeepRevocationInfo()
+ */
+@Override
+public boolean getKeepRevocationInfo() {
+ return false;
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#getPositiveOCSPResponders()
+ */
+@Override
+public Set getPositiveOCSPResponders() {
+
+// //TODO: !!!!! ASK Harald !!!!!
+// Map<String, String> test = new HashMap<String, String>();
+// test.put("ALL", "ALL");
+// return test.keySet();
+
+ return Collections.EMPTY_SET;
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#skipIndirectCRLCheckForAlternativeDistributionPoints()
+ */
+@Override
+public boolean skipIndirectCRLCheckForAlternativeDistributionPoints() {
+ //TODO: !!!!! ASK Harald !!!!!
+ return false;
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#getDataBaseCRLConfig()
+ */
+@Override
+public DBCrlConfig getDataBaseCRLConfig() {
+ return null;
+}
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index 68437a04d..6fa4595d8 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -46,25 +46,27 @@
package at.gv.egovernment.moa.id.commons.utils.ssl;
-import iaik.pki.PKIConfiguration;
-import iaik.pki.PKIException;
-import iaik.pki.PKIFactory;
-import iaik.pki.PKIProfile;
-import iaik.pki.jsse.IAIKX509TrustManager;
-import iaik.security.provider.IAIK;
-
import java.io.IOException;
import java.security.GeneralSecurityException;
+import java.security.KeyStore;
import java.security.Security;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+import iaik.pki.PKIConfiguration;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
+import iaik.pki.PKIProfile;
+//import iaik.pki.jsse.IAIKX509TrustManager;
+import iaik.security.provider.IAIK;
/**
@@ -136,7 +138,7 @@ public class SSLUtils {
acceptedServerCertURL,
checkRevocation);
- KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
+ KeyManager[] kms = getKeyManagers(
clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(kms, tms, null);
@@ -154,6 +156,68 @@ public class SSLUtils {
}
/**
+ * Loads the client key store from file and gets the
+ * <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
+ * initialized from the given client key store.
+ * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
+ * @param clientKeyStoreURL URL of key store containing keys to be used for
+ * client authentication; if <code>null</code>, the default key store will be utilized
+ * @param clientKeyStorePassword password used to check the integrity of the client key store;
+ * if <code>null</code>, it will not be checked
+ * @return <code>KeyManager</code>s to be used for creating an
+ * <code>SSLSocketFactory</code> utilizing the given client key store
+ * @throws IOException thrown while reading from the key store file
+ * @throws GeneralSecurityException thrown while initializing the
+ * default <code>KeyManagerFactory</code>
+ */
+ public static KeyManager[] getKeyManagers (
+ String clientKeyStoreType,
+ String clientKeyStoreURL,
+ String clientKeyStorePassword)
+ throws IOException, GeneralSecurityException {
+
+ if (clientKeyStoreURL == null)
+ return null;
+
+ // Set up the KeyStore to use. We need to load the file into
+ // a KeyStore instance.
+ KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore(
+ clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
+ return getKeyManagers(clientKeyStore, clientKeyStorePassword);
+ }
+ /**
+ * Gets the <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
+ * initialized from the given client key store.
+ * @param clientKeyStore client key store
+ * @param clientKeyStorePassword if provided, it will be used to check
+ * the integrity of the client key store; if omitted, it will not be checked
+ * @return <code>KeyManager</code>s to be used for creating an
+ * <code>SSLSocketFactory</code> utilizing the given client key store
+ * @throws GeneralSecurityException thrown while initializing the
+ * default <code>KeyManagerFactory</code>
+ */
+ public static KeyManager[] getKeyManagers (
+ KeyStore clientKeyStore,
+ String clientKeyStorePassword)
+ throws GeneralSecurityException {
+
+ if (clientKeyStore == null)
+ return null;
+
+ // Now we initialize the default KeyManagerFactory with this KeyStore
+ String alg=KeyManagerFactory.getDefaultAlgorithm();
+ KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg);
+ char[] password = null;
+ if (clientKeyStorePassword != null)
+ password = clientKeyStorePassword.toCharArray();
+ kmFact.init(clientKeyStore, password);
+
+ // And now get the KeyManagers
+ KeyManager[] kms=kmFact.getKeyManagers();
+ return kms;
+ }
+
+ /**
* Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
* using configuration data.
*
@@ -178,7 +242,7 @@ public class SSLUtils {
// initialized by the MOA-SP initialization code, in case
// MOA-SP is called by API
MOAIDTrustManager.initializeLoggingContext();
- IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
+ MOAIDTrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
tm.init(cfg, profile);
return new TrustManager[] {tm};
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java
deleted file mode 100644
index 51667f010..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.logging;
-
-/**
- * A unified message type to log messages from inside the MOA subsystem.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class LogMsg {
- /** The message to log. */
- private Object message;
-
- /**
- * Create a <code>LogMsg</code> object.
- *
- * @param message The actual message to log. May be <code>null</code>.
- */
- public LogMsg(Object message) {
- this.message = message;
- }
-
- /**
- * Convert this log message to a <code>String</code>.
- *
- * @return The <code>String</code> representation of this log message.
- */
- public String toString() {
- StringBuffer msg = new StringBuffer();
- LoggingContext ctx =
- LoggingContextManager.getInstance().getLoggingContext();
- String tid = ctx != null ? ctx.getTransactionID() : null;
- String nodeId = ctx != null ? ctx.getNodeID() : null;
-
- msg.append("TID=");
- msg.append(tid != null ? tid : "<null>");
- msg.append(" NID=");
- msg.append(nodeId != null ? nodeId : "<null>");
- msg.append(" MSG=");
- msg.append(message != null ? message.toString() : "<null>");
-
- return msg.toString();
- }
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java
deleted file mode 100644
index db4b93a0b..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.logging;
-
-/**
- * Encapsulates contextual information (i.e. per request information) for
- * logging purposes.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class LoggingContext {
- /** The name of the node ID system property. */
- public static final String NODE_ID_PROPERTY = "moa.node-id";
-
- /** The current transaction ID. */
- private String transactionID;
- /** The node ID. */
- private String nodeID;
-
- /**
- * Create a new <code>LoggingContext</code>.
- *
- * @param transactionID The transaction ID. May be <code>null</code>.
- */
- public LoggingContext(String transactionID) {
- this.transactionID = transactionID;
- this.nodeID = System.getProperty(NODE_ID_PROPERTY);
- }
-
- /**
- * Return the transaction ID.
- *
- * @return The transaction ID.
- */
- public String getTransactionID() {
- return transactionID;
- }
-
- /**
- * Return the node ID.
- *
- * @return The node ID.
- */
- public String getNodeID() {
- return nodeID;
- }
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java
deleted file mode 100644
index f0d7b4c07..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.logging;
-
-/**
- * Provides each thread with a single instance of <code>LoggingContext</code>.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class LoggingContextManager {
- /** The single instance of this class. */
- private static LoggingContextManager instance = null;
-
- /** The <code>LoggingContext</code> for each thread. */
- private ThreadLocal context;
-
- /**
- * Get the single instance of the <code>LoggingContextManager</code> class.
- *
- * @return LoggingContextManager The single instance.
- */
- public static synchronized LoggingContextManager getInstance() {
- if (instance == null) {
- instance = new LoggingContextManager();
- }
- return instance;
- }
-
- /**
- * Creates a new <code>LoggingContextManager</code>.
- *
- * Protected to disallow direct instantiation.
- */
- protected LoggingContextManager() {
- context = new ThreadLocal();
- }
-
- /**
- * Set the <code>LoggingContext</code> context for the current thread.
- *
- * @param ctx The <code>LoggingContext</code> for the current thread.
- */
- public void setLoggingContext(LoggingContext ctx) {
- context.set(ctx);
- }
-
- /**
- * Return the <code>LoggingContext</code> for the current thread.
- *
- * @return LoggingContext The <code>LoggingContext</code> for the current
- * thread, or <code>null</code> if none has been set.
- */
- public LoggingContext getLoggingContext() {
- return (LoggingContext) context.get();
- }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
index 5a5f4edac..260b2ecb1 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -24,7 +24,10 @@
package at.gv.egovernment.moa.util;
+import java.util.Collections;
import java.util.HashMap;
+import java.util.Map;
+
/**
* Contains various constants used throughout the system.
@@ -509,6 +512,14 @@ public interface Constants {
/**
* A map used to map namespace prefixes to namespace URIs
*/
- public static HashMap<String, String> nSMap = new HashMap<String, String>(5);
+ public static final Map<String, String> nSMap = Collections.unmodifiableMap(new HashMap<String, String>(){
+ private static final long serialVersionUID = 3845384324295136490L;
+ {
+ put(Constants.SAML_PREFIX, Constants.SAML_NS_URI);
+ put(Constants.ECDSA_PREFIX, "http://www.w3.org/2001/04/xmldsig-more#");
+ put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+ }
+ });
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java
index 8f3ffd4c6..b1a3f8446 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java
@@ -31,7 +31,6 @@ import org.apache.xerces.util.URI.MalformedURIException;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
-import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -72,7 +71,7 @@ public class MOAEntityResolver implements EntityResolver {
if (Logger.isDebugEnabled()) {
Logger.debug(
- new LogMsg("resolveEntity: p=" + publicId + " s=" + systemId));
+ new at.gv.egovernment.moaspss.logging.LogMsg("resolveEntity: p=" + publicId + " s=" + systemId));
}
if (publicId != null) {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java
index 3769b264d..ea71a677f 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java
@@ -28,8 +28,8 @@ import org.apache.xml.utils.DefaultErrorHandler;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
-import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moaspss.logging.LogMsg;
/**
* An <code>ErrorHandler</code> that logs a message and throws a
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java
deleted file mode 100644
index c2c67ec58..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java
+++ /dev/null
@@ -1,244 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
-
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-
-/**
- * Utility for connecting to server applications via SSL.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SSLUtils {
-
- /**
- * Creates an <code>SSLSocketFactory</code> which utilizes the given trust store.
- *
- * @param trustStoreType key store type of trust store
- * @param trustStoreInputStream input stream for reading JKS trust store containing
- * trusted server certificates; if <code>null</code>, the default
- * trust store will be utilized
- * @param trustStorePassword if provided, it will be used to check
- * the integrity of the trust store; if omitted, it will not be checked
- * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
- * @throws IOException thrown while reading from the input stream
- * @throws GeneralSecurityException thrown while creating the socket factory
- */
- public static SSLSocketFactory getSSLSocketFactory(
- String trustStoreType,
- InputStream trustStoreInputStream,
- String trustStorePassword)
- throws IOException, GeneralSecurityException {
-
- TrustManager[] tms = getTrustManagers(trustStoreType, trustStoreInputStream, trustStorePassword);
- SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(null, tms, null);
-
- SSLSocketFactory sf = ctx.getSocketFactory();
- return sf;
- }
- /**
- * Creates an <code>SSLSocketFactory</code> which utilizes the
- * given trust store and keystore.
- *
- * @param trustStore trust store containing trusted server certificates;
- * if <code>null</code>, the default trust store will be utilized
- * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
- * @param clientKeyStoreURL URL of key store containing keys to be used for
- * client authentication; if <code>null</code>, the default key store will be utilized
- * @param clientKeyStorePassword if provided, it will be used to check
- * the integrity of the client key store; if omitted, it will not be checked
- * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
- * @throws IOException thrown while reading key store file
- * @throws GeneralSecurityException thrown while creating the socket factory
- */
- public static SSLSocketFactory getSSLSocketFactory(
- KeyStore trustStore,
- String clientKeyStoreType,
- String clientKeyStoreURL,
- String clientKeyStorePassword)
- throws IOException, GeneralSecurityException {
-
- SSLContext ctx = getSSLContext(
- trustStore, clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
- SSLSocketFactory sf = ctx.getSocketFactory();
- return sf;
- }
- /**
- * Creates an <code>SSLContext</code> initialized for the
- * given trust store and keystore.
- *
- * @param trustStore trust store containing trusted server certificates;
- * if <code>null</code>, the default trust store will be utilized
- * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
- * @param clientKeyStoreURL URL of key store containing keys to be used for
- * client authentication; if <code>null</code>, the default key store will be utilized
- * @param clientKeyStorePassword if provided, it will be used to check
- * the integrity of the client key store; if omitted, it will not be checked
- * @return <code>SSLContext</code> to be used for creating an <code>SSLSocketFactory</code>
- * @throws IOException thrown while reading key store file
- * @throws GeneralSecurityException thrown while creating the SSL context
- */
- public static SSLContext getSSLContext(
- KeyStore trustStore,
- String clientKeyStoreType,
- String clientKeyStoreURL,
- String clientKeyStorePassword)
- throws IOException, GeneralSecurityException {
-
- TrustManager[] tms = getTrustManagers(trustStore);
- KeyManager[] kms = getKeyManagers(clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
- SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(kms, tms, null);
- return ctx;
- }
- /**
- * Loads the trust store from an input stream and gets the
- * <code>TrustManager</code>s from a default <code>TrustManagerFactory</code>,
- * initialized from the given trust store.
- * @param trustStoreType key store type of trust store
- * @param trustStoreInputStream input stream for reading JKS trust store containing
- * trusted server certificates; if <code>null</code>, the default
- * trust store will be utilized
- * @param trustStorePassword if provided, it will be used to check
- * the integrity of the trust store; if omitted, it will not be checked
- * @return <code>TrustManager</code>s to be used for creating an
- * <code>SSLSocketFactory</code> utilizing the given trust store
- * @throws IOException thrown while reading from the input stream
- * @throws GeneralSecurityException thrown while initializing the
- * default <code>TrustManagerFactory</code>
- */
- protected static TrustManager[] getTrustManagers(
- String trustStoreType,
- InputStream trustStoreInputStream,
- String trustStorePassword)
- throws IOException, GeneralSecurityException {
-
- if (trustStoreInputStream == null)
- return null;
-
- // Set up the TrustStore to use. We need to load the file into
- // a KeyStore instance.
- KeyStore trustStore = KeyStoreUtils.loadKeyStore(trustStoreType, trustStoreInputStream, trustStorePassword);
- return getTrustManagers(trustStore);
- }
- /**
- * Gets the <code>TrustManager</code>s from a default <code>TrustManagerFactory</code>,
- * initialized from the given trust store.
- *
- * @param trustStore the trust store to use
- * @return <code>TrustManager</code>s to be used for creating an
- * <code>SSLSocketFactory</code> utilizing the given trust store
- * @throws GeneralSecurityException thrown while initializing the
- * default <code>TrustManagerFactory</code>
- */
- protected static TrustManager[] getTrustManagers(KeyStore trustStore)
- throws GeneralSecurityException {
-
- if (trustStore == null)
- return null;
-
- // Initialize the default TrustManagerFactory with this KeyStore
- String alg=TrustManagerFactory.getDefaultAlgorithm();
- TrustManagerFactory tmFact=TrustManagerFactory.getInstance(alg);
- tmFact.init(trustStore);
-
- // And now get the TrustManagers
- TrustManager[] tms=tmFact.getTrustManagers();
- return tms;
- }
- /**
- * Loads the client key store from file and gets the
- * <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
- * initialized from the given client key store.
- * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
- * @param clientKeyStoreURL URL of key store containing keys to be used for
- * client authentication; if <code>null</code>, the default key store will be utilized
- * @param clientKeyStorePassword password used to check the integrity of the client key store;
- * if <code>null</code>, it will not be checked
- * @return <code>KeyManager</code>s to be used for creating an
- * <code>SSLSocketFactory</code> utilizing the given client key store
- * @throws IOException thrown while reading from the key store file
- * @throws GeneralSecurityException thrown while initializing the
- * default <code>KeyManagerFactory</code>
- */
- public static KeyManager[] getKeyManagers (
- String clientKeyStoreType,
- String clientKeyStoreURL,
- String clientKeyStorePassword)
- throws IOException, GeneralSecurityException {
-
- if (clientKeyStoreURL == null)
- return null;
-
- // Set up the KeyStore to use. We need to load the file into
- // a KeyStore instance.
- KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore(
- clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
- return getKeyManagers(clientKeyStore, clientKeyStorePassword);
- }
- /**
- * Gets the <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
- * initialized from the given client key store.
- * @param clientKeyStore client key store
- * @param clientKeyStorePassword if provided, it will be used to check
- * the integrity of the client key store; if omitted, it will not be checked
- * @return <code>KeyManager</code>s to be used for creating an
- * <code>SSLSocketFactory</code> utilizing the given client key store
- * @throws GeneralSecurityException thrown while initializing the
- * default <code>KeyManagerFactory</code>
- */
- public static KeyManager[] getKeyManagers (
- KeyStore clientKeyStore,
- String clientKeyStorePassword)
- throws GeneralSecurityException {
-
- if (clientKeyStore == null)
- return null;
-
- // Now we initialize the default KeyManagerFactory with this KeyStore
- String alg=KeyManagerFactory.getDefaultAlgorithm();
- KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg);
- char[] password = null;
- if (clientKeyStorePassword != null)
- password = clientKeyStorePassword.toCharArray();
- kmFact.init(clientKeyStore, password);
-
- // And now get the KeyManagers
- KeyManager[] kms=kmFact.getKeyManagers();
- return kms;
- }
-}
diff --git a/id/server/moa-id-commons/src/main/resources/META-INF/persistence.xml b/id/server/moa-id-commons/src/main/resources/META-INF/persistence.xml
deleted file mode 100644
index 9bebfa66f..000000000
--- a/id/server/moa-id-commons/src/main/resources/META-INF/persistence.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<persistence xmlns="http://java.sun.com/xml/ns/persistence"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/persistence
-http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd"
- version="2.0">
-
- <persistence-unit name="config" transaction-type="RESOURCE_LOCAL">
- <provider>org.hibernate.ejb.HibernatePersistence</provider>
- <class>at.gv.egovernment.moa.id.commons.db.dao.config.ConfigProperty</class>
- <!-- <class>at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase</class> -->
- <properties>
- </properties>
- </persistence-unit>
-
-</persistence> \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/resources/configuration.beans.xml b/id/server/moa-id-commons/src/main/resources/configuration.beans.xml
index 4d3caea8c..b97b1c88b 100644
--- a/id/server/moa-id-commons/src/main/resources/configuration.beans.xml
+++ b/id/server/moa-id-commons/src/main/resources/configuration.beans.xml
@@ -17,6 +17,7 @@
<bean id="moaidconfig" class="at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfigurationImpl" />
<bean name="config" id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+ <property name="packagesToScan" value="at.gv.egovernment.moa.id.commons.db.dao.config" />
<property name="dataSource" ref="dataSource" />
<property name="jpaVendorAdapter" ref="jpaVendorAdapter" />
<property name="persistenceUnitName" value="config" />
diff --git a/id/server/moa-id-commons/src/main/resources/hibernate_moasession.cfg.xml b/id/server/moa-id-commons/src/main/resources/hibernate_moasession.cfg.xml
deleted file mode 100644
index e40c8b8a9..000000000
--- a/id/server/moa-id-commons/src/main/resources/hibernate_moasession.cfg.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!DOCTYPE hibernate-configuration PUBLIC
-"-//Hibernate/Hibernate Configuration DTD 3.0//EN"
-"http://www.hibernate.org/dtd/hibernate-configuration-3.0.dtd">
-
-<hibernate-configuration>
- <session-factory>
- <!-- MOA Session handling mapping files -->
- <mapping class="at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore"/>
- <mapping class="at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore"/>
- <mapping class="at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore"/>
- <mapping class="at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore"/>
- <mapping class="at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore"/>
- </session-factory>
-</hibernate-configuration> \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/resources/hibernate_statistic.cfg.xml b/id/server/moa-id-commons/src/main/resources/hibernate_statistic.cfg.xml
deleted file mode 100644
index aa77a9c67..000000000
--- a/id/server/moa-id-commons/src/main/resources/hibernate_statistic.cfg.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!DOCTYPE hibernate-configuration PUBLIC
-"-//Hibernate/Hibernate Configuration DTD 3.0//EN"
-"http://www.hibernate.org/dtd/hibernate-configuration-3.0.dtd">
-
-<hibernate-configuration>
- <session-factory>
- <!-- MOA advanced statistic handling mapping files -->
- <mapping class="at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog"/>
- </session-factory>
-</hibernate-configuration> \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/resources/statistic.logging.beans.xml b/id/server/moa-id-commons/src/main/resources/statistic.logging.beans.xml
new file mode 100644
index 000000000..5f80c6439
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/resources/statistic.logging.beans.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans profile="advancedLogOn"
+ xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <context:annotation-config></context:annotation-config>
+ <tx:annotation-driven transaction-manager="statisticLogTransactionManager"/>
+
+ <bean id="statisticLogDataSource" class="org.apache.commons.dbcp2.BasicDataSource" lazy-init="true" destroy-method="close">
+ <aop:scoped-proxy/>
+ <property name="driverClassName" value="${advancedlogging.hibernate.connection.driver_class}" />
+ <property name="url" value="${advancedlogging.hibernate.connection.url}"/>
+ <property name="username" value="${advancedlogging.hibernate.connection.username}" />
+ <property name="password" value="${advancedlogging.hibernate.connection.password}" />
+
+ <property name="connectionProperties" value="${advancedlogging.dbcp.connectionProperties}" />
+ <property name="initialSize" value="${advancedlogging.dbcp.initialSize}" />
+ <property name="maxTotal" value="${advancedlogging.dbcp.maxActive}" />
+ <property name="maxIdle" value="${advancedlogging.dbcp.maxIdle}" />
+ <property name="minIdle" value="${advancedlogging.dbcp.minIdle}" />
+ <!-- property name="maxWait" value="${moasession.dbcp.maxWaitMillis}" / -->
+ <property name="testOnBorrow" value="${advancedlogging.dbcp.testOnBorrow}" />
+ <property name="testOnReturn" value="${advancedlogging.dbcp.testOnReturn}" />
+ <property name="testWhileIdle" value="${advancedlogging.dbcp.testWhileIdle}" />
+ <property name="validationQuery" value="${advancedlogging.dbcp.validationQuery}" />
+ </bean>
+
+ <bean id="statisticLogSessionFactory" class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
+ <property name="dataSource" ref="statisticLogDataSource"/>
+ <property name="packagesToScan" value="at.gv.egovernment.moa.id.commons.db.dao.statistic" />
+ <property name="hibernateProperties">
+
+ <props>
+ <prop key="hibernate.dialect">${advancedlogging.hibernate.dialect}</prop>
+ <prop key="hibernate.show_sql">${advancedlogging.hibernate.show_sql}</prop>
+ <prop key="hibernate.hbm2ddl.auto">${advancedlogging.hibernate.hbm2ddl.auto}</prop>
+ <prop key="current_session_context_class">${advancedlogging.hibernate.current_session_context_class}</prop>
+ <prop key="hibernate.transaction.flush_before_completion">${advancedlogging.hibernate.transaction.flush_before_completion}</prop>
+ <prop key="hibernate.transaction.auto_close_session">${advancedlogging.hibernate.transaction.auto_close_session}</prop>
+ </props>
+ </property>
+ </bean>
+
+
+ <bean id="statisticLogDBUtils" class="at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils">
+ </bean>
+
+ <bean name="statisticLogTransactionManager" id="statisticLogTransactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
+ <property name="entityManagerFactory" ref="statistic" />
+ </bean>
+
+ <bean id="statisticJpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
+ <property name="showSql" value="${advancedlogging.hibernate.show_sql}" />
+ <property name="generateDdl" value="${advancedlogging.jpaVendorAdapter.generateDdl}" />
+ <property name="databasePlatform" value="${advancedlogging.hibernate.dialect}" />
+ </bean>
+
+ <bean name="statistic" id="statistic" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+ <property name="dataSource" ref="statisticLogDataSource" />
+ <property name="jpaVendorAdapter" ref="statisticJpaVendorAdapter" />
+ <property name="packagesToScan" value="at.gv.egovernment.moa.id.commons.db.dao.statistic" />
+ <property name="persistenceUnitName" value="statistic" />
+ </bean>
+
+
+
+</beans> \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
index c0a93bf03..df4fe807f 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
@@ -34,7 +34,7 @@ import junit.framework.TestSuite;
*/
public class AllTests {
- public static Test suite() {
+ public static Test suite() {
TestSuite suite = new TestSuite();
// suite.addTestSuite(DOMUtilsTest.class);
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java
deleted file mode 100644
index 2b5094fb8..000000000
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java
+++ /dev/null
@@ -1,181 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package test.at.gv.egovernment.moa.util;
-
-import java.net.URL;
-import java.security.KeyStore;
-import java.security.Security;
-
-import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLSocketFactory;
-
-import junit.framework.TestCase;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-import at.gv.egovernment.moa.util.SSLUtils;
-
-import com.sun.net.ssl.HostnameVerifier;
-import com.sun.net.ssl.HttpsURLConnection;
-
-/**
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SSLUtilsTest extends TestCase {
-
- public SSLUtilsTest(String arg0) {
- super(arg0);
- }
-
-
- protected void setUp() throws Exception {
- //System.setProperty("javax.net.debug", "all");
- Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
- System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
- System.setProperty("https.cipherSuites", "SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5");
- }
-
- public void testGetSSLSocketFactoryBaltimoreOK() throws Exception {
- doTestGetSSLSocketFactory(
- "GET",
- "https://www.baltimore.com/",
- false,
- "file:data/test/security/cacerts+gt_cybertrust_root",
- "changeit",
- true);
- }
- public void testGetSSLSocketFactoryBaltimoreNOK() throws Exception {
- doTestGetSSLSocketFactory(
- "GET",
- "https://www.baltimore.com/",
- false,
- "file:data/test/security/cacerts",
- "changeit",
- false);
- }
- public void testGetSSLSocketFactoryVerisignOK() throws Exception {
- doTestGetSSLSocketFactory(
- "GET",
- "https://www.verisign.com/",
- false,
- "file:data/test/security/cacerts",
- "changeit",
- true);
- }
- public void testGetSSLSocketFactoryVerisignNoTruststoreOK() throws Exception {
- doTestGetSSLSocketFactory(
- "GET",
- "https://www.verisign.com/",
- false,
- null,
- null,
- true);
- }
- public void testGetSSLSocketFactoryLocalhostOK() throws Exception {
- String urlString = "https://localhost:8443/moa-id-auth/index.jsp";
- doTestGetSSLSocketFactory(
- "GET",
- urlString,
- true,
- "file:data/test/security/server.keystore.tomcat",
- "changeit",
- true);
- }
- public void testGetSSLSocketFactoryLocalhostNOK() throws Exception {
- String urlString = "https://localhost:8443/moa-id-auth/index.jsp";
- doTestGetSSLSocketFactory(
- "GET",
- urlString,
- true,
- null,
- null,
- false);
- }
-
- public void doTestGetSSLSocketFactory(
- String requestMethod,
- String urlString,
- boolean useHostnameVerifierHack,
- String truststoreurl,
- String trustpassword,
- boolean shouldOk
- ) throws Exception {
-
- doTestGetSSLSocketFactory(
- requestMethod, urlString, useHostnameVerifierHack, truststoreurl, trustpassword, null, null, null, shouldOk);
- }
- public void doTestGetSSLSocketFactory(
- String requestMethod,
- String urlString,
- boolean useHostnameVerifierHack,
- String truststoreurl,
- String trustpassword,
- String keystoretype,
- String keystoreurl,
- String keypassword,
- boolean shouldOk
- ) throws Exception {
-
- KeyStore truststore = null;
- if (truststoreurl != null)
- truststore = KeyStoreUtils.loadKeyStore("jks", truststoreurl, trustpassword);
- SSLSocketFactory sf = SSLUtils.getSSLSocketFactory(
- truststore, keystoretype, keystoreurl, keypassword);
- System.out.println(requestMethod + " " + urlString);
-
- URL url = new URL(urlString);
- HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
- conn.setRequestMethod(requestMethod);
- conn.setDoInput(true);
- conn.setDoOutput(true);
- conn.setUseCaches(false);
- conn.setAllowUserInteraction(false);
- conn.setSSLSocketFactory(sf);
- if (useHostnameVerifierHack)
- conn.setHostnameVerifier(new HostnameVerifierHack());
- try {
- conn.connect();
- assertTrue(shouldOk);
- assertEquals(200, conn.getResponseCode());
- conn.disconnect();
- }
- catch (SSLException ex) {
- assertFalse(shouldOk);
- }
- }
-// private byte[] readTruststore(String filename) throws IOException {
-// if (filename == null)
-// return null;
-// FileInputStream in = new FileInputStream(filename);
-// byte[] buffer = new byte[in.available()];
-// in.read(buffer);
-// in.close();
-// return buffer;
-// }
- private class HostnameVerifierHack implements HostnameVerifier {
- public boolean verify(String arg0, String arg1) {
- return true;
- }
- }
-}
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java
new file mode 100644
index 000000000..f99013082
--- /dev/null
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java
@@ -0,0 +1,166 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth;
+
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.concurrent.TimeUnit;
+
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.config.BeanPostProcessor;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.event.ContextClosedEvent;
+import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
+import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
+import org.springframework.stereotype.Component;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component
+public class MOAContextCloseHandler implements ApplicationListener<ContextClosedEvent>, ApplicationContextAware, BeanPostProcessor {
+
+ private ApplicationContext context;
+
+ /* (non-Javadoc)
+ * @see org.springframework.context.ApplicationListener#onApplicationEvent(org.springframework.context.ApplicationEvent)
+ */
+ @Override
+ public void onApplicationEvent(ContextClosedEvent arg0) {
+ Logger.info("MOA-ID-Auth shutdown process started ...");
+
+ try {
+ Logger.debug("CleanUp objects with implements the IDestroyable interface ... ");
+ Map<String, IDestroyableObject> objectsToDestroy = context.getBeansOfType(IDestroyableObject.class);
+ if (objectsToDestroy != null) {
+ Iterator<Entry<String, IDestroyableObject>> interator =
+ objectsToDestroy.entrySet().iterator();
+ while (interator.hasNext()) {
+ Entry<String, IDestroyableObject> object = interator.next();
+ try {
+ object.getValue().fullyDestroy();
+ Logger.debug("Object with ID:" + object.getKey() + " is destroyed");
+
+ } catch (Exception e) {
+ Logger.warn("Destroing object with ID:" + object.getKey() + " FAILED!", e);
+
+ }
+ }
+ }
+ Logger.info("Object cleanUp complete");
+
+ Logger.debug("Stopping Spring Thread-Pools ... ");
+ //shut-down task schedulers
+ Map<String, ThreadPoolTaskScheduler> schedulers = context.getBeansOfType(ThreadPoolTaskScheduler.class);
+ for (ThreadPoolTaskScheduler scheduler : schedulers.values()) {
+ scheduler.getScheduledExecutor().shutdown();
+ try {
+ scheduler.getScheduledExecutor().awaitTermination(20000, TimeUnit.MILLISECONDS);
+ if(scheduler.getScheduledExecutor().isTerminated() || scheduler.getScheduledExecutor().isShutdown())
+ Logger.debug("Scheduler "+scheduler.getThreadNamePrefix() + " has stoped");
+ else{
+ Logger.debug("Scheduler "+scheduler.getThreadNamePrefix() + " has not stoped normally and will be shut down immediately");
+ scheduler.getScheduledExecutor().shutdownNow();
+ Logger.info("Scheduler "+scheduler.getThreadNamePrefix() + " has shut down immediately");
+ }
+ } catch (IllegalStateException e) {
+ e.printStackTrace();
+ } catch (InterruptedException e) {
+ e.printStackTrace();
+
+ } finally {
+ scheduler.shutdown();
+
+ }
+ }
+
+ //shut-down task executors
+ Map<String, ThreadPoolTaskExecutor> executers = context.getBeansOfType(ThreadPoolTaskExecutor.class);
+ for (ThreadPoolTaskExecutor executor: executers.values()) {
+ int retryCount = 0;
+ while(executor.getActiveCount()>0 && ++retryCount<51){
+ try {
+ Logger.debug("Executer "+executor.getThreadNamePrefix()+" is still working with active " + executor.getActiveCount()+" work. Retry count is "+retryCount);
+ Thread.sleep(1000);
+ } catch (InterruptedException e) {
+ e.printStackTrace();
+ }
+ }
+ if(!(retryCount<51))
+ Logger.debug("Executer "+executor.getThreadNamePrefix()+" is still working.Since Retry count exceeded max value "+retryCount+", will be killed immediately");
+ executor.shutdown();
+ Logger.debug("Executer "+executor.getThreadNamePrefix()+" with active " + executor.getActiveCount()+" work has killed");
+ }
+
+ Logger.debug("Spring Thread-Pools stopped");
+
+ Logger.info("MOA-ID-Auth shutdown process finished");
+
+ } catch (Exception e) {
+ Logger.warn("MOA-ID-Auth shutdown process has an error.", e);
+
+ }
+
+ //System.exit(0);
+ //Thread.currentThread().interrupt();
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.springframework.beans.factory.config.BeanPostProcessor#postProcessAfterInitialization(java.lang.Object, java.lang.String)
+ */
+ @Override
+ public Object postProcessAfterInitialization(Object arg0, String arg1) throws BeansException {
+ if(arg0 instanceof ThreadPoolTaskScheduler)
+ ((ThreadPoolTaskScheduler)arg0).setWaitForTasksToCompleteOnShutdown(true);
+ if(arg0 instanceof ThreadPoolTaskExecutor)
+ ((ThreadPoolTaskExecutor)arg0).setWaitForTasksToCompleteOnShutdown(true);
+ return arg0;
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.springframework.beans.factory.config.BeanPostProcessor#postProcessBeforeInitialization(java.lang.Object, java.lang.String)
+ */
+ @Override
+ public Object postProcessBeforeInitialization(Object arg0, String arg1) throws BeansException {
+ return arg0;
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.springframework.context.ApplicationContextAware#setApplicationContext(org.springframework.context.ApplicationContext)
+ */
+ @Override
+ public void setApplicationContext(ApplicationContext arg0) throws BeansException {
+ this.context = arg0;
+
+ }
+
+}
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
index 327d659ec..bfb43e61f 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
@@ -7,6 +7,8 @@ import javax.servlet.ServletRegistration;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionRegistry;
import org.springframework.beans.factory.xml.XmlBeanDefinitionReader;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.context.support.GenericApplicationContext;
import org.springframework.core.io.ClassPathResource;
import org.springframework.web.WebApplicationInitializer;
@@ -18,6 +20,7 @@ import org.springframework.web.servlet.DispatcherServlet;
import at.gv.egiz.components.spring.api.SpringLoader;
import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -50,16 +53,34 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
try {
+ Logger.info("=============== Loading Config Root Context! ===============");
+ ApplicationContext cfgRootContext =
+ new ClassPathXmlApplicationContext(new String[] {
+ "/moaid.configuration.beans.xml",
+ "/configuration.beans.xml"});
+
+
Logger.info("=============== Loading Root Context! ===============");
GenericWebApplicationContext rootContext = new GenericWebApplicationContext();
rootContext.setServletContext(servletContext);
+ rootContext.setParent(cfgRootContext);
+ PropertyBasedAuthConfigurationProvider moaidconfig = (PropertyBasedAuthConfigurationProvider) cfgRootContext.getBean("moaidauthconfig");
+ String[] springProfiles = moaidconfig.getActiveProfiles();
+
+
Logger.info("=============== Setting active profiles! ===============");
if (this.activeProfiles != null) {
for (String profile : this.activeProfiles) {
rootContext.getEnvironment().addActiveProfile(profile);
}
}
+
+ if (springProfiles != null) {
+ for (String profile : springProfiles) {
+ rootContext.getEnvironment().addActiveProfile(profile);
+ }
+ }
Logger.info("=============== Loading Local Contexts! ===============");
XmlBeanDefinitionReader xmlReader = new XmlBeanDefinitionReader(
@@ -76,7 +97,7 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer {
// logger.debug("Beans after logAMQP in {}", rootContext);
// dumpBeanDefinitions(rootContext);
-
+
Logger.info("=============== Loading SPI Context! ===============");
// logger.debug("Startup with context {}", rootContext);
if (rootContext instanceof BeanDefinitionRegistry) {
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java
index def32e144..565e1cccd 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java
@@ -38,11 +38,12 @@ public class MOAIDAuthSpringResourceProvider implements SpringResourceProvider {
*/
@Override
public Resource[] getResourcesToLoad() {
- ClassPathResource moaidauthConfig = new ClassPathResource("/moaid.configuration.beans.xml", MOAIDAuthInitializer.class);
- ClassPathResource configurationDBConfig = new ClassPathResource("/configuration.beans.xml", MOAIDAuthInitializer.class);
- ClassPathResource moaIdAuthBeans = new ClassPathResource("/moaid.authentication.beans.xml", MOAIDAuthInitializer.class);
-
- return new Resource[] {configurationDBConfig, moaidauthConfig, moaIdAuthBeans};
+ ClassPathResource moaIdAuthBeans = new ClassPathResource("/moaid.authentication.beans.xml", MOAIDAuthInitializer.class);
+ ClassPathResource moaSessionCommonBeans = new ClassPathResource("/session.common.beans.xml", MOAIDAuthInitializer.class);
+ ClassPathResource moaSessionDBBeans = new ClassPathResource("/session.db.beans.xml", MOAIDAuthInitializer.class);
+ ClassPathResource moaSessionRedisBeans = new ClassPathResource("/session.redis.beans.xml", MOAIDAuthInitializer.class);
+ ClassPathResource configurationStatisticLog = new ClassPathResource("/statistic.logging.beans.xml", MOAIDAuthInitializer.class);
+ return new Resource[] {configurationStatisticLog, moaIdAuthBeans, moaSessionDBBeans, moaSessionRedisBeans, moaSessionCommonBeans};
}
diff --git a/id/server/moa-id-spring-initializer/src/main/resources/applicationContext.xml b/id/server/moa-id-spring-initializer/src/main/resources/applicationContext.xml
index ae38c836e..2c53d55b9 100644
--- a/id/server/moa-id-spring-initializer/src/main/resources/applicationContext.xml
+++ b/id/server/moa-id-spring-initializer/src/main/resources/applicationContext.xml
@@ -27,5 +27,8 @@
<bean class="at.gv.egovernment.moa.id.auth.servlet.interceptor.UniqueSessionIdentifierInterceptor" />
</mvc:interceptors>
+ <bean id="MOAIDContextCloseHandler"
+ class="at.gv.egovernment.moa.id.auth.MOAContextCloseHandler"/>
+
</beans>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml
index f2403a62e..e5b38f9b6 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml
@@ -23,6 +23,13 @@
</dependency>
<dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_ixsil</artifactId>
+ <version>1.2.2.5</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-commons</artifactId>
<type>test-jar</type>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index f5000581c..90ed1c886 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -65,7 +65,6 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.util.XMLUtil;
-import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -73,6 +72,7 @@ import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.egovernment.moaspss.logging.LogMsg;
import iaik.asn1.ObjectID;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index df101f5b7..4e591ada2 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -46,13 +46,6 @@
package at.gv.egovernment.moa.id.auth.validator;
-import iaik.asn1.ObjectID;
-import iaik.asn1.structures.Name;
-import iaik.security.ecc.ecdsa.ECPublicKey;
-import iaik.utils.RFC2253NameParserException;
-import iaik.x509.X509Certificate;
-import iaik.x509.X509ExtensionInitException;
-
import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
@@ -70,6 +63,11 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
+import iaik.asn1.structures.Name;
+import iaik.security.ec.common.ECPublicKey;
+import iaik.utils.RFC2253NameParserException;
+import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionInitException;
/**
* This class is used to validate an {@link VerifyXMLSignatureResponse}
@@ -268,9 +266,9 @@ public class VerifyXMLSignatureResponseValidator {
//compare ECDSAPublicKeys
if( ( (idl.getPublicKey()[i] instanceof java.security.interfaces.ECPublicKey) ||
- (idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey)) &&
+ (idl.getPublicKey()[i] instanceof ECPublicKey)) &&
( (pubKeySignature instanceof java.security.interfaces.ECPublicKey) ||
- (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey) ) ) {
+ (pubKeySignature instanceof ECPublicKey) ) ) {
try {
ECPublicKey ecdsaPubKeySignature = new ECPublicKey(pubKeySignature.getEncoded());
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index 7b5a7b9c0..12e58342a 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -152,11 +152,11 @@ public class MISSimpleClient {
}
return foundMandates;
} catch (ParserConfigurationException e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
} catch (DOMException e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
} catch (TransformerException e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
}
}
@@ -259,11 +259,11 @@ public class MISSimpleClient {
return msid;
} catch (ParserConfigurationException e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
} catch (DOMException e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
} catch (TransformerException e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
}
}
@@ -315,19 +315,19 @@ public class MISSimpleClient {
return unpackFromSOAP(doc.getDocumentElement());
} catch(IOException e) {
- throw new MISSimpleClientException("service.04", e);
+ throw new MISSimpleClientException("service.04", new Object[]{webServiceURL, e.getMessage()}, e);
} catch (TransformerException e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
} catch (SAXException e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
} catch (ParserConfigurationException e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
} catch (Exception e) {
- throw new MISSimpleClientException("service.06", e);
+ throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e);
}
diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml
index addf086d8..174ce40cb 100644
--- a/id/server/modules/moa-id-module-eIDAS/pom.xml
+++ b/id/server/modules/moa-id-module-eIDAS/pom.xml
@@ -12,10 +12,11 @@
<properties>
<repositoryPath>${basedir}/../../../../repository</repositoryPath>
- <eidas-commons.version>eidas.1.0</eidas-commons.version>
- <eidas-saml-engine.version>eidas.1.0</eidas-saml-engine.version>
- <eidas-encryption.version>eidas.1.0</eidas-encryption.version>
- <eidas-configmodule.version>eidas.1.0</eidas-configmodule.version>
+ <eidas-commons.version>1.1.0</eidas-commons.version>
+ <eidas-light-commons.version>1.1.0</eidas-light-commons.version>
+ <eidas-saml-engine.version>1.1.0</eidas-saml-engine.version>
+ <eidas-encryption.version>1.1.0</eidas-encryption.version>
+ <eidas-configmodule.version>1.1.0</eidas-configmodule.version>
</properties>
@@ -44,6 +45,11 @@
<dependencies>
<dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-lib</artifactId>
+ </dependency>
+
+ <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<scope>test</scope>
@@ -75,6 +81,12 @@
<dependency>
<groupId>eu.eidas</groupId>
+ <artifactId>eidas-light-commons</artifactId>
+ <version>${eidas-light-commons.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>eu.eidas</groupId>
<artifactId>eidas-configmodule</artifactId>
<version>${eidas-configmodule.version}</version>
<exclusions>
@@ -100,7 +112,7 @@
<!-- eidas SAML Engine -->
<dependency>
<groupId>eu.eidas</groupId>
- <artifactId>saml-engine</artifactId>
+ <artifactId>eidas-saml-engine</artifactId>
<version>${eidas-saml-engine.version}</version>
<scope>compile</scope>
<exclusions>
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index d93d739b1..7664eec86 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -22,15 +22,12 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-
import org.opensaml.xml.encryption.EncryptionConstants;
import org.opensaml.xml.signature.SignatureConstants;
+//import eu.eidas.auth.engine.core.validator.eidas.EIDASAttributes;
-import eu.eidas.auth.engine.core.eidas.EidasAttributesTypes;
-import eu.eidas.auth.engine.core.validator.eidas.EIDASAttributes;
+import eu.eidas.auth.commons.attribute.AttributeRegistries;
+import eu.eidas.auth.commons.attribute.AttributeRegistry;
/**
* @author tlenz
@@ -54,6 +51,7 @@ public class Constants {
//configuration property keys
public static final String CONIG_PROPS_EIDAS_PREFIX="moa.id.protocols.eIDAS";
public static final String CONIG_PROPS_EIDAS_SAMLENGINE="samlengine";
+ public static final String CONIG_PROPS_EIDAS_NODE= CONIG_PROPS_EIDAS_PREFIX + ".node";
public static final String CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX=CONIG_PROPS_EIDAS_PREFIX + "." + CONIG_PROPS_EIDAS_SAMLENGINE;
public static final String CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + ".config.file";
public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN="sign";
@@ -64,23 +62,32 @@ public class Constants {
+ CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";
public static final String CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE = CONIG_PROPS_EIDAS_PREFIX + ".metadata.validation.truststore";
+ public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode";
+ public static final String CONIG_PROPS_EIDAS_NODE_COUNTRY = CONIG_PROPS_EIDAS_NODE + ".country";
+
+
//timeouts and clock skews
public static final long CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000; //2 minutes skew time for response validation
public static final int CONFIG_PROPS_METADATA_SOCKED_TIMEOUT = 20 * 1000; //20 seconds metadata socked timeout
public static final long CONFIG_PROPS_METADATA_GARBAGE_TIMEOUT = 7 * 24 * 60 * 60 * 1000; //remove unused eIDAS metadata after 7 days
-
- //eIDAS attribute names
- public static final String eIDAS_ATTR_PERSONALIDENTIFIER = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_PERSONIDENTIFIER;
- public static final String eIDAS_ATTR_DATEOFBIRTH = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_DATEOFBIRTH;
- public static final String eIDAS_ATTR_CURRENTGIVENNAME = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_FIRSTNAME;
- public static final String eIDAS_ATTR_CURRENTFAMILYNAME = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_GIVENNAME;
+
+ //eIDAS request parameters
+ public static final String eIDAS_REQ_NAMEID_FORMAT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent";
+
+ //eIDAS attribute names
+ public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
+ public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
+ public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName";
+ public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName";
+ public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier";
+ public static final String eIDAS_ATTR_LEGALNAME = "LegalName";
//http endpoint descriptions
public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/sp/post";
public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/sp/redirect";
- public static final String eIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/idp/post";
+ //public static final String eIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/idp/post";
+ //public static final String eIDAS_HTTP_ENDPOINT_IDP_REDIRECT = "/eidas/idp/redirect";
public static final String eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST = "/eidas/ColleagueRequest";
- public static final String eIDAS_HTTP_ENDPOINT_IDP_REDIRECT = "/eidas/idp/redirect";
public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/metadata";
@@ -92,22 +99,38 @@ public class Constants {
public static final int eIDAS_REVERSIONSLOG_SP_AUTHRESPONSE= 3404;
//metadata constants
- public final static Map<String, EidasAttributesTypes> METADATA_POSSIBLE_ATTRIBUTES = Collections.unmodifiableMap(
- new HashMap<String, EidasAttributesTypes>(){
- private static final long serialVersionUID = 1L;
- {
- put(EIDASAttributes.ATTRIBUTE_GIVENNAME, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
- put(EIDASAttributes.ATTRIBUTE_FIRSTNAME, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
- put(EIDASAttributes.ATTRIBUTE_DATEOFBIRTH, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
- put(EIDASAttributes.ATTRIBUTE_PERSONIDENTIFIER, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
-
- //TODO: add additional attributes for eIDAS with mandates
- //put(EIDASAttributes.ATTRIBUTE_LEGALIDENTIFIER, EidasAttributesTypes.LEGAL_PERSON_MANDATORY);
- //put(EIDASAttributes.ATTRIBUTE_LEGALNAME, EidasAttributesTypes.LEGAL_PERSON_MANDATORY);
- }
- }
- );
+// public final static Map<String, EidasAttributesTypes> METADATA_POSSIBLE_ATTRIBUTES = Collections.unmodifiableMap(
+// new HashMap<String, EidasAttributesTypes>(){
+// private static final long serialVersionUID = 1L;
+// {
+// put(EIDASAttributes.ATTRIBUTE_GIVENNAME, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+// put(EIDASAttributes.ATTRIBUTE_FIRSTNAME, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+// put(EIDASAttributes.ATTRIBUTE_DATEOFBIRTH, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+// put(EIDASAttributes.ATTRIBUTE_PERSONIDENTIFIER, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+//
+// //TODO: add additional attributes for eIDAS with mandates
+// //put(EIDASAttributes.ATTRIBUTE_LEGALIDENTIFIER, EidasAttributesTypes.LEGAL_PERSON_MANDATORY);
+// //put(EIDASAttributes.ATTRIBUTE_LEGALNAME, EidasAttributesTypes.LEGAL_PERSON_MANDATORY);
+// }
+// }
+// );
+ public static final AttributeRegistry NAT_ATTR =
+ AttributeRegistries.of( eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER,
+ eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME,
+ eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_GIVEN_NAME,
+ eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH
+ );
+
+ public static final AttributeRegistry LEGAL_ATTR =
+ AttributeRegistries.of( eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_PERSON_IDENTIFIER,
+ eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_NAME
+ );
+
+ public static final AttributeRegistry MOA_IDP_ATTR_REGISTRY =
+ AttributeRegistries.copyOf(NAT_ATTR, LEGAL_ATTR);
+
+
public static final String METADATA_ALLOWED_ALG_DIGIST =
SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256 + ";" +
SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512 ;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOASWSigner.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOASWSigner.java
new file mode 100644
index 000000000..302c12aaa
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOASWSigner.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import eu.eidas.auth.engine.configuration.SamlEngineConfigurationException;
+import eu.eidas.auth.engine.configuration.dom.ConfigurationAdapter;
+import eu.eidas.auth.engine.configuration.dom.ConfigurationKey;
+import eu.eidas.auth.engine.core.impl.KeyStoreProtocolSigner;
+import eu.eidas.samlengineconfig.CertificateConfigurationManager;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOASWSigner extends KeyStoreProtocolSigner {
+
+ public MOASWSigner(Map<String, String> properties) throws SamlEngineConfigurationException {
+ super(properties);
+
+ }
+
+ /**
+ * @param configManager
+ * @throws SamlEngineConfigurationException
+ */
+ public MOASWSigner(CertificateConfigurationManager configManager) throws SamlEngineConfigurationException {
+ super(ConfigurationAdapter.adapt(configManager).getInstances().get(Constants.eIDAS_SAML_ENGINE_NAME).getConfigurationEntries().get(ConfigurationKey.SIGNATURE_CONFIGURATION.getKey()).getParameters());
+
+ }
+
+
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
index 5d1874157..78793d3fc 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
@@ -42,9 +42,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
-
import eu.eidas.samlengineconfig.BinaryParameter;
-import eu.eidas.samlengineconfig.ConfigurationParameter;
import eu.eidas.samlengineconfig.EngineInstance;
import eu.eidas.samlengineconfig.InstanceConfiguration;
import eu.eidas.samlengineconfig.PropsParameter;
@@ -57,10 +55,10 @@ import eu.eidas.samlengineconfig.SamlEngineConfiguration;
public class MOAeIDASSAMLEngineConfigurationImpl extends
SamlEngineConfiguration {
- private static final String KEYSTORE_PATH="keystorePath";
- private static final String METADATA_KEYSTORE_PATH="metadata.keystorePath";
+ private static final String KEYSTORE_PATH="keyStorePath";
+ private static final String METADATA_KEYSTORE_PATH="metadata.keyStorePath";
private static final String ENCRYPTION_ACTIVATION="encryptionActivation";
- private static final String[] BINARY_PARAMETERS={KEYSTORE_PATH, ENCRYPTION_ACTIVATION,METADATA_KEYSTORE_PATH};
+ public static final String[] BINARY_PARAMETERS={KEYSTORE_PATH, ENCRYPTION_ACTIVATION,METADATA_KEYSTORE_PATH};
public List<EngineInstance> getInstances(){
return super.getInstances();
@@ -95,7 +93,7 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends
//add basic eIDAS SAML-engine configuration
MOAeIDASSAMLInstanceConfigurationImpl samlBaseConfig = new MOAeIDASSAMLInstanceConfigurationImpl();
samlBaseConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_BASICCONFIG);
- samlBaseConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE));
+ samlBaseConfig.addParameter(buildPropsParameter(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE));
engineConfigs.add(samlBaseConfig);
//add signing eIDAS SAML-engine configuration
@@ -103,7 +101,7 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends
samlSignConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_SIGNATURECONFIG);
samlSignConfig.addParameter(Constants.eIDAS_SAML_ENGINE_NAME_ID_CLASS,
Constants.SAML_SIGNING_IMPLENTATION);
-
+
//TODO: load signing keys directly from MOA-ID configuration in finale version
samlSignConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE));
engineConfigs.add(samlSignConfig);
@@ -122,16 +120,16 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends
super.addInstance(engineInst);
}
-
+
/**
* Load an external eIDAS SAML-engine configuration file, which is referenced from MOA-ID configuration
*
* @param key Configuration key, which is used in property based MOA-ID configuration file
- * @return eIDAS SAML-engine configuration object
+ * @return eIDAS SAML-engine configuration Properties
* @throws ConfigurationException
*/
- private ConfigurationParameter loadConfigurationFromExternalFile(String key) throws ConfigurationException {
+ private Properties loadConfigurationFromExternalFile(String key) throws ConfigurationException {
String configFile =
AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(key);
if (MiscUtil.isEmpty(configFile)) {
@@ -141,15 +139,21 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends
return null;
}
- Properties inputProps = loadPropsFromXml(configFile);
- return buildPropsParameter(inputProps, configFile);
+ Properties inputProps = loadPropsFromXml(configFile);
+ return inputProps;
+ //return buildPropsParameter(inputProps, configFile);
}
- private PropsParameter buildPropsParameter(Properties inputProps, String fileName) throws EIDASEngineConfigurationException {
+ private PropsParameter buildPropsParameter(String configKey) throws ConfigurationException {
+ Properties inputProps = loadConfigurationFromExternalFile(configKey);
+
+ String configFile =
+ AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(configKey);
+
PropsParameter outputProps = new PropsParameter();
- outputProps.setFileName(fileName);
+ outputProps.setFileName(configFile);
//original eIDAS SAML-engine use this identifier
outputProps.setName("fileConfiguration");
@@ -241,6 +245,8 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends
configFile,
AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+ Logger.debug("Load eIDAS configuration from file:" + absoluteConfigFile);
+
File file = new File(new URL(absoluteConfigFile).toURI());
is = new FileInputStream(file);
props.loadFromXML(is);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
index dccd39905..384d6be0b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
@@ -22,9 +22,22 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+import java.io.File;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Iterator;
import java.util.List;
+import java.util.Map.Entry;
+import java.util.Properties;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
import eu.eidas.samlengineconfig.ConfigurationParameter;
import eu.eidas.samlengineconfig.InstanceConfiguration;
import eu.eidas.samlengineconfig.StringParameter;
@@ -56,5 +69,49 @@ public class MOAeIDASSAMLInstanceConfigurationImpl extends
addParameter(param);
}
+
+ public void addParameter(Properties parameters) {
+ Iterator<Entry<Object, Object>> paramInterator = parameters.entrySet().iterator();
+ while (paramInterator.hasNext()) {
+ Entry<Object, Object> next = paramInterator.next();
+
+ StringParameter param = new StringParameter();
+ String keyName = (String) next.getKey();
+ param.setName(keyName);
+
+ //make path to binary files absolute
+ if (Arrays.asList(MOAeIDASSAMLEngineConfigurationImpl.BINARY_PARAMETERS).contains(keyName))
+ try {
+ String absoluteConfigFile = FileUtils.makeAbsoluteURL(
+ (String)next.getValue(),
+ AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+
+ URI uri = new URL(absoluteConfigFile).toURI();
+
+ File file = new File(uri);
+ if (file.exists())
+ param.setValue(file.getCanonicalPath());
+
+ else {
+ Logger.error("eIDAS-configuration fileparameter with key:" + param.getName() + " and path:" + uri.toString() + " NOT exist!");
+ param.setValue(null);
+
+ }
+
+
+ } catch (ConfigurationException | URISyntaxException | IOException e) {
+ //TODO: make final!!!!
+ e.printStackTrace();
+ param.setValue(next.getValue());
+
+ }
+ else
+ param.setValue(next.getValue());
+
+ addParameter(param);
+
+ }
+
+ }
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
index 1ba344fd1..9ad5f0db3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
@@ -1,18 +1,95 @@
package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+import java.security.cert.X509Certificate;
+import java.util.Map;
+
+import org.apache.commons.lang.StringUtils;
+
+import com.google.common.collect.ImmutableMap;
+import com.sun.istack.Nullable;
+
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
-import eu.eidas.auth.engine.core.impl.EncryptionSW;
+import eu.eidas.auth.commons.EidasErrorKey;
+import eu.eidas.auth.commons.io.ReloadableProperties;
+import eu.eidas.auth.engine.configuration.SamlEngineConfigurationException;
+import eu.eidas.auth.engine.configuration.dom.EncryptionKey;
+import eu.eidas.auth.engine.core.impl.CertificateValidator;
+import eu.eidas.auth.engine.core.impl.KeyStoreSamlEngineEncryption;
+import eu.eidas.auth.engine.xml.opensaml.CertificateUtil;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
/**
* This encryption module asks the moa configuration on whether to encrypt the response or not. In doubt, encryption is enforced.
*/
-public class ModifiedEncryptionSW extends EncryptionSW {
+public class ModifiedEncryptionSW extends KeyStoreSamlEngineEncryption {
+
+ private final ImmutableMap<String, String> properties;
+
+ private final ReloadableProperties encryptionActivationProperties;
+
+ private static ReloadableProperties initActivationConf(Map<String, String> properties) {
+ String activationConfigurationFile = EncryptionKey.ENCRYPTION_ACTIVATION.getAsString(properties);
+ Logger.debug("File containing encryption configuration: \"" + activationConfigurationFile + "\"");
+ return new ReloadableProperties(activationConfigurationFile);
+ }
+
+ /**
+ * @param properties
+ * @throws SamlEngineConfigurationException
+ */
+ public ModifiedEncryptionSW(Map<String, String> properties) throws SamlEngineConfigurationException {
+ super(properties);
+ this.properties = ImmutableMap.copyOf(properties);
+ encryptionActivationProperties = initActivationConf(properties);
+ }
+
+ /* (non-Javadoc)
+ * @see eu.eidas.auth.engine.core.ProtocolEncrypterI#getEncryptionCertificate(java.lang.String)
+ */
+ @Override
+ @Nullable
+ public X509Certificate getEncryptionCertificate(@Nullable String destinationCountryCode)
+ throws EIDASSAMLEngineException {
+ if (isEncryptionEnabled(destinationCountryCode)) {
+ String issuerKey = new StringBuilder(EncryptionKey.RESPONSE_TO_POINT_ISSUER_PREFIX.getKey()).append(
+ destinationCountryCode).toString();
+ String serialNumberKey =
+ new StringBuilder(EncryptionKey.RESPONSE_TO_POINT_SERIAL_NUMBER_PREFIX.getKey()).append(
+ destinationCountryCode).toString();
+ String serialNumber = properties.get(serialNumberKey);
+ String responseToPointIssuer = properties.get(issuerKey);
+ if (StringUtils.isNotBlank(responseToPointIssuer)) {
+ for (final X509Certificate certificate : getEncryptionCertificates()) {
+ if (CertificateUtil.matchesCertificate(serialNumber, responseToPointIssuer, certificate)) {
+
+ if (isDisallowedSelfSignedCertificate()) {
+ CertificateValidator.checkCertificateIssuer(certificate);
+ }
+ if (isCheckedValidityPeriod()) {
+ CertificateValidator.checkCertificateValidityPeriod(certificate);
+ }
+
+ return certificate;
+ }
+ }
+ throw new EIDASSAMLEngineException(EidasErrorKey.SAML_ENGINE_INVALID_CERTIFICATE.errorCode(),
+ EidasErrorKey.SAML_ENGINE_INVALID_CERTIFICATE.errorMessage());
+ } else {
+ Logger.error("Encryption of SAML Response NOT done, because no \"" + issuerKey +
+ "\" configured!");
+ }
+ }
+ return null;
+ }
+ /* (non-Javadoc)
+ * @see eu.eidas.auth.engine.core.ProtocolEncrypterI#isEncryptionEnabled(java.lang.String)
+ */
@Override
- public boolean isEncryptionEnable(String countryCode) {
+ public boolean isEncryptionEnabled(String countryCode) {
// - encrypt if so configured
try {
AuthConfiguration moaconfig = AuthConfigurationProviderFactory.getInstance();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAEidasProtocolProcesser.java
index 5837d7dbf..f214efc90 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAEidasProtocolProcesser.java
@@ -22,27 +22,29 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
-import java.util.HashSet;
-import java.util.Set;
-
-import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
-import eu.eidas.auth.engine.core.ExtensionProcessorI;
-import eu.eidas.auth.engine.core.eidas.EidasExtensionProcessor;
+import eu.eidas.auth.engine.core.eidas.EidasProtocolProcessor;
+import eu.eidas.auth.engine.metadata.MetadataFetcherI;
+import eu.eidas.auth.engine.metadata.MetadataSignerI;
/**
* @author tlenz
*
*/
-public class MOAeIDAsExtensionProcessor extends EidasExtensionProcessor implements ExtensionProcessorI {
+public class MOAEidasProtocolProcesser extends EidasProtocolProcessor {
+ private final MetadataFetcherI metadataFetcher;
+ private final MetadataSignerI metadataSigner;
+
/**
- * Add only eIDAS attributes which are supported by Austrian eIDAS node
- *
+ * @param metadataFetcher
+ * @param metadataSigner
*/
- @Override
- public Set<String> getSupportedAttributes(){
- Set<String> supportedAttributes=new HashSet<String>( Constants.METADATA_POSSIBLE_ATTRIBUTES.keySet());
-
- return supportedAttributes;
- }
+ public MOAEidasProtocolProcesser(MetadataFetcherI metadataFetcher, MetadataSignerI metadataSigner) {
+ super(metadataFetcher, metadataSigner);
+
+ this.metadataFetcher = metadataFetcher;
+ this.metadataSigner = metadataSigner;
+
+ }
+
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 80a2734f2..7fb0dbb5f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -18,58 +18,80 @@ import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
-import org.opensaml.saml2.metadata.provider.FilterException;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
import org.opensaml.xml.XMLObject;
+import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.auth.IDestroyableObject;
+import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing;
-import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-import eu.eidas.auth.engine.AbstractSAMLEngine;
+import eu.eidas.auth.engine.AbstractProtocolEngine;
-public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvider, IGarbageCollectorProcessing {
+@Service("eIDASMetadataProvider")
+public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvider,
+ IGarbageCollectorProcessing, IDestroyableObject {
- private static MOAeIDASChainingMetadataProvider instance = null;
+// private static MOAeIDASChainingMetadataProvider instance = null;
private static Object mutex = new Object();
private MetadataProvider internalProvider;
private Map<String, Date> lastAccess = null;
- public static MOAeIDASChainingMetadataProvider getInstance() {
- if (instance == null) {
- synchronized (mutex) {
- if (instance == null) {
- instance = new MOAeIDASChainingMetadataProvider();
- MOAGarbageCollector.addModulForGarbageCollection(instance);
- }
- }
- }
- return instance;
- }
+// public static MOAeIDASChainingMetadataProvider getInstance() {
+// if (instance == null) {
+// synchronized (mutex) {
+// if (instance == null) {
+// instance = new MOAeIDASChainingMetadataProvider();
+// MOAGarbageCollector.addModulForGarbageCollection(instance);
+// }
+// }
+// }
+// return instance;
+// }
- private MOAeIDASChainingMetadataProvider() {
+ public MOAeIDASChainingMetadataProvider() {
internalProvider = new ChainingMetadataProvider();
lastAccess = new HashMap<String, Date>();
}
/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.IDestroyableObject#fullyDestroy()
+ */
+ @Override
+ public void fullyDestroy() {
+ Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+ if (loadedproviders != null) {
+ for (Entry<String, HTTPMetadataProvider> el : loadedproviders.entrySet()) {
+ try {
+ el.getValue().destroy();
+ Logger.debug("Destroy eIDAS Matadataprovider: " + el.getKey() + " finished");
+
+ } catch (Exception e) {
+ Logger.warn("Destroy eIDAS Matadataprovider: " + el.getKey() + " FAILED");
+
+ }
+ }
+ }
+ }
+
+ /* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
*/
@Override
@@ -128,9 +150,11 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
List<String> nonValidMetadataProvider = new ArrayList<String>();
for (HTTPMetadataProvider provider : loadedproviders.values()) {
try {
- provider.getMetadataFilter().doFilter(provider.getMetadata());
+ provider.refresh();
+
+ //provider.getMetadataFilter().doFilter(provider.getMetadata());
- } catch (FilterException | MetadataProviderException e) {
+ } catch (MetadataProviderException e) {
Logger.info("eIDAS MetadataProvider: " + provider.getMetadataURI()
+ " is not valid any more. Reason:" + e.getMessage());
if (Logger.isDebugEnabled())
@@ -196,10 +220,10 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
}
}
- timer = new Timer();
+ timer = new Timer(true);
httpProvider = new HTTPMetadataProvider(timer, httpClient,
metadataURL);
- httpProvider.setParserPool(AbstractSAMLEngine.getNewBasicSecuredParserPool());
+ httpProvider.setParserPool(AbstractProtocolEngine.getSecuredParserPool());
httpProvider.setRequireValidMetadata(true);
httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
@@ -405,5 +429,4 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
if (observer != null)
observer.onEvent(this);
}
-
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
index 7537c4d84..c5e56502b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
@@ -31,15 +31,17 @@ import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.metadata.MetadataProcessorI;
+import eu.eidas.auth.engine.ProtocolEngineI;
+import eu.eidas.auth.engine.metadata.MetadataFetcherI;
+import eu.eidas.auth.engine.metadata.MetadataSignerI;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
import eu.eidas.engine.exceptions.SAMLEngineException;
/**
* @author tlenz
*
*/
-public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
+public class MOAeIDASMetadataProviderDecorator implements MetadataFetcherI {
private MetadataProvider metadataprovider = null;
@@ -51,10 +53,31 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
}
+
/* (non-Javadoc)
- * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getEntityDescriptor(java.lang.String)
+ * @see eu.eidas.auth.engine.metadata.MetadataFetcherI#getEntityDescriptor(java.lang.String, eu.eidas.auth.engine.metadata.MetadataSignerI)
*/
@Override
+ public EntityDescriptor getEntityDescriptor(String url, MetadataSignerI paramMetadataSignerI)
+ throws EIDASSAMLEngineException {
+ try {
+ /*TODO: maybe implement metadata signature validation on every request,
+ * but it is not needed in case of cached metadata provider,
+ * because signature must be only validated in case of cache reload operation
+ */
+ return this.metadataprovider.getEntityDescriptor(url);
+
+ } catch (MetadataProviderException e) {
+ throw new EIDASSAMLEngineException("eIDAS Metadata processing FAILED.", e);
+
+ }
+ }
+
+
+ /* (non-Javadoc)
+ * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getEntityDescriptor(java.lang.String)
+ */
+ @Deprecated
public EntityDescriptor getEntityDescriptor(String url)
throws SAMLEngineException {
try {
@@ -69,7 +92,7 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
/* (non-Javadoc)
* @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getSPSSODescriptor(java.lang.String)
*/
- @Override
+ @Deprecated
public SPSSODescriptor getSPSSODescriptor(String url)
throws SAMLEngineException {
return getFirstRoleDescriptor(getEntityDescriptor(url), SPSSODescriptor.class);
@@ -79,7 +102,7 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
/* (non-Javadoc)
* @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getIDPSSODescriptor(java.lang.String)
*/
- @Override
+ @Deprecated
public IDPSSODescriptor getIDPSSODescriptor(String url)
throws SAMLEngineException {
return getFirstRoleDescriptor(getEntityDescriptor(url), IDPSSODescriptor.class);
@@ -89,8 +112,8 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
/* (non-Javadoc)
* @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, eu.eidas.auth.engine.EIDASSAMLEngine)
*/
- @Override
- public void checkValidMetadataSignature(String url, EIDASSAMLEngine engine)
+ @Deprecated
+ public void checkValidMetadataSignature(String url, ProtocolEngineI engine)
throws SAMLEngineException {
//Do nothing, because metadata signature is already validated during
//metadata provider initialization
@@ -102,7 +125,7 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
/* (non-Javadoc)
* @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, java.security.KeyStore)
*/
- @Override
+ @Deprecated
public void checkValidMetadataSignature(String url, KeyStore trustStore)
throws SAMLEngineException {
//Do nothing, because metadata signature is already validated during
@@ -110,6 +133,7 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
}
+ @Deprecated
protected <T extends RoleDescriptor> T getFirstRoleDescriptor(EntityDescriptor entityDescriptor, final Class<T> clazz){
for(RoleDescriptor rd:entityDescriptor.getRoleDescriptors()){
if(clazz.isInstance(rd)){
@@ -119,4 +143,6 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
return null;
}
+
+
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASAuthnRequestProcessingException.java
index c96af37ef..d51629d9e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASAuthnRequestProcessingException.java
@@ -30,7 +30,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @author tlenz
*
*/
-public class eIDASAuthnRequestProcessingException extends eIDASException {
+public class EIDASAuthnRequestProcessingException extends EIDASException {
private String subStatusCode = null;
@@ -43,20 +43,20 @@ public class eIDASAuthnRequestProcessingException extends eIDASException {
* @param messageId
* @param parameters
*/
- public eIDASAuthnRequestProcessingException(String messageId, Object[] parameters) {
+ public EIDASAuthnRequestProcessingException(String messageId, Object[] parameters) {
super(messageId, parameters);
}
- public eIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters) {
+ public EIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters) {
super(messageId, parameters);
this.subStatusCode = subStatusCode;
}
- public eIDASAuthnRequestProcessingException(String messageId, Object[] parameters, Throwable e) {
+ public EIDASAuthnRequestProcessingException(String messageId, Object[] parameters, Throwable e) {
super(messageId, parameters, e );
}
- public eIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters, Throwable e) {
+ public EIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters, Throwable e) {
super(messageId, parameters, e );
this.subStatusCode = subStatusCode;
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASAuthnRequestValidationException.java
index 2a15ee18a..a6da769b7 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASAuthnRequestValidationException.java
@@ -28,7 +28,7 @@ import org.opensaml.saml2.core.StatusCode;
* @author tlenz
*
*/
-public class eIDASAuthnRequestValidationException extends eIDASException {
+public class EIDASAuthnRequestValidationException extends EIDASException {
/**
*
@@ -39,7 +39,7 @@ public class eIDASAuthnRequestValidationException extends eIDASException {
* @param messageId
* @param parameters
*/
- public eIDASAuthnRequestValidationException(String messageId, Object[] parameters) {
+ public EIDASAuthnRequestValidationException(String messageId, Object[] parameters) {
super(messageId, parameters);
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
index 234c4e038..8bf7f7452 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
@@ -28,7 +28,7 @@ import org.opensaml.saml2.core.StatusCode;
* @author tlenz
*
*/
-public class EIDASEngineException extends eIDASException {
+public class EIDASEngineException extends EIDASException {
/**
* @param objects
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASException.java
index f42004abc..e3d6c5a2e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASException.java
@@ -28,7 +28,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
* @author tlenz
*
*/
-public abstract class eIDASException extends MOAIDException {
+public abstract class EIDASException extends MOAIDException {
/**
*
@@ -44,7 +44,7 @@ public abstract class eIDASException extends MOAIDException {
* @param messageId
* @param parameters
*/
- public eIDASException(String messageId, Object[] parameters) {
+ public EIDASException(String messageId, Object[] parameters) {
super(messageId, parameters);
}
@@ -52,7 +52,7 @@ public abstract class eIDASException extends MOAIDException {
* @param messageId
* @param parameters
*/
- public eIDASException(String messageId, Object[] parameters, Throwable e) {
+ public EIDASException(String messageId, Object[] parameters, Throwable e) {
super(messageId, parameters, e);
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASResponseBuildException.java
index 0ffcf11ef..5e6b87b39 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASResponseBuildException.java
@@ -28,7 +28,7 @@ import org.opensaml.saml2.core.StatusCode;
* @author tlenz
*
*/
-public class eIDASResponseBuildException extends eIDASException {
+public class EIDASResponseBuildException extends EIDASException {
/**
*
@@ -39,11 +39,11 @@ public class eIDASResponseBuildException extends eIDASException {
* @param messageId
* @param parameters
*/
- public eIDASResponseBuildException(String messageId, Object[] parameters) {
+ public EIDASResponseBuildException(String messageId, Object[] parameters) {
super(messageId, parameters);
}
- public eIDASResponseBuildException(String messageId, Object[] parameters, Throwable e) {
+ public EIDASResponseBuildException(String messageId, Object[] parameters, Throwable e) {
super(messageId, parameters, e);
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASResponseNotSuccessException.java
index d10ca1c88..460561eb3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASResponseNotSuccessException.java
@@ -28,14 +28,14 @@ import org.opensaml.saml2.core.StatusCode;
* @author tlenz
*
*/
-public class eIDASResponseNotSuccessException extends eIDASException {
+public class EIDASResponseNotSuccessException extends EIDASException {
/**
*
*/
private static final long serialVersionUID = 6145402939313568907L;
- public eIDASResponseNotSuccessException(String messageId, Object[] parameters) {
+ public EIDASResponseNotSuccessException(String messageId, Object[] parameters) {
super(messageId, parameters);
}
@@ -44,7 +44,7 @@ public class eIDASResponseNotSuccessException extends eIDASException {
* @param parameters
* @param e
*/
- public eIDASResponseNotSuccessException(String messageId, Object[] parameters, Throwable e) {
+ public EIDASResponseNotSuccessException(String messageId, Object[] parameters, Throwable e) {
super(messageId, parameters, e);
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
index b25895eca..17f0a9b72 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
@@ -28,7 +28,7 @@ import org.opensaml.saml2.core.StatusCode;
* @author tlenz
*
*/
-public class eIDASAttributeException extends eIDASException {
+public class eIDASAttributeException extends EIDASException {
private static final long serialVersionUID = 1L;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index 5d7430dd7..6be64ba72 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -28,6 +28,7 @@ import java.text.SimpleDateFormat;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.joda.time.DateTime;
import org.springframework.stereotype.Component;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -39,6 +40,7 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -47,7 +49,7 @@ import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.XPathUtils;
-import eu.eidas.auth.commons.IPersonalAttributeList;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
/**
* @author tlenz
@@ -67,9 +69,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
defaultTaskInitialization(request, executionContext);
//get eIDAS attributes from MOA-Session
- IPersonalAttributeList eIDASAttributes = moasession.getGenericDataFromSession(
+ ImmutableAttributeMap eIDASAttributes = moasession.getGenericDataFromSession(
AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST,
- IPersonalAttributeList.class);
+ ImmutableAttributeMap.class);
IdentityLink identityLink = null;
@@ -86,35 +88,51 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
// replace data
Element idlassertion = identityLink.getSamlAssertion();
-
- // - set bpk/wpbk;
+
+ // - set fake baseID;
Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
- if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
- throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
- String eIdentifier = eIDASAttributes.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).getValue().get(0);
- prIdentification.getFirstChild().setNodeValue(eIdentifier);
+
+
+ Object eIdentifier = eIDASAttributes.getFirstValue(
+ SAMLEngineUtils.getMapOfAllAvailableAttributes().get(
+ Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
+ if (eIdentifier == null || !(eIdentifier instanceof String))
+ throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
+ prIdentification.getFirstChild().setNodeValue((String) eIdentifier);
+
+ //build personal identifier which looks like a baseID
+// String fakeBaseID = new BPKBuilder().buildBPK(eIdentifier, "baseID");
+// Logger.info("Map eIDAS eIdentifier:" + eIdentifier + " to fake baseID:" + fakeBaseID);
+// prIdentification.getFirstChild().setNodeValue(fakeBaseID);
// - set last name
- Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
- if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))
+ Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
+ Object familyName = eIDASAttributes.getFirstValue(
+ SAMLEngineUtils.getMapOfAllAvailableAttributes().get(
+ Constants.eIDAS_ATTR_CURRENTFAMILYNAME));
+ if (familyName == null || !(familyName instanceof String))
throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME);
- String familyName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME).getValue().get(0);
- prFamilyName.getFirstChild().setNodeValue(familyName);
+ prFamilyName.getFirstChild().setNodeValue((String) familyName);
// - set first name
Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
- if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTGIVENNAME))
+ Object givenName = eIDASAttributes.getFirstValue(
+ SAMLEngineUtils.getMapOfAllAvailableAttributes().get(
+ Constants.eIDAS_ATTR_CURRENTGIVENNAME));
+ if (givenName == null || !(givenName instanceof String))
throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME);
- String givenName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME).getValue().get(0);
- prGivenName.getFirstChild().setNodeValue(givenName);
+ prGivenName.getFirstChild().setNodeValue((String) givenName);
// - set date of birth
- Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
- if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_DATEOFBIRTH))
+ Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
+ Object dateOfBirth = eIDASAttributes.getFirstValue(
+ SAMLEngineUtils.getMapOfAllAvailableAttributes().get(
+ Constants.eIDAS_ATTR_DATEOFBIRTH));
+ if (dateOfBirth == null || !(dateOfBirth instanceof DateTime))
throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH);
- String dateOfBirth = eIDASAttributes.get(Constants.eIDAS_ATTR_DATEOFBIRTH).getValue().get(0);
- dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(new SimpleDateFormat("yyyyMMdd").parse(dateOfBirth));
- prDateOfBirth.getFirstChild().setNodeValue(dateOfBirth);
+
+ String formatedDateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(((DateTime)dateOfBirth).toDate());
+ prDateOfBirth.getFirstChild().setNodeValue(formatedDateOfBirth);
identityLink = new IdentityLinkAssertionParser(idlassertion).parseIdentityLink();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 30c206025..a3fd51c4c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -23,7 +23,9 @@
package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
import java.io.StringWriter;
+import java.util.ArrayList;
import java.util.Collection;
+import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -33,6 +35,11 @@ import org.apache.commons.lang3.StringUtils;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import com.google.common.net.MediaType;
@@ -43,6 +50,7 @@ import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -52,15 +60,17 @@ import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.logging.Logger;
-import eu.eidas.auth.commons.EIDASAuthnRequest;
-import eu.eidas.auth.commons.EIDASUtil;
-import eu.eidas.auth.commons.EidasLoaCompareType;
-import eu.eidas.auth.commons.EidasLoaLevels;
-import eu.eidas.auth.commons.IPersonalAttributeList;
-import eu.eidas.auth.commons.PersonalAttribute;
-import eu.eidas.auth.commons.PersonalAttributeList;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.core.eidas.SPType;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.commons.EidasStringUtil;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.attribute.AttributeDefinition.Builder;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.protocol.IRequestMessage;
+import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance;
+import eu.eidas.auth.commons.protocol.eidas.LevelOfAssuranceComparison;
+import eu.eidas.auth.commons.protocol.eidas.SpType;
+import eu.eidas.auth.commons.protocol.eidas.impl.EidasAuthenticationRequest;
+import eu.eidas.auth.engine.ProtocolEngineI;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
/**
@@ -70,6 +80,8 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
@Component("GenerateAuthnRequestTask")
public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
+ @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
@@ -82,23 +94,59 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
//get service-provider configuration
IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
- // get target country
+ // get target and validate citizen countryCode
String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC);
if (StringUtils.isEmpty(citizenCountryCode)) {
// illegal state; task should not have been executed without a selected country
throw new AuthenticationException("eIDAS.03", new Object[] { "" });
+
}
-
CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode);
if(null == cpeps) {
Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode});
throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode});
}
Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode);
- String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
+
+
+ // select SingleSignOnService Endpoint from eIDAS-node metadata
+ String destination = null;
String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
+ try {
+ EntityDescriptor eIDASNodeMetadata = eIDASMetadataProvider.getEntityDescriptor(metadataUrl);
+ if (eIDASNodeMetadata != null) {
+ SingleSignOnService ssoDescr = selectSingleSignOnServiceFromMetadata(eIDASNodeMetadata);
+ if (ssoDescr != null) {
+ destination = ssoDescr.getLocation();
+ Logger.debug("Use destination URL:" + destination + " from eIDAS metadata:" + metadataUrl);
+
+ } else
+ Logger.warn("eIDAS metadata for node:" + metadataUrl + " has no IDPSSODescriptor or no SingleSignOnService information.");
+
+ } else
+ Logger.warn("No eIDAS metadata for node:" + metadataUrl + " ");
+
+ } catch (MetadataProviderException e) {
+ Logger.warn("Load eIDAS metadata from node:" + metadataUrl + " FAILED with an error.", e);
+
+ }
+ // load SingleSignOnService Endpoint from configuration, if Metadata contains no information
+ // FIXME convenience function for not standard conform metadata
+ if (MiscUtil.isEmpty(destination)) {
+ destination = cpeps.getPepsURL().toString().split(";")[1].trim();
+
+ if (MiscUtil.isNotEmpty(destination))
+ Logger.debug("Use eIDAS node destination URL:" + destination + " from configuration");
+
+ else {
+ Logger.error("No eIDAS-node destination URL FOUND. Request eIDAS node not possible.");
+ throw new MOAIDException("eIDAS.02", new Object[]{"No eIDAS-node Destination-URL FOUND"});
+
+ }
+
+ }
//TODO: switch to entityID
revisionsLogger.logEvent(oaConfig, pendingReq,
@@ -109,50 +157,71 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
Collection<StorkAttribute> attributesFromConfig = oaConfig.getRequestedSTORKAttributes();
// - prepare attribute list
- IPersonalAttributeList pAttList = new PersonalAttributeList();
-
+ ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+
// - fill container
- for (StorkAttribute current : attributesFromConfig) {
- PersonalAttribute newAttribute = new PersonalAttribute();
- newAttribute.setName(current.getName());
-
- boolean globallyMandatory = false;
- for (StorkAttribute currentGlobalAttribute : authConfig.getStorkConfig().getStorkAttributes())
- if (current.getName().equals(currentGlobalAttribute.getName())) {
- globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory());
- break;
- }
-
- newAttribute.setIsRequired(current.getMandatory() || globallyMandatory);
- pAttList.add(newAttribute);
+ List<AttributeDefinition<?>> reqAttrList = new ArrayList<AttributeDefinition<?>>();
+ for (StorkAttribute current : attributesFromConfig) {
+ AttributeDefinition<?> newAttribute = SAMLEngineUtils.getMapOfAllAvailableAttributes().get(current.getName());
+
+ if (newAttribute == null) {
+ Logger.warn("eIDAS attribute with friendlyName:" + current.getName() + " is not supported.");
+
+ } else {
+ boolean globallyMandatory = false;
+ for (StorkAttribute currentGlobalAttribute : authConfig.getStorkConfig().getStorkAttributes())
+ if (current.getName().equals(currentGlobalAttribute.getName())) {
+ globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory());
+ break;
+ }
+
+ Builder<?> attrBuilder = AttributeDefinition.builder(newAttribute).required(current.getMandatory() || globallyMandatory);
+ reqAttrList.add(attrBuilder.build());
+
+ }
}
-
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
-
- //build eIDAS AuthnRequest
- EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
- authnRequest.setProviderName(pendingReq.getAuthURL());
- authnRequest.setPersonalAttributeList(pAttList);
- authnRequest.setIssuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+ //build requested attribute set
+ ImmutableAttributeMap reqAttrMap = new ImmutableAttributeMap.Builder().putAll(reqAttrList).build();
+
+ //build eIDAS AuthnRequest
+ EidasAuthenticationRequest.Builder authnRequestBuilder = new EidasAuthenticationRequest.Builder();
+
+ authnRequestBuilder.id(eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils.generateNCName());
+ authnRequestBuilder.providerName(pendingReq.getAuthURL());
+ String issur = pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+ authnRequestBuilder.issuer(issur);
+ authnRequestBuilder.destination(destination);
+
+ authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT);
- authnRequest.setDestination(destination);
- authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
- authnRequest.setEidasLoA(EidasLoaLevels.LOW.stringValue());
- authnRequest.setEidasLoACompareType(EidasLoaCompareType.MINIMUM.stringValue());
+ //set minimum required eIDAS LoA from OA config
+ authnRequestBuilder.levelOfAssurance(LevelOfAssurance.fromString(oaConfig.getQaaLevel()));
+ authnRequestBuilder.levelOfAssuranceComparison(LevelOfAssuranceComparison.MINIMUM);
//set correct SPType for this online application
if (oaConfig.getBusinessService())
- authnRequest.setSPType("private");
+ authnRequestBuilder.spType(SpType.PRIVATE);
else
- authnRequest.setSPType(SPType.DEFAULT_VALUE);
-
- engine.initRequestedAttributes(pAttList);
- authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
+ authnRequestBuilder.spType(SpType.PUBLIC);
+
+
+ //set service provider (eIDAS node) countryCode
+ authnRequestBuilder.serviceProviderCountryCode(
+ authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"));
+
+ //set citizen country code for foreign uses
+ authnRequestBuilder.citizenCountryCode(cpeps.getCountryCode());
+
+ //add requested attributes
+ authnRequestBuilder.requestedAttributes(reqAttrMap);
+
+
+ IRequestMessage authnRequest = engine.generateRequestMessage(authnRequestBuilder.build(), issur);
//encode AuthnRequest
- byte[] token = authnRequest.getTokenSaml();
- String SAMLRequest = EIDASUtil.encodeSAMLToken(token);
+ byte[] token = authnRequest.getMessageBytes();
+ String SAMLRequest = EidasStringUtil.encodeToBase64(token);
//send
@@ -184,7 +253,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
revisionsLogger.logEvent(oaConfig, pendingReq,
MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED,
- authnRequest.getSamlId());
+ authnRequest.getRequest().getId());
} catch (Exception e) {
Logger.error("Velocity general error: " + e.getMessage());
@@ -206,4 +275,28 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
}
}
+ private SingleSignOnService selectSingleSignOnServiceFromMetadata(EntityDescriptor idpEntity) {
+ //select SingleSignOn Service endpoint from IDP metadata
+ SingleSignOnService endpoint = null;
+ if (idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) == null) {
+ return null;
+
+ }
+
+ for (SingleSignOnService sss :
+ idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
+
+ // use POST binding as default if it exists
+ if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI))
+ endpoint = sss;
+
+// else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)
+// && endpoint == null )
+// endpoint = sss;
+
+ }
+
+ return endpoint;
+ }
+
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index fae06031a..7ba5aee1e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -4,6 +4,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.opensaml.saml2.core.StatusCode;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
@@ -11,9 +12,9 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASResponseNotSuccessException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASResponseNotSuccessException;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -21,14 +22,17 @@ import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-import eu.eidas.auth.commons.EIDASAuthnResponse;
-import eu.eidas.auth.commons.EIDASUtil;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.commons.EidasStringUtil;
+import eu.eidas.auth.commons.protocol.IAuthenticationResponse;
+import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance;
+import eu.eidas.auth.engine.ProtocolEngineI;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
@Component("ReceiveAuthnResponseTask")
public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
+ @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
+
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException {
@@ -45,40 +49,59 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
defaultTaskInitialization(request, executionContext);
//decode SAML response
- byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);
+ byte[] decSamlToken = EidasStringUtil.decodeBytesFromBase64(base64SamlToken);
//get eIDAS SAML-engine
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
-
+ ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+
//validate SAML token
- EIDASAuthnResponse samlResp = engine.validateEIDASAuthnResponse(decSamlToken,
- request.getRemoteHost(), Constants.CONFIG_PROPS_SKEWTIME);
-
- boolean encryptedResponse=engine.isEncryptedSamlResponse(decSamlToken);
- if (encryptedResponse) {
+ IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken,
+ request.getRemoteHost(),
+ Constants.CONFIG_PROPS_SKEWTIME,
+ pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+
+ if (samlResp.isEncrypted()) {
Logger.info("Received encrypted eIDAS SAML-Response.");
//TODO: check if additional decryption operation is required
}
+
//check response StatusCode
if (!samlResp.getStatusCode().equals(StatusCode.SUCCESS_URI)) {
Logger.info("Receice eIDAS Response with StatusCode:" + samlResp.getStatusCode()
- + " Subcode:" + samlResp.getSubStatusCode() + " Msg:" + samlResp.getMessage());
- throw new eIDASResponseNotSuccessException("eIDAS.11", new Object[]{samlResp.getMessage()});
+ + " Subcode:" + samlResp.getSubStatusCode() + " Msg:" + samlResp.getStatusMessage());
+ throw new EIDASResponseNotSuccessException("eIDAS.11", new Object[]{samlResp.getStatusMessage()});
+
+ }
+
+ // **********************************************************
+ // ******* MOA-ID specific response validation **********
+ // **********************************************************
+
+ //validate received LoA against minimum required LoA
+ LevelOfAssurance reqLoA = LevelOfAssurance.fromString(pendingReq.getOnlineApplicationConfiguration().getQaaLevel());
+ LevelOfAssurance respLoA = LevelOfAssurance.fromString(samlResp.getLevelOfAssurance());
+ if (respLoA.numericValue() < reqLoA.numericValue()) {
+ Logger.error("eIDAS Response LevelOfAssurance is lower than the required! "
+ + "(Resp-LoA:" + respLoA.getValue() + " Req-LoA:" + reqLoA.getValue() + ")");
+ throw new MOAIDException("eIDAS.14", new Object[]{respLoA.getValue()});
}
+
- //MOA-ID specific response validation
- //TODO: implement MOA-ID specific response validation
+ // **********************************************************
+ // ******* Store resonse infos into session object **********
+ // **********************************************************
//update MOA-Session data with received information
Logger.debug("Store eIDAS response information into MOA-session.");
- moasession.setQAALevel(samlResp.getAssuranceLevel());
+
+ moasession.setQAALevel(samlResp.getLevelOfAssurance());
moasession.setGenericDataToSession(
AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST,
- new MOAPersonalAttributeList(samlResp.getPersonalAttributeList()));
+ samlResp.getAttributes());
moasession.setGenericDataToSession(
AuthenticationSessionStorageConstants.eIDAS_RESPONSE,
@@ -92,13 +115,16 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED,
- samlResp.getSamlId());
+ samlResp.getId());
+
+ } catch (MOAIDException e) {
+ throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e);
}catch (EIDASSAMLEngineException e) {
Logger.error("eIDAS AuthnRequest generation FAILED.", e);
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
- throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.",
+ throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.",
new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e));
} catch (MOADatabaseException e) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAOrderedAttributeIterator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAOrderedAttributeIterator.java
deleted file mode 100644
index 573163af0..000000000
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAOrderedAttributeIterator.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
-
-import java.util.Iterator;
-import java.util.NoSuchElementException;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-import eu.eidas.auth.commons.PersonalAttribute;
-import eu.eidas.auth.commons.PersonalAttributeList;
-
-
-/**
- * @author tlenz
- *
- */
-public class MOAOrderedAttributeIterator implements Iterator<PersonalAttribute> {
-
- private MOAPersonalAttributeList pal;
- private Iterator<String> keyIterator;
-
- public MOAOrderedAttributeIterator(MOAPersonalAttributeList palArg) {
- this.pal = palArg;
- keyIterator = palArg.getInsertOrder().iterator();
- }
-
- @Override
- public boolean hasNext() {
- return keyIterator.hasNext();
- }
-
- @Override
- public PersonalAttribute next() {
- if (!hasNext()) {
- throw new NoSuchElementException();
- }
- return pal.get(keyIterator.next());
- }
-
- @Override
- public void remove() {
- Logger.error("Not implemented");
- }
-
-}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAPersonalAttributeList.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAPersonalAttributeList.java
deleted file mode 100644
index 5cc100b70..000000000
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAPersonalAttributeList.java
+++ /dev/null
@@ -1,343 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
-
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.StringTokenizer;
-import java.util.concurrent.ConcurrentHashMap;
-
-import org.apache.commons.lang.StringUtils;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-import eu.eidas.auth.commons.AttributeConstants;
-import eu.eidas.auth.commons.AttributeUtil;
-import eu.eidas.auth.commons.EIDASErrors;
-import eu.eidas.auth.commons.EIDASParameters;
-import eu.eidas.auth.commons.EIDASUtil;
-import eu.eidas.auth.commons.EIDASValues;
-import eu.eidas.auth.commons.IPersonalAttributeList;
-import eu.eidas.auth.commons.PersonalAttribute;
-import eu.eidas.auth.commons.exceptions.InternalErrorEIDASException;
-
-/**
- * @author tlenz
- *
- */
-public final class MOAPersonalAttributeList extends
- ConcurrentHashMap<String, PersonalAttribute> implements IPersonalAttributeList {
-
- /**
- *
- */
- private static final long serialVersionUID = -4488124133022713089L;
-
- public MOAPersonalAttributeList(IPersonalAttributeList eIDASAttributeList) {
- super();
- Iterator<PersonalAttribute> element = eIDASAttributeList.iterator();
- while(element.hasNext())
- add(element.next());
-
- }
-
- /**
- * Hash with the latest fetched attribute name alias.
- */
- private Map<String, Integer> latestAttrAlias =
- new HashMap<String, Integer>();
-
- /**
- * Hash with mapping number of alias or the attribute name.
- */
- private Map<String, Integer> attrAliasNumber =
- new HashMap<String, Integer>();
- private List<String> insertOrder = new ArrayList<String>();
-
- /**
- * Obtain the insertOrder Collection
- *
- * @return defensive copy of the collection
- */
- List<String> getInsertOrder() {
- return Collections.unmodifiableList(this.insertOrder);
- }
-
- /**
- * Default constructor.
- */
- public MOAPersonalAttributeList() {
- super();
-
- }
-
- /**
- * Constructor with initial capacity for the PersonalAttributeList size.
- *
- * @param capacity The initial capacity for the PersonalAttributeList.
- */
- public MOAPersonalAttributeList(final int capacity) {
- super(capacity);
- }
-
- /**
- * {@inheritDoc}
- */
- public Iterator<PersonalAttribute> iterator() {
- return new MOAOrderedAttributeIterator(this);
- }
-
- /**
- * {@inheritDoc}
- */
- public PersonalAttribute get(final Object key) {
- String attrName = (String) key;
-
- if (this.latestAttrAlias == null)
- this.latestAttrAlias = new HashMap<String, Integer>();
-
- if (this.attrAliasNumber == null)
- this.attrAliasNumber = new HashMap<String, Integer>();
-
- if (this.latestAttrAlias.containsKey(key)) {
- attrName = attrName + this.latestAttrAlias.get(key);
- } else {
- if (this.attrAliasNumber.containsKey(key)) {
- this.latestAttrAlias.put(attrName, this.attrAliasNumber.get(key));
- }
- }
- return super.get(attrName);
- }
-
- /**
- * {@inheritDoc}
- */
- public void add(final PersonalAttribute value) {
- if (value != null) {
- this.put(value.getName(), value);
- }
- }
-
- /**
- * {@inheritDoc}
- */
- public PersonalAttribute put(final String key, final PersonalAttribute val) {
- if (StringUtils.isNotEmpty(key) && val != null) {
- // Validate if attribute name already exists!
- String attrAlias = key;
- if (this.containsKey(attrAlias)) {
- if (this.attrAliasNumber == null)
- this.attrAliasNumber = new HashMap<String, Integer>();
- if (!val.isEmptyValue() && StringUtils.isNumeric(val.getValue().get(0))) {
- final String attrValue = val.getValue().get(0);
- attrAlias = key + attrValue;
- this.attrAliasNumber.put(key, Integer.valueOf(attrValue));
- } else {
- final PersonalAttribute attr = super.get(key);
- if (!attr.isEmptyValue()
- && StringUtils.isNumeric(attr.getValue().get(0))) {
- attrAlias = key + attr.getValue().get(0);
- super.put(key, (PersonalAttribute) attr);
- this.attrAliasNumber.put(key, null);
- }
- }
- } else {
- if (insertOrder == null)
- insertOrder = new ArrayList<String>();
-
- insertOrder.add(key);
- }
- return super.put(attrAlias, val);
- } else {
- return null;
- }
- }
-
- @Override
- public PersonalAttribute remove(Object key) {
- insertOrder.remove(key);
- return super.remove(key);
- }
-
- /**
- * {@inheritDoc}
- */
- public void populate(final String attrList) {
- final StringTokenizer strToken =
- new StringTokenizer(attrList, EIDASValues.ATTRIBUTE_SEP.toString());
-
- while (strToken.hasMoreTokens()) {
- final PersonalAttribute persAttr = new PersonalAttribute();
- String[] tuples =
- strToken.nextToken().split(EIDASValues.ATTRIBUTE_TUPLE_SEP.toString(),
- AttributeConstants.NUMBER_TUPLES.intValue());
-
- // Convert to the new format if needed!
- tuples = convertFormat(tuples);
-
- if (AttributeUtil.hasValidTuples(tuples)) {
- final int attrValueIndex =
- AttributeConstants.ATTR_VALUE_INDEX.intValue();
- final String tmpAttrValue =
- tuples[attrValueIndex].substring(1,
- tuples[attrValueIndex].length() - 1);
- final String[] vals =
- tmpAttrValue.split(EIDASValues.ATTRIBUTE_VALUE_SEP.toString());
-
- persAttr.setName(tuples[AttributeConstants.ATTR_NAME_INDEX.intValue()]);
- persAttr.setIsRequired(Boolean
- .valueOf(tuples[AttributeConstants.ATTR_TYPE_INDEX.intValue()]));
- // check if it is a complex value
- if (tuples[AttributeConstants.ATTR_NAME_INDEX.intValue()]
- .equals(EIDASParameters.COMPLEX_ADDRESS_VALUE.toString())) {
- persAttr.setComplexValue(createComplexValue(vals));
- } else {
- persAttr.setValue(createValues(vals));
- }
-
- if (tuples.length == AttributeConstants.NUMBER_TUPLES.intValue()) {
- persAttr.setStatus(tuples[AttributeConstants.ATTR_STATUS_INDEX
- .intValue()]);
- }
- this.put(tuples[AttributeConstants.ATTR_NAME_INDEX.intValue()],
- persAttr);
-
- } else {
- Logger.info("BUSINESS EXCEPTION : Invalid personal attribute list tuples");
- }
-
- }
- }
-
- /**
- * Returns a copy of this <tt>IPersonalAttributeList</tt> instance.
- *
- * @return The copy of this IPersonalAttributeList.
- */
- public Object clone() {
- try {
- MOAPersonalAttributeList theClone= (MOAPersonalAttributeList)super.clone();
- theClone.insertOrder=new ArrayList<String>(insertOrder);
- return theClone;
-
- } catch (CloneNotSupportedException e) {
- throw new InternalErrorEIDASException(
- EIDASUtil.getConfig(EIDASErrors.INTERNAL_ERROR.errorCode()),
- EIDASUtil.getConfig(EIDASErrors.INTERNAL_ERROR.errorMessage()), e);
- }
- }
-
- /**
- * Creates a string in the following format.
- *
- * attrName:attrType:[attrValue1,attrValue2=attrComplexValue]:attrStatus;
- *
- * @return {@inheritDoc}
- */
- @Override
- public String toString() {
- final StringBuilder strBuilder = new StringBuilder();
- final Iterator<String> iteratorInsertOrder = insertOrder.iterator();
- while (iteratorInsertOrder.hasNext()) {
- String key = iteratorInsertOrder.next();
- final PersonalAttribute attr = get(key);
- strBuilder.append(attr.toString());
- if (isNumberAlias(key)) {
- strBuilder.append(get(key).toString());
- }
- }
- return strBuilder.toString();
- }
-
- /**
- * Validates and creates the attribute's complex values.
- *
- * @param values The complex values.
- * @return The {@link Map} with the complex values.
- * @see Map
- */
- private Map<String, String> createComplexValue(final String[] values) {
- final Map<String, String> complexValue = new HashMap<String, String>();
- for (final String val : values) {
- final String[] tVal = val.split("=");
- if (StringUtils.isNotEmpty(val) && tVal.length == 2) {
- complexValue.put(tVal[0], AttributeUtil.unescape(tVal[1]));
- }
- }
- return complexValue;
- }
-
- /**
- * Validates and creates the attribute values.
- *
- * @param vals The attribute values.
- * @return The {@link List} with the attribute values.
- * @see List
- */
- private List<String> createValues(final String[] vals) {
- final List<String> values = new ArrayList<String>();
- for (final String val : vals) {
- if (StringUtils.isNotEmpty(val)) {
- values.add(AttributeUtil.unescape(val));
- }
- }
- return values;
- }
-
- //////////////////
- /**
- * Converts the attribute tuple (attrName:attrType...) to the new format.
- *
- * @param tuples The attribute tuples to convert.
- * @return The attribute tuples in the new format.
- */
- private String[] convertFormat(final String[] tuples) {
- final String[] newFormatTuples =
- new String[AttributeConstants.NUMBER_TUPLES.intValue()];
- if (tuples != null) {
- System.arraycopy(tuples, 0, newFormatTuples, 0, tuples.length);
-
- for (int i = tuples.length; i < newFormatTuples.length; i++) {
- if (i == AttributeConstants.ATTR_VALUE_INDEX.intValue()) {
- newFormatTuples[i] = "[]";
- } else {
- newFormatTuples[i] = "";
- }
- }
- }
- return newFormatTuples;
- }
-
- public boolean isNumberAlias(String key) {
- return this.attrAliasNumber.containsKey(key);
- }
-
-
-
-}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAProtocolEngineFactory.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAProtocolEngineFactory.java
new file mode 100644
index 000000000..f29d2bb65
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAProtocolEngineFactory.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.eidas.auth.engine.ProtocolEngineFactory;
+import eu.eidas.auth.engine.configuration.SamlEngineConfigurationException;
+import eu.eidas.auth.engine.configuration.dom.ProtocolEngineConfigurationFactory;
+import eu.eidas.samlengineconfig.CertificateConfigurationManager;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAProtocolEngineFactory extends ProtocolEngineFactory {
+
+ /**
+ * Initialization-on-demand holder idiom.
+ * <p/>
+ * See item 71 of Effective Java 2nd Edition.
+ * <p/>
+ * See http://en.wikipedia.org/wiki/Initialization-on-demand_holder_idiom.
+ */
+ private static final class LazyHolder {
+
+ private static final MOAProtocolEngineFactory DEFAULT_SAML_ENGINE_FACTORY;
+
+ private static final Exception INITIALIZATION_EXCEPTION;
+
+ static {
+ Exception initializationException = null;
+ MOAProtocolEngineFactory defaultProtocolEngineFactory = null;
+ try {
+ //get eIDAS SAMLengine configuration from MOA-ID configuration
+ CertificateConfigurationManager configManager = new MOAIDCertificateManagerConfigurationImpl();
+
+ ProtocolEngineConfigurationFactory engineConfigurationFactory = new ProtocolEngineConfigurationFactory(configManager);
+ defaultProtocolEngineFactory = new MOAProtocolEngineFactory(engineConfigurationFactory);
+
+ } catch (Exception ex) {
+ initializationException = ex;
+ Logger.error("Unable to instantiate default SAML engines: " + ex, ex);
+
+ }
+
+ DEFAULT_SAML_ENGINE_FACTORY = defaultProtocolEngineFactory;
+ INITIALIZATION_EXCEPTION = initializationException;
+ }
+
+ static MOAProtocolEngineFactory getDefaultSamlEngineFactory() {
+ if (null == INITIALIZATION_EXCEPTION) {
+ return DEFAULT_SAML_ENGINE_FACTORY;
+
+ } else {
+ throw new IllegalStateException(INITIALIZATION_EXCEPTION);
+
+ }
+ }
+ }
+
+
+ public static MOAProtocolEngineFactory getInstance() {
+ return LazyHolder.getDefaultSamlEngineFactory();
+
+ }
+
+ /**
+ * @param configurationFactory
+ * @throws SamlEngineConfigurationException
+ */
+ private MOAProtocolEngineFactory(ProtocolEngineConfigurationFactory configurationFactory)
+ throws SamlEngineConfigurationException {
+ super(configurationFactory);
+
+ }
+
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
new file mode 100644
index 000000000..09c3dff38
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
@@ -0,0 +1,621 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import org.apache.commons.lang.StringUtils;
+import org.joda.time.DateTime;
+import org.joda.time.DurationFieldType;
+import org.opensaml.Configuration;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.common.Extensions;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeValue;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.Company;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration;
+import org.opensaml.saml2.metadata.EmailAddress;
+import org.opensaml.saml2.metadata.EncryptionMethod;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.GivenName;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.KeyDescriptor;
+import org.opensaml.saml2.metadata.LocalizedString;
+import org.opensaml.saml2.metadata.NameIDFormat;
+import org.opensaml.saml2.metadata.Organization;
+import org.opensaml.saml2.metadata.OrganizationDisplayName;
+import org.opensaml.saml2.metadata.OrganizationURL;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.SSODescriptor;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.SurName;
+import org.opensaml.saml2.metadata.TelephoneNumber;
+import org.opensaml.samlext.saml2mdattr.EntityAttributes;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.schema.impl.XSStringBuilder;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
+import org.opensaml.xml.signature.KeyInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.collect.ImmutableSortedSet;
+import com.google.common.collect.Ordering;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.commons.EidasStringUtil;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.protocol.impl.SamlNameIdFormat;
+import eu.eidas.auth.commons.xml.opensaml.OpenSamlHelper;
+import eu.eidas.auth.engine.ProtocolEngineI;
+import eu.eidas.auth.engine.core.SAMLExtensionFormat;
+import eu.eidas.auth.engine.core.eidas.DigestMethod;
+import eu.eidas.auth.engine.core.eidas.EidasConstants;
+import eu.eidas.auth.engine.core.eidas.SPType;
+import eu.eidas.auth.engine.core.eidas.SigningMethod;
+import eu.eidas.auth.engine.metadata.Contact;
+import eu.eidas.auth.engine.metadata.EntityDescriptorContainer;
+import eu.eidas.auth.engine.metadata.MetadataConfigParams;
+import eu.eidas.auth.engine.metadata.MetadataGenerator;
+import eu.eidas.auth.engine.metadata.MetadataSignerI;
+import eu.eidas.auth.engine.xml.opensaml.BuilderFactoryUtil;
+import eu.eidas.auth.engine.xml.opensaml.CertificateUtil;
+import eu.eidas.encryption.exception.UnmarshallException;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
+import eu.eidas.engine.exceptions.SAMLEngineException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDASMetadataGenerator extends MetadataGenerator {
+ private static final Logger LOGGER = LoggerFactory.getLogger(MetadataGenerator.class.getName());
+
+ MetadataConfigParams params;
+
+ XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
+
+ SPSSODescriptor spSSODescriptor = null;
+
+ IDPSSODescriptor idpSSODescriptor = null;
+
+ private String ssoLocation;
+
+ /**
+ * @return a String representation of the entityDescriptr built based on the attributes previously set
+ */
+ public String generateMetadata() throws EIDASSAMLEngineException {
+ EntityDescriptor entityDescriptor;
+ try {
+ entityDescriptor = (EntityDescriptor) builderFactory.getBuilder(EntityDescriptor.DEFAULT_ELEMENT_NAME)
+ .buildObject(EntityDescriptor.DEFAULT_ELEMENT_NAME);
+
+ entityDescriptor.setEntityID(params.getEntityID());
+ entityDescriptor.setOrganization(buildOrganization());
+ entityDescriptor.getContactPersons().add(buildContact(ContactPersonTypeEnumeration.SUPPORT));
+ entityDescriptor.getContactPersons().add(buildContact(ContactPersonTypeEnumeration.TECHNICAL));
+ entityDescriptor.setValidUntil(getExpireDate());
+
+ X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
+ keyInfoGeneratorFactory.setEmitEntityCertificate(true);
+ Extensions e = generateExtensions();
+ if (!e.getUnknownXMLObjects().isEmpty()) {
+ entityDescriptor.setExtensions(e);
+ }
+ if (spSSODescriptor != null) {
+ generateSPSSODescriptor(entityDescriptor, keyInfoGeneratorFactory);
+ }
+ if (idpSSODescriptor != null) {
+ generateIDPSSODescriptor(entityDescriptor, keyInfoGeneratorFactory);
+ }
+ if (params.getSpEngine() != null) {
+ ProtocolEngineI spEngine = params.getSpEngine();
+ ((MetadataSignerI) spEngine.getSigner()).signMetadata(entityDescriptor);
+ } else if (params.getIdpEngine() != null) {
+ ProtocolEngineI idpEngine = params.getIdpEngine();
+ ((MetadataSignerI) idpEngine.getSigner()).signMetadata(entityDescriptor);
+ }
+ return EidasStringUtil.toString(OpenSamlHelper.marshall(entityDescriptor, false));
+ } catch (Exception ex) {
+ LOGGER.info("ERROR : SAMLException ", ex.getMessage());
+ LOGGER.debug("ERROR : SAMLException ", ex);
+ throw new IllegalStateException(ex);
+ }
+ }
+
+ private void generateSPSSODescriptor(final EntityDescriptor entityDescriptor,
+ final X509KeyInfoGeneratorFactory keyInfoGeneratorFactory)
+ throws org.opensaml.xml.security.SecurityException, IllegalAccessException, NoSuchFieldException,
+ SAMLEngineException, EIDASSAMLEngineException {
+ //the node has SP role
+ spSSODescriptor.setWantAssertionsSigned(params.isWantAssertionsSigned());
+ spSSODescriptor.setAuthnRequestsSigned(true);
+ spSSODescriptor.setID(idpSSODescriptor == null ? params.getEntityID()
+ : ("SP" + params.getEntityID()));
+ if (params.getSPSignature() != null) {
+ spSSODescriptor.setSignature(params.getSPSignature());
+ }
+ if (params.getSpSigningCredential() != null) {
+ spSSODescriptor.getKeyDescriptors()
+ .add(getKeyDescriptor(keyInfoGeneratorFactory, params.getSpSigningCredential(), UsageType.SIGNING));
+
+ } else if (params.getSigningCredential() != null) {
+ spSSODescriptor.getKeyDescriptors()
+ .add(getKeyDescriptor(keyInfoGeneratorFactory, params.getSigningCredential(), UsageType.SIGNING));
+ }
+
+ if (params.getSpEncryptionCredential() != null) {
+ spSSODescriptor.getKeyDescriptors()
+ .add(getKeyDescriptor(keyInfoGeneratorFactory, params.getSpEncryptionCredential(),
+ UsageType.ENCRYPTION));
+ } else if (params.getEncryptionCredential() != null) {
+ spSSODescriptor.getKeyDescriptors()
+ .add(getKeyDescriptor(keyInfoGeneratorFactory, params.getEncryptionCredential(), UsageType.ENCRYPTION));
+ }
+ spSSODescriptor.addSupportedProtocol(params.getSpSamlProtocol());
+ if (!StringUtils.isEmpty(params.getAssertionConsumerUrl())) {
+ addAssertionConsumerService();
+ }
+ fillNameIDFormat(spSSODescriptor);
+ if (params.getSpEngine() != null) {
+ ProtocolEngineI spEngine = params.getSpEngine();
+ ((MetadataSignerI) spEngine.getSigner()).signMetadata(spSSODescriptor);
+ }
+ entityDescriptor.getRoleDescriptors().add(spSSODescriptor);
+
+ }
+
+ private void fillNameIDFormat(SSODescriptor ssoDescriptor) throws EIDASSAMLEngineException {
+ NameIDFormat persistentFormat =
+ (NameIDFormat) BuilderFactoryUtil.buildXmlObject(NameIDFormat.DEFAULT_ELEMENT_NAME);
+ persistentFormat.setFormat(SamlNameIdFormat.PERSISTENT.getNameIdFormat());
+ ssoDescriptor.getNameIDFormats().add(persistentFormat);
+ NameIDFormat transientFormat =
+ (NameIDFormat) BuilderFactoryUtil.buildXmlObject(NameIDFormat.DEFAULT_ELEMENT_NAME);
+ transientFormat.setFormat(SamlNameIdFormat.TRANSIENT.getNameIdFormat());
+ ssoDescriptor.getNameIDFormats().add(transientFormat);
+ NameIDFormat unspecifiedFormat =
+ (NameIDFormat) BuilderFactoryUtil.buildXmlObject(NameIDFormat.DEFAULT_ELEMENT_NAME);
+ unspecifiedFormat.setFormat(SamlNameIdFormat.UNSPECIFIED.getNameIdFormat());
+ ssoDescriptor.getNameIDFormats().add(unspecifiedFormat);
+ }
+
+ private void generateIDPSSODescriptor(final EntityDescriptor entityDescriptor,
+ final X509KeyInfoGeneratorFactory keyInfoGeneratorFactory)
+ throws org.opensaml.xml.security.SecurityException, IllegalAccessException, NoSuchFieldException,
+ SAMLEngineException, EIDASSAMLEngineException {
+ //the node has IDP role
+ idpSSODescriptor.setWantAuthnRequestsSigned(true);
+ idpSSODescriptor.setID(spSSODescriptor == null ? params.getEntityID()
+ : ("IDP" + params.getEntityID()));
+ if (params.getIDPSignature() != null) {
+ idpSSODescriptor.setSignature(params.getIDPSignature());
+ }
+ if (params.getIdpSigningCredential() != null) {
+ idpSSODescriptor.getKeyDescriptors()
+ .add(getKeyDescriptor(keyInfoGeneratorFactory, params.getIdpSigningCredential(), UsageType.SIGNING));
+ } else if (params.getSigningCredential() != null) {
+ idpSSODescriptor.getKeyDescriptors()
+ .add(getKeyDescriptor(keyInfoGeneratorFactory, params.getSigningCredential(), UsageType.SIGNING));
+ }
+ if (params.getIdpEncryptionCredential() != null) {
+ idpSSODescriptor.getKeyDescriptors()
+ .add(getKeyDescriptor(keyInfoGeneratorFactory, params.getIdpEncryptionCredential(),
+ UsageType.ENCRYPTION));
+ } else if (params.getEncryptionCredential() != null) {
+ idpSSODescriptor.getKeyDescriptors()
+ .add(getKeyDescriptor(keyInfoGeneratorFactory, params.getEncryptionCredential(), UsageType.ENCRYPTION));
+ }
+ idpSSODescriptor.addSupportedProtocol(params.getIdpSamlProtocol());
+ fillNameIDFormat(idpSSODescriptor);
+ if (params.getIdpEngine() != null) {
+ if (params.getIdpEngine().getProtocolProcessor() != null
+ && params.getIdpEngine().getProtocolProcessor().getFormat() == SAMLExtensionFormat.EIDAS10) {
+
+ /*TODO: Only a work-around to add eIDAS attributes, which could be provided from MOA-ID, to IDP metadata
+ * If we restrict the eIDAS Engine attribute definitions then also additional incoming attributes can not processed any more.
+ *
+ * INFO: Maybe, this code can be removed in a future version of the eIDAS engine
+ */
+ generateSupportedAttributes(idpSSODescriptor, getAllSupportedAttributes());
+ }
+ ProtocolEngineI idpEngine = params.getIdpEngine();
+ ((MetadataSignerI) idpEngine.getSigner()).signMetadata(idpSSODescriptor);
+ }
+
+ idpSSODescriptor.getSingleSignOnServices().addAll(buildSingleSignOnServicesBindingLocations());
+
+ entityDescriptor.getRoleDescriptors().add(idpSSODescriptor);
+
+ }
+
+ /*TODO: Only a work-around to add eIDAS attributes, which could be provided from MOA-ID, to IDP metadata
+ * If we restrict the eIDAS Engine attribute definitions then also additional incoming attributes can not processed any more.
+ */
+ public ImmutableSortedSet<AttributeDefinition<?>> getAllSupportedAttributes() {
+ ImmutableSortedSet.Builder<AttributeDefinition<?>> builder =
+ new ImmutableSortedSet.Builder<>(Ordering.<AttributeDefinition<?>>natural());
+ builder.addAll(Constants.MOA_IDP_ATTR_REGISTRY.getAttributes());
+ return builder.build();
+ }
+
+ private ArrayList<SingleSignOnService> buildSingleSignOnServicesBindingLocations()
+ throws NoSuchFieldException, IllegalAccessException {
+ ArrayList<SingleSignOnService> singleSignOnServices = new ArrayList<SingleSignOnService>();
+
+ HashMap<String, String> bindingLocations = params.getProtocolBindingLocation();
+ for (String binding : bindingLocations.keySet()) {
+ SingleSignOnService ssos = BuilderFactoryUtil.buildXmlObject(SingleSignOnService.class);
+ ssos.setBinding(binding);
+ ssos.setLocation(bindingLocations.get(binding));
+ singleSignOnServices.add(ssos);
+ }
+
+ return singleSignOnServices;
+ }
+
+ /**
+ * @param metadata
+ * @return an EntityDescriptor parsed from the given String or null
+ */
+ // TODO (commented by donydgr) Move to a eu.eidas.auth.engine.metadata.MetadataUtil ? Throw an exception if the metadata is invalid instead of returning null ?
+ public static EntityDescriptorContainer deserializeEntityDescriptor(String metadata) {
+ EntityDescriptorContainer result = new EntityDescriptorContainer();
+ try {
+ byte[] metaDataBytes = EidasStringUtil.getBytes(metadata);
+ XMLObject obj = OpenSamlHelper.unmarshall(metaDataBytes);
+ if (obj instanceof EntityDescriptor) {
+ result.addEntityDescriptor((EntityDescriptor) obj, metaDataBytes);
+ } else if (obj instanceof EntitiesDescriptor) {
+ EntitiesDescriptor ed = (EntitiesDescriptor) obj;
+ result.setEntitiesDescriptor(ed);
+ result.getEntityDescriptors().addAll(((EntitiesDescriptor) obj).getEntityDescriptors());
+ result.setSerializedEntitesDescriptor(metaDataBytes);
+ }
+ } catch (UnmarshallException ue) {
+ LOGGER.info("ERROR : unmarshalling error", ue.getMessage());
+ LOGGER.debug("ERROR : unmarshalling error", ue);
+ }
+ return result;
+ }
+
+ private KeyDescriptor getKeyDescriptor(X509KeyInfoGeneratorFactory keyInfoGeneratorFactory,
+ Credential credential,
+ UsageType usage)
+ throws NoSuchFieldException, IllegalAccessException, SecurityException, EIDASSAMLEngineException {
+ KeyDescriptor keyDescriptor = null;
+ if (credential != null) {
+ keyDescriptor = BuilderFactoryUtil.buildXmlObject(KeyDescriptor.class);
+ KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance();
+
+ KeyInfo keyInfo = keyInfoGenerator.generate(credential);
+ keyDescriptor.setUse(usage);
+ keyDescriptor.setKeyInfo(keyInfo);
+ if (usage == UsageType.ENCRYPTION && params.getEncryptionAlgorithms() != null) {
+ Set<String> encryptionAlgos = EIDASUtil.parseSemicolonSeparatedList(params.getEncryptionAlgorithms());
+ for (String encryptionAlgo : encryptionAlgos) {
+ EncryptionMethod em =
+ (EncryptionMethod) BuilderFactoryUtil.buildXmlObject(EncryptionMethod.DEFAULT_ELEMENT_NAME);
+ em.setAlgorithm(encryptionAlgo);
+ keyDescriptor.getEncryptionMethods().add(em);
+ }
+ }
+
+ }
+ return keyDescriptor;
+ }
+
+ private Organization buildOrganization() {
+ Organization organization = null;
+ try {
+ organization = BuilderFactoryUtil.buildXmlObject(Organization.class);
+ OrganizationDisplayName odn = BuilderFactoryUtil.buildXmlObject(OrganizationDisplayName.class);
+ odn.setName(new LocalizedString(params.getCountryName(), "en"));
+ organization.getDisplayNames().add(odn);
+ OrganizationURL url = BuilderFactoryUtil.buildXmlObject(OrganizationURL.class);
+ url.setURL(new LocalizedString(params.getNodeUrl(), "en"));
+ organization.getURLs().add(url);
+ } catch (IllegalAccessException iae) {
+ LOGGER.info("ERROR : error generating the Organization: {}", iae.getMessage());
+ LOGGER.debug("ERROR : error generating the Organization: {}", iae);
+ } catch (NoSuchFieldException nfe) {
+ LOGGER.info("ERROR : error generating the Organization: {}", nfe.getMessage());
+ LOGGER.debug("ERROR : error generating the Organization: {}", nfe);
+ }
+ return organization;
+ }
+
+ private ContactPerson buildContact(ContactPersonTypeEnumeration contactType) {
+ ContactPerson contact = null;
+ try {
+ Contact currentContact = null;
+ if (contactType == ContactPersonTypeEnumeration.SUPPORT) {
+ currentContact = params.getSupportContact();
+ } else if (contactType == ContactPersonTypeEnumeration.TECHNICAL) {
+ currentContact = params.getTechnicalContact();
+ } else {
+ LOGGER.error("ERROR: unsupported contact type");
+ }
+ contact = BuilderFactoryUtil.buildXmlObject(ContactPerson.class);
+ if (currentContact == null) {
+ LOGGER.error("ERROR: cannot retrieve contact from the configuration");
+ return contact;
+ }
+
+ EmailAddress emailAddressObj = BuilderFactoryUtil.buildXmlObject(EmailAddress.class);
+ Company company = BuilderFactoryUtil.buildXmlObject(Company.class);
+ GivenName givenName = BuilderFactoryUtil.buildXmlObject(GivenName.class);
+ SurName surName = BuilderFactoryUtil.buildXmlObject(SurName.class);
+ TelephoneNumber phoneNumber = BuilderFactoryUtil.buildXmlObject(TelephoneNumber.class);
+ contact.setType(contactType);
+ emailAddressObj.setAddress(currentContact.getEmail());
+ company.setName(currentContact.getCompany());
+ givenName.setName(currentContact.getGivenName());
+ surName.setName(currentContact.getSurName());
+ phoneNumber.setNumber(currentContact.getPhone());
+
+ populateContact(contact, currentContact, emailAddressObj, company, givenName, surName, phoneNumber);
+
+ } catch (IllegalAccessException iae) {
+ LOGGER.info("ERROR : error generating the Organization: {}", iae.getMessage());
+ LOGGER.debug("ERROR : error generating the Organization: {}", iae);
+ } catch (NoSuchFieldException nfe) {
+ LOGGER.info("ERROR : error generating the Organization: {}", nfe.getMessage());
+ LOGGER.debug("ERROR : error generating the Organization: {}", nfe);
+ }
+ return contact;
+ }
+
+ private void populateContact(ContactPerson contact,
+ Contact currentContact,
+ EmailAddress emailAddressObj,
+ Company company,
+ GivenName givenName,
+ SurName surName,
+ TelephoneNumber phoneNumber) {
+ if (!StringUtils.isEmpty(currentContact.getEmail())) {
+ contact.getEmailAddresses().add(emailAddressObj);
+ }
+ if (!StringUtils.isEmpty(currentContact.getCompany())) {
+ contact.setCompany(company);
+ }
+ if (!StringUtils.isEmpty(currentContact.getGivenName())) {
+ contact.setGivenName(givenName);
+ }
+ if (!StringUtils.isEmpty(currentContact.getSurName())) {
+ contact.setSurName(surName);
+ }
+ if (!StringUtils.isEmpty(currentContact.getPhone())) {
+ contact.getTelephoneNumbers().add(phoneNumber);
+ }
+
+ }
+
+ /**
+ * @param engine a EIDASSamlEngine from which signing and encryption information is extracted
+ */
+
+ public void initialize(ProtocolEngineI engine) throws EIDASSAMLEngineException {
+
+ X509Certificate decryptionCertificate = engine.getDecryptionCertificate();
+ if (null != decryptionCertificate) {
+ params.setEncryptionCredential(CertificateUtil.toCredential(decryptionCertificate));
+ }
+ params.setSigningCredential(CertificateUtil.toCredential(engine.getSigningCertificate()));
+ params.setIdpEngine(engine);
+ params.setSpEngine(engine);
+ }
+
+ /**
+ * @param spEngine a EIDASSamlEngine for the
+ */
+
+ public void initialize(ProtocolEngineI spEngine, ProtocolEngineI idpEngine) throws EIDASSAMLEngineException {
+ if (idpEngine != null) {
+ idpEngine.getProtocolProcessor().configure();
+ params.setIdpSigningCredential(CertificateUtil.toCredential(idpEngine.getSigningCertificate()));
+
+ final X509Certificate idpEngineDecryptionCertificate = idpEngine.getDecryptionCertificate();
+ if (idpEngineDecryptionCertificate != null) {
+ params.setIdpEncryptionCredential(CertificateUtil.toCredential(idpEngineDecryptionCertificate));
+ }
+
+ }
+ if (spEngine != null) {
+ spEngine.getProtocolProcessor().configure();
+ params.setSpSigningCredential(CertificateUtil.toCredential(spEngine.getSigningCertificate()));
+
+ final X509Certificate spEngineDecryptionCertificate = spEngine.getDecryptionCertificate();
+ if (spEngineDecryptionCertificate != null) {
+ params.setSpEncryptionCredential(CertificateUtil.toCredential(spEngineDecryptionCertificate));
+ }
+ }
+
+ params.setIdpEngine(idpEngine);
+ params.setSpEngine(spEngine);
+ }
+
+ public void addSPRole() throws EIDASSAMLEngineException {
+ try {
+ if (spSSODescriptor == null) {
+ spSSODescriptor = BuilderFactoryUtil.buildXmlObject(SPSSODescriptor.class);
+ }
+ } catch (IllegalAccessException iae) {
+ throw new EIDASSAMLEngineException(iae);
+ } catch (NoSuchFieldException nsfe) {
+ throw new EIDASSAMLEngineException(nsfe);
+ }
+ }
+
+ public void addIDPRole() throws EIDASSAMLEngineException {
+ try {
+ if (idpSSODescriptor == null) {
+ idpSSODescriptor = BuilderFactoryUtil.buildXmlObject(IDPSSODescriptor.class);
+ }
+ } catch (IllegalAccessException iae) {
+ throw new EIDASSAMLEngineException(iae);
+ } catch (NoSuchFieldException nsfe) {
+ throw new EIDASSAMLEngineException(nsfe);
+ }
+ }
+
+ private void generateDigest(Extensions eidasExtensions) throws EIDASSAMLEngineException {
+ if (!StringUtils.isEmpty(params.getDigestMethods())) {
+ Set<String> signatureMethods = EIDASUtil.parseSemicolonSeparatedList(params.getDigestMethods());
+ Set<String> digestMethods = new HashSet<String>();
+ for (String signatureMethod : signatureMethods) {
+ digestMethods.add(CertificateUtil.validateDigestAlgorithm(signatureMethod));
+ }
+ for (String digestMethod : digestMethods) {
+ final DigestMethod dm = (DigestMethod) BuilderFactoryUtil.buildXmlObject(DigestMethod.DEF_ELEMENT_NAME);
+ if (dm != null) {
+ dm.setAlgorithm(digestMethod);
+ eidasExtensions.getUnknownXMLObjects().add(dm);
+ } else {
+ LOGGER.info("BUSINESS EXCEPTION error adding DigestMethod extension");
+ }
+ }
+ }
+
+ }
+
+ private Extensions generateExtensions() throws EIDASSAMLEngineException {
+ Extensions eidasExtensions = BuilderFactoryUtil.generateExtension();
+ if (params.getAssuranceLevel() != null) {
+ generateLoA(eidasExtensions);
+ }
+ if (!StringUtils.isEmpty(params.getSpType())) {
+ final SPType spTypeObj = (SPType) BuilderFactoryUtil.buildXmlObject(SPType.DEF_ELEMENT_NAME);
+ if (spTypeObj != null) {
+ spTypeObj.setSPType(params.getSpType());
+ eidasExtensions.getUnknownXMLObjects().add(spTypeObj);
+ } else {
+ LOGGER.info("BUSINESS EXCEPTION error adding SPType extension");
+ }
+ }
+ generateDigest(eidasExtensions);
+
+ if (!StringUtils.isEmpty(params.getSigningMethods())) {
+ Set<String> signMethods = EIDASUtil.parseSemicolonSeparatedList(params.getDigestMethods());
+ for (String signMethod : signMethods) {
+ final SigningMethod sm =
+ (SigningMethod) BuilderFactoryUtil.buildXmlObject(SigningMethod.DEF_ELEMENT_NAME);
+ if (sm != null) {
+ sm.setAlgorithm(signMethod);
+ eidasExtensions.getUnknownXMLObjects().add(sm);
+ } else {
+ LOGGER.info("BUSINESS EXCEPTION error adding SigningMethod extension");
+ }
+ }
+ }
+ return eidasExtensions;
+ }
+
+ private void generateLoA(Extensions eidasExtensions) throws EIDASSAMLEngineException {
+ EntityAttributes loa =
+ (EntityAttributes) BuilderFactoryUtil.buildXmlObject(EntityAttributes.DEFAULT_ELEMENT_NAME);
+ Attribute loaAttrib = (Attribute) BuilderFactoryUtil.buildXmlObject(Attribute.DEFAULT_ELEMENT_NAME);
+ loaAttrib.setName(EidasConstants.LEVEL_OF_ASSURANCE_NAME);
+ loaAttrib.setNameFormat(Attribute.URI_REFERENCE);
+ XSStringBuilder stringBuilder =
+ (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
+ XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
+ stringValue.setValue(params.getAssuranceLevel());
+ loaAttrib.getAttributeValues().add(stringValue);
+ loa.getAttributes().add(loaAttrib);
+ eidasExtensions.getUnknownXMLObjects().add(loa);
+
+ }
+
+ private static final Set<String> DEFAULT_BINDING = new HashSet<String>() {{
+ this.add(SAMLConstants.SAML2_POST_BINDING_URI);
+ }};
+
+ private void addAssertionConsumerService() throws EIDASSAMLEngineException {
+ int index = 0;
+ Set<String> bindings = params.getProtocolBinding().isEmpty() ? DEFAULT_BINDING : params.getProtocolBinding();
+ for (String binding : bindings) {
+ AssertionConsumerService asc = (AssertionConsumerService) BuilderFactoryUtil.buildXmlObject(
+ AssertionConsumerService.DEFAULT_ELEMENT_NAME);
+ asc.setLocation(params.getAssertionConsumerUrl());
+ asc.setBinding(checkBinding(binding));
+ asc.setIndex(index);
+ if (index == 0) {
+ asc.setIsDefault(true);
+ }
+ index++;
+ spSSODescriptor.getAssertionConsumerServices().add(asc);
+ }
+ }
+
+ private String checkBinding(String binding) {
+ if (binding != null && (binding.equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) || binding.equals(
+ SAMLConstants.SAML2_POST_BINDING_URI))) {
+ return binding;
+ }
+ return SAMLConstants.SAML2_POST_BINDING_URI;
+ }
+
+ private DateTime getExpireDate() {
+ DateTime expiryDate = DateTime.now();
+ expiryDate =
+ expiryDate.withFieldAdded(DurationFieldType.seconds(), (int) (getConfigParams().getValidityDuration()));
+ return expiryDate;
+ }
+
+ private void generateSupportedAttributes(IDPSSODescriptor idpssoDescriptor,
+ ImmutableSortedSet<AttributeDefinition<?>> attributeDefinitions)
+ throws EIDASSAMLEngineException {
+ List<Attribute> attributes = idpssoDescriptor.getAttributes();
+ for (AttributeDefinition<?> attributeDefinition : attributeDefinitions) {
+ Attribute a = (Attribute) BuilderFactoryUtil.buildXmlObject(Attribute.DEFAULT_ELEMENT_NAME);
+ a.setName(attributeDefinition.getNameUri().toASCIIString());
+ a.setFriendlyName(attributeDefinition.getFriendlyName());
+ a.setNameFormat(Attribute.URI_REFERENCE);
+ attributes.add(a);
+ }
+ }
+
+ public MetadataConfigParams getConfigParams() {
+ return params;
+ }
+
+ public void setConfigParams(MetadataConfigParams params) {
+ this.params = params;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index eeb8305cf..b95d4359f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -22,15 +22,22 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+import java.util.HashMap;
+import java.util.Map;
+
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
+import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOASWSigner;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAEidasProtocolProcesser;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
-import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDAsExtensionProcessor;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
import at.gv.egovernment.moa.logging.Logger;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.core.ExtensionProcessorI;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.engine.ProtocolEngineI;
+import eu.eidas.auth.engine.SamlEngineSystemClock;
+import eu.eidas.auth.engine.metadata.MetadataFetcherI;
+import eu.eidas.auth.engine.metadata.MetadataSignerI;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
import eu.eidas.samlengineconfig.CertificateConfigurationManager;
@@ -40,28 +47,36 @@ import eu.eidas.samlengineconfig.CertificateConfigurationManager;
*/
public class SAMLEngineUtils {
- private static EIDASSAMLEngine eIDASEngine = null;
+ private static ProtocolEngineI eIDASEngine = null;
+ private static MetadataSignerI metadataSigner = null;
+ private static MetadataFetcherI metadataFetcher = null;
+ private static Map<String, AttributeDefinition<?>> allSupportedAttributeMap =
+ new HashMap<String, AttributeDefinition<?>>();
- public static synchronized EIDASSAMLEngine createSAMLEngine() throws EIDASEngineException{
+ public static synchronized ProtocolEngineI createSAMLEngine(MOAeIDASChainingMetadataProvider moaeIDASMetadataProvider) throws EIDASEngineException{
if (eIDASEngine == null) {
try {
//get eIDAS SAMLengine configuration from MOA-ID configuration
CertificateConfigurationManager configManager = new MOAIDCertificateManagerConfigurationImpl();
+
+ //set metadata management to eIDAS SAMLengine
+ metadataFetcher = new MOAeIDASMetadataProviderDecorator(moaeIDASMetadataProvider);
+
+ //set metadata signer
+ metadataSigner = new MOASWSigner(configManager);
+
+ //build eIDAS SAML eninge
+ ProtocolEngineI engine = MOAProtocolEngineFactory.createProtocolEngine(
+ Constants.eIDAS_SAML_ENGINE_NAME,
+ configManager,
+ new MOAEidasProtocolProcesser(metadataFetcher, metadataSigner),
+ new SamlEngineSystemClock());
- //initial eIDAS SAMLengine
- EIDASSAMLEngine engine = EIDASSAMLEngine.createSAMLEngine(Constants.eIDAS_SAML_ENGINE_NAME,
- configManager);
-
- //set metadata management to eIDAS SAMLengine
- engine.setMetadataProcessor(
- new MOAeIDASMetadataProviderDecorator(
- MOAeIDASChainingMetadataProvider.getInstance()));
-
- //set MOA specific extension processor
- ExtensionProcessorI extensionProcessor = new MOAeIDAsExtensionProcessor();
- engine.setExtensionProcessor(extensionProcessor);
-
+ //build a map with all actually supported attributes
+ for (AttributeDefinition<?> el : engine.getProtocolProcessor().getAllSupportedAttributes())
+ allSupportedAttributeMap.put(el.getFriendlyName(), el);
+
eIDASEngine = engine;
} catch (EIDASSAMLEngineException e) {
@@ -73,5 +88,45 @@ public class SAMLEngineUtils {
return eIDASEngine;
}
+
+ /**
+ * Get a map of all eIDAS attributes, which are actually supported by eIDAS engine
+ *
+ * @return Map<Attr. FriendlyName, AttributeDefinition>
+ */
+ public static Map<String, AttributeDefinition<?>> getMapOfAllAvailableAttributes() {
+ return allSupportedAttributeMap;
+
+ }
+
+ /**
+ * @return the metadataSigner
+ */
+ public static MetadataSignerI getMetadataSigner() {
+ if (eIDASEngine != null)
+ return metadataSigner;
+
+ else {
+ Logger.error("eIDAS SAMLEngine is not initialized.");
+ return null;
+
+ }
+ }
+
+ /**
+ * @return the metadataFetcher
+ */
+ public static MetadataFetcherI getMetadataFetcher() {
+ if (eIDASEngine != null)
+ return metadataFetcher;
+
+ else {
+ Logger.error("eIDAS SAMLEngine is not initialized.");
+ return null;
+
+ }
+ }
+
+
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java
new file mode 100644
index 000000000..d43fa1622
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SimpleEidasAttributeGenerator implements IAttributeGenerator<String> {
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String)
+ */
+ @Override
+ public String buildStringAttribute(String friendlyName, String name, String value) {
+ return value;
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int)
+ */
+ @Override
+ public String buildIntegerAttribute(String friendlyName, String name, int value) {
+ return String.valueOf(value);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long)
+ */
+ @Override
+ public String buildLongAttribute(String friendlyName, String name, long value) {
+ return String.valueOf(value);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String)
+ */
+ @Override
+ public String buildEmptyAttribute(String friendlyName, String name) {
+ return null;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
index 563c3a18c..7647b4cab 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -2,13 +2,14 @@ package at.gv.egovernment.moa.id.protocols.eidas;
import java.util.Collection;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
-import eu.eidas.auth.commons.EIDASAuthnRequest;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.protocol.IAuthenticationRequest;
@Component("EIDASData")
@Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
@@ -18,10 +19,10 @@ public class EIDASData extends RequestImpl {
private static final long serialVersionUID = 8765755670214923910L;
/** The attributes requested by the eIDaS. */
- private MOAPersonalAttributeList attributes;
+ private ImmutableAttributeMap attributes;
/** The incoming eIDaS SAML2 AuthnRequest. */
- private EIDASAuthnRequest authnRequest;
+ private IAuthenticationRequest authnRequest;
/** The ip address of the requester. */
private String remoteIPAddress;
@@ -29,7 +30,7 @@ public class EIDASData extends RequestImpl {
private String remoteRelayState;
@Override
- public Collection<String> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
// TODO Auto-generated method stub
return null;
}
@@ -39,17 +40,17 @@ public class EIDASData extends RequestImpl {
*
* @return the requested attributes
*/
- public MOAPersonalAttributeList getEidasRequestedAttributes() {
- return (MOAPersonalAttributeList) attributes.clone();
+ public ImmutableAttributeMap getEidasRequestedAttributes() {
+ return attributes;
}
/**
* Sets the eidas requested attributes.
*
- * @param personalAttributeList the requested attributes
+ * @param immutableAttributeMap the requested attributes
*/
- public void setEidasRequestedAttributes(MOAPersonalAttributeList personalAttributeList) {
- attributes = personalAttributeList;
+ public void setEidasRequestedAttributes(ImmutableAttributeMap immutableAttributeMap) {
+ attributes = immutableAttributeMap;
}
/**
@@ -57,7 +58,7 @@ public class EIDASData extends RequestImpl {
*
* @return the eidas request
*/
- public EIDASAuthnRequest getEidasRequest() {
+ public IAuthenticationRequest getEidasRequest() {
return authnRequest;
}
@@ -66,7 +67,7 @@ public class EIDASData extends RequestImpl {
*
* @param request the new eidas request
*/
- public void setEidasRequest(EIDASAuthnRequest request) {
+ public void setEidasRequest(IAuthenticationRequest request) {
authnRequest = request;
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 24134f1d9..9fab58f94 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -34,6 +34,8 @@ import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@@ -44,11 +46,11 @@ import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestProcessingException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestValidationException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASAuthnRequestProcessingException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASAuthnRequestValidationException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASException;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -56,10 +58,14 @@ import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-import eu.eidas.auth.commons.EIDASAuthnRequest;
-import eu.eidas.auth.commons.EIDASAuthnResponse;
-import eu.eidas.auth.commons.EIDASUtil;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.commons.EidasStringUtil;
+import eu.eidas.auth.commons.protocol.IAuthenticationRequest;
+import eu.eidas.auth.commons.protocol.IResponseMessage;
+import eu.eidas.auth.commons.protocol.eidas.IEidasAuthenticationRequest;
+import eu.eidas.auth.commons.protocol.eidas.impl.EidasAuthenticationRequest;
+import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
+import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse.Builder;
+import eu.eidas.auth.engine.ProtocolEngineI;
import eu.eidas.auth.engine.metadata.MetadataUtil;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
@@ -72,14 +78,17 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
public class EIDASProtocol extends AbstractAuthProtocolModulController {
public static final String NAME = EIDASProtocol.class.getName();
- public static final String PATH = "eidas";
+ public static final String PATH = "eidas";
+ @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
+
public EIDASProtocol() {
super();
Logger.debug("Registering servlet " + getClass().getName() +
" with mappings '" + Constants.eIDAS_HTTP_ENDPOINT_METADATA +
"' and '" + Constants.eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST +
- "' and '" + Constants.eIDAS_HTTP_ENDPOINT_IDP_POST +"'.");
+ //"' and '" + Constants.eIDAS_HTTP_ENDPOINT_IDP_POST +
+ "'.");
}
@@ -164,75 +173,139 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
String base64SamlToken = request.getParameter("SAMLRequest");
if (MiscUtil.isEmpty(base64SamlToken)) {
Logger.warn("No eIDAS SAMLRequest found in http request.");
- throw new MOAIDException("HTTP request includes no eIDAS SAML-Request element.", null);
+ throw new MOAIDException("eIDAS.06", new Object[]{"HTTP request includes no eIDAS SAML-Request element."});
}
- byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);
-
+
try {
+ //decode SAML2 token
+ byte[] decSamlToken = EidasStringUtil.decodeBytesFromBase64(base64SamlToken);
+
//get eIDAS SAML-engine
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
-
- //validate SAML token
- EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
-
- // - memorize remote ip
- pendingReq.setRemoteAddress(request.getRemoteAddr());
+ ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
- // - memorize relaystate
- String relayState = request.getParameter("RelayState");
- pendingReq.setRemoteRelayState(relayState);
-
- // - memorize country code of target country
- pendingReq.setGenericDataToSession(
- RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getCountry());
+ String cititzenCountryCode =
+ authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE,
+ MOAIDAuthConstants.COUNTRYCODE_AUSTRIA);
- // - memorize requested attributes
- pendingReq.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
+
+ //****************************************
+ //***** validate eIDAS request *********
+ //****************************************
+ //validate SAML token
+ IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode );
- // - memorize whole request
- samlReq.setPersonalAttributeList(pendingReq.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
- pendingReq.setEidasRequest(samlReq);
+ //validate internal JAVA class type
+ if (!(samlReq instanceof IEidasAuthenticationRequest)) {
+ Logger.error("eIDAS AuthnRequst from node:" + samlReq.getIssuer()
+ + " is NOT from Type:" + IEidasAuthenticationRequest.class.getName());
+ throw new MOAIDException("eIDAS.06", new Object[]{"eIDAS AuthnRequest maps to an wrong internal Type."});
+
+ }
+ IEidasAuthenticationRequest eIDASSamlReq = (IEidasAuthenticationRequest) samlReq;
+
+ //validate Destination against MOA-ID-Auth configuration
+ String reqDestination = eIDASSamlReq.getDestination();
+ if (MiscUtil.isEmpty(reqDestination) ||
+ !reqDestination.startsWith(pendingReq.getAuthURL())) {
+ Logger.info("eIDAS AuthnRequest contains a not valid 'Destination' attribute");
+ throw new EIDASAuthnRequestValidationException("stork.01",
+ new Object[]{"eIDAS AuthnRequest contains a not valid 'Destination' attribute"});
+
+ }
+
+ //validate AssertionConsumerServiceURL against metadata
+ EntityDescriptor eIDASNodeEntityDesc = new MOAeIDASMetadataProviderDecorator(eIDASMetadataProvider)
+ .getEntityDescriptor(eIDASSamlReq.getIssuer(), SAMLEngineUtils.getMetadataSigner());
- //validate destination against metadata
- String reqDestination = samlReq.getDestination();
- if (MiscUtil.isNotEmpty(reqDestination)) {
- boolean isValid = false;
- List<AssertionConsumerService> allowedAssertionConsumerUrl = new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance())
- .getSPSSODescriptor(samlReq.getIssuer()).getAssertionConsumerServices();
+ String reqAssertionConsumerServiceURL = eIDASSamlReq.getAssertionConsumerServiceURL();
+ if (MiscUtil.isNotEmpty(reqAssertionConsumerServiceURL)) {
+ boolean isValid = false;
+ List<AssertionConsumerService> allowedAssertionConsumerUrl =
+ MetadataUtil.getSPSSODescriptor(eIDASNodeEntityDesc).getAssertionConsumerServices();
for (AssertionConsumerService el : allowedAssertionConsumerUrl) {
- if (reqDestination.equals(el.getLocation()))
+ if (reqAssertionConsumerServiceURL.equals(el.getLocation()))
isValid = true;
}
if (!isValid) {
- Logger.info("eIDAS AuthnRequest contains a not valid 'Destination' attribute");
- throw new eIDASAuthnRequestValidationException("stork.01",
- new Object[]{"eIDAS AuthnRequest contains a not valid 'Destination' attribute"});
+ Logger.info("eIDAS AuthnRequest contains a not valid 'AssertionConsumerServiceURL' attribute");
+ throw new EIDASAuthnRequestValidationException("eIDAS.12",
+ new Object[]{"eIDAS AuthnRequest contains a not valid 'AssertionConsumerServiceURL' attribute"});
}
- }
+ } else {
+ /*TODO: eIDAS SAMLEngine 1.1.0 does not validate and set AssertionConsumerServiceURL in a correct form
+ *
+ * Actually, this step is required because EidasProtocolProcesser.class only use the AssertionConsumerServiceURL
+ * from AuthnRequest to set the 'Destination' attribute in eIDAS Response. However, the AssertionConsumerServiceURL
+ * could be empty in Request, which break the Response building process.
+ */
+ String assertionConsumerServiceURL = MetadataUtil.getAssertionConsumerUrlFromMetadata(
+ SAMLEngineUtils.getMetadataFetcher(), SAMLEngineUtils.getMetadataSigner(), eIDASSamlReq);
+ if (MiscUtil.isEmpty(assertionConsumerServiceURL)) {
+ Logger.error("eIDAS metadata for node:" + eIDASSamlReq.getIssuer()
+ + " contains NO 'AssertionConsumerServiceURL' element!");
+ throw new EIDASSAMLEngineException("eIDAS metadata for node:" + eIDASSamlReq.getIssuer()
+ + " contains NO 'AssertionConsumerServiceURL' element!");
+
+ }
+
+ EidasAuthenticationRequest.Builder test = EidasAuthenticationRequest.builder(eIDASSamlReq);
+ test.assertionConsumerServiceURL(assertionConsumerServiceURL);
+ eIDASSamlReq = test.build();
+
+ }
+
+ //*************************************************
+ //***** store eIDAS request information *********
+ //*************************************************
+ // - memorize remote ip
+ pendingReq.setRemoteAddress(request.getRemoteAddr());
+
+ // - memorize relaystate
+ String relayState = request.getParameter("RelayState");
+ pendingReq.setRemoteRelayState(relayState);
+
+ // - memorize country code of target country
+ pendingReq.setGenericDataToSession(
+ RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getOriginCountryCode());
+
+ //store level of assurance
+ pendingReq.setGenericDataToSession(RequestImpl.eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE,
+ eIDASSamlReq.getEidasLevelOfAssurance().stringValue());
+
+ // - memorize requested attributes
+ pendingReq.setEidasRequestedAttributes(eIDASSamlReq.getRequestedAttributes());
+
+ // - memorize whole request
+ pendingReq.setEidasRequest(eIDASSamlReq);
+
// - memorize OA url
pendingReq.setOAURL(samlReq.getIssuer());
// - memorize OA config
IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(pendingReq.getOAURL());
if (oaConfig == null)
- throw new eIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{pendingReq.getOAURL()});
+ throw new EIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{pendingReq.getOAURL()});
pendingReq.setOnlineApplicationConfiguration(oaConfig);
-
- String spType = samlReq.getSPType();
- if (MiscUtil.isEmpty(spType)) {
- Logger.info("Load SPType from metadata ... IS NOT IMPLEMENTED YET!!!");
- //TODO: maybe implement this if required
+
+ // - memorize service-provider type from eIDAS request
+ String spType = null;
+ if (eIDASSamlReq.getSpType() != null)
+ spType = eIDASSamlReq.getSpType().getValue();
+
+ if (MiscUtil.isEmpty(spType))
+ spType = MetadataUtil.getSPTypeFromMetadata(eIDASNodeEntityDesc);
- }
-
- Logger.debug("eIDAS request has SPType:" + spType);
+ if (MiscUtil.isEmpty(spType))
+ Logger.debug("eIDAS request has SPType:" + spType);
+ else
+ Logger.info("eIDAS request and eIDAS metadata contains NO 'SPType' element.");
} catch (MOAIDException e) {
Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
@@ -240,11 +313,11 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
} catch (EIDASSAMLEngineException e) {
Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
- throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
+ throw new EIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
} catch(Exception e) {
Logger.warn("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage(), e);
- throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
+ throw new EIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
}
}
@@ -258,43 +331,40 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
}
try {
- EIDASAuthnResponse eIDASResp = new EIDASAuthnResponse();
- eIDASResp.setIssuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
-
- if (e instanceof eIDASException) {
- eIDASResp.setStatusCode(((eIDASException) e).getStatusCodeFirstLevel());
- eIDASResp.setSubStatusCode(((eIDASException) e).getStatusCodeSecondLevel());
- eIDASResp.setMessage(e.getMessage());
+ Builder eIDASRespBuilder = new AuthenticationResponse.Builder();
+ eIDASRespBuilder.issuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+
+ if (e instanceof EIDASException) {
+ eIDASRespBuilder.statusCode(((EIDASException) e).getStatusCodeFirstLevel());
+ eIDASRespBuilder.subStatusCode(((EIDASException) e).getStatusCodeSecondLevel());
+ eIDASRespBuilder.statusMessage(e.getMessage());
} else if (e instanceof MOAIDException ) {
- eIDASResp.setStatusCode(StatusCode.RESPONDER_URI);
- eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI);
- eIDASResp.setMessage(e.getMessage());
+ eIDASRespBuilder.statusCode(StatusCode.RESPONDER_URI);
+ eIDASRespBuilder.subStatusCode(StatusCode.AUTHN_FAILED_URI);
+ eIDASRespBuilder.statusMessage(e.getMessage());
} else {
- eIDASResp.setStatusCode(StatusCode.RESPONDER_URI);
- eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI);
- eIDASResp.setMessage(e.getMessage());
+ eIDASRespBuilder.statusCode(StatusCode.RESPONDER_URI);
+ eIDASRespBuilder.subStatusCode(StatusCode.AUTHN_FAILED_URI);
+ eIDASRespBuilder.statusMessage(e.getMessage());
}
-
+
+ eIDASRespBuilder.id(eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils.generateNCName());
+ eIDASRespBuilder.inResponseTo(eidasReq.getEidasRequest().getId());
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+ //build response
+ AuthenticationResponse eIDASResp = eIDASRespBuilder.build();
- if(null == eidasReq.getEidasRequest().getAssertionConsumerServiceURL()) {
- String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
- new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()),
- engine,
- eidasReq.getEidasRequest());
- eidasReq.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
-
- }
//get eIDAS SAML-engine
+ ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+
+ //build response message
+ IResponseMessage eIDASRespMsg = engine.generateResponseErrorMessage(eidasReq.getEidasRequest(),eIDASResp, eidasReq.getRemoteAddress());
- eIDASResp = engine.generateEIDASAuthnResponseFail(eidasReq.getEidasRequest(), eIDASResp,
- eidasReq.getRemoteAddress(), true);
- String token = EIDASUtil.encodeSAMLToken(eIDASResp.getTokenSaml());
+ String token = EidasStringUtil.encodeToBase64(eIDASRespMsg.getMessageBytes());
VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index b4db5c83d..dcce442a0 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -21,14 +21,19 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.metadata.ContactPerson;
import org.opensaml.saml2.metadata.Organization;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAeIDASMetadataGenerator;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -37,11 +42,10 @@ import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.logging.Logger;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.ProtocolEngineI;
import eu.eidas.auth.engine.metadata.Contact;
import eu.eidas.auth.engine.metadata.MetadataConfigParams;
-import eu.eidas.auth.engine.metadata.MetadataGenerator;
-import eu.eidas.engine.exceptions.SAMLEngineException;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
/**
@@ -50,6 +54,9 @@ import eu.eidas.engine.exceptions.SAMLEngineException;
@Service("EidasMetaDataRequest")
public class EidasMetaDataRequest implements IAction {
+ @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
+ @Autowired(required=true) AuthConfiguration authConfig;
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
*/
@@ -61,10 +68,10 @@ public class EidasMetaDataRequest implements IAction {
try {
String pubURLPrefix = req.getAuthURL();
- String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+ String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+ String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;
- String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;
- String metaData = generateMetadata(metadata_url, sp_return_url);
+ String metaData = generateMetadata(req, metadata_url, sp_return_url);
Logger.trace(metaData);
@@ -100,18 +107,21 @@ public class EidasMetaDataRequest implements IAction {
}
- public String generateMetadata(String metadata_url, String sp_return_url) throws SAMLEngineException, EIDASEngineException{
+ public String generateMetadata(IRequest pendingReq, String metadata_url, String sp_return_url) throws EIDASSAMLEngineException, EIDASEngineException{
String metadata="invalid metadata";
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+ ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
- MetadataGenerator generator = new MetadataGenerator();
+ MOAeIDASMetadataGenerator generator = new MOAeIDASMetadataGenerator();
MetadataConfigParams mcp=new MetadataConfigParams();
generator.setConfigParams(mcp);
generator.initialize(engine);
mcp.setEntityID(metadata_url);
mcp.setAssertionConsumerUrl(sp_return_url);
+ mcp.getProtocolBindingLocation().put(
+ SAMLConstants.SAML2_POST_BINDING_URI,
+ pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST);
//TODO: make it configurable
@@ -133,18 +143,24 @@ public class EidasMetaDataRequest implements IAction {
Contact technicalContact = new Contact();
List<ContactPerson> contacts = PVPConfiguration.getInstance().getIDPContacts();
- if (contacts != null && contacts.size() >= 1) {
- technicalContact.setEmail(contacts.get(0).getEmailAddresses().get(0).getAddress());
- technicalContact.setGivenName(contacts.get(0).getGivenName().getName());
- technicalContact.setSurName(contacts.get(0).getSurName().getName());
- technicalContact.setPhone(contacts.get(0).getTelephoneNumbers().get(0).getNumber());
+ if (contacts != null && contacts.size() >= 1) {
+ ContactPerson contact = contacts.get(0);
+ technicalContact.setGivenName(contact.getGivenName().getName());
+ technicalContact.setSurName(contact.getSurName().getName());
+
+ if (!contact.getEmailAddresses().isEmpty())
+ technicalContact.setEmail(contact.getEmailAddresses().get(0).getAddress());
+
+ if (!contact.getTelephoneNumbers().isEmpty())
+ technicalContact.setPhone(contact.getTelephoneNumbers().get(0).getNumber());
+
mcp.setTechnicalContact(technicalContact );
}
if (pvpOrganisation != null) {
mcp.setNodeUrl(pvpOrganisation.getURLs().get(0).getURL().getLocalString());
- mcp.setCountryName("Austria");
+ mcp.setCountryName(authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRY, "Austria"));
technicalContact.setCompany(pvpOrganisation.getDisplayNames().get(0).getName().getLocalString());
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index 9943cc5fb..0f17eccab 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -23,8 +23,8 @@
package at.gv.egovernment.moa.id.protocols.eidas;
import java.io.StringWriter;
+import java.security.MessageDigest;
import java.text.SimpleDateFormat;
-import java.util.Map.Entry;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -32,29 +32,44 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.saml2.core.StatusCode;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Service;
+import com.google.common.collect.ImmutableSet;
+
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
-import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SimpleEidasAttributeGenerator;
import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
-import eu.eidas.auth.commons.EIDASAuthnResponse;
-import eu.eidas.auth.commons.EIDASStatusCode;
-import eu.eidas.auth.commons.EIDASUtil;
-import eu.eidas.auth.commons.PersonalAttribute;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.metadata.MetadataUtil;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.commons.EidasStringUtil;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.attribute.AttributeDefinition.Builder;
+import eu.eidas.auth.commons.attribute.AttributeValue;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshaller;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.protocol.IResponseMessage;
+import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
+import eu.eidas.auth.commons.protocol.impl.SamlNameIdFormat;
+import eu.eidas.auth.engine.ProtocolEngineI;
+import eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils;
/**
@@ -67,7 +82,10 @@ import eu.eidas.auth.engine.metadata.MetadataUtil;
@Service("eIDASAuthenticationRequest")
public class eIDASAuthenticationRequest implements IAction {
+ private static IAttributeGenerator<String> generator = new SimpleEidasAttributeGenerator();
+
@Autowired protected MOAReversionLogger revisionsLogger;
+ @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
@Override
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
@@ -78,67 +96,136 @@ public class eIDASAuthenticationRequest implements IAction {
throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()});
- // gather attributes
- MOAPersonalAttributeList resultingAttributeList = (MOAPersonalAttributeList) eidasRequest.getEidasRequestedAttributes().clone();
+ String subjectNameID = null;
- for(Entry<String, PersonalAttribute> current : resultingAttributeList.entrySet()) {
+ //gather attributes
+ ImmutableAttributeMap reqAttributeList = (ImmutableAttributeMap) eidasRequest.getEidasRequestedAttributes();
+ ImmutableAttributeMap.Builder attrMapBuilder = ImmutableAttributeMap.builder();
+
+ //TODO: if we support more then this minimum required attributes -> redesign to a smoother attribute builder selector
+ for(AttributeDefinition<?> attr : reqAttributeList.getDefinitions()) {
String newValue = "";
-
- // TODO make use of proper builder
- switch(current.getKey()) {
- case Constants.eIDAS_ATTR_DATEOFBIRTH: newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break;
- case Constants.eIDAS_ATTR_CURRENTFAMILYNAME: newValue = authData.getFamilyName();break;
- case Constants.eIDAS_ATTR_CURRENTGIVENNAME: newValue = authData.getGivenName();break;
-
- //TODO: change bPK builder !!!!!!
- case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: newValue = authData.getBPK(); break;
+ boolean isUniqueID = false;
+ try {
+ switch(attr.getFriendlyName()) {
+ case Constants.eIDAS_ATTR_DATEOFBIRTH:
+ newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth());
+ break;
+ case Constants.eIDAS_ATTR_CURRENTFAMILYNAME:
+ newValue = authData.getFamilyName();
+ break;
+ case Constants.eIDAS_ATTR_CURRENTGIVENNAME:
+ newValue = authData.getGivenName();
+ break;
+ case Constants.eIDAS_ATTR_PERSONALIDENTIFIER:
+ newValue = authData.getBPK();
+ isUniqueID = true;
+
+ //generate a transient unique identifier if it is requested
+ String reqNameIDFormat = eidasRequest.getEidasRequest().getNameIdFormat();
+ if (MiscUtil.isNotEmpty(reqNameIDFormat)
+ && reqNameIDFormat.equals(SamlNameIdFormat.TRANSIENT.getNameIdFormat()))
+ newValue = generateTransientNameID(newValue);
+
+ subjectNameID = newValue;
+ break;
+ case Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER:
+ newValue = new MandateLegalPersonSourcePinAttributeBuilder().build(
+ req.getOnlineApplicationConfiguration(), authData, generator);
+ break;
+ case Constants.eIDAS_ATTR_LEGALNAME:
+ newValue = new MandateLegalPersonFullNameAttributeBuilder().build(
+ req.getOnlineApplicationConfiguration(), authData, generator);
+ break;
+
+ }
+
+ } catch (AttributeException e) {
+ Logger.debug("Attribute can not generate requested attribute:" + attr.getFriendlyName() + " Reason:" + e.getMessage());
+
}
-
- if("".equals(newValue))
- current.getValue().setStatus(EIDASStatusCode.STATUS_NOT_AVAILABLE.toString());
- else {
- current.getValue().getValue().clear();
- current.getValue().getValue().add(newValue);
- current.getValue().setStatus(EIDASStatusCode.STATUS_AVAILABLE.toString());
+
+ if(MiscUtil.isEmpty(newValue)) {
+ Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available.");
+
+ } else {
+ //set uniqueIdentifier attribute, because eIDAS SAMLEngine use this flag to select the
+ // Subject->NameID value from this attribute
+ Builder<?> attrBuilder = AttributeDefinition.builder(attr);
+ attrBuilder.uniqueIdentifier(isUniqueID);
+ AttributeDefinition<?> returnAttr = attrBuilder.build();
+
+ //unmarshal attribute value into eIDAS attribute
+ AttributeValueMarshaller<?> attributeValueMarshaller = returnAttr.getAttributeValueMarshaller();
+ ImmutableSet.Builder<AttributeValue<?>> builder = ImmutableSet.builder();
+
+ AttributeValue<?> attributeValue = null;
+ try {
+ attributeValue = attributeValueMarshaller.unmarshal(newValue, false);
+ builder.add(attributeValue);
+
+ } catch (AttributeValueMarshallingException e) {
+ throw new IllegalStateException(e);
+
+ }
+
+ //add attribute to Map
+ attrMapBuilder.put((AttributeDefinition)returnAttr, (ImmutableSet) builder.build());
+
}
}
// construct eIDaS response
- EIDASAuthnResponse response = new EIDASAuthnResponse();
- response.setPersonalAttributeList(resultingAttributeList);
+ AuthenticationResponse.Builder responseBuilder = new AuthenticationResponse.Builder();
+
+ responseBuilder.id(SAMLEngineUtils.generateNCName());
+ responseBuilder.inResponseTo(eidasRequest.getEidasRequest().getId());
- // - create metadata url
- String pubURLPrefix = req.getAuthURL();
+ String pubURLPrefix = req.getAuthURL();
String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
- response.setIssuer(metadata_url);
-
- response.setAssuranceLevel(authData.getEIDASQAALevel());
+ responseBuilder.issuer(metadata_url);
+
+ responseBuilder.levelOfAssurance(authData.getEIDASQAALevel());
+
+ //add attributes
+ responseBuilder.attributes(attrMapBuilder.build());
+
+ //set success statuscode
+ responseBuilder.statusCode(StatusCode.SUCCESS_URI);
+
+ //build response
+ AuthenticationResponse response = responseBuilder.build();
String token = null;
+ IResponseMessage eIDASRespMsg = null;
try {
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+ ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
// encryption is done by the SamlEngine, i.e. by the module we provide in the config
// but we need to set the appropriate request issuer
- engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
-
+ //engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
- if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
- String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
- new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()),
- engine,
- eidasRequest.getEidasRequest());
- eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
-
- }
+ eIDASRespMsg = engine.generateResponseMessage(eidasRequest.getEidasRequest(),
+ response, true, eidasRequest.getRemoteAddress());
+
+// if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
+// String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
+// new MOAeIDASMetadataProviderDecorator(eIDASMetadataProvider),
+// engine,
+// eidasRequest.getEidasRequest());
+// eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
+//
+// }
- response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true);
+// response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true);
- token = EIDASUtil.encodeSAMLToken(response.getTokenSaml());
+ token = EidasStringUtil.encodeToBase64(eIDASRespMsg.getMessageBytes());
+
+ } catch(Exception e) {
+ Logger.error("eIDAS Response encoding error." , e);
+ throw new MOAIDException("eIDAS.13", new Object[]{e.getMessage()}, e);
- } catch(Exception e) {
- e.printStackTrace();
}
revisionsLogger.logEvent(req, Constants.eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST);
@@ -169,10 +256,28 @@ public class eIDASAuthenticationRequest implements IAction {
httpResp.setContentType(MediaType.TEXT_HTML.getType());
} catch (Exception e) {
- Logger.error("Velocity error: " + e.getMessage());
+ Logger.error("Velocity error: " + e.getMessage());
+ throw new MOAIDException("eIDAS.13", new Object[]{e.getMessage()}, e);
+
}
-
- return null;
+
+ SLOInformationInterface ssoContainer = null;
+ try {
+ ssoContainer = new SLOInformationImpl(
+ req.getAuthURL(),
+ eidasRequest.getEidasRequest().getIssuer(),
+ null,
+ subjectNameID,
+ eidasRequest.getEidasRequest().getNameIdFormat(),
+ EIDASProtocol.NAME);
+
+ } catch (Exception e) {
+ Logger.error("Can not generate container with SSO information!", e);
+
+ }
+
+ return ssoContainer;
+
}
@Override
@@ -186,4 +291,20 @@ public class eIDASAuthenticationRequest implements IAction {
}
+ private String generateTransientNameID(String nameID) {
+ String random = Random.nextLongRandom();
+
+ try {
+ MessageDigest md = MessageDigest.getInstance("SHA-1");
+ byte[] hash = md.digest((nameID + random).getBytes("ISO-8859-1"));
+ return Base64Utils.encode(hash);
+
+ } catch (Exception e) {
+ Logger.error("Can not generate transient personal identifier!", e);
+ return null;
+
+ }
+
+ }
+
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
index 5d79d082a..20395f210 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
@@ -14,6 +14,9 @@
<bean id="EIDASProtocol"
class="at.gv.egovernment.moa.id.protocols.eidas.EIDASProtocol"/>
+
+ <bean id="eIDASMetadataProvider"
+ class="at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider"/>
<!-- Authentication Process Tasks -->
<bean id="GenerateAuthnRequestTask"
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index c9485104b..36cd2c7e7 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -36,6 +36,7 @@ import org.opensaml.xml.XMLObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.auth.IDestroyableObject;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
@@ -51,7 +52,8 @@ import at.gv.egovernment.moa.util.MiscUtil;
*/
@Service("ELGAMandate_MetadataProvider")
-public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider {
+public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider
+ implements IDestroyableObject {
@Autowired AuthConfiguration authConfig;
@@ -69,6 +71,13 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
}
+ public void destroy() {
+ if (metadataProvider != null)
+ metadataProvider.destroy();
+
+ }
+
+
/* (non-Javadoc)
* @see org.opensaml.saml2.metadata.provider.MetadataProvider#requireValidMetadata()
@@ -220,4 +229,16 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
metadataProvider.setRequireValidMetadata(true);
}
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.IDestroyableObject#fullyDestroy()
+ */
+ @Override
+ public void fullyDestroy() {
+ if (metadataProvider != null) {
+ metadataProvider.destroy();
+
+ }
+
+ }
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
index 9f20ee956..cd7b8312d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
@@ -54,7 +54,7 @@ public final class OAuth20SignatureUtil {
} else if (key instanceof ECPrivateKey) {
Logger.debug("OAuth - going to uses SHA256withECDSA signature");
return OAuthSignatureAlgorithm.ECDSA256;
- } else if (key instanceof iaik.security.ecc.ecdsa.ECPrivateKey) {
+ } else if (key instanceof iaik.security.ec.common.ECPrivateKey) {
Logger.debug("OAuth - going to uses SHA256withECDSA signature with iaik");
return OAuthSignatureAlgorithm.ECDSA256_IAKIK;
} else {
@@ -69,7 +69,7 @@ public final class OAuth20SignatureUtil {
} else if (key instanceof ECPublicKey) {
Logger.debug("OAuth - going to uses SHA256withECDSA signature");
return OAuthSignatureAlgorithm.ECDSA256;
- } else if (key instanceof iaik.security.ecc.ecdsa.ECPublicKey) {
+ } else if (key instanceof iaik.security.ec.common.ECPublicKey) {
Logger.debug("OAuth - going to uses SHA256withECDSA signature with iaik");
return OAuthSignatureAlgorithm.ECDSA256_IAKIK;
} else {
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index 803ae388f..b9bed7a22 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -93,7 +93,7 @@ class OAuth20AuthAction implements IAction {
// store data in oath session
- transactionStorage.put(code, o);
+ transactionStorage.put(code, o, -1);
Logger.debug("Saved OAuth20SessionObject in session with id: " + code);
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 98fcdc8dc..258b77b98 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -28,6 +28,7 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
@@ -209,7 +210,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
* @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
*/
@Override
- public Collection<String> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
Map<String, String> reqAttr = new HashMap<String, String>();
for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
reqAttr.put(el, "");
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index f35de9c58..50638ebf8 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -26,6 +26,7 @@ import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
@@ -168,7 +169,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
* @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
*/
@Override
- public Collection<String> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
return null;
}
}
diff --git a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
index 6cf1e8280..35bbac6e7 100644
--- a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
+++ b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
@@ -22,15 +22,10 @@
*******************************************************************************/
package test.at.gv.egovernment.moa.id.auth.oauth;
-import iaik.security.ecc.provider.ECCProvider;
-
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
-import net.oauth.jsontoken.crypto.Signer;
-import net.oauth.jsontoken.crypto.Verifier;
-
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.testng.Assert;
import org.testng.annotations.Test;
@@ -39,6 +34,9 @@ import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Signer;
import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Verifier;
import at.gv.egovernment.moa.util.KeyStoreUtils;
+import net.oauth.jsontoken.crypto.Signer;
+import net.oauth.jsontoken.crypto.Verifier;
+
public class CertTest {
/** KeyStore Path */
@@ -122,7 +120,7 @@ public class CertTest {
@Test
public void testECDSA() throws Exception {
- ECCProvider.addAsProvider();
+ //ECCProvider.addAsProvider();
// Security.addProvider(new ECCProvider());
BasicX509Credential credential = this.getCredentials(this.ecdsaKeyStorePath);
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index af180ff10..3affa17b3 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -265,7 +265,7 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
* @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
*/
@Override
- public Integer getQaaLevel() {
+ public String getQaaLevel() {
// TODO Auto-generated method stub
return null;
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index b18425839..70b2ebbe9 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -535,7 +535,7 @@ public class SSOTransferServlet{
container.setDhParams(dhKeyIDP);
//store container
- transactionStorage.put(token, container);
+ transactionStorage.put(token, container,(int)transmisionTimeOut);
//build QR code
String containerURL = authURL
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index d581e7e75..f5896bc25 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -62,7 +62,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
@Autowired PVPAuthnRequestBuilder authnReqBuilder;
@Autowired FederatedAuthCredentialProvider credential;
-
+ @Autowired(required=true) MOAMetadataProvider metadataProvider;
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -95,7 +95,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
}
//load IDP SAML2 entitydescriptor
- EntityDescriptor idpEntity = MOAMetadataProvider.getInstance().
+ EntityDescriptor idpEntity = metadataProvider.
getEntityDescriptor(idpEntityID);
if (idpEntity == null) {
Logger.warn("Requested IDP " + idpEntityID
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index 1c3134b77..f739940c8 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -90,7 +90,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
@Autowired private SSOManager ssoManager;
@Autowired private AttributQueryBuilder attributQueryBuilder;
@Autowired private AuthenticationDataBuilder authDataBuilder;
-
+ @Autowired(required=true) MOAMetadataProvider metadataProvider;
/* (non-Javadoc)
@@ -125,7 +125,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
//decode PVP response object
msg = (InboundMessage) decoder.decode(
- request, response, MOAMetadataProvider.getInstance(), true,
+ request, response, metadataProvider, true,
comperator);
if (MiscUtil.isEmpty(msg.getEntityID())) {
@@ -135,7 +135,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
//validate response signature
if(!msg.isVerified()) {
- samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(MOAMetadataProvider.getInstance()));
+ samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
msg.setVerified(true);
}
@@ -247,7 +247,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
try {
Logger.debug("Service Provider is no federated IDP --> start Attribute validation or requesting ... ");
- Collection<String> requestedAttr = pendingReq.getRequestedAttributes();
+ Collection<String> requestedAttr = pendingReq.getRequestedAttributes(metadataProvider);
//check if SAML2 Assertion contains a minimal set of attributes
if (!extractor.containsAllRequiredAttributes()) {
@@ -267,7 +267,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
//check if all attributes are include
if (!extractor.containsAllRequiredAttributes(
- pendingReq.getRequestedAttributes())) {
+ pendingReq.getRequestedAttributes(metadataProvider))) {
Logger.warn("PVP Response from federated IDP contains not all requested attributes.");
throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{FederatedAuthConstants.MODULE_NAME_FOR_LOGGING});
diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml
index 323edee8d..0463bf8d9 100644
--- a/id/server/modules/moa-id-modules-saml1/pom.xml
+++ b/id/server/modules/moa-id-modules-saml1/pom.xml
@@ -26,6 +26,13 @@
</dependency>
<dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-commons</artifactId>
+ <type>test-jar</type>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
</dependency>
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index c421bf8cc..d3ebffdfd 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -22,16 +22,12 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.saml1;
-import java.util.List;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -43,7 +39,6 @@ import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.URLEncoder;
-import eu.eidas.auth.commons.IPersonalAttributeList;
@Service("SAML1_GetArtifactAction")
public class GetArtifactAction implements IAction {
@@ -74,13 +69,16 @@ public class GetArtifactAction implements IAction {
try {
IOAAuthParameters oaParam = req.getOnlineApplicationConfiguration();
+ //TODO: add eIDAS to SAML1 protocol if it is really necessary
+
// add other stork attributes to MOA assertion if available
- IPersonalAttributeList storkAttributes = authData.getGenericData(
- AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST,
- IPersonalAttributeList.class);
+// IPersonalAttributeList storkAttributes = authData.getGenericData(
+// AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST,
+// IPersonalAttributeList.class);
+ Object storkAttributes = null;
if(null != storkAttributes) {
- List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = saml1server.addAdditionalSTORKAttributes(storkAttributes);
- authData.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes);
+// List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = saml1server.addAdditionalSTORKAttributes(storkAttributes);
+// authData.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes);
Logger.info("MOA assertion assembled and SAML Artifact generated.");
}
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 0ec0d95a2..0a760cb5a 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.protocols.saml1;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.List;
-import java.util.Vector;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -37,7 +36,6 @@ import javax.xml.namespace.QName;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
-import org.apache.commons.lang3.StringEscapeUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.w3c.dom.Element;
@@ -52,7 +50,6 @@ import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
@@ -82,8 +79,6 @@ import at.gv.util.xsd.persondata.IdentificationType.Value;
import at.gv.util.xsd.persondata.PersonNameType;
import at.gv.util.xsd.persondata.PersonNameType.FamilyName;
import at.gv.util.xsd.persondata.PhysicalPersonType;
-import eu.eidas.auth.commons.IPersonalAttributeList;
-import eu.eidas.auth.commons.PersonalAttribute;
//import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
@Service("SAML1AuthenticationServer")
@@ -95,7 +90,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
* time out in milliseconds used by {@link cleanup} for authentication data
* store
*/
- private static final long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
+ private static final int authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
public Throwable getErrorResponse(String samlArtifact) throws AuthenticationException {
@@ -127,41 +122,43 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
return error;
}
- /**
- * Transforms additional STORK attributes to MOA Extended attributes
- * @param iPersonalAttributeList STORK attribute list
- * @return
- */
- public List<ExtendedSAMLAttribute> addAdditionalSTORKAttributes(IPersonalAttributeList iPersonalAttributeList) {
- List<ExtendedSAMLAttribute> moaExtendedSAMLAttributeList = new Vector<ExtendedSAMLAttribute>();
-
- if(null == iPersonalAttributeList)
- return moaExtendedSAMLAttributeList;
-
- Logger.trace("Adding the following attributes to MOA assertion: ");
- int count = 0;
-
- for (PersonalAttribute attribute : iPersonalAttributeList) {
- Object attributeValue = attribute.getValue();
- if (null == attributeValue)
- attributeValue = attribute.getComplexValue();
-
- // escape attributeValue
- attributeValue = StringEscapeUtils.escapeXml10(attributeValue.toString());
- // and remove trailing and tailing brackets. Might break something but we never saw an array with more than one entry!
- attributeValue = ((String) attributeValue).substring(1, ((String) attributeValue).length() - 1);
-
- ExtendedSAMLAttribute extendedSAMLAttribute =
- new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0);
- moaExtendedSAMLAttributeList.add(extendedSAMLAttribute);
- count++;
- Logger.trace("Additional attribute: " + attribute.getName());
- }
-
- Logger.debug("Added " + count + " STORK attribute(s) to the MOA assertion.");
-
- return moaExtendedSAMLAttributeList;
- }
+
+ //TODO: add eIDAS to SAML1 protocol if it is really necessary
+// /**
+// * Transforms additional STORK attributes to MOA Extended attributes
+// * @param iPersonalAttributeList STORK attribute list
+// * @return
+// */
+// public List<ExtendedSAMLAttribute> addAdditionalSTORKAttributes(IPersonalAttributeList iPersonalAttributeList) {
+// List<ExtendedSAMLAttribute> moaExtendedSAMLAttributeList = new Vector<ExtendedSAMLAttribute>();
+//
+// if(null == iPersonalAttributeList)
+// return moaExtendedSAMLAttributeList;
+//
+// Logger.trace("Adding the following attributes to MOA assertion: ");
+// int count = 0;
+//
+// for (PersonalAttribute attribute : iPersonalAttributeList) {
+// Object attributeValue = attribute.getValue();
+// if (null == attributeValue)
+// attributeValue = attribute.getComplexValue();
+//
+// // escape attributeValue
+// attributeValue = StringEscapeUtils.escapeXml10(attributeValue.toString());
+// // and remove trailing and tailing brackets. Might break something but we never saw an array with more than one entry!
+// attributeValue = ((String) attributeValue).substring(1, ((String) attributeValue).length() - 1);
+//
+// ExtendedSAMLAttribute extendedSAMLAttribute =
+// new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0);
+// moaExtendedSAMLAttributeList.add(extendedSAMLAttribute);
+// count++;
+// Logger.trace("Additional attribute: " + attribute.getName());
+// }
+//
+// Logger.debug("Added " + count + " STORK attribute(s) to the MOA assertion.");
+//
+// return moaExtendedSAMLAttributeList;
+// }
/**
@@ -210,7 +207,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
protocolRequest.getOAURL(), protocolRequest.getRequestID(),
null);
- authenticationDataStore.put(samlArtifact, error);
+ authenticationDataStore.put(samlArtifact, error, authDataTimeOut);
return samlArtifact;
}
@@ -721,7 +718,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
//synchronized (authenticationDataStore) {
Logger.debug("Assertion stored for SAML Artifact: "
+ samlArtifact);
- authenticationDataStore.put(samlArtifact, samlAssertion);
+ authenticationDataStore.put(samlArtifact, samlAssertion,authDataTimeOut);
//}
} catch (AuthenticationException ex) {
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
index 42fafc01e..1d3525626 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
@@ -26,6 +26,7 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
@@ -81,7 +82,7 @@ public class SAML1RequestImpl extends RequestImpl {
* @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
*/
@Override
- public Collection<String> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
List<String> reqAttr = new ArrayList<String>();
reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION);
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java
index 70448ef09..8d324b535 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java
@@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
import java.io.PrintWriter;
-import java.util.Arrays;
import java.util.List;
import javax.servlet.ServletException;
@@ -37,39 +36,51 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.monitoring.TestManager;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@Controller
-public class MonitoringServlet {
+public class MonitoringController {
private static final String REQUEST_ATTR_MODULE = "module";
@Autowired private AuthConfiguration authConfig;
+ @Autowired private TestManager tests;
- public MonitoringServlet() {
+ public MonitoringController() {
super();
Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/MonitoringServlet'.");
}
@RequestMapping(value = "/MonitoringServlet", method = RequestMethod.GET)
public void getStatusInformation(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException{
- try {
- if (authConfig.isMonitoringActive()) {
- Logger.debug("Monitoring Servlet received request");
+ if (authConfig.isMonitoringActive()) {
+ Logger.debug("Monitoring Servlet received request");
- TestManager tests = TestManager.getInstance();
-
- String modulename = req.getParameter(REQUEST_ATTR_MODULE);
- if (MiscUtil.isEmpty(modulename)) {
+
+
+ String modulename = req.getParameter(REQUEST_ATTR_MODULE);
+ if (MiscUtil.isEmpty(modulename)) {
+
+ List<String> error = tests.executeTests();
+ if (error != null && error.size() > 0) {
+ createErrorMessage(req, resp, error);
+
+ } else {
+ resp.setStatus(HttpServletResponse.SC_OK);
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.getWriter().write(getHtml(authConfig.getMonitoringMessageSuccess()));
+ Logger.info("Monitoring Servlet finished without errors");
+ }
- List<String> error = tests.executeTests();
- if (error != null && error.size() > 0) {
- createErrorMessage(req, resp, error);
+ } else {
+ if (tests.existsModule(modulename)) {
+ List<String> errors = tests.executeTest(modulename);
+ if (errors != null && errors.size() > 0) {
+ createErrorMessage(req, resp, errors);
} else {
resp.setStatus(HttpServletResponse.SC_OK);
@@ -79,38 +90,21 @@ public class MonitoringServlet {
}
} else {
- if (tests.existsModule(modulename)) {
- List<String> errors = tests.executeTest(modulename);
- if (errors != null && errors.size() > 0) {
- createErrorMessage(req, resp, errors);
-
- } else {
- resp.setStatus(HttpServletResponse.SC_OK);
- resp.setContentType("text/html;charset=UTF-8");
- resp.getWriter().write(getHtml(authConfig.getMonitoringMessageSuccess()));
- Logger.info("Monitoring Servlet finished without errors");
- }
-
- } else {
- Logger.warn("NO Testmodule exists with modulename " + modulename);
- resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
- resp.setContentType("text/html;charset=UTF-8");
- PrintWriter out;
- try {
- out = new PrintWriter(resp.getOutputStream());
- out.write("NO Testmodule exists with modulename " + modulename);
- out.flush();
-
- } catch (IOException e) {
- Logger.warn("Internal Monitoring Servlet Error. ", e);
- }
- }
-
- }
- }
-
- } catch (ConfigurationException e) {
- createErrorMessage(req, resp, Arrays.asList(e.getMessage()));
+ Logger.warn("NO Testmodule exists with modulename " + modulename);
+ resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
+ resp.setContentType("text/html;charset=UTF-8");
+ PrintWriter out;
+ try {
+ out = new PrintWriter(resp.getOutputStream());
+ out.write("NO Testmodule exists with modulename " + modulename);
+ out.flush();
+
+ } catch (IOException e) {
+ Logger.warn("Internal Monitoring Servlet Error. ", e);
+ }
+ }
+
+ }
}
}
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
index 5e4183146..8ae1850ce 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
@@ -40,6 +40,14 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class DatabaseTestModule implements TestModuleInterface{
+ private MOASessionDBUtils dbUtils;
+ private StatisticLogDBUtils statLogUtils;
+
+ public DatabaseTestModule(MOASessionDBUtils dbUtils, StatisticLogDBUtils statLogUtils){
+ this.statLogUtils = statLogUtils;
+ this.dbUtils = dbUtils;
+ }
+
public List<String> performTests() throws Exception {
Logger.trace("Start MOA-ID Database Test.");
@@ -70,9 +78,10 @@ public class DatabaseTestModule implements TestModuleInterface{
Date expioredate = new Date(new Date().getTime() - 120);
+
try {
List<AssertionStore> results;
- Session session = MOASessionDBUtils.getCurrentSession();
+ Session session = dbUtils.getCurrentSession();
synchronized (session) {
session.beginTransaction();
@@ -105,7 +114,7 @@ public class DatabaseTestModule implements TestModuleInterface{
Date expioredate = new Date(new Date().getTime() - 120);
try {
- Session session = StatisticLogDBUtils.getCurrentSession();
+ Session session = statLogUtils.getCurrentSession();
List<StatisticLog> results;
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/MonitoringSpringResourceProvider.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/MonitoringSpringResourceProvider.java
new file mode 100644
index 000000000..0f7dfc7fe
--- /dev/null
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/MonitoringSpringResourceProvider.java
@@ -0,0 +1,29 @@
+package at.gv.egovernment.moa.id.monitoring;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+public class MonitoringSpringResourceProvider implements SpringResourceProvider{
+
+ @Override
+ public String getName() {
+ // TODO Auto-generated method stub
+ return "MOA-ID Monitoring Module";
+ }
+
+ @Override
+ public String[] getPackagesToScan() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Resource[] getResourcesToLoad() {
+ ClassPathResource monitoringResource = new ClassPathResource("/moaid_monitoring.beans.xml", MonitoringSpringResourceProvider.class);
+
+ return new Resource[] {monitoringResource};
+ }
+
+}
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
index b25eed520..4224fae59 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
@@ -27,49 +27,29 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import org.springframework.beans.factory.annotation.Autowired;
+
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.FileUtils;
-public class TestManager {
-
- private static TestManager instance;
+public class TestManager{
+ @Autowired private MOASessionDBUtils moaSessionDBUtils;
+ @Autowired(required=false) private StatisticLogDBUtils statisticLogDBUtils = null;
+ @Autowired private AuthConfiguration authConfig;
private Map<String, TestModuleInterface> tests = new HashMap<String, TestModuleInterface>();
- public static TestManager getInstance() throws ConfigurationException {
- if (instance == null)
- instance = new TestManager();
-
- return instance;
- }
-
- private TestManager() throws ConfigurationException {
-
- AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
-
- //add Database test
- DatabaseTestModule test1 = new DatabaseTestModule();
- tests.put(test1.getName(), test1);
-
- //add IdentityLink verification test
- IdentityLinkTestModule test2 = new IdentityLinkTestModule();
- String idlurl = FileUtils.makeAbsoluteURL(config.getMonitoringTestIdentityLinkURL(), config.getRootConfigFileDir());
- try {
- test2.initializeTest(0, idlurl);
- tests.put(test2.getName(), test2);;
-
- } catch (Exception e) {
- Logger.warn("MOA-ID IdentityLink Test can not performed without IdentityLink. Insert IdentityLink file to MOA-ID configuration", e);
- }
+ public TestManager(){
+
}
public List<String> executeTests() {
Logger.debug("Start MOA-ID-Auth testing");
-
List<String> errors;
for (TestModuleInterface test : tests.values()) {
@@ -109,4 +89,24 @@ public class TestManager {
public boolean existsModule(String modulename) {
return tests.containsKey(modulename);
}
+
+ public void init() throws ConfigurationException{
+ Logger.debug("Start initializing MOA-ID-Auth TestManager");
+
+ //add Database test
+ DatabaseTestModule test1 = new DatabaseTestModule(this.moaSessionDBUtils, this.statisticLogDBUtils);
+ tests.put(test1.getName(), test1);
+
+ //add IdentityLink verification test
+ IdentityLinkTestModule test2 = new IdentityLinkTestModule();
+ String idlurl = FileUtils.makeAbsoluteURL(authConfig.getMonitoringTestIdentityLinkURL(), authConfig.getRootConfigFileDir());
+ try {
+ test2.initializeTest(0, idlurl);
+ tests.put(test2.getName(), test2);;
+
+ } catch (Exception e) {
+ Logger.warn("MOA-ID IdentityLink Test can not performed without IdentityLink. Insert IdentityLink file to MOA-ID configuration", e);
+ }
+ }
+
}
diff --git a/id/server/modules/module-monitoring/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/module-monitoring/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
new file mode 100644
index 000000000..b696bcdd7
--- /dev/null
+++ b/id/server/modules/module-monitoring/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.monitoring.MonitoringSpringResourceProvider \ No newline at end of file
diff --git a/id/server/modules/module-monitoring/src/main/resources/moaid_monitoring.beans.xml b/id/server/modules/module-monitoring/src/main/resources/moaid_monitoring.beans.xml
new file mode 100644
index 000000000..6c195e7d7
--- /dev/null
+++ b/id/server/modules/module-monitoring/src/main/resources/moaid_monitoring.beans.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans
+ xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <bean id="testManager"
+ class="at.gv.egovernment.moa.id.monitoring.TestManager"
+ init-method="init"/>
+</beans> \ No newline at end of file