From 4795b273bb734f04056babe963d8588ffbf50fb0 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 21 Jul 2015 15:30:40 +0200 Subject: fix MOA-ID-Auth problems --- .../task/impl/ServicesReversionLogTask.java | 162 +++++++++++++++++++++ .../moa-id-configuration/userdatabase.properties | 14 ++ .../data/deploy/conf/moa-id/logback_config.xml | 71 +++++++++ .../moa/id/auth/MOAIDAuthInitializer.java | 3 +- .../moa/id/config/auth/OAAuthParameter.java | 21 ++- .../moa/id/entrypoints/DispatcherServlet.java | 2 +- .../moa/id/moduls/AuthenticationManager.java | 28 ++-- .../protocols/pvp2x/config/PVPConfiguration.java | 5 +- .../pvp2x/metadata/MOAMetadataProvider.java | 59 ++++++-- .../main/resources/moaid.configuration.beans.xml | 15 +- .../resources/properties/id_messages_de.properties | 3 +- .../protocol_response_statuscodes_de.properties | 1 + .../egovernment/moa/id/commons/MOAIDConstants.java | 4 +- .../moa/id/commons/config/ConfigurationUtil.java | 2 +- .../config/MOAIDConfigurationConstants.java | 6 +- .../config/persistence/MOAIDConfigurationImpl.java | 4 +- .../moa/id/commons/utils/KeyValueUtils.java | 24 +++ .../src/main/resources/configuration.beans.xml | 34 ----- .../src/main/resources/moaid.migration.beans.xml | 13 +- 19 files changed, 392 insertions(+), 79 deletions(-) create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesReversionLogTask.java create mode 100644 id/server/data/deploy/conf/moa-id-configuration/userdatabase.properties create mode 100644 id/server/data/deploy/conf/moa-id/logback_config.xml diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesReversionLogTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesReversionLogTask.java new file mode 100644 index 000000000..da441de4b --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesReversionLogTask.java @@ -0,0 +1,162 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; +import java.util.regex.Pattern; + +import org.apache.commons.lang.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesReversionLogTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesReversionLogTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return MOAIDConfigurationConstants.SERVICE_REVERSION; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - Reversion Logging Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + Map newConfigValues = new HashMap(); + + String eventCodes = input.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES); + if (MiscUtil.isNotEmpty(eventCodes)) { + newConfigValues.put(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES, + KeyValueUtils.normalizeCSVValueString(eventCodes)); + + } + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + String isEnabled = input.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_ENABLED); + String eventCodes = input.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES); + + if (Boolean.parseBoolean(isEnabled) && MiscUtil.isEmpty(eventCodes)) { + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_ENABLED, + "Reversion - Logger Enabled", + LanguageHelper.getErrorString("error.oa.reversion.log.enabled"))); + + } + + if (MiscUtil.isNotEmpty(eventCodes)) { + String[] codes = eventCodes.split(","); + for (String el: codes) { + try { + Integer.parseInt(el.trim()); + + } catch (NumberFormatException e) { + log.info("", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES, + "Reversion - Logger Enabled", + LanguageHelper.getErrorString("error.oa.reversion.log.eventcodes"))); + break; + + } + + } + + } + + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List getModulValidatorPrefix() { + return Arrays.asList( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA + ); + } + +} diff --git a/id/server/data/deploy/conf/moa-id-configuration/userdatabase.properties b/id/server/data/deploy/conf/moa-id-configuration/userdatabase.properties new file mode 100644 index 000000000..6e03d3c12 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id-configuration/userdatabase.properties @@ -0,0 +1,14 @@ +#Auto generated configuration file. +#Fri Jul 17 11:09:29 CEST 2015 +users.0.surname=Administrator +users.0.roles.0.id=0 +roles.0.name=Administrators +users=User List +users.0.__LI.0=users +users.0.roles.0.isMember=true +roles.0.id=0 +roles=Role List +users.0.id=0 +users.0.roles.0.name=Administrators +users.0.firstname=Administrator +roles.0.__LI.0=roles diff --git a/id/server/data/deploy/conf/moa-id/logback_config.xml b/id/server/data/deploy/conf/moa-id/logback_config.xml new file mode 100644 index 000000000..c00e62e52 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/logback_config.xml @@ -0,0 +1,71 @@ + + + + + + + + + + + + + + + + ${catalina.base}/logs/moa-id.log + + %5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n + + + 1 + ${catalina.base}/logs/moa-id.log.%i + + + 10000KB + + + + + + + + ${catalina.base}/logs/moa-id-webgui.log + + %5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n + + + 1 + ${catalina.base}/logs/moa-id-webgui.log.%i + + + 10000KB + + + + + %5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} |%20.20c | %10t | %m%n + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 65e3b10d7..e1086bbd1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -22,6 +22,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider; import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.SSLUtils; @@ -174,7 +175,7 @@ public class MOAIDAuthInitializer { System.exit(-1); } - + // Starts the session cleaner thread to remove unpicked authentication data AuthenticationSessionCleaner.start(); AuthConfigLoader.start(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 9386330cc..987603227 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -865,7 +865,26 @@ public boolean isRemovePBKFromAuthBlock() { */ @Override public List getReversionsLoggingEventCodes() { - // TODO Auto-generated method stub + String isEnabled = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_ENABLED); + if (MiscUtil.isNotEmpty(isEnabled) && Boolean.parseBoolean(isEnabled)) { + String eventCodes = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES); + if (MiscUtil.isNotEmpty(eventCodes)) { + String[] codes = eventCodes.split(","); + List result = new ArrayList(); + for (String el : codes) { + try { + result.add(Integer.valueOf(el.trim())); + + } catch (NumberFormatException e) { + Logger.warn("EventCode can not parsed to Integer.", e); + + } + } + if (!result.isEmpty()) + return result; + + } + } return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 5584e8ca6..45eecec84 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -311,7 +311,7 @@ public class DispatcherServlet extends AuthServlet{ MiscUtil.isNotEmpty(protocolRequest.getRequestID())) { OAAuthParameter oaParams = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); - if (oaParams.isSTORKPVPGateway() || !oaParams.isPerformLocalAuthenticationOnInterfederationError()) { + if (!oaParams.isPerformLocalAuthenticationOnInterfederationError()) { // -> send end error to service provider Logger.info("Federated authentication for entity " + protocolRequest.getOAURL() + " FAILED. Sending error message to service provider."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 06b55fb66..f3c40707e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -400,18 +400,22 @@ public class AuthenticationManager extends MOAIDAuthConstants { Logger.debug("Build PVP 2.1 authentication request"); //get IDP metadata - try { - OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getRequestedIDP()); - OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getOAURL()); + + OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getRequestedIDP()); + OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getOAURL()); - if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) { - Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation."); - Logger.info("Switch to local authentication on this IDP ... "); - perfomLocalAuthentication(request, response, target); - return; + if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) { + Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation."); + Logger.debug("isInderfederationIDP:" + String.valueOf(idp.isInderfederationIDP()) + + " isInboundSSOAllowed:" + String.valueOf(idp.isInboundSSOInterfederationAllowed())); + Logger.info("Switch to local authentication on this IDP ... "); + + perfomLocalAuthentication(request, response, target); + return; - } + } + try { EntityDescriptor idpEntity = MOAMetadataProvider.getInstance(). getEntityDescriptor(target.getRequestedIDP()); @@ -556,7 +560,11 @@ public class AuthenticationManager extends MOAIDAuthConstants { if (requiredLocalAuthentication) { Logger.info("Switch to local authentication on this IDP ... "); - perfomLocalAuthentication(request, response, target); + if (idp.isPerformLocalAuthenticationOnInterfederationError()) + perfomLocalAuthentication(request, response, target); + + else + throw new AuthenticationException("auth.29", new String[]{target.getRequestedIDP()}); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index de58c34a1..87a63a8a0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -115,10 +115,7 @@ public class PVPConfiguration { //generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig(); props = AuthConfigurationProviderFactory.getInstance().getGeneralPVP2ProperiesConfig(); rootDir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); - - //load PVP2X metadata for all active online applications - MOAMetadataProvider.getInstance(); - + } catch (ConfigurationException e) { e.printStackTrace(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 389b9825f..824c9be0b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -26,14 +26,11 @@ import java.io.IOException; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Collection; -import java.util.Collections; -import java.util.Date; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Map.Entry; -import java.util.concurrent.CopyOnWriteArrayList; import java.util.Timer; import javax.net.ssl.SSLHandshakeException; @@ -49,7 +46,6 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider; -import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider.Observer; import org.opensaml.xml.XMLObject; import org.opensaml.xml.parse.BasicParserPool; @@ -74,7 +70,6 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{ private static MOAMetadataProvider instance = null; private static Object mutex = new Object(); - private List observers; public static MOAMetadataProvider getInstance() { @@ -338,8 +333,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{ Logger.warn("MetadataProvider can not be destroyed."); } } - - this.observers = Collections.emptyList(); + instance = null; } else { Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy"); @@ -348,14 +342,12 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{ private MOAMetadataProvider() { ChainingMetadataProvider chainProvider = new ChainingMetadataProvider(); - this.observers = new CopyOnWriteArrayList(); Logger.info("Loading metadata"); Map providersinuse = new HashMap(); try { - //TODO: database search does not work!!!!! Map allOAs = AuthConfigurationProviderFactory.getInstance().getConfigurationWithWildCard( - MOAIDConfigurationConstants.PREFIX_SERVICES + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + ".%." + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); @@ -373,7 +365,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{ try { String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); - if (MiscUtil.isNotEmpty(certBase64) || MiscUtil.isNotEmpty(metadataurl)) { + if (MiscUtil.isNotEmpty(certBase64) && MiscUtil.isNotEmpty(metadataurl)) { byte[] cert = Base64Utils.decode(certBase64, false); @@ -543,14 +535,53 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{ return internalProvider.getMetadata(); } - public EntitiesDescriptor getEntitiesDescriptor(String name) + public EntitiesDescriptor getEntitiesDescriptor(String entitiesID) throws MetadataProviderException { - return internalProvider.getEntitiesDescriptor(name); + EntitiesDescriptor entitiesDesc = null; + try { + entitiesDesc = internalProvider.getEntitiesDescriptor(entitiesID); + + if (entitiesDesc == null) { + Logger.debug("Can not find PVP metadata for entityID: " + entitiesID + + " Start refreshing process ..."); + if (refreshMetadataProvider(entitiesID)) + return internalProvider.getEntitiesDescriptor(entitiesID); + + } + + } catch (MetadataProviderException e) { + Logger.debug("Can not find PVP metadata for entityID: " + entitiesID + + " Start refreshing process ..."); + if (refreshMetadataProvider(entitiesID)) + return internalProvider.getEntitiesDescriptor(entitiesID); + + } + + return entitiesDesc; } public EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException { - return internalProvider.getEntityDescriptor(entityID); + EntityDescriptor entityDesc = null; + try { + entityDesc = internalProvider.getEntityDescriptor(entityID); + if (entityDesc == null) { + Logger.debug("Can not find PVP metadata for entityID: " + entityID + + " Start refreshing process ..."); + if (refreshMetadataProvider(entityID)) + return internalProvider.getEntityDescriptor(entityID); + + } + + } catch (MetadataProviderException e) { + Logger.debug("Can not find PVP metadata for entityID: " + entityID + + " Start refreshing process ..."); + if (refreshMetadataProvider(entityID)) + return internalProvider.getEntityDescriptor(entityID); + + } + + return entityDesc; } public List getRole(String entityID, QName roleName) diff --git a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml index f2b2f5adf..206fde87d 100644 --- a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml +++ b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml @@ -19,13 +19,22 @@ - + + + + + + + + + + - - + + diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index f5f9f5979..aca37f072 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -44,8 +44,9 @@ auth.23=Das BKU-Selektion Template entspricht nicht der Spezifikation von MOA-ID auth.24=Das Send-Assertion Template entspricht nicht der Spezifikation von MOA-ID 2.x. auth.25=Fehler beim validieren der SZR-Gateway Response. auth.26=SessionID unbekannt. -auth.27=Federated authentication FAILED. +auth.27=Federated authentication FAILED! Assertion from {0} IDP is not valid. auth.28=Transaktion {0} kann nicht weitergef\u00FChrt werden. Wahrscheinlich wurde ein TimeOut erreicht. +auth.29=Federated authentication FAILED! Can not build authentication request for IDP {0} init.00=MOA ID Authentisierung wurde erfolgreich gestartet init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index 79d6d5eef..fa332f0c7 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -26,6 +26,7 @@ auth.25=1109 auth.26=1100 auth.27=4401 auth.28=1100 +auth.29=4401 init.00=9199 init.01=9199 diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java index e084c07e5..b97813681 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java @@ -81,8 +81,8 @@ public class MOAIDConstants { ALLOWED_WBPK_PREFIXES = Collections.unmodifiableList(awbpk); List keyboxIDs = new ArrayList(); - awbpk.add(KEYBOXIDENTIFIER_SECURE); - awbpk.add(KEYBOXIDENTIFIER_CERTIFIED); + keyboxIDs.add(KEYBOXIDENTIFIER_SECURE); + keyboxIDs.add(KEYBOXIDENTIFIER_CERTIFIED); ALLOWED_KEYBOXIDENTIFIER = Collections.unmodifiableList(keyboxIDs); List redirectTargets = new ArrayList(); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java index 762ae44a0..a9d8d92da 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java @@ -52,7 +52,7 @@ public class ConfigurationUtil { try (FileOutputStream outStream = new FileOutputStream(outFile);) { // get config from xml file - JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); + JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config.deprecated"); Unmarshaller m = jc.createUnmarshaller(); MOAIDConfiguration config = (MOAIDConfiguration) m.unmarshal(inStream); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index bd5c9e73c..ad34360d8 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -112,8 +112,7 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String SERVICE_AUTH_MANDATES_OVS_PROFILES = SERVICE_AUTH_MANDATES_OVS + ".profiles"; public static final String SERVICE_AUTH_MANDATES_HVB = SERVICE_AUTH_MANDATES + ".hvb"; public static final String SERVICE_AUTH_MANDATES_HVB_USE = SERVICE_AUTH_MANDATES_HVB + ".use"; - - + public static final String SERVICE_AUTH_FOREIGNBPK = AUTH + "." + FOREIGNBPK; public static final String SERVICE_AUTH_FOREIGNBPK_DECRYPT = SERVICE_AUTH_FOREIGNBPK + ".decrypt"; public static final String SERVICE_AUTH_FOREIGNBPK_DECRYPT_IV = SERVICE_AUTH_FOREIGNBPK_DECRYPT + ".iv"; @@ -175,7 +174,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String SERVICE_INTERFEDERATION_FORWARD_PROTOCOL = INTERFEDERATION + ".forward.protocol"; public static final String SERVICE_REVERSION = "reversion"; - public static final String SERVICE_REVERSION_EVENTCODES = SERVICE_REVERSION + ".eventcodes"; + public static final String SERVICE_REVERSION_LOGS_ENABLED = SERVICE_REVERSION + ".log.enabled"; + public static final String SERVICE_REVERSION_LOGS_EVENTCODES = SERVICE_REVERSION + ".log.eventcodes"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java index 805bcb33e..20e2ba598 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java @@ -144,7 +144,7 @@ public class MOAIDConfigurationImpl extends DatabaseConfigPropertyImpl implement //load all online application key/value pairs from database String oaType = KeyValueUtils.getFirstChildAfterPrefix(oaIdKey, MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); String oaKey = KeyValueUtils.getPrefixFromKey(oaIdKey, MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); - + TypedQuery oaConfigQuery = em.createQuery("select dbconfig from ConfigProperty dbconfig where dbconfig.key like :key", ConfigProperty.class); oaConfigQuery.setParameter("key", oaKey + ".%"); List oaConfigResult = oaConfigQuery.getResultList(); @@ -157,7 +157,7 @@ public class MOAIDConfigurationImpl extends DatabaseConfigPropertyImpl implement //build key/value configuration map from database entries Map result = getKeyValueFromDatabaseDAO( - oaConfigResult.iterator(), oaKey, true); + oaConfigResult.iterator(), oaKey, true); result.put(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES, oaType); return result; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java index f20647fb0..04eb30f72 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java @@ -227,4 +227,28 @@ public class KeyValueUtils { return findNextFreeListCounter((String[]) keySet.toArray(), listPrefix); } + + /** + * Normalize a CSV encoded list of value of an key/value pair + * + * This method removes all whitespace at the begin or the + * end of CSV values + * + * @param value CSV encoded input data + * @return normalized CSV encoded data or null if {value} is null or empty + */ + public static String normalizeCSVValueString(String value) { + String normalizedCodes = null; + if (MiscUtil.isNotEmpty(value)) { + String[] codes = value.split(","); + for (String el: codes) { + if (normalizedCodes == null) + normalizedCodes = el.trim(); + else + normalizedCodes += "," + el; + + } + } + return normalizedCodes; + } } diff --git a/id/server/moa-id-commons/src/main/resources/configuration.beans.xml b/id/server/moa-id-commons/src/main/resources/configuration.beans.xml index 775d02d05..4d3caea8c 100644 --- a/id/server/moa-id-commons/src/main/resources/configuration.beans.xml +++ b/id/server/moa-id-commons/src/main/resources/configuration.beans.xml @@ -11,44 +11,10 @@ - - - - - - - - - - - - - - - diff --git a/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml b/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml index a0923c03f..3bd122254 100644 --- a/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml +++ b/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml @@ -21,13 +21,22 @@ - + + + + + + + + + + - + -- cgit v1.2.3