From 097dbd04ab511fec2e6c31ec69c6723af1164334 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 21 Oct 2016 10:28:22 +0200 Subject: add functionality to support more than one ELGA mandate-service Conflicts: id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java --- .../id/advancedlogging/MOAIDEventConstants.java | 1 + .../moa/id/client/utils/SZRGWClientUtils.java | 21 +-- .../moa/id/config/ConnectionParameter.java | 12 +- .../resources/properties/id_messages_de.properties | 2 +- .../moa/id/commons/api/AuthConfiguration.java | 22 ++- .../commons/api/ConnectionParameterInterface.java | 2 +- .../config/ConfigurationMigrationUtils.java | 29 +++- .../config/MOAIDConfigurationConstants.java | 9 +- .../dao/config/deprecated/MOAIDConfiguration.java | 18 ++ .../commons/db/dao/config/deprecated/Mandates.java | 39 +++++ .../dao/config/deprecated/OnlineApplication.java | 28 +++- .../moa/id/commons/utils/KeyValueUtils.java | 6 +- .../modules/internal/tasks/GetForeignIDTask.java | 2 +- .../internal/tasks/GetMISSessionIDTask.java | 2 +- .../internal/tasks/PrepareGetMISMandateTask.java | 3 +- .../elgamandates/tasks/RequestELGAMandateTask.java | 25 ++- .../utils/ELGAMandateServiceMetadataProvider.java | 182 ++++++++++++++------- 17 files changed, 309 insertions(+), 94 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java index 9d26cc05f..54e459db1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java @@ -104,6 +104,7 @@ public interface MOAIDEventConstants extends EventConstants { public static final int AUTHPROCESS_ELGA_MANDATE_RECEIVED = 6001; public static final int AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED = 6002; public static final int AUTHPROCESS_ELGA_MANDATE_RECEIVED_IP = 6003; + public static final int AUTHPROCESS_ELGA_MANDATE_SERVICE_ENTITYID = 6004; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java index 622eca0a5..4cca2e625 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java @@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.client.SZRGWClient; import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; @@ -60,8 +61,8 @@ public class SZRGWClientUtils { * @throws SZRGWClientException the sZRGW client exception * @throws ConfigurationException the configuration exception */ - public static CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { - return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature), null); + public static CreateIdentityLinkResponse getIdentityLink(IRequest pendingReq, Element signature) throws SZRGWClientException, ConfigurationException { + return getIdentityLink(pendingReq, null, null, null, null, XMLHelper.nodeToString(signature), null); } /** @@ -76,8 +77,8 @@ public class SZRGWClientUtils { * @throws SZRGWClientException the sZRGW client exception * @throws ConfigurationException the configuration exception */ - public static CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature, String PEPSFiscalNumber) throws SZRGWClientException { - return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, null, signature, null, null, null, null, null, null, null, PEPSFiscalNumber); + public static CreateIdentityLinkResponse getIdentityLink(IRequest pendingReq, String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature, String PEPSFiscalNumber) throws SZRGWClientException { + return getIdentityLink(pendingReq, PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, null, signature, null, null, null, null, null, null, null, PEPSFiscalNumber); } /** @@ -94,11 +95,11 @@ public class SZRGWClientUtils { * @return the identity link * @throws SZRGWClientException the sZRGW client exception */ - public static CreateIdentityLinkResponse getIdentityLink(String eIdentifier, + public static CreateIdentityLinkResponse getIdentityLink(IRequest pendingReq, String eIdentifier, String givenName, String lastName, String dateOfBirth, String gender, String citizenSignature, String representative, String represented, String mandate, String targetType, String targetValue, String oaFriendlyName, List filters, String PEPSFiscalNumber) throws SZRGWClientException { - return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, + return getIdentityLink(pendingReq, eIdentifier, givenName, lastName, dateOfBirth, gender, citizenSignature, representative, represented, mandate, null, null, targetType, targetValue, oaFriendlyName, filters, PEPSFiscalNumber); } @@ -115,19 +116,19 @@ public class SZRGWClientUtils { * @return the identity link * @throws SZRGWClientException */ - public static CreateIdentityLinkResponse getIdentityLink(String citizenSignature, + public static CreateIdentityLinkResponse getIdentityLink(IRequest pendingReq, String citizenSignature, String representative, String represented, String mandateContent, String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, List filters, String PEPSFiscalNumber) throws SZRGWClientException { - return getIdentityLink(null, null, null, null, null, + return getIdentityLink(pendingReq, null, null, null, null, null, citizenSignature, represented, representative, mandateContent, organizationAddress, organizationType, targetType, targetValue, oaFriendlyName, filters, PEPSFiscalNumber); } - public static CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, List filters, String PEPSFiscalNumber) throws SZRGWClientException { + public static CreateIdentityLinkResponse getIdentityLink(IRequest pendingReq, String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, List filters, String PEPSFiscalNumber) throws SZRGWClientException { try { AuthConfiguration authConf = AuthConfigurationProviderFactory.getInstance(); - ConnectionParameterInterface connectionParameters = authConf.getForeignIDConnectionParameter(); + ConnectionParameterInterface connectionParameters = authConf.getForeignIDConnectionParameter(pendingReq.getOnlineApplicationConfiguration()); String requestID = UUID.randomUUID().toString(); SZRGWClient client = new SZRGWClient(connectionParameters); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java index 9d78c348b..6699cc989 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java @@ -62,12 +62,12 @@ public abstract class ConnectionParameter implements ConnectionParameterInterfac public abstract String getClientKeyStorePassword(); - public boolean isHTTPSURL() { - if (MiscUtil.isEmpty(url)) - return false; - else - return url.indexOf("https") == 0; - } +// public boolean isHTTPSURL() { +// if (MiscUtil.isEmpty(url)) +// return false; +// else +// return url.indexOf("https") == 0; +// } public String getUrl() { if (MiscUtil.isEmpty(url)) diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 400b0bc25..89f54d008 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -118,7 +118,7 @@ service.05=Fehler beim Anfragen des Online-Vollmachen Service: {0} / {1} service.06=Allgemeiner Fehler beim Anfragen des Online-Vollmachten Service service.07=Der SZR-Gateway ist unter {0} nicht erreichbar. service.08=Die Eintragung der ausländischen Person am SZR-Gateway ist fehlgeschlagen. -service.09=Der SZR-Gateway Client konnte nicht initialisiert werden. +service.09=Der SZR-Gateway Client konnte nicht initialisiert werden. Ursache:{0} service.10=Die Verwendung des Service {0} ist nicht m\u00f6glich. Ursache: {1} cleaner.00=AuthenticationSessionCleaner wurde gestartet diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java index fa08dcab6..6b51c8683 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java @@ -7,6 +7,7 @@ import java.util.Properties; import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.util.config.EgovUtilPropertiesConfiguration; +import iaik.pki.revocation.RevocationSourceTypes; public interface AuthConfiguration extends ConfigurationProvider{ @@ -46,9 +47,19 @@ public interface AuthConfiguration extends ConfigurationProvider{ public ConnectionParameterInterface getMoaSpConnectionParameter() throws ConfigurationException; - public ConnectionParameterInterface getForeignIDConnectionParameter() throws ConfigurationException; + public ConnectionParameterInterface getForeignIDConnectionParameter(IOAAuthParameters oaParameters) throws ConfigurationException; - public ConnectionParameterInterface getOnlineMandatesConnectionParameter() throws ConfigurationException; + /** + * Get parameters to connect the Online Mandate-Service (MIS) + * + * Use an Online-Application specific MIS instance URL if it exists, + * otherwise use the first entry of the general configuration + * + * @param oaParameters Online-Application configuration, or null if the default service-url should be always used + * @return Connection parameters with OA specific or general information + * @throws ConfigurationException + */ + public ConnectionParameterInterface getOnlineMandatesConnectionParameter(IOAAuthParameters oaParameters) throws ConfigurationException; public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException; @@ -159,4 +170,11 @@ public interface AuthConfiguration extends ConfigurationProvider{ @Deprecated public boolean isHTTPAuthAllowed(); + + /** + * Get the perverted X509 revocation method order for SSL certificate validation + * + * @return Array of {@link RevocationSourceTypes} values + */ + public String[] getRevocationMethodOrder(); } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConnectionParameterInterface.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConnectionParameterInterface.java index 89a21661b..21b07a483 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConnectionParameterInterface.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConnectionParameterInterface.java @@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.commons.api; public interface ConnectionParameterInterface { - public boolean isHTTPSURL(); +// public boolean isHTTPSURL(); public String getUrl(); public String getAcceptedServerCertificates(); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index a221d30e4..6099760e0 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -171,6 +171,10 @@ public class ConfigurationMigrationUtils { } } + //convert selected SZR-GW service + if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL())) + result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL, oa.getSelectedSZRGWServiceURL()); + AuthComponentOA oaauth = oa.getAuthComponentOA(); if (oaauth != null) { @@ -227,7 +231,15 @@ public class ConfigurationMigrationUtils { if (mandateProfiles != null) result.put(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_USE, Boolean.TRUE.toString()); else - result.put(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_USE, Boolean.FALSE.toString()); + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_USE, Boolean.FALSE.toString()); + + + if (MiscUtil.isNotEmpty(mandates.getSelectedMISServiceURL())) + result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_MIS_SERVICE_URL, mandates.getSelectedMISServiceURL()); + + if (MiscUtil.isNotEmpty(mandates.getSelecteELGAServiceURL())) + result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_ELGA_MANDATE_SERVICE_URL, mandates.getSelecteELGAServiceURL()); + } //convert KeyBoxSelector @@ -749,7 +761,9 @@ public class ConfigurationMigrationUtils { dbOA.setEventCodes(oa.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES)); } - + + dbOA.setSelectedSZRGWServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL)); + if (Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE))) { dbOA.setType(MOA_CONFIG_BUSINESSSERVICE); @@ -861,6 +875,9 @@ public class ConfigurationMigrationUtils { dbProfiles.add(el.trim()); mandates.setProfiles(null); + + mandates.setSelectedMISServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_MIS_SERVICE_URL)); + mandates.setSelecteELGAServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_ELGA_MANDATE_SERVICE_URL)); } } else { @@ -1162,6 +1179,13 @@ public class ConfigurationMigrationUtils { public static Map convertHyberJaxBMOAIDConfigToKeyValue(MOAIDConfiguration config) { Map result = new HashMap(); if (config != null) { + + if (MiscUtil.isNotEmpty(config.getElgaMandateServiceURLs())) + result.put(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL, + config.getElgaMandateServiceURLs()); + + + AuthComponentGeneral auth = config.getAuthComponentGeneral(); if (auth != null) { @@ -1483,6 +1507,7 @@ public class ConfigurationMigrationUtils { MOAIDConfiguration dbconfig = new MOAIDConfiguration(); + dbconfig.setElgaMandateServiceURLs(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL)); AuthComponentGeneral dbauth = dbconfig.getAuthComponentGeneral(); if (dbauth == null) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index 7d9fc452a..9fe90daa4 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -49,12 +49,13 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { private static final String STORK = "stork"; private static final String TEMPLATES = "templates"; private static final String INTERFEDERATION = "interfederation"; + private static final String ELGA_MANDATE_SERVICE_URL = "modules.elga_mandate.service.entityID"; private static final String PROTOCOLS = "protocols"; private static final String SAML1 = "saml1"; private static final String PVP2X = "pvp2x"; private static final String OPENID = "openID"; - + private static final String SERVICE_AUTH_TARGET = AUTH + "." + TARGET; private static final String SERVICE_AUTH_TARGET_PUBLIC = SERVICE_AUTH_TARGET + ".public"; private static final String SERVICE_AUTH_TARGET_BUSINESS = SERVICE_AUTH_TARGET + ".business"; @@ -182,7 +183,9 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String SERVICE_REVERSION_LOGS_ENABLED = SERVICE_REVERSION + ".log.enabled"; public static final String SERVICE_REVERSION_LOGS_EVENTCODES = SERVICE_REVERSION + ".log.eventcodes"; - + public static final String SERVICE_EXTERNAL_ELGA_MANDATE_SERVICE_URL = ELGA_MANDATE_SERVICE_URL; + public static final String SERVICE_EXTERNAL_MIS_SERVICE_URL = "modules.mis.service.url"; + public static final String SERVICE_EXTERNAL_SZRGW_SERVICE_URL = "modules.szrgw.service.url"; //Namespaces for general MOA-ID config public static final String GENERAL_PUBLICURLPREFIX = PREFIX_MOAID_GENERAL + ".publicURLPrefix"; @@ -219,6 +222,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String GENERAL_AUTH_SERVICES_SZRGW_URL = GENERAL_AUTH + ".services.szrgw.url"; public static final String GENERAL_AUTH_SERVICES_HVB_URL = GENERAL_AUTH + ".services.hvb.url"; + public static final String GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL = PREFIX_MOAID_GENERAL + "." + ELGA_MANDATE_SERVICE_URL; + public static final String GENERAL_AUTH_SSO_SERVICENAME = GENERAL_AUTH + "." + SSO + ".servicename"; public static final String GENERAL_AUTH_SSO_TARGET = GENERAL_AUTH + "." + SSO + ".target"; public static final String GENERAL_AUTH_SSO_AUTHBLOCK_TEXT = GENERAL_AUTH + "." + SSO + ".authblock.text"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java index 810139c84..c251c7abb 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java @@ -184,6 +184,8 @@ public class MOAIDConfiguration @XmlTransient protected String eventCodes = null; + @XmlTransient + protected String elgaMandateServiceURLs = null; /** @@ -481,11 +483,27 @@ public class MOAIDConfiguration + + public Long getHjid() { return hjid; } /** + * @return the elgaMandateServiceURLs + */ + public String getElgaMandateServiceURLs() { + return elgaMandateServiceURLs; + } + + /** + * @param elgaMandateServiceURLs the elgaMandateServiceURLs to set + */ + public void setElgaMandateServiceURLs(String elgaMandateServiceURLs) { + this.elgaMandateServiceURLs = elgaMandateServiceURLs; + } + + /** * Sets the value of the hjid property. * * @param value diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Mandates.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Mandates.java index a87a6d1f6..58b8972a1 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Mandates.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Mandates.java @@ -17,6 +17,7 @@ import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlType; import org.jvnet.jaxb2_commons.lang.Equals; @@ -70,6 +71,12 @@ public class Mandates protected Long hjid; // protected transient List profileNameItems; + @XmlTransient + protected String selectedMISServiceURL; + + @XmlTransient + protected String selecteELGAServiceURL; + /** * Gets the value of the profiles property. * @@ -145,11 +152,43 @@ public class Mandates + + public Long getHjid() { return hjid; } /** + * @return the selectedMISServiceURL + */ + public String getSelectedMISServiceURL() { + return selectedMISServiceURL; + } + + /** + * @param selectedMISServiceURL the selectedMISServiceURL to set + */ + public void setSelectedMISServiceURL(String selectedMISServiceURL) { + this.selectedMISServiceURL = selectedMISServiceURL; + } + + + + /** + * @return the selecteELGAServiceURL + */ + public String getSelecteELGAServiceURL() { + return selecteELGAServiceURL; + } + + /** + * @param selecteELGAServiceURL the selecteELGAServiceURL to set + */ + public void setSelecteELGAServiceURL(String selecteELGAServiceURL) { + this.selecteELGAServiceURL = selecteELGAServiceURL; + } + + /** * Sets the value of the hjid property. * * @param value diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java index 6a838c261..4aee10bc1 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java @@ -9,12 +9,9 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; -import javax.persistence.Basic; -import javax.persistence.Column; -import javax.persistence.Entity; + import javax.persistence.EnumType; import javax.persistence.Enumerated; -import javax.persistence.Table; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; @@ -23,7 +20,7 @@ import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlType; import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; -import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -33,6 +30,8 @@ import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy; import org.jvnet.jaxb2_commons.locator.ObjectLocator; import org.jvnet.jaxb2_commons.locator.util.LocatorUtils; +import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter; + /** *

Java class for OnlineApplication complex type. @@ -107,8 +106,27 @@ public class OnlineApplication @XmlTransient protected String eventCodes = null; + @XmlTransient + protected String selectedSZRGWServiceURL = null; + + + /** + * @return the selectedSZRGWServiceURL + */ + public String getSelectedSZRGWServiceURL() { + return selectedSZRGWServiceURL; + } + + /** + * @param selectedSZRGWServiceURL the selectedSZRGWServiceURL to set + */ + public void setSelectedSZRGWServiceURL(String selectedSZRGWServiceURL) { + this.selectedSZRGWServiceURL = selectedSZRGWServiceURL; + } + + /** * @return the isRevisionsLogActive */ public Boolean getIsRevisionsLogActive() { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java index add929e1d..bc567e5d2 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java @@ -31,6 +31,8 @@ import java.util.Map; import java.util.Map.Entry; import java.util.Set; +import org.apache.commons.lang3.StringUtils; + import at.gv.egovernment.moa.util.MiscUtil; /** @@ -250,9 +252,9 @@ public class KeyValueUtils { String[] codes = value.split(CSV_DELIMITER); for (String el: codes) { if (normalizedCodes == null) - normalizedCodes = el.trim(); + normalizedCodes = StringUtils.chomp(el.trim()); else - normalizedCodes += "," + el; + normalizedCodes += "," + StringUtils.chomp(el.trim()); } } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index 7cc9df30c..4a28658ff 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -127,7 +127,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask { pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED); // make SZR request to the identity link - CreateIdentityLinkResponse response = SZRGWClientUtils.getIdentityLink(signature); + CreateIdentityLinkResponse response = SZRGWClientUtils.getIdentityLink(pendingReq, signature); if (null != response.getErrorResponse()) { // TODO fix exception parameter diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index c172c3b9c..3f63c207e 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -73,7 +73,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { //get mandates from MIS ConnectionParameterInterface connectionParameters = authConfig - .getOnlineMandatesConnectionParameter(); + .getOnlineMandatesConnectionParameter(pendingReq.getOnlineApplicationConfiguration()); SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( authConfig, connectionParameters); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java index afbb87f10..88560eacf 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java @@ -72,7 +72,8 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //perform default task initialization defaultTaskInitialization(request, executionContext); - ConnectionParameterInterface connectionParameters = authConfig.getOnlineMandatesConnectionParameter(); + ConnectionParameterInterface connectionParameters = + authConfig.getOnlineMandatesConnectionParameter(pendingReq.getOnlineApplicationConfiguration()); SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(authConfig, connectionParameters); // get identitity link as byte[] diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java index fd918c7f4..d65d74c3f 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks; import java.security.NoSuchAlgorithmException; +import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -45,6 +46,8 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServi import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder; @@ -71,9 +74,22 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try{ - // get IDP entityID - String elgaMandateServiceEntityID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID); - + // get IDP entityID from Online Application configuration + String elgaMandateServiceEntityID = pendingReq.getOnlineApplicationConfiguration().getConfigurationValue(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID); + + // use first ELGA Mandate-Service from general MOA-ID configuration, of no OA specific exists + if (MiscUtil.isEmpty(elgaMandateServiceEntityID)) { + Logger.info("No Online-Application specific ELGA Mandate-Service found. Use first entry in general MOA-ID configuration"); + List configuratedEntityIDs = KeyValueUtils.getListOfCSVValues( + authConfig.getConfigurationWithKey( + MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL + "." + + ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID)); + + if (configuratedEntityIDs.size() > 0) + elgaMandateServiceEntityID = configuratedEntityIDs.get(0); + + } + if (MiscUtil.isEmpty(elgaMandateServiceEntityID)) { Logger.info("Connect ELGA Mandate-Service FAILED -> not EntityID found!"); throw new TaskExecutionException(pendingReq, "Connect ELGA Mandate-Service FAILED", @@ -88,7 +104,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { Logger.warn("Use not recommended metadata-provider initialization!" + " SAML2 'Well-Known-Location' is the preferred methode."); Logger.info("Initialize ELGA Mandate-Service metadata-provider with URL:" + metadataURL); - metadataService.initialize(metadataURL); + metadataService.addMetadataWithMetadataURL(metadataURL); } @@ -189,6 +205,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response); //write revisions log entry + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_SERVICE_ENTITYID, elgaMandateServiceEntityID); revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_SERVICE_REQUESTED, moasession.getMandateReferenceValue()); } catch (MetadataProviderException e) { diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java index c9485104b..8153fa2a8 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java @@ -23,14 +23,17 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils; import java.util.List; +import java.util.Timer; import javax.xml.namespace.QName; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; +import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.xml.XMLObject; import org.springframework.beans.factory.annotation.Autowired; @@ -55,58 +58,47 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide @Autowired AuthConfiguration authConfig; - private HTTPMetadataProvider metadataProvider = null; - + private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider(); - public void initialize(String metadataURL) throws MetadataProviderException { - if (metadataProvider == null) { - internalInitialize(metadataURL); - - } else { - Logger.info("ELGA Mandate-Service metadata-provider is already initialized."); - - } + + public ELGAMandateServiceMetadataProvider() { + metadataProvider.setRequireValidMetadata(true); } + + public void addMetadataWithMetadataURL(String metadataURL) throws MetadataProviderException { + internalInitialize(metadataURL); + + } + public void destroy() { + fullyDestroy(); /* (non-Javadoc) * @see org.opensaml.saml2.metadata.provider.MetadataProvider#requireValidMetadata() */ @Override public boolean requireValidMetadata() { - if (metadataProvider == null) { - Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized"); - return false; - - } else return metadataProvider.requireValidMetadata(); + } /* (non-Javadoc) * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setRequireValidMetadata(boolean) */ @Override - public void setRequireValidMetadata(boolean requireValidMetadata) { - if (metadataProvider == null) { - Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized"); - - } else - metadataProvider.setRequireValidMetadata(requireValidMetadata);; - + public void setRequireValidMetadata(boolean requireValidMetadata) { + metadataProvider.setRequireValidMetadata(requireValidMetadata); + } /* (non-Javadoc) * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadataFilter() */ @Override - public MetadataFilter getMetadataFilter() { - if (metadataProvider == null) { - Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized"); - return null; - - } else + public MetadataFilter getMetadataFilter() { return metadataProvider.getMetadataFilter(); + } /* (non-Javadoc) @@ -122,14 +114,9 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadata() */ @Override - public XMLObject getMetadata() throws MetadataProviderException { - if (metadataProvider == null) { - Logger.error("ELGA Mandate-Service metadata-provider is not initialized"); - throw new MetadataProviderException("ELGA Mandate-Service metadata-provider is not initialized"); - - } - + public XMLObject getMetadata() throws MetadataProviderException { return metadataProvider.getMetadata(); + } /* (non-Javadoc) @@ -137,12 +124,8 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide */ @Override public EntitiesDescriptor getEntitiesDescriptor(String name) throws MetadataProviderException { - if (metadataProvider == null) { - Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized"); - throw new MetadataProviderException("ELGA Mandate-Service metadata-provider is not initialized"); - - } else - return metadataProvider.getEntitiesDescriptor(name); + return metadataProvider.getEntitiesDescriptor(name); + } /* (non-Javadoc) @@ -150,9 +133,24 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide */ @Override public EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException { - if (metadataProvider == null) - internalInitialize(entityID); - + try { + //search if metadata is already loaded + EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID); + + if (entityDesc != null) + return entityDesc; + else + Logger.info("No ELGA Mandate-Service: " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access ELGA Mandate-Service: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ELGA Mandate-Service + internalInitialize(entityID); + + //search again after reload (re)initialization try { EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID); if (entityDesc == null) { @@ -174,9 +172,24 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide */ @Override public List getRole(String entityID, QName roleName) throws MetadataProviderException { - if (metadataProvider == null) - internalInitialize(entityID); + try { + //search if metadata is already loaded + List role = metadataProvider.getRole(entityID, roleName); + + if (role != null) + return role; + else + Logger.info("No ELGA Mandate-Service: " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access ELGA Mandate-Service: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ELGA Mandate-Service + internalInitialize(entityID); + //search again after reload (re)initialization return metadataProvider.getRole(entityID, roleName); } @@ -185,23 +198,52 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide */ @Override public RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol) - throws MetadataProviderException { - if (metadataProvider == null) - internalInitialize(entityID); + throws MetadataProviderException { + try { + //search if metadata is already loaded + RoleDescriptor role = metadataProvider.getRole(entityID, roleName, supportedProtocol); + + if (role != null) + return role; + else + Logger.info("No ELGA Mandate-Service: " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access ELGA Mandate-Service: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ELGA Mandate-Service + internalInitialize(entityID); + //search again after reload (re)initialization return metadataProvider.getRole(entityID, roleName, supportedProtocol); } - private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException { - if (metadataProvider == null) { - Logger.info("Initialize PVP MetadataProvider to connect ELGA Mandate-Service"); + private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException { + + //check if metadata with EntityID already exists in chaining metadata provider + boolean addNewMetadata = true; + try { + addNewMetadata = (metadataProvider.getEntityDescriptor(metdataURL) == null); + + } catch (MetadataProviderException e) {} + + //switch between metadata refresh and add new metadata + if (addNewMetadata) { + //Metadata provider seems not loaded --> Add new metadata provider + Logger.info("Initialize PVP MetadataProvider:" + metdataURL + " to connect ELGA Mandate-Service"); String trustProfileID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE); if (MiscUtil.isEmpty(trustProfileID)) { Logger.error("Create ELGA Mandate-Service Client FAILED: No trustProfileID to verify PVP metadata." ); throw new MetadataProviderException("No trustProfileID to verify PVP metadata."); } - + + //initialize Timer if it is null + if (timer == null) + timer = new Timer(true); + //create metadata validation filter chain MetadataFilterChain filter = new MetadataFilterChain(); filter.addFilter(new SchemaValidationFilter(true)); @@ -211,13 +253,41 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide filter, ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING); - if (metadataProvider == null) { + if (idpMetadataProvider == null) { Logger.error("Create ELGA Mandate-Service Client FAILED."); - throw new MetadataProviderException("Can not initialize ELGA Mandate-Service metadaa provider."); + throw new MetadataProviderException("Can not initialize ELGA Mandate-Service metadata provider."); } - metadataProvider.setRequireValidMetadata(true); + idpMetadataProvider.setRequireValidMetadata(true); + metadataProvider.addMetadataProvider(idpMetadataProvider); + + } else { + //Metadata provider seems already loaded --> start refresh process + List loadedProvider = metadataProvider.getProviders(); + for (MetadataProvider el : loadedProvider) { + if (el instanceof HTTPMetadataProvider) { + HTTPMetadataProvider prov = (HTTPMetadataProvider)el; + if (prov.getMetadataURI().equals(metdataURL)) + prov.refresh(); + + } else + Logger.warn("ELGA Metadata provider is not of Type 'HTTPMetadataProvider'! Something is suspect!!!!"); + + } } } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.IDestroyableObject#fullyDestroy() + */ + @Override + public void fullyDestroy() { + if (metadataProvider != null) { + metadataProvider.destroy(); + + } + + + } } -- cgit v1.2.3