From 450d036e56f6e2396bd7be2da244b8cfa5a5801f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 18 Nov 2013 11:28:05 +0100 Subject: X509TrustManager Update --- id/ConfigWebTool/pom.xml | 8 ++++---- id/pom.xml | 2 +- .../auth/.settings/org.eclipse.wst.common.component | 6 ------ id/server/auth/pom.xml | 2 +- id/server/idserverlib/pom.xml | 2 +- .../moa/id/entrypoints/DispatcherServlet.java | 2 +- id/server/moa-id-commons/pom.xml | 2 +- id/server/pom.xml | 2 +- .../proxy/.settings/org.eclipse.wst.common.component | 6 ------ id/server/proxy/pom.xml | 2 +- .../0.3/iaik_X509TrustManager-0.3.jar | Bin 3663 -> 3630 bytes 11 files changed, 11 insertions(+), 23 deletions(-) diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index c847d9026..3ef980bca 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -2,13 +2,13 @@ MOA id - 1.9.96-SNAPSHOT + 1.9.97-SNAPSHOT 4.0.0 MOA.id ConfigurationInterface - 0.9.5 + 0.9.6 war MOA-ID 2.0 Configuration Tool Web based Configuration Tool for MOA-ID 2.x @@ -34,12 +34,12 @@ MOA.id.server moa-id-commons - 1.9.96-SNAPSHOT + 1.9.97-SNAPSHOT MOA.id.server moa-id-lib - 1.9.96-SNAPSHOT + 1.9.97-SNAPSHOT diff --git a/id/pom.xml b/id/pom.xml index 22bbeca65..601b3c3ad 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -9,7 +9,7 @@ 4.0.0 id pom - 1.9.96-SNAPSHOT + 1.9.97-SNAPSHOT MOA ID diff --git a/id/server/auth/.settings/org.eclipse.wst.common.component b/id/server/auth/.settings/org.eclipse.wst.common.component index 40733a1ce..2250777cb 100644 --- a/id/server/auth/.settings/org.eclipse.wst.common.component +++ b/id/server/auth/.settings/org.eclipse.wst.common.component @@ -6,15 +6,9 @@ uses - - uses - uses - - uses - diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index 3423deb79..350087e40 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 1.9.96-SNAPSHOT + 1.9.97-SNAPSHOT 4.0.0 diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index ab1a28091..d65a562f8 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 1.9.96-SNAPSHOT + 1.9.97-SNAPSHOT 4.0.0 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 234641b4a..b4564cef9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -263,7 +263,7 @@ public class DispatcherServlet extends AuthServlet{ for (String el : mapkeys) { IRequest value = protocolRequests.get(el); - if (value.getOAURL().equals(protocolRequest.getOAURL())) { + if (value.getOAURL() != null && value.getOAURL().equals(protocolRequest.getOAURL())) { if(!AuthenticationSessionStoreage.deleteSessionWithPendingRequestID(el)) { Logger.warn(DispatcherServlet.class.getName()+": NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!"); diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 94726fa16..9ec756f85 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 1.9.96-SNAPSHOT + 1.9.97-SNAPSHOT moa-id-commons moa-id-commons diff --git a/id/server/pom.xml b/id/server/pom.xml index a3461e956..0f9531abf 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -4,7 +4,7 @@ MOA id - 1.9.96-SNAPSHOT + 1.9.97-SNAPSHOT 4.0.0 diff --git a/id/server/proxy/.settings/org.eclipse.wst.common.component b/id/server/proxy/.settings/org.eclipse.wst.common.component index e1f55f641..5ef4c6bfe 100644 --- a/id/server/proxy/.settings/org.eclipse.wst.common.component +++ b/id/server/proxy/.settings/org.eclipse.wst.common.component @@ -6,15 +6,9 @@ uses - - uses - uses - - uses - diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml index c7cb9a7c8..212ddda71 100644 --- a/id/server/proxy/pom.xml +++ b/id/server/proxy/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 1.9.96-SNAPSHOT + 1.9.97-SNAPSHOT diff --git a/repository/iaik/prod/iaik_X509TrustManager/0.3/iaik_X509TrustManager-0.3.jar b/repository/iaik/prod/iaik_X509TrustManager/0.3/iaik_X509TrustManager-0.3.jar index 49ad2bf83..2750c5f52 100644 Binary files a/repository/iaik/prod/iaik_X509TrustManager/0.3/iaik_X509TrustManager-0.3.jar and b/repository/iaik/prod/iaik_X509TrustManager/0.3/iaik_X509TrustManager-0.3.jar differ -- cgit v1.2.3 From ae9711c0bf2fab5a52c9ed305cc8d020df2f0041 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 19 Nov 2013 14:00:30 +0100 Subject: test --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 49548eb20..656e37eee 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ pom 2.0 MOA - + ${basedir}/repository -- cgit v1.2.3 From 9b3f7876fe480698d2da970b0b1ca6de0874ec48 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 27 Nov 2013 14:53:10 +0100 Subject: BugFix: @ConfigurationTool: - Set identification types in case of businesses applications (Firmenbuchnummer, Vereinsnummer, ERjBnummer) @ MOA-ID: - Set identification types in case of businesses applications if identification type is empty(Firmenbuchnummer, Vereinsnummer, ERjBnummer) - SAML1 Assertion: hide BaseID only if the BaseID is included - STORK Configuration: Nullpointer exception if not STORK config is found. --- id/ConfigWebTool/.classpath | 1 + id/ConfigWebTool/pom.xml | 1 - .../gv/egovernment/moa/id/configuration/Constants.java | 3 +++ .../id/configuration/struts/action/EditOAAction.java | 13 ++++++++++--- .../auth/.settings/org.eclipse.wst.common.component | 6 ++++++ .../egovernment/moa/id/auth/AuthenticationServer.java | 7 +++++++ .../builder/AuthenticationBlockAssertionBuilder.java | 17 +++++++++++++++-- .../moa/id/auth/builder/PersonDataBuilder.java | 12 +++++++++--- .../moa/id/auth/builder/StartAuthenticationBuilder.java | 2 +- .../moa/id/auth/servlet/GetForeignIDServlet.java | 6 ++++++ .../moa/id/config/auth/AuthConfigurationProvider.java | 5 +++-- .../proxy/.settings/org.eclipse.wst.common.component | 6 ++++++ pom.xml | 2 +- 13 files changed, 68 insertions(+), 13 deletions(-) diff --git a/id/ConfigWebTool/.classpath b/id/ConfigWebTool/.classpath index 5bde2110d..0e6d0b69f 100644 --- a/id/ConfigWebTool/.classpath +++ b/id/ConfigWebTool/.classpath @@ -26,6 +26,7 @@ + diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 3ef980bca..729065ca4 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -39,7 +39,6 @@ MOA.id.server moa-id-lib - 1.9.97-SNAPSHOT diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java index 9dc49bba8..c5ea0acd1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java @@ -47,8 +47,11 @@ public class Constants { public static final String PUBLICSERVICE_URL_POSTFIX = ".gv.at"; public static final String IDENIFICATIONTYPE_FN = "FN"; + public static final String IDENIFICATIONTYPE_FN_TYPE = "Firmenbuchnummer"; public static final String IDENIFICATIONTYPE_ERSB = "ERSB"; + public static final String IDENIFICATIONTYPE_ERSB_TYPE = "ERJPZahl"; public static final String IDENIFICATIONTYPE_ZVR = "ZVR"; + public static final String IDENIFICATIONTYPE_ZVR_TYPE = "Vereinsnummer"; public static final String IDENIFICATIONTYPE_BASEID = "urn:publicid:gv.at:baseid+"; public static final String IDENIFICATIONTYPE_BASEID_FN = IDENIFICATIONTYPE_BASEID + "X" + IDENIFICATIONTYPE_FN; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 04b4da19a..5bde5dd66 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -747,27 +747,34 @@ ServletResponseAware { dboa.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); String num = generalOA.getIdentificationNumber().replaceAll(" ", ""); + String type = null; if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); //num = StringUtils.leftPad(num, 7, '0'); + type = Constants.IDENIFICATIONTYPE_FN_TYPE; } - if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) + if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) { num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); + type = Constants.IDENIFICATIONTYPE_ZVR_TYPE; + } - if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) + if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) { num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); + type = Constants.IDENIFICATIONTYPE_ERSB_TYPE; + } IdentificationNumber idnumber = new IdentificationNumber(); + idnumber.setType(type); idnumber.setValue( Constants.PREFIX_WPBK + generalOA.getIdentificationType() + "+" + num); - + authoa.setIdentificationNumber(idnumber); } diff --git a/id/server/auth/.settings/org.eclipse.wst.common.component b/id/server/auth/.settings/org.eclipse.wst.common.component index 2250777cb..10109d2c2 100644 --- a/id/server/auth/.settings/org.eclipse.wst.common.component +++ b/id/server/auth/.settings/org.eclipse.wst.common.component @@ -6,9 +6,15 @@ uses + + uses + uses + + uses + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index af23d4c78..96fdbef02 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1155,7 +1155,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser( xmlCreateXMLSignatureReadResponse).parseResponse(); + + Element signature = csresp.getDsigSignature(); + + try { + String test = DOMUtils.serializeNode(signature); + + String serializedAssertion = DOMUtils.serializeNode(csresp .getSamlAssertion()); session.setAuthBlock(serializedAssertion); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index f5d603480..3a308f6da 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -190,9 +190,22 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; - //adding type of wbPK domain identifier + //adding type of wbPK domain identifier + + String idtype = oaParam.getIdentityLinkDomainIdentifierType(); + if (MiscUtil.isEmpty(idtype)) { + if (identityLinkType.contains("FN")) + idtype = "Firmenbuchnummer"; + else if (identityLinkType.contains("ZVR")) + idtype = "Vereinsnummer"; + else if (identityLinkType.contains("ERSB")) + idtype = "ERJPZahl"; + else + idtype = "Bereichskennung"; + } + ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute = - new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", idtype, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java index fd5ff6744..5d94d2f16 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java @@ -27,8 +27,11 @@ package at.gv.egovernment.moa.id.auth.builder; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.XPathUtils; @@ -65,9 +68,12 @@ public class PersonDataBuilder { try { Element prPerson = (Element)identityLink.getPrPerson().cloneNode(true); - if (! provideStammzahl) { - Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification/pr:Value"); - //remove IdentificationValue + + Node prType = XPathUtils.selectSingleNode(prPerson, "pr:Identification/pr:Type"); + + if (! provideStammzahl && + Constants.URN_PREFIX_BASEID.equals(prType.getFirstChild().getNodeValue())) { + Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification/pr:Value"); prIdentification.getFirstChild().setNodeValue(""); } String xmlString = DOMUtils.serializeNode(prPerson); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java index 3bc152ec8..91040dde2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java @@ -36,7 +36,7 @@ public class StartAuthenticationBuilder { Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc())); // STORK or normal authentication - if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { + if (storkConfig != null && storkConfig.isSTORKAuthentication(moasession.getCcc())) { //STORK authentication Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); Logger.debug("Starting STORK authentication"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 222faec37..07d006bc2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -156,9 +156,15 @@ public class GetForeignIDServlet extends AuthServlet { try { session.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature)); + + //String test = DOMUtils.serializeNode(signature); + } catch (CertificateException e) { Logger.error("Could not extract certificate from CreateXMLSignatureResponse"); throw new MOAIDException("auth.14", null); +// } catch (TransformerException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); } // make SZR request to the identity link diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 304771edf..9c2797c36 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -428,12 +428,13 @@ public class AuthConfigurationProvider extends ConfigurationProvider { //build STORK Config AuthComponentGeneral auth = getAuthComponentGeneral(); + ForeignIdentities foreign = auth.getForeignIdentities(); if (foreign == null ) { Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); - } else - storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir); + } //else + //storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir); //load Chaining modes diff --git a/id/server/proxy/.settings/org.eclipse.wst.common.component b/id/server/proxy/.settings/org.eclipse.wst.common.component index 5ef4c6bfe..5b7986017 100644 --- a/id/server/proxy/.settings/org.eclipse.wst.common.component +++ b/id/server/proxy/.settings/org.eclipse.wst.common.component @@ -6,9 +6,15 @@ uses + + uses + uses + + uses + diff --git a/pom.xml b/pom.xml index 656e37eee..6e8e12014 100644 --- a/pom.xml +++ b/pom.xml @@ -186,7 +186,7 @@ MOA.id.server moa-id-lib - 1.9.96-SNAPSHOT + 1.9.97-SNAPSHOT compile -- cgit v1.2.3 From c582412bc8d1ffcd9a2428b69fa7e4e8fb1f3c4f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 11 Dec 2013 15:43:02 +0100 Subject: @PVP2 --also allow a EntityDescriptor element as root element in metadata files --some adjustments in the PVP Assertion to make it SAML2 standard compliant @MOA-ID-Auth --improve SZR-Gateway client error handling --- .../moa/id/auth/AuthenticationServer.java | 51 +++++++++++----------- .../servlet/GenerateIFrameTemplateServlet.java | 18 ++++---- .../moa/id/auth/servlet/LogOutServlet.java | 16 +++---- .../moa/id/auth/stork/STORKResponseProcessor.java | 6 +++ .../id/config/auth/AuthConfigurationProvider.java | 11 +++-- .../builder/assertion/PVP2AssertionBuilder.java | 21 +++++++-- .../pvp2x/requestHandler/AuthnRequestHandler.java | 14 +++++- .../verification/MetadataSignatureFilter.java | 6 ++- .../resources/properties/id_messages_de.properties | 3 +- 9 files changed, 93 insertions(+), 53 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 96fdbef02..014a9ec03 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1695,37 +1695,36 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @param signature XMLDSIG signature * @return Identity link assertion * @throws SZRGWClientException + * @throws ConfigurationException */ - public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException { + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException, ConfigurationException { SZRGWClient client = new SZRGWClient(); - try { - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); - - client.setAddress(connectionParameters.getUrl()); - if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { - Logger.debug("Initialisiere SSL Verbindung"); - try { - client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); - } catch (IOException e) { - Logger.error("Could not initialize SSL Factory", e); - throw new SZRGWClientException("Could not initialize SSL Factory"); - } catch (GeneralSecurityException e) { - Logger.error("Could not initialize SSL Factory", e); - throw new SZRGWClientException("Could not initialize SSL Factory"); - } catch (PKIException e) { - Logger.error("Could not initialize SSL Factory", e); - throw new SZRGWClientException("Could not initialize SSL Factory"); - } - } + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); + + client.setAddress(connectionParameters.getUrl()); + if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { + Logger.debug("Initialisiere SSL Verbindung"); + try { + client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); + + } catch (IOException e) { + Logger.error("Could not initialize SSL Factory", e); + throw new SZRGWClientException("Could not initialize SSL Factory"); + + } catch (GeneralSecurityException e) { + Logger.error("Could not initialize SSL Factory", e); + throw new SZRGWClientException("Could not initialize SSL Factory"); + + } catch (PKIException e) { + Logger.error("Could not initialize SSL Factory", e); + throw new SZRGWClientException("Could not initialize SSL Factory"); + } + } + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); - } - catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); - } // create request CreateIdentityLinkResponse response = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index 98ef78d53..eaa6ac1ae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -32,16 +32,16 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { private static final long serialVersionUID = 1L; public void init(ServletConfig servletConfig) throws ServletException { - try { +// try { super.init(servletConfig); - MOAIDAuthInitializer.initialize(); - Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding")); - Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); - } - catch (Exception ex) { - Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); - throw new ServletException(ex); - } +// MOAIDAuthInitializer.initialize(); +// Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding")); +// Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); +// } +// catch (Exception ex) { +// Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); +// throw new ServletException(ex); +// } } protected void doGet(HttpServletRequest req, HttpServletResponse resp) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index 9c72cfff2..ff8265ac3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -101,15 +101,15 @@ public class LogOutServlet extends AuthServlet { * @see javax.servlet.Servlet#init(ServletConfig) */ public void init(ServletConfig servletConfig) throws ServletException { - try { +// try { super.init(servletConfig); - MOAIDAuthInitializer.initialize(); - Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); - } - catch (Exception ex) { - Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); - throw new ServletException(ex); - } +// MOAIDAuthInitializer.initialize(); +// Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); +// } +// catch (Exception ex) { +// Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); +// throw new ServletException(ex); +// } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index a87e9a8c0..c0626e84a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -35,6 +35,7 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DateTimeUtils; @@ -348,9 +349,14 @@ public class STORKResponseProcessor { } catch (SZRGWClientException e) { Logger.error("Error connecting SZR-Gateway: ", e); throw new STORKException("Error connecting SZR-Gateway: ", e); + } catch (ParseException e) { Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); throw new STORKException("Error parsing IdentityLink received from SZR-Gateway: ", e); + + } catch (ConfigurationException e) { + Logger.error("Error connecting SZR-Gateway: ", e); + throw new STORKException("Error connecting SZR-Gateway: ", e); } return identityLink; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 9c2797c36..3654ae424 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -417,15 +417,17 @@ public class AuthConfigurationProvider extends ConfigurationProvider { public synchronized void reloadDataBaseConfig() throws ConfigurationException { - Logger.info("Read MOA-ID 2.0 configuration from database."); + Logger.info("Read MOA-ID 2.x configuration from database."); moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); - Logger.info("MOA-ID 2.0 is loaded."); if (moaidconfig == null) { Logger.warn("NO MOA-ID configuration found."); throw new ConfigurationException("config.18", null); } - + + Logger.debug("MOA-ID 2.x configuration is loaded from database."); + Logger.info("MOA-ID 2.x starts initialization process ..."); + //build STORK Config AuthComponentGeneral auth = getAuthComponentGeneral(); @@ -778,6 +780,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider { * @throws ConfigurationException */ public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException { + if (ForeignIDConnectionParameter == null) + throw new ConfigurationException("config.20", null); + return ForeignIDConnectionParameter; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 5e8206739..f21567245 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -21,6 +21,7 @@ import org.opensaml.saml2.core.RequestedAuthnContext; import org.opensaml.saml2.core.Subject; import org.opensaml.saml2.core.SubjectConfirmation; import org.opensaml.saml2.core.SubjectConfirmationData; +import org.opensaml.saml2.metadata.AssertionConsumerService; import org.opensaml.saml2.metadata.AttributeConsumingService; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.NameIDFormat; @@ -42,6 +43,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; @@ -293,7 +295,16 @@ public class PVP2AssertionBuilder implements PVPConstants { .createSAMLObject(SubjectConfirmationData.class); subjectConfirmationData.setInResponseTo(authnRequest.getID()); subjectConfirmationData.setNotOnOrAfter(new DateTime().plusMinutes(20)); - subjectConfirmationData.setRecipient(peerEntity.getEntityID()); + + //TL: change from entityID to destination URL + AssertionConsumerService consumerService = spSSODescriptor + .getAssertionConsumerServices().get(idx); + + if (consumerService == null) { + throw new InvalidAssertionConsumerServiceException(idx); + } + + subjectConfirmationData.setRecipient(consumerService.getLocation()); subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData); @@ -303,7 +314,7 @@ public class PVP2AssertionBuilder implements PVPConstants { AudienceRestriction audienceRestriction = SAML2Utils .createSAMLObject(AudienceRestriction.class); Audience audience = SAML2Utils.createSAMLObject(Audience.class); - + audience.setAudienceURI(peerEntity.getEntityID()); audienceRestriction.getAudiences().add(audience); conditions.setNotBefore(new DateTime()); @@ -316,8 +327,12 @@ public class PVP2AssertionBuilder implements PVPConstants { assertion.setConditions(conditions); Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - issuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); + + //TODO: check! + //change to entity value from entity name to IDP EntityID (URL) + issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); issuer.setFormat(NameID.ENTITY); + assertion.setIssuer(issuer); assertion.setSubject(subject); assertion.setID(SAML2Utils.getSecureIdentifier()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 1d494c512..fec21df9e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -1,8 +1,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; +import java.util.Date; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.joda.time.DateTime; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.AuthnRequest; @@ -51,10 +54,19 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); - nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); + + //TODO: check! + //change to entity value from entity name to IDP EntityID (URL) + nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + //nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); nissuer.setFormat(NameID.ENTITY); + authResponse.setIssuer(nissuer); authResponse.setInResponseTo(authnRequest.getID()); + + //SAML2 response required IssueInstant + authResponse.setIssueInstant(new DateTime()); + authResponse.getAssertions().add(assertion); authResponse.setStatus(SAML2Utils.getSuccessStatus()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java index e9d41b7ee..e85d87aa3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java @@ -91,10 +91,12 @@ public class MetadataSignatureFilter implements MetadataFilter { throw new MOAIDException("Root element of metadata file has to be signed", null); } processEntitiesDescriptor(entitiesDescriptor); - } /*else if (metadata instanceof EntityDescriptor) { + + } else if (metadata instanceof EntityDescriptor) { EntityDescriptor entityDescriptor = (EntityDescriptor) metadata; processEntityDescriptorr(entityDescriptor); - } */else { + + } else { throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null); } diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 6b664f692..afe14daee 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -66,7 +66,8 @@ config.15=Das Personenbindungs-Trust-Profil (TrustProfileID \= {0}) darf nicht f config.16=MOA ID Proxy konnte nicht gestartet werden. Das Element ConnnectionParameter im allgemeinen Konfigurationsteil der MOA-ID-PROXY Konfigurationsdatei fehlt. config.17=Fehler beim initialisieren von Hibernate config.18=Keine MOA-ID 2.x Konfiguration gefunden. -config.19=Kein Schl?ssel f\u00FCr die Resignierung der Personenbindung gefunden. +config.19=Kein Schl?ssel f\u00FCr die Resignierung der Personenbindung gefunden. +config.20=SZR-Gateway ist nicht konfiguriert. Anmeldung f\u00FCr ausl\u00E4ndische Personen nicht m\u00F6glich. parser.00=Leichter Fehler beim Parsen: {0} parser.01=Fehler beim Parsen: {0} -- cgit v1.2.3 From 351f8be591412e124b6d578c1afd3f72f3c25d8f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 17 Dec 2013 08:28:00 +0100 Subject: n --- .../java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java | 3 --- 1 file changed, 3 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index b4564cef9..225ecb2a2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -423,9 +423,6 @@ public class DispatcherServlet extends AuthServlet{ moasession = AuthenticationSessionStoreage.getSession(moasessionID); moasessionID = AuthenticationSessionStoreage.changeSessionID(moasession); } - - - } String assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession); -- cgit v1.2.3