From a58636545b497bc9ff5e2ffa6cf230dc75cc19bc Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 14 May 2014 14:25:48 +0200 Subject: add additional errorcodes to protcols --- .../moa/id/auth/AuthenticationServer.java | 190 +++++++++++---------- .../moa/id/auth/data/AuthenticationSession.java | 62 +++---- .../moa/id/auth/exception/BKUException.java | 10 -- .../auth/exception/MISSimpleClientException.java | 9 +- .../id/auth/servlet/GetMISSessionIDServlet.java | 11 +- .../servlet/VerifyAuthenticationBlockServlet.java | 75 +------- .../moa/id/auth/validator/parep/ParepUtils.java | 42 ++--- .../moa/id/protocols/oauth20/OAuth20Constants.java | 2 + .../exceptions/OAuth20OANotSupportedException.java | 44 +++++ .../exceptions/OAuth20ServerErrorException.java | 2 +- .../oauth20/protocol/OAuth20BaseRequest.java | 3 +- .../oauth20/protocol/OAuth20Protocol.java | 20 ++- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 23 ++- .../builder/assertion/PVP2AssertionBuilder.java | 4 +- .../InvalidAssertionEncryptionException.java | 2 +- .../pvp2x/exceptions/NoAuthContextException.java | 39 ----- .../pvp2x/exceptions/PVP2EncodingException.java | 40 ----- .../pvp2x/metadata/MOAMetadataProvider.java | 9 +- .../saml1/GetAuthenticationDataService.java | 14 +- .../moa/id/util/ErrorResponseUtils.java | 103 +++++++++++ .../id/util/client/mis/simple/MISSimpleClient.java | 33 ++-- .../resources/properties/id_messages_de.properties | 14 +- .../protocol_response_statuscodes.properties | 180 +++++++++++++++++++ 23 files changed, 564 insertions(+), 367 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java create mode 100644 id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes.properties diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index b05c1494a..ff33c37ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -315,12 +315,18 @@ public class AuthenticationServer implements MOAIDAuthConstants { appletwidth = StringEscapeUtils.escapeHtml(appletwidth); - //TODO: cleanup before MOA-ID 2.1 release - String htmlForm = new GetIdentityLinkFormBuilder().build(template, - session.getBkuURL(), infoboxReadRequest, dataURL, null, - null, pushInfobox, oaParam, appletheigth, appletwidth); - - return htmlForm; + //TODO: cleanup before MOA-ID 2.1 release + try { + String htmlForm = new GetIdentityLinkFormBuilder().build(template, + session.getBkuURL(), infoboxReadRequest, dataURL, null, + null, pushInfobox, oaParam, appletheigth, appletwidth); + + return htmlForm; + + } catch (BuildException e) { + throw new BuildException("builder.07", null, e); + + } } /** @@ -525,16 +531,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { } catch (SAXException e) { - throw new AuthenticationException("auth.16", + throw new AuthenticationException("auth.15", new Object[]{GET_MIS_SESSIONID}, e); } catch (IOException e) { - throw new AuthenticationException("auth.16", + throw new AuthenticationException("auth.15", new Object[]{GET_MIS_SESSIONID}, e); } catch (ParserConfigurationException e) { - throw new AuthenticationException("auth.16", + throw new AuthenticationException("auth.15", new Object[]{GET_MIS_SESSIONID}, e); } catch (TransformerException e) { - throw new AuthenticationException("auth.16", + throw new AuthenticationException("auth.15", new Object[]{GET_MIS_SESSIONID}, e); } @@ -554,9 +560,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam) throws ConfigurationException, BuildException, ValidateException { - // check for intermediate processing of the infoboxes - if (session.isValidatorInputPending()) - return "Redirect to Input Processor"; +// // check for intermediate processing of the infoboxes +// if (session.isValidatorInputPending()) +// return "Redirect to Input Processor"; if (authConf == null) authConf = AuthConfigurationProvider.getInstance(); @@ -612,9 +618,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam, X509Certificate cert) throws ConfigurationException { - // check for intermediate processing of the infoboxes - if (session.isValidatorInputPending()) - return "Redirect to Input Processor"; +// // check for intermediate processing of the infoboxes +// if (session.isValidatorInputPending()) +// return "Redirect to Input Processor"; if (authConf == null) authConf = AuthConfigurationProvider.getInstance(); @@ -1239,44 +1245,44 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw e; } - // post processing of the infoboxes - Iterator iter = session.getInfoboxValidatorIterator(); - boolean formpending = false; - if (iter != null) { - while (!formpending && iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - String identifier = (String) infoboxValidatorVector.get(0); - String friendlyName = (String) infoboxValidatorVector.get(1); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - .get(2); - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxvalidator.validate(csresp - .getSamlAssertion()); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier + " infobox:" - + e.getMessage()); - throw new ValidateException("validator.44", - new Object[]{friendlyName}); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", new Object[]{ - friendlyName, - infoboxValidationResult.getErrorMessage()}); - } - String form = infoboxvalidator.getForm(); - if (ParepUtils.isEmpty(form)) { - AddAdditionalSAMLAttributes( - session, - infoboxValidationResult.getExtendedSamlAttributes(), - identifier, friendlyName); - } else { - return "Redirect to Input Processor"; - } - } - } +// // post processing of the infoboxes +// Iterator iter = session.getInfoboxValidatorIterator(); +// boolean formpending = false; +// if (iter != null) { +// while (!formpending && iter.hasNext()) { +// Vector infoboxValidatorVector = (Vector) iter.next(); +// String identifier = (String) infoboxValidatorVector.get(0); +// String friendlyName = (String) infoboxValidatorVector.get(1); +// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector +// .get(2); +// InfoboxValidationResult infoboxValidationResult = null; +// try { +// infoboxValidationResult = infoboxvalidator.validate(csresp +// .getSamlAssertion()); +// } catch (ValidateException e) { +// Logger.error("Error validating " + identifier + " infobox:" +// + e.getMessage()); +// throw new ValidateException("validator.44", +// new Object[]{friendlyName}); +// } +// if (!infoboxValidationResult.isValid()) { +// Logger.info("Validation of " + identifier +// + " infobox failed."); +// throw new ValidateException("validator.40", new Object[]{ +// friendlyName, +// infoboxValidationResult.getErrorMessage()}); +// } +// String form = infoboxvalidator.getForm(); +// if (ParepUtils.isEmpty(form)) { +// AddAdditionalSAMLAttributes( +// session, +// infoboxValidationResult.getExtendedSamlAttributes(), +// identifier, friendlyName); +// } else { +// return "Redirect to Input Processor"; +// } +// } +// } session.setXMLVerifySignatureResponse(vsresp); session.setSignerCertificate(vsresp.getX509certificate()); @@ -1397,44 +1403,44 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[]{ REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); - // post processing of the infoboxes - Iterator iter = session.getInfoboxValidatorIterator(); - boolean formpending = false; - if (iter != null) { - while (!formpending && iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - String identifier = (String) infoboxValidatorVector.get(0); - String friendlyName = (String) infoboxValidatorVector.get(1); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - .get(2); - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxvalidator.validate(session - .getIdentityLink().getSamlAssertion()); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier + " infobox:" - + e.getMessage()); - throw new ValidateException("validator.44", - new Object[]{friendlyName}); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", new Object[]{ - friendlyName, - infoboxValidationResult.getErrorMessage()}); - } - String form = infoboxvalidator.getForm(); - if (ParepUtils.isEmpty(form)) { - AddAdditionalSAMLAttributes( - session, - infoboxValidationResult.getExtendedSamlAttributes(), - identifier, friendlyName); - } else { - return "Redirect to Input Processor"; - } - } - } +// // post processing of the infoboxes +// Iterator iter = session.getInfoboxValidatorIterator(); +// boolean formpending = false; +// if (iter != null) { +// while (!formpending && iter.hasNext()) { +// Vector infoboxValidatorVector = (Vector) iter.next(); +// String identifier = (String) infoboxValidatorVector.get(0); +// String friendlyName = (String) infoboxValidatorVector.get(1); +// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector +// .get(2); +// InfoboxValidationResult infoboxValidationResult = null; +// try { +// infoboxValidationResult = infoboxvalidator.validate(session +// .getIdentityLink().getSamlAssertion()); +// } catch (ValidateException e) { +// Logger.error("Error validating " + identifier + " infobox:" +// + e.getMessage()); +// throw new ValidateException("validator.44", +// new Object[]{friendlyName}); +// } +// if (!infoboxValidationResult.isValid()) { +// Logger.info("Validation of " + identifier +// + " infobox failed."); +// throw new ValidateException("validator.40", new Object[]{ +// friendlyName, +// infoboxValidationResult.getErrorMessage()}); +// } +// String form = infoboxvalidator.getForm(); +// if (ParepUtils.isEmpty(form)) { +// AddAdditionalSAMLAttributes( +// session, +// infoboxValidationResult.getExtendedSamlAttributes(), +// identifier, friendlyName); +// } else { +// return "Redirect to Input Processor"; +// } +// } +// } VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); X509Certificate cert = session.getSignerCertificate(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 58412b218..c5ba49b2e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -203,10 +203,10 @@ public class AuthenticationSession implements Serializable { */ private List extendedSAMLAttributesAUTH; - /** - * If infobox validators are needed after signing, they can be stored in this list. - */ - private List infoboxValidators; +// /** +// * If infobox validators are needed after signing, they can be stored in this list. +// */ +// private List infoboxValidators; /** * The register and number in the register parameter in case of a business service application. @@ -347,7 +347,7 @@ public class AuthenticationSession implements Serializable { public AuthenticationSession(String id) { sessionID = id; // setTimestampStart(); - infoboxValidators = new ArrayList(); +// infoboxValidators = new ArrayList(); } public X509Certificate getSignerCertificate() { @@ -712,15 +712,15 @@ public class AuthenticationSession implements Serializable { this.issueInstant = issueInstant; } - /** - * Returns the iterator to the stored infobox validators. - * - * @return Iterator - */ - public Iterator getInfoboxValidatorIterator() { - if (infoboxValidators == null) return null; - return infoboxValidators.iterator(); - } +// /** +// * Returns the iterator to the stored infobox validators. +// * +// * @return Iterator +// */ +// public Iterator getInfoboxValidatorIterator() { +// if (infoboxValidators == null) return null; +// return infoboxValidators.iterator(); +// } // /** // * Adds an infobox validator class to the stored infobox validators. @@ -744,23 +744,23 @@ public class AuthenticationSession implements Serializable { // return infoboxValidators.iterator(); // } - /** - * Tests for pending input events of the infobox validators. - * - * @return true if a validator has a form to show - */ - public boolean isValidatorInputPending() { - boolean result = false; - Iterator iter = getInfoboxValidatorIterator(); - if (iter != null) { - while (!result && iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); - if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result = true; - } - } - return result; - } +// /** +// * Tests for pending input events of the infobox validators. +// * +// * @return true if a validator has a form to show +// */ +// public boolean isValidatorInputPending() { +// boolean result = false; +// Iterator iter = getInfoboxValidatorIterator(); +// if (iter != null) { +// while (!result && iter.hasNext()) { +// Vector infoboxValidatorVector = (Vector) iter.next(); +// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); +// if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result = true; +// } +// } +// return result; +// } // /** // * Returns the first pending infobox validator. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java index f1d3b078e..9c2960c4c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java @@ -29,16 +29,6 @@ public class BKUException extends MOAIDException { private String bkuErrorCode; private String bkuErrorMessage; - public BKUException(String messageId, Object[] parameters) { - super(messageId, parameters); - - } - - - public BKUException(String messageId, Object[] parameters, Throwable wrapped) { - super(messageId, parameters, wrapped); - } - public BKUException(String messageId, Object[] parameters, String bkuErrorCode, String bkuErrorMessage) { super(messageId, parameters); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java index e26ab6597..c80cbea26 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java @@ -46,6 +46,7 @@ package at.gv.egovernment.moa.id.auth.exception; + public class MISSimpleClientException extends MOAIDException { private static final long serialVersionUID = 1L; @@ -59,22 +60,16 @@ public class MISSimpleClientException extends MOAIDException { public MISSimpleClientException(String message) { super(message, null); - this.misErrorMessage = message; } public MISSimpleClientException(String message, String code, String text) { - super(message, null); + super(message, new Object[] { code , text }); this.misErrorMessage = text; this.misErrorCode = code; } - public MISSimpleClientException(Throwable cause) { - super("UNDEFINED ERROR", null, cause); - } - public MISSimpleClientException(String message, Throwable cause) { super(message, null, cause); - this.misErrorMessage = message; } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index a776bbe9a..9e2e845b5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -65,7 +65,6 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; @@ -190,13 +189,9 @@ public class GetMISSessionIDServlet extends AuthServlet { List list = MISSimpleClient.sendGetMandatesRequest( connectionParameters.getUrl(), misSessionID, sslFactory); - if (list == null) { + if (list == null || list.size() == 0) { Logger.error("Keine Vollmacht gefunden."); - throw new MISSimpleClientException("Keine Vollmacht gefunden"); - } - if (list.size() == 0) { - Logger.error("Keine Vollmacht gefunden."); - throw new MISSimpleClientException("Keine Vollmacht gefunden"); + throw new AuthenticationException("auth.15", null); } // for now: list contains only one element @@ -205,7 +200,7 @@ public class GetMISSessionIDServlet extends AuthServlet { String sMandate = new String(mandate.getMandate()); if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) { Logger.error("Mandate is empty."); - throw new AuthenticationException("auth.16", + throw new AuthenticationException("auth.15", new Object[] { GET_MIS_SESSIONID }); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 787dc6f10..c82d1168a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -227,7 +227,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { if (profiles == null) { Logger.error("No Mandate/Profile for OA configured."); - throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); + throw new AuthenticationException("config.21", new Object[] { GET_MIS_SESSIONID}); } // String profilesArray[] = profiles.split(","); @@ -323,78 +323,5 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } } - - /** - * Calls the MIS Service - * @param session - * @throws IOException - */ -// private void callMISService(AuthenticationSession session, HttpServletRequest req, HttpServletResponse resp) throws IOException { -// -// try { -// AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance(); -// ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); -// SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters); -// -// // get identitity link as byte[] -// Element elem = session.getIdentityLink().getSamlAssertion(); -// String s = DOMUtils.serializeNode(elem); -// -// System.out.println("IDL: " + s); -// -// byte[] idl = s.getBytes(); -// -// // redirect url -// // build redirect(to the GetMISSessionIdSerlvet) -// String redirectURL = -// new DataURLBuilder().buildDataURL( -// session.getAuthURL(), -// GET_MIS_SESSIONID, -// session.getSessionID()); -// -// String oaURL = session.getOAURLRequested(); -// OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL); -// String profiles = oaParam.getMandateProfiles(); -// -// if (profiles == null) { -// Logger.error("No Mandate/Profile for OA configured."); -// throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); -// } -// -// String profilesArray[] = profiles.split(","); -// for(int i = 0; i < profilesArray.length; i++) { -// profilesArray[i] = profilesArray[i].trim(); -// } -// -// String oaFriendlyName = oaParam.getFriendlyName(); -// String mandateReferenceValue = session.getMandateReferenceValue(); -// X509Certificate cert = session.getSignerCertificate(); -// MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory); -// String redirectMISGUI = misSessionID.getRedirectURL(); -// -// if (misSessionID == null) { -// Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); -// throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service."); -// } -// -// session.setMISSessionID(misSessionID.getSessiondId()); -// -// resp.setStatus(302); -// resp.addHeader("Location", redirectMISGUI); -// Logger.debug("REDIRECT TO: " + redirectURL); -// } -// catch (MOAIDException ex) { -// handleError(null, ex, req, resp); -// } catch (GeneralSecurityException ex) { -// handleError(null, ex, req, resp); -// } catch (PKIException e) { -// handleError(null, e, req, resp); -// } catch (MISSimpleClientException e) { -// handleError(null, e, req, resp); -// } catch (TransformerException e) { -// handleError(null, e, req, resp); -// } -// } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index 5483b865e..0e2251f21 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -113,27 +113,27 @@ public class ParepUtils { } } - /* - * - */ - public static String extractRepresentativeID(Element mandate) throws ValidateException { - try { - Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); - nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS); - Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode); - if (resultNode != null) { - // because following line is not ready for JDK 1.4.x we need to get the childnode; - // return resultNode.getTextContent(); - Node textNode = resultNode.getFirstChild(); - if (textNode != null) { - return textNode.getNodeValue(); - } - } - return null; - } catch (Exception e) { - throw new ValidateException("validator.62", null); - } - } +// /* +// * +// */ +// public static String extractRepresentativeID(Element mandate) throws ValidateException { +// try { +// Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); +// nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS); +// Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode); +// if (resultNode != null) { +// // because following line is not ready for JDK 1.4.x we need to get the childnode; +// // return resultNode.getTextContent(); +// Node textNode = resultNode.getFirstChild(); +// if (textNode != null) { +// return textNode.getNodeValue(); +// } +// } +// return null; +// } catch (Exception e) { +// throw new ValidateException("validator.62", null); +// } +// } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java index 677b5e7ab..75501d812 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java @@ -28,6 +28,8 @@ public final class OAuth20Constants { throw new InstantiationError(); } + public static final String ERRORPAGE = "moa_errorcodes.html"; + // error parameters and error codes public static final String PARAM_ERROR = "error"; public static final String PARAM_ERROR_DESCRIPTION = "error_description"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java new file mode 100644 index 000000000..0edeb89bc --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java @@ -0,0 +1,44 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.oauth20.exceptions; + +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; + +/** + * @author tlenz + * + */ +public class OAuth20OANotSupportedException extends OAuth20Exception { + + private static final long serialVersionUID = -8713091674236329339L; + + /** + * @param errorCode + * @param messageId + * @param parameters + */ + public OAuth20OANotSupportedException() { + super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.06", new Object[] {}); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java index d560e46f0..470507f08 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java @@ -28,7 +28,7 @@ public class OAuth20ServerErrorException extends OAuth20Exception { private static final long serialVersionUID = 1L; public OAuth20ServerErrorException() { - super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.06", new Object[] {}); + super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.10", new Object[] {}); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index d0b43d25a..d08bd593a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidRequestException; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -89,7 +90,7 @@ abstract class OAuth20BaseRequest extends RequestImpl { } if (StringUtils.isEmpty(config.getOAuthClientSecret()) || StringUtils.isEmpty(config.getOAuthClientId()) || StringUtils.isEmpty(config.getOAuthRedirectUri())) { - throw new OAuth20ServerErrorException(); + throw new OAuth20OANotSupportedException(); } } catch (ConfigurationException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 951960bc6..9dac8d5a0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -11,6 +11,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -18,6 +19,7 @@ import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -98,20 +100,27 @@ public class OAuth20Protocol implements IModulInfo { */ public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable { - + // get error code and description String errorCode; String errorDescription; - // String errorUri = "http://tools.ietf.org/html/draft-ietf-oauth-v2-11"; + String errorUri = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + +"/" + OAuth20Constants.ERRORPAGE; + String moaError = null; + + ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); if (e instanceof OAuth20Exception) { errorCode = ((OAuth20Exception) e).getErrorCode(); errorDescription = URLEncoder.encode(((OAuth20Exception) e).getMessageId() + ": " + e.getMessage(), "UTF-8"); + moaError = errorUtils.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId()); + } else { errorCode = OAuth20Constants.ERROR_SERVER_ERROR; errorDescription = URLEncoder.encode(e.getMessage(), "UTF-8"); + moaError = errorUtils.getResponseErrorCode(e); } - + String paramRedirect = null; String state = null; boolean isAuthRequest = false; @@ -155,7 +164,8 @@ public class OAuth20Protocol implements IModulInfo { OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR, errorCode); OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription); - // OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri); + if (MiscUtil.isNotEmpty(moaError)) + OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError); OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_STATE, state); response.setContentType("text/html"); @@ -170,7 +180,7 @@ public class OAuth20Protocol implements IModulInfo { Map params = new HashMap(); params.put(OAuth20Constants.PARAM_ERROR, errorCode); params.put(OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription); - // params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri); + params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError); // create response JsonObject jsonObject = new JsonObject(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index db57b8cc3..8732409b5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -52,14 +52,12 @@ import org.opensaml.saml2.metadata.AssertionConsumerService; import org.opensaml.saml2.metadata.AttributeConsumingService; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; -import org.opensaml.saml2.metadata.SingleLogoutService; import org.opensaml.xml.io.MarshallingException; import org.opensaml.xml.signature.SignableXMLObject; import edu.emory.mathcs.backport.java.util.Arrays; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; @@ -93,10 +91,11 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.VelocityLogAdapter; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { @@ -283,6 +282,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { Status status = SAML2Utils.createSAMLObject(Status.class); StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class); + + ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); + String moaError = null; + if(e instanceof NoPassivAuthenticationException) { statusCode.setValue(StatusCode.NO_PASSIVE_URI); statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); @@ -301,12 +304,20 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { String statusMessageValue = ex.getStatusMessageValue(); if(statusMessageValue != null) { statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue)); - } - + } + moaError = errorUtils.mapInternalErrorToExternalError(ex.getMessageId()); } else { statusCode.setValue(StatusCode.RESPONDER_URI); statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); + moaError = errorUtils.getResponseErrorCode(e); + } + + + if (MiscUtil.isNotEmpty(moaError)) { + StatusCode moaStatusCode = SAML2Utils.createSAMLObject(StatusCode.class); + moaStatusCode.setValue(moaError); + statusCode.setStatusCode(moaStatusCode); } status.setStatusCode(statusCode); @@ -375,7 +386,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { - // TODO implement validation! + return true; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 79a1c3e0f..4d6343fce 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -71,10 +71,12 @@ import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.id.util.QAALevelVerifier; @@ -232,7 +234,7 @@ public class PVP2AssertionBuilder implements PVPConstants { } } - if (attributeConsumingService != null) { + if (attributeConsumingService != null) { Iterator it = attributeConsumingService .getRequestAttributes().iterator(); while (it.hasNext()) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java index 69da5c09c..b49070bd6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java @@ -30,7 +30,7 @@ public class InvalidAssertionEncryptionException extends PVP2Exception { public InvalidAssertionEncryptionException() { super("pvp2.16", new Object[]{}); - this.statusCodeValue = StatusCode.REQUESTER_URI; + this.statusCodeValue = StatusCode.RESPONDER_URI; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java deleted file mode 100644 index fdc8c8d39..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java +++ /dev/null @@ -1,39 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -import org.opensaml.saml2.core.StatusCode; - -public class NoAuthContextException extends PVP2Exception { - - /** - * - */ - private static final long serialVersionUID = 7040652043174500992L; - - public NoAuthContextException() { - super("pvp2.04", null); - this.statusCodeValue = StatusCode.REQUESTER_URI; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java deleted file mode 100644 index 60fe47364..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java +++ /dev/null @@ -1,40 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -public class PVP2EncodingException extends PVP2Exception { - - public PVP2EncodingException() { - super("pvp2.01", null); - } - - public PVP2EncodingException(Throwable wrapped) { - super("pvp2.01", null, wrapped); - } - - /** - * - */ - private static final long serialVersionUID = -1348774139990071020L; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index f29c0eaef..a57fb5717 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -32,6 +32,7 @@ import java.util.List; import java.util.Map; import java.util.Timer; +import javax.net.ssl.SSLHandshakeException; import javax.xml.namespace.QName; import org.apache.commons.httpclient.MOAHttpClient; @@ -370,9 +371,13 @@ public class MOAMetadataProvider implements MetadataProvider { httpProvider.initialize(); return httpProvider; - - + } catch (Throwable e) { + if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { + Logger.warn("SSL-Server certificate for metadata " + + metadataURL + " not trusted.", e); + } + Logger.error( "Failed to add Metadata file for " + oaName + "[ " diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index 66861afa3..2b4aaf458 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -56,6 +56,7 @@ import org.w3c.dom.NodeList; import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.Constants; @@ -148,20 +149,19 @@ public class GetAuthenticationDataService implements Constants { try { Throwable error = saml1server.getErrorResponse(samlArtifact); - statusCode = "samlp:RequestDenied"; + statusCode = "samlp:Responder"; + + ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); if (error instanceof MOAIDException) { statusMessageCode = ((MOAIDException)error).getMessageId(); - subStatusCode = statusMessageCode; statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage()); } else { statusMessage = StringEscapeUtils.escapeXml(error.getMessage()); - subStatusCode = "9999"; - } - - - + } + subStatusCode = errorUtils.getResponseErrorCode(error); + } catch (Exception e) { //no authentication data for given SAML artifact statusCode = "samlp:Requester"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java new file mode 100644 index 000000000..778351d1f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java @@ -0,0 +1,103 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.util; + +import java.util.Locale; + +import at.gv.egovernment.moa.id.auth.exception.BKUException; +import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.util.Messages; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ErrorResponseUtils { + + public static final String INTERNALERRORCODE = "9199"; + + private static ErrorResponseUtils instance = null; + private static final String[] DEFAULT_MESSAGE_RESOURCES = + { "resources/properties/id_messages" }; + private static final Locale[] DEFAULT_MESSAGE_LOCALES = + new Locale[] { new Locale("de", "AT") }; + private Messages messages = null; + + + public static ErrorResponseUtils getInstance() { + if (instance == null) { + instance = new ErrorResponseUtils(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES); + + } + return instance; + } + + private ErrorResponseUtils(String[] resourceNames, Locale[] locales) { + this.messages = new Messages(resourceNames, locales); + } + + public String getResponseErrorCode(Throwable throwable) { + String errorCode = null; + + if (throwable instanceof BKUException) { + BKUException error = (BKUException) throwable; + errorCode = mapInternalErrorToExternalError(error.getMessageId()) + + error.getBkuErrorCode(); + + } else if (throwable instanceof MISSimpleClientException) { + MISSimpleClientException error = (MISSimpleClientException) throwable; + + if (MiscUtil.isNotEmpty(error.getMISErrorCode())) + errorCode = mapInternalErrorToExternalError(error.getMessageId()) + + error.getMISErrorCode(); + else + errorCode = mapInternalErrorToExternalError(error.getMessageId()); + + } else if (throwable instanceof MOAIDException) { + MOAIDException error = (MOAIDException) throwable; + errorCode = mapInternalErrorToExternalError(error.getMessageId()); + + } else { + errorCode = INTERNALERRORCODE; + + } + + return errorCode; + + } + + public String mapInternalErrorToExternalError(String intErrorCode) { + String extErrorCode = messages.getMessage(intErrorCode, null); + + if (MiscUtil.isEmpty(extErrorCode)) + extErrorCode = INTERNALERRORCODE; + + return extErrorCode; + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index b9c4e88b7..3025e626f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -149,17 +149,17 @@ public class MISSimpleClient { } return foundMandates; } catch (ParserConfigurationException e) { - throw new MISSimpleClientException(e); + throw new MISSimpleClientException("service.06", e); } catch (DOMException e) { - throw new MISSimpleClientException(e); + throw new MISSimpleClientException("service.06", e); } catch (TransformerException e) { - throw new MISSimpleClientException(e); + throw new MISSimpleClientException("service.06", e); } } public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, List mandateIdentifier, String targetType, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException { if (webServiceURL == null) { - throw new NullPointerException("Argument webServiceURL must not be null."); + throw new MISSimpleClientException("service.04"); } if (idl == null) { throw new NullPointerException("Argument idl must not be null."); @@ -253,11 +253,11 @@ public class MISSimpleClient { return msid; } catch (ParserConfigurationException e) { - throw new MISSimpleClientException(e); + throw new MISSimpleClientException("service.06", e); } catch (DOMException e) { - throw new MISSimpleClientException(e); + throw new MISSimpleClientException("service.06", e); } catch (TransformerException e) { - throw new MISSimpleClientException(e); + throw new MISSimpleClientException("service.06", e); } } @@ -271,9 +271,10 @@ public class MISSimpleClient { if (errorElement != null) { String code = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Code/text()", NS_NODE)).getNodeValue(); String text = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Text/text()", NS_NODE)).getNodeValue(); - throw new MISSimpleClientException("Fehler beim Abfragen des Online-Vollmachten Services: " + code + " / " + text, code, text); } + throw new MISSimpleClientException("service.05", code, text); } + } catch (TransformerException e) { - throw new MISSimpleClientException(e); + throw new MISSimpleClientException("auth.15", e); } } @@ -308,19 +309,19 @@ public class MISSimpleClient { return unpackFromSOAP(doc.getDocumentElement()); } catch(IOException e) { - throw new MISSimpleClientException(e.getLocalizedMessage(), e); + throw new MISSimpleClientException("service.04", e); } catch (TransformerException e) { - throw new MISSimpleClientException(e); + throw new MISSimpleClientException("service.06", e); } catch (SAXException e) { - throw new MISSimpleClientException(e); + throw new MISSimpleClientException("service.06", e); } catch (ParserConfigurationException e) { - throw new MISSimpleClientException(e); + throw new MISSimpleClientException("service.06", e); } catch (Exception e) { - throw new MISSimpleClientException(e.getLocalizedMessage(), e); + throw new MISSimpleClientException("service.06", e); } @@ -336,7 +337,7 @@ public class MISSimpleClient { soapBody.appendChild(doc.importNode(element, true)); return soapEnvelope; } catch(ParserConfigurationException e) { - throw new MISSimpleClientException(e); + throw new MISSimpleClientException("service.06", e); } } @@ -344,7 +345,7 @@ public class MISSimpleClient { try { return (Element) XPathAPI.selectSingleNode(element, "/soap:Envelope/soap:Body/child::*[position()=1]", NS_NODE); } catch(TransformerException e) { - throw new MISSimpleClientException(e); + throw new MISSimpleClientException("service.06", e); } } } diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 5b2e7ce3d..802e89649 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -24,7 +24,6 @@ auth.03=Fehler beim Abholen einer Datei von der URL "{0}": Interne Fehlermeldung auth.04=Fehler beim Auslesen der Resource "{0}": {1} auth.05=Fehlender Parameter "{1}" beim Aufruf von "{0}" auth.06=Fehler beim Speichern der Anmeldedaten, fehlerhaftes SAML-Artifact Format (SAML-Artifact={0}) -#auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen.
Hinweis: Bitte Dokumentation zu GenericConfiguration: "FrontendServlets.EnableHTTPConnection" beachten. auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen. auth.08=In der B\u00FCrgerkartenumgebung ist ein Fehler aufgetreten\:
Fehlercode {0}\: {1} auth.09=Zur Auswahlseite der B\u00FCrgertenumgebung (URL\={0}) konnte keine Verbindung hergestellt werden. \:
HTTP-Statuscode {1} @@ -33,7 +32,7 @@ auth.11=Die zentral gespeicherte Auswahlseite f\u00FCr B\u00FCrgerkartenumgebung auth.12=Fehlerhafter Parameter "{1}" beim Aufruf von "{0}" auth.13=Vollmachtenmodus f\u00FCr ausl\u00E4ndische B\u00FCrger wird nicht unterst\u00FCtzt. auth.14=Zertifikat konnte nicht ausgelesen werden. -auth.15=Fehler bei Anfrage an Vollmachten Service. +auth.15=Fehler beim validieren der Online-Vollmacht. auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}" auth.17=Vollmachtenmodus f\u00FCr nicht-\u00F6ffentlichen Bereich wird nicht unterst\u00FCtzt. auth.18=Keine MOASessionID vorhanden @@ -70,7 +69,8 @@ config.16=MOA ID Proxy konnte nicht gestartet werden. Das Element ConnnectionPar config.17=Fehler beim initialisieren von Hibernate config.18=Keine MOA-ID 2.x Konfiguration gefunden. config.19=Kein Schl\u00FCssel f\u00FCr die Resignierung der Personenbindung gefunden. -config.20=Umgebungsvariable "moa.id.proxy.configuration" nicht gesetzt +config.20=Umgebungsvariable "moa.id.proxy.configuration" nicht gesetzt +config.21=F\u00FCr diese Online Applikation sind keine Vollmachtsprofile hinterlegt. parser.00=Leichter Fehler beim Parsen: {0} parser.01=Fehler beim Parsen: {0} @@ -88,11 +88,15 @@ builder.03=Fehler beim Aufbau des HTML Codes f\u00FCr Vollmachten builder.04=Die Personenbindung konnte nicht neu signiert werden und wird aus diesem Grund nicht ausgeliefert. MOA-SS lieferte folgenden Fehlercode {0} und Fehler {1} zur\u00FCck. builder.05=Beim resignieren der Personenbindung ist ein allgemeiner Fehler aufgetreten und wird aus diesem Grund nicht ausgeliefert. builder.06=Fehler beim generieren der Anmeldedaten aus SSO IDP Interfederation Informationen. +builder.07=Fehlerhaftes SecurityLayer Template. service.00=Fehler beim Aufruf des Web Service: {0} service.01=Fehler beim Aufruf des Web Service: kein Endpoint service.02=Fehler beim Aufruf des Web Service, Status {0}: {1} service.03=Fehler beim Aufruf des SPSS-API: {0} +service.04=Das Online-Vollmachten Service ist unter {0} nicht erreichbar. +service.05=Fehler beim Anfragen des Online-Vollmachen Service: {0} / {1} +service.06=Allgemeiner Fehler beim Anfragen des Online-Vollmachten Service cleaner.00=AuthenticationSessionCleaner wurde gestartet cleaner.01=Fehler im AuthenticationSessionCleaner @@ -152,7 +156,7 @@ validator.26=OA Applikation ist eine Wirtschaftsapplikation, trotzdem ist ein SA validator.27=OA Applikation ist keine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "wbPK" enthalten validator.28=Fehlerhafter Wert im "wbPK" SAML-Attribut {0} validator.29=Fehler beim Auslesen des "wbPK" SAML-Attributs {0} -validator.30=Der Namespace des SAML-Attributs "wbPK" ist ung�ltig {0} +validator.30=Der Namespace des SAML-Attributs "wbPK" ist ung\u00FCltig {0} validator.31="wbPK" wurde nicht in den SAML-Attributen gefunden {0} @@ -234,7 +238,7 @@ pvp2.15=Keine Metadateninformation gefunden pvp2.16=Fehler beim verschl\u00FCsseln der PVP2 Assertion pvp2.17=Der QAA Level {0} entspricht nicht dem angeforderten QAA Level {1} pvp2.18=Es konnten nicht alle Single Sign-On Sessions beendet werden. -pvp2.19=Der Single LogOut Vorgang wurde wegen eines unkorregierbaren Fehler abgebrochen. +pvp2.19=Der Single LogOut Vorgang musste wegen eines unkorregierbaren Fehler abgebrochen werden. oauth20.01=Fehlerhafte redirect url oauth20.02=Fehlender Parameter "{0}" diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes.properties new file mode 100644 index 000000000..624ad4461 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes.properties @@ -0,0 +1,180 @@ +auth.00=1000 +auth.01=1001 +auth.02=1100 +auth.03=9000 +auth.04=9100 +auth.05=1002 +auth.06=6200 +auth.07=1003 +auth.08=40 +auth.09=9100 +auth.10=1002 +auth.11=9100 +auth.12=1002 +auth.13=1007 +auth.14=1004 +auth.15=1108 +auth.16=9102 +auth.17=1006 +auth.18=1100 +auth.20=1100 +auth.21=1005 +auth.22=6000 +auth.23=9000 +auth.24=9001 + +init.00=9199 +init.01=9199 +init.02=9199 +init.04=9101 + +config.00=9199 +config.01=9199 +config.02=9199 +config.03=9199 +config.04=9199 +config.05=9199 +config.06=9199 +config.07=9199 +config.08=9199 +config.09=9199 +config.10=9199 +config.11=9199 +config.12=9199 +config.13=9199 +config.14=9199 +config.15=9199 +config.16=9199 +config.17=9199 +config.18=9199 +config.19=9199 +config.20=9199 +config.21=9006 + +parser.00=1101 +parser.01=1101 +parser.02=1101 +parser.03=1101 +parser.04=1101 +parser.05=1101 +parser.06=1101 +parser.07=1101 + +builder.00=9102 +builder.01=9103 +builder.02=9102 +builder.03=9102 +builder.04=Die Personenbindung konnte nicht neu signiert werden und wird aus diesem Grund nicht ausgeliefert. MOA-SS lieferte folgenden Fehlercode {0} und Fehler {1} zur\u00FCck. +builder.05=Beim resignieren der Personenbindung ist ein allgemeiner Fehler aufgetreten und wird aus diesem Grund nicht ausgeliefert. +builder.06=4400 +builder.07=9002 + +service.00=4300 +service.03=4300 +service.04=41000 +service.05=411 +service.06=41001 + +validator.00=1102 +validator.01=1102 +validator.02=1102 +validator.03=1102 +validator.04=1102 +validator.05=1102 + +validator.06=1103 +validator.07=1104 +validator.08=1103 +validator.09=1106 + +validator.10=1106 +validator.11=1106 +validator.12=1106 +validator.13=1106 +validator.14=1106 +validator.15=1106 +validator.16=1106 + +validator.17=1104 +validator.18=1104 + +validator.19=1105 + +validator.21=1103 +validator.22=1103 +validator.23=1103 +validator.24=1103 +validator.25=1103 + +validator.26=1106 +validator.27=1106 +validator.28=1106 +validator.29=1106 +validator.30=1106 +validator.31=1106 + +validator.32=1106 +validator.33=1106 +validator.34=1106 +validator.35=1106 +validator.36=1106 +validator.37=1106 +validator.38=1106 +validator.39=1106 + +validator.40=9199 +validator.41=9199 +validator.42=9199 +validator.43=9199 +validator.44=9199 +validator.45=9102 +validator.46=9102 +validator.47=9102 +validator.48=9199 + +validator.49=1104 +validator.50=1106 + +validator.64=9102 + +validator.67=1106 +validator.68=1106 +validator.69=1106 +validator.70=1106 +validator.71=1105 + +ssl.01=1107 + +stork.00=1200 +stork.01=1200 +stork.02=1200 +stork.04=1201 +stork.05=1201 +stork.06=1202 +stork.07=1201 +stork.08=1201 +stork.09=1201 +stork.10=4200 +stork.11=1203 +stork.12=9003 +stork.13=1203 +stork.14=6001 +stork.15=6001 +stork.16=1203 +stork.17=1203 +stork.18=9004 + +pvp2.01=6100 +pvp2.06=6100 +pvp2.13=9199 +pvp2.16=6101 +pvp2.17=6102 + +oauth20.01=6200 +oauth20.06=1000 +oauth20.09=9005 +oauth20.10=9102 + +##Map MIS/BKU statuscodes to MOA-ID-Auth statuscodes +mis.301=1005 +bku.6001=1005 \ No newline at end of file -- cgit v1.2.3