From d8f886a98dd2c3eaec17623c4032395b54b15d62 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Thu, 27 Jun 2013 14:00:45 +0200 Subject: PVP2 functional OK, STORK only partially tested --- .../auth/src/main/webapp/WEB-INF/urlrewrite.xml | 151 ++++-------- .../moa/id/auth/AuthenticationServer.java | 6 +- .../moa/id/auth/MOAIDAuthInitializer.java | 5 + .../id/config/auth/AuthConfigurationProvider.java | 2 +- .../moa/id/config/auth/OAAuthParameter.java | 32 +-- .../moa/id/entrypoints/AuthDispatcherServlet.java | 263 --------------------- .../moa/id/entrypoints/DispatcherServlet.java | 7 + .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 15 +- .../id/protocols/pvp2x/binding/MOAURICompare.java | 12 + .../id/protocols/pvp2x/binding/PostBinding.java | 14 +- .../protocols/pvp2x/binding/RedirectBinding.java | 1 + .../protocols/pvp2x/config/PVPConfiguration.java | 30 ++- .../exceptions/NoMetadataInformationException.java | 17 ++ .../moa/id/protocols/pvp2x/utils/SAML2Utils.java | 2 + .../resources/properties/id_messages_de.properties | 3 +- 15 files changed, 153 insertions(+), 407 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index 032f06911..d33cae207 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -2,33 +2,29 @@ - + - - - The rule means that requests to /test/status/ will be redirected to /rewrite-status - the url will be rewritten. - - /test/status/ - %{context-path}/rewrite-status - + + + The rule means that requests to /test/status/ will be redirected to + /rewrite-status + the url will be rewritten. + + /test/status/ + %{context-path}/rewrite-status + + + + + ^/StartAuthentication$ + /dispatcher?mod=id_saml1&action=GetArtifact + + + ^/StartAuthentication\?(.*)$ + /dispatcher?mod=id_saml1&action=GetArtifact&$1 + - - - ^/StartAuthentication$ - /dispatcher?mod=id_saml1&action=GetArtifact - - - ^/StartAuthentication\?(.*)$ - /dispatcher?mod=id_saml1&action=GetArtifact&$1 - - ^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)$ /dispatcher?mod=$1&action=$2 @@ -39,86 +35,37 @@ - - - The outbound-rule specifies that when response.encodeURL is called (if you are using JSTL c:url) - the url /rewrite-status will be rewritten to /test/status/. - - The above rule and this outbound-rule means that end users should never see the - url /rewrite-status only /test/status/ both in thier location bar and in hyperlinks - in your pages. - - /rewrite-status - /test/status/ - - - - ^/AuthDispatcher?mod=([a-zA-Z0-9]+)&action=([a-zA-Z0-9]+)$ - /auth/$1/$2 - + + ^/pvp2/metadata$ + /dispatcher?mod=id_pvp2x&action=Metadata&%{query-string} + + + ^/pvp2/redirect$ + /dispatcher?mod=id_pvp2x&action=Redirect&%{query-string} + + + ^/pvp2/post$ + /dispatcher?mod=id_pvp2x&action=Post&%{query-string} + + + ^/PVP2Soap$ + /dispatcher?mod=id_pvp2x&action=Soap + - ^/AuthDispatcher?mod=([a-zA-Z0-9]+)&action=([a-zA-Z0-9]+)&(.*)$ - /auth/$1/$2&$3 + + The outbound-rule specifies that when response.encodeURL is called (if + you are using JSTL c:url) + the url /rewrite-status will be rewritten to /test/status/. + + The above rule and this outbound-rule means that end users should never + see the + url /rewrite-status only /test/status/ both in thier location bar and in + hyperlinks + in your pages. + + /rewrite-status + /test/status/ - - diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index d9f3ef7e8..45f269f0a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -2872,16 +2872,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.debug("Issuer value: " + issuerValue); - QualityAuthenticationAssuranceLevel qaaLevel = null;//TODO UNCOMMENT AGAIN !! = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); + QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); Logger.debug("QAALevel: " + qaaLevel.getValue()); RequestedAttributes requestedAttributes = null; - //TODO UNCOMMENT AGAIN !! requestedAttributes = oaParam.getRequestedAttributes(); + requestedAttributes = oaParam.getRequestedAttributes(); requestedAttributes.detach(); List reqAttributeList = new ArrayList(); List oaReqAttributeList = null; - //TODO UNCOMMENT AGAIN !! oaReqAttributeList = new ArrayList(oaParam.getRequestedAttributes().getRequestedAttributes()); + oaReqAttributeList = new ArrayList(oaParam.getRequestedAttributes().getRequestedAttributes()); //check if country specific attributes must be additionally requested if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) { //add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 8279b28d8..cef9f9ff9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -28,6 +28,7 @@ import iaik.pki.PKIException; import iaik.pki.jsse.IAIKX509TrustManager; import java.io.IOException; +import java.io.PrintWriter; import java.security.GeneralSecurityException; import java.util.Properties; @@ -36,6 +37,9 @@ import javax.activation.MailcapCommandMap; import javax.mail.Session; import javax.net.ssl.SSLSocketFactory; +import org.apache.commons.logging.impl.SLF4JLog; +import org.apache.log4j.config.PropertyPrinter; + import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -158,6 +162,7 @@ public class MOAIDAuthInitializer { // Initializes IAIKX509TrustManager logging String log4jConfigURL = System.getProperty("log4j.configuration"); + Logger.info("Log4J Configuration: " + log4jConfigURL); if (log4jConfigURL != null) { IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index b86b2ec68..82acd0897 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -279,7 +279,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } //Initialize OpenSAML for STORK - Logger.trace("Starting initialization of OpenSAML..."); + Logger.info("Starting initialization of OpenSAML..."); STORKBootstrap.bootstrap(); Logger.debug("OpenSAML successfully initialized"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 10dd2cfea..7c174de77 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -133,17 +133,17 @@ public class OAAuthParameter extends OAParameter { /** * STORK QAA Level, Default = 4 */ - // private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4); + private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4); /** * STORK RequestedAttributes for Online Application * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth */ - //private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes( -// STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null), -// STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null), -// STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null), -// STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null)); + private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes( + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null)); /** @@ -469,33 +469,33 @@ public class OAAuthParameter extends OAParameter { * Returns the defined STORK QAALevel * @return STORK QAALevel */ - /*public QualityAuthenticationAssuranceLevel getQaaLevel() { + public QualityAuthenticationAssuranceLevel getQaaLevel() { return qaaLevel; - }*/ + } /** * Sets the STORK QAALevel * @param qaaLevel */ - /*public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) { + public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) { this.qaaLevel = qaaLevel; - }*/ + } /** * Returns the desired STORK Requested Attributes * @return STORK Requested Attributes */ - //public RequestedAttributes getRequestedAttributes() { - // return requestedAttributes; - //} + public RequestedAttributes getRequestedAttributes() { + return requestedAttributes; + } /** * Sets the desired STORK Requested Attributes * @param requestedAttributes */ - //public void setRequestedAttributes(RequestedAttributes requestedAttributes) { - // this.requestedAttributes = requestedAttributes; - //} + public void setRequestedAttributes(RequestedAttributes requestedAttributes) { + this.requestedAttributes = requestedAttributes; + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java deleted file mode 100644 index e04600b42..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java +++ /dev/null @@ -1,263 +0,0 @@ -package at.gv.egovernment.moa.id.entrypoints; - -import java.io.IOException; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; -import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IModulInfo; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.ModulStorage; -import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; -import at.gv.egovernment.moa.id.moduls.ServletInfo; -import at.gv.egovernment.moa.id.moduls.ServletType; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; - -public class AuthDispatcherServlet extends AuthServlet { - - /** - * - */ - private static final long serialVersionUID = 1L; - - public static final String PARAM_TARGET_PATH = "mod"; - public static final String PARAM_TARGET_PROTOCOL = "action"; -/* public static final String PARAM_DISPATCHER_TARGETS = "DispatcherTargets"; - public static final String PARAM_DISPATCHER_TYPE = "DispatcherType"; - public static final String PARAM_DISPATCHER_TYPE_UNAUTH = "UNAUTH"; - public static final String PARAM_DISPATCHER_TYPE_AUTH = "AUTH"; - public static String SYSTEM_NEWLINE = System.getProperty("line.separator"); - - private HashMap> endpointMap = new HashMap>(); - - private void registerModule(IModulInfo modulInfo) { - - HashMap tempMap = new HashMap(); - - try { - - String path = modulInfo.getPath(); - - if (path == null) { - throw new Exception(String.format( - "%s does not return a valid target path!", - new Object[] { modulInfo.getClass().getName() })); - } - - Logger.debug("Registering: " + modulInfo.getName() + " under " - + path); - - List servletInfos = modulInfo.getServlets(); - - Iterator servletInfoIterator = servletInfos.iterator(); - - while (servletInfoIterator.hasNext()) { - - ServletInfo servletInfo = servletInfoIterator.next(); - - if (servletInfo.getType() == ServletType.AUTH) { - HttpServlet servlet = servletInfo.getServletInstance(); - String target = servletInfo.getTarget(); - - if (target == null) { - throw new Exception( - String.format( - "%s does not return a valid target identifier!", - new Object[] { servlet.getClass() - .getName() })); - } - - if (tempMap.containsKey(target)) { - throw new Exception(String.format( - "%s tried to overwrite %s/%s", new Object[] { - servlet.getClass().getName(), path, - target })); - } - - tempMap.put(target, servlet); - Logger.info("Registered Servlet class: " - + servlet.getClass().getName() + " OK"); - } - - } - - // when there was no error we register all servlets into the real - // endpoint map ... - if (!tempMap.isEmpty()) { - endpointMap.put(path, tempMap); - } - } catch (Throwable e) { - Logger.error("Registering Modul class: " - + modulInfo.getClass().getName() + " FAILED!!", e); - } - } -*/ - @Override - public void init(ServletConfig config) throws ServletException { - try { - super.init(config); - MOAIDAuthInitializer.initialize(); - Logger.info(MOAIDMessageProvider.getInstance().getMessage( - "init.00", null)); - } catch (Exception ex) { - Logger.fatal( - MOAIDMessageProvider.getInstance().getMessage("init.02", - null), ex); - throw new ServletException(ex); - } - Logger.info("Auth dispatcher Servlet initialization"); -/* - List modules = ModulStorage.getAllModules(); - Iterator it = modules.iterator(); - while (it.hasNext()) { - IModulInfo info = it.next(); - String targetClass = info.getClass().getName(); - try { - registerModule(info); - } catch (Throwable e) { - Logger.error("Registering Class " + targetClass + " FAILED!!", - e); - } - }*/ - } - - protected void processRequest(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { - try { - Object pathObject = req.getParameter(PARAM_TARGET_PATH); - String path = null; - - HttpSession session = req.getSession(); - - if (pathObject != null && (pathObject instanceof String)) { - path = (String) pathObject; - } - - if (path == null) { - path = (String) session.getAttribute(PARAM_TARGET_PATH); - } - - Object protocolObject = req.getParameter(PARAM_TARGET_PROTOCOL); - String protocol = null; - if (protocolObject != null && (protocolObject instanceof String)) { - protocol = (String) protocolObject; - } - - if (protocol == null) { - protocol = (String) session.getAttribute(PARAM_TARGET_PROTOCOL); - } - - Logger.debug("dispatching to " + path + " protocol " + protocol); -/* - if (path != null && protocol != null - && endpointMap.containsKey(path)) { - - IModulInfo info = ModulStorage.getModuleByPath(path); - - if (info == null) { - resp.sendError(HttpServletResponse.SC_NOT_FOUND); - Logger.error("Path " + path + " has no module registered"); - return; - } - - IAction action = info.getAction(protocol); - - if (action == null) { - resp.sendError(HttpServletResponse.SC_NOT_FOUND); - Logger.error("Action " + protocol + " is not available!"); - return; - } - - - - try { - IRequest configuration = info.preProcess(req, resp, protocol); - - if(configuration.forceAuth()) { - session.setAttribute(PARAM_TARGET_PATH, path); - session.setAttribute(PARAM_TARGET_PROTOCOL, protocol); - - AuthenticationManager.doAuthentication(req, resp, - configuration); - return; - } - - if (!AuthenticationManager.isAuthenticated(req, resp)) { - - session.setAttribute(PARAM_TARGET_PATH, path); - session.setAttribute(PARAM_TARGET_PROTOCOL, protocol); - - if(configuration.isPassiv()) { - throw new NoPassivAuthenticationException(); - } - - AuthenticationManager.doAuthentication(req, resp, - configuration); - return; - } - - HashMap pathMap = endpointMap.get(path); - Logger.debug("found path"); - if (pathMap.containsKey(protocol)) { - Logger.debug("found protocol"); - try { - HttpServlet servlet = (HttpServlet) pathMap - .get(protocol); - String forward = servlet.getClass().getName(); - Logger.info("Forwarding to Servlet: " + forward); - getServletContext().getNamedDispatcher(forward) - .forward(req, resp); - // TODO: disabled SSO - AuthenticationManager.logout(req, resp); - return; - } catch (Throwable e) { - e.printStackTrace(); - resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - } - } - } - catch (Throwable e) { - // Try handle module specific, if not possible rethrow - if(!info.generateErrorMessage(e, req, resp)) { - throw e; - } - } - }*/ - resp.sendError(HttpServletResponse.SC_NOT_FOUND); - }/* catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } catch (MOAIDException ex) { - handleError(null, ex, req, resp); - } */catch (Throwable e) { - e.printStackTrace(); - resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - } - - } - - @Override - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - processRequest(req, resp); - } - - @Override - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - processRequest(req, resp); - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index c3f835edb..36a8d0d6b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.entrypoints; import java.io.IOException; +import java.io.PrintWriter; import java.util.Iterator; import javax.servlet.RequestDispatcher; @@ -11,6 +12,10 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.apache.log4j.config.PropertyPrinter; + +import eu.stork.vidp.messages.common.STORKBootstrap; + import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; @@ -56,6 +61,8 @@ public class DispatcherServlet extends AuthServlet { protected void processRequest(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { try { + Logger.info("REQUEST: " + req.getRequestURI()); + Logger.info("QUERY : " + req.getQueryString()); String errorid = req.getParameter(ERROR_CODE_PARAM); if (errorid != null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index c5fa53973..e752857dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; @@ -64,14 +65,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { private static HashMap actions = new HashMap(); - static { - try { - DefaultBootstrap.bootstrap(); - } catch (ConfigurationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - + static { servletList.add(new ServletInfo(PVPProcessor.class, REDIRECT, ServletType.AUTH)); servletList.add(new ServletInfo(PVPProcessor.class, POST, @@ -172,7 +166,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { attributeIdx = aIdx.intValue(); } - EntityDescriptor metadata = moaRequest.getEntityMetadata(); + EntityDescriptor metadata = moaRequest.getEntityMetadata(); + if(metadata == null) { + throw new NoMetadataInformationException(); + } SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx); AttributeConsumingService attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java new file mode 100644 index 000000000..513939e5d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java @@ -0,0 +1,12 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import org.opensaml.common.binding.decoding.URIComparator; + +public class MOAURICompare implements URIComparator { + + public boolean compare(String uri1, String uri2) { + // TODO: implement proper equalizer for rewritten URLS + return true; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index 97e7ef80c..6e826005d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -16,6 +16,7 @@ import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.ws.transport.http.HttpServletRequestAdapter; @@ -24,8 +25,10 @@ import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.logging.Logger; public class PostBinding implements IDecoder, IEncoder { @@ -83,9 +86,16 @@ public class PostBinding implements IDecoder, IEncoder { BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); messageContext .setInboundMessageTransport(new HttpServletRequestAdapter(req)); - + decode.setURIComparator(new MOAURICompare()); messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - + + try { + messageContext.setMetadataProvider(new MOAMetadataProvider()); + } catch (MetadataProviderException e) { + Logger.error("Failed to get Metadata Provider"); + throw new SecurityException("Failed to get Metadata Provider"); + } + decode.decode(messageContext); RequestAbstractType inboundMessage = (RequestAbstractType) messageContext diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index c0cf6ac63..4e7b08b21 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -76,6 +76,7 @@ public class RedirectBinding implements IDecoder, IEncoder { HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( new BasicParserPool()); + decode.setURIComparator(new MOAURICompare()); BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); messageContext .setInboundMessageTransport(new HttpServletRequestAdapter(req)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index 11e9cb860..c8059b2f9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -8,8 +8,6 @@ import java.util.List; import java.util.Properties; import java.util.Set; -import org.apache.commons.io.FileUtils; -import org.apache.commons.io.filefilter.DirectoryFileFilter; import org.opensaml.saml2.metadata.Company; import org.opensaml.saml2.metadata.ContactPerson; import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration; @@ -38,6 +36,10 @@ public class PVPConfiguration { return instance; } + public static final String PVP2_METADATA = "/pvp2/metadata"; + public static final String PVP2_REDIRECT = "/pvp2/redirect"; + public static final String PVP2_POST = "/pvp2/post"; + public static final String PVP_CONFIG_FILE = "pvp2config.properties"; public static final String IDP_JAVAKEYSTORE = "idp.ks.file"; public static final String IDP_KEYALIAS = "idp.ks.alias"; @@ -54,9 +56,7 @@ public class PVPConfiguration { public static final String IDP_ORG_DISPNAME = "idp.org.dispname"; public static final String IDP_ORG_URL = "idp.org.url"; - public static final String IDP_POST_SSO_SERVICE = "idp.sso.post"; - public static final String IDP_REDIRECT_SSO_SERVICE = "idp.sso.redirect"; - public static final String IDP_SOAP_RESOLVE_SERVICE = "idp.resolve.soap"; + public static final String IDP_PUBLIC_URL = "idp.public.url"; public static final String IDP_TRUST_STORE = "idp.truststore"; public static final String SP_TARGET_PREFIX = "sp.target."; @@ -88,17 +88,27 @@ public class PVPConfiguration { e.printStackTrace(); } } + + public String getIDPPublicPath() { + String publicPath = props.getProperty(IDP_PUBLIC_URL); + if(publicPath != null) { + if(publicPath.endsWith("/")) { + publicPath = publicPath.substring(0, publicPath.length()-2); + } + } + return publicPath; + } public String getIDPSSOPostService() { - return props.getProperty(IDP_POST_SSO_SERVICE); + return getIDPPublicPath() + PVP2_POST; } public String getIDPSSORedirectService() { - return props.getProperty(IDP_REDIRECT_SSO_SERVICE); + return getIDPPublicPath() + PVP2_REDIRECT; } - - public String getIDPResolveSOAPService() { - return props.getProperty(IDP_SOAP_RESOLVE_SERVICE); + + public String getIDPSSOMetadataService() { + return getIDPPublicPath() + PVP2_METADATA; } public String getIDPKeyStoreFilename() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java new file mode 100644 index 000000000..c45820cfb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class NoMetadataInformationException extends PVP2Exception { + + public NoMetadataInformationException() { + super("pvp2.15", null); + this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI; + } + + /** + * + */ + private static final long serialVersionUID = -4608068445208032193L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java index 7bb5b052f..d6ac121b1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java @@ -19,6 +19,8 @@ import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.io.MarshallingException; import org.w3c.dom.Document; +import eu.stork.vidp.messages.common.STORKBootstrap; + public class SAML2Utils { public static T createSAMLObject(final Class clazz) { diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 369cbd5b6..c757e7f8b 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -200,4 +200,5 @@ pvp2.10=Attribut {0} nicht verfuegbar pvp2.11=Binding {0} wird nicht unterstuetzt pvp2.12=NameID Format {0} wird nicht unterstuetzt pvp2.13=Interner Server Fehler -pvp2.14=SAML Anfrage verweigert \ No newline at end of file +pvp2.14=SAML Anfrage verweigert +pvp2.15=Keine Metadateninformation gefunden \ No newline at end of file -- cgit v1.2.3