From bfa66b41e723daf7ac7da7cef694ed52c43dbb39 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 8 Oct 2014 12:22:57 +0200 Subject: add SZR request to get baseID --- .../id/auth/builder/AuthenticationDataBuilder.java | 214 ++++++++++++++------- .../id/config/auth/AuthConfigurationProvider.java | 35 +++- 2 files changed, 174 insertions(+), 75 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index a8a7d0c51..0510f545a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -31,7 +31,6 @@ import java.security.PrivateKey; import java.util.ArrayList; import java.util.Arrays; import java.util.Date; -import java.util.Iterator; import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -66,6 +65,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; @@ -102,6 +102,11 @@ import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.util.client.szr.SZRClient; +import at.gv.util.config.EgovUtilPropertiesConfiguration; +import at.gv.util.ex.EgovUtilException; +import at.gv.util.wsdl.szr.SZRException; +import at.gv.util.xsd.szr.PersonInfoType; /** * @author tlenz @@ -406,10 +411,61 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { } } - if (MiscUtil.isEmpty(authData.getBPK()) && authData.getEncbPKList().size() == 0) { - Logger.error("Federated assertion include no bPK or encrypted bPK"); - throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME - + " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME); + if (MiscUtil.isEmpty(authData.getBPK()) && authData.getEncbPKList().size() == 0 && + MiscUtil.isEmpty(authData.getIdentificationValue())) { + Logger.info("Federated assertion include no bPK, encrypted bPK or baseID"); + + try { + EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProvider.getInstance().geteGovUtilsConfig(); + if (eGovClientsConfig != null) { + SZRClient szrclient = new SZRClient(eGovClientsConfig); + + Logger.debug("Create SZR request to get baseID ... "); + PersonInfoType personInfo = new PersonInfoType(); + at.gv.util.xsd.szr.persondata.PhysicalPersonType person = new at.gv.util.xsd.szr.persondata.PhysicalPersonType(); + personInfo.setPerson(person); + at.gv.util.xsd.szr.persondata.PersonNameType name = new at.gv.util.xsd.szr.persondata.PersonNameType(); + person.setName(name); + + name.setGivenName(authData.getGivenName()); + name.setFamilyName(authData.getFamilyName()); + if (authData.getDateOfBirth() != null) + person.setDateOfBirth(authData.getFormatedDateOfBirth()); + + authData.setIdentificationValue(szrclient.getStammzahl(personInfo)); + authData.setIdentificationType(Constants.URN_PREFIX_BASEID); + + } else { + Logger.warn("No SZR clieht configuration found. Interfederation SSO login not possible."); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME); + + } + + } catch (ConfigurationException e) { + Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME); + + } catch (EgovUtilException e) { + Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME); + + } catch (SZRException e) { + Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME); + + } + + } + + if (MiscUtil.isEmpty(authData.getBPK())) { + Logger.debug("Calcutlate bPK from baseID"); + buildOAspecificbPK(oaParam, authData, + authData.getIdentificationValue(), + authData.getIdentificationType()); } @@ -443,8 +499,8 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { try { InputStream idlStream = Base64Utils.decodeToStream(extractor.getAttribute(PVPConstants.EID_IDENTITY_LINK_NAME), false); IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink(); - authData.setIdentityLink(idl); - + buildOAspecificIdentityLink(oaParam, authData, idl); + } catch (ParseException e) { Logger.error("Received IdentityLink is not valid", e); @@ -618,15 +674,11 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, IOAAuthParameters oaParam) throws BuildException, ConfigurationException { - - String target = oaParam.getTarget(); IdentityLink identityLink = session.getIdentityLink(); VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); - boolean businessService = oaParam.getBusinessService(); - authData.setIssuer(session.getAuthURL()); //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO @@ -733,67 +785,12 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { Logger.trace("Authenticated User is OW: " + mandate.getOWbPK()); } else { - - if (businessService) { - //since we have foreigner, wbPK is not calculated in BKU - if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - - String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); - - if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { - // If domainIdentifier starts with prefix - // "urn:publicid:gv.at:wbpk+"; remove this prefix - registerAndOrdNr = registerAndOrdNr - .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " - + registerAndOrdNr); - } - - String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); - authData.setBPK(wbpkBase64); - authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); - - } else { - authData.setBPK(identityLink.getIdentificationValue()); - authData.setBPKType(identityLink.getIdentificationType()); - - } - - Logger.trace("Authenticate user with wbPK " + authData.getBPK()); - - Element idlassertion = session.getIdentityLink().getSamlAssertion(); - //set bpk/wpbk; - Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); - prIdentification.getFirstChild().setNodeValue(authData.getBPK()); - //set bkp/wpbk type - Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); - prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); - - IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); - IdentityLink idl = idlparser.parseIdentityLink(); - - //resign IDL - IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); - Element resignedilAssertion; - resignedilAssertion = identitylinkresigner.resignIdentityLink(idl.getSamlAssertion()); - IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion); - IdentityLink resignedIDL = resignedIDLParser.parseIdentityLink(); - - authData.setIdentityLink(resignedIDL); - - } else { - - if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); - authData.setBPK(bpkBase64); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); - } - - Logger.trace("Authenticate user with bPK " + authData.getBPK()); - - authData.setIdentityLink(identityLink); - } + buildOAspecificbPK(oaParam, authData, + identityLink.getIdentificationValue(), + identityLink.getIdentificationType()); + + buildOAspecificIdentityLink(oaParam, authData, identityLink); + } @@ -803,4 +800,77 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { } } + + private static void buildOAspecificIdentityLink(IOAAuthParameters oaParam, AuthenticationData authData, IdentityLink idl) throws MOAIDException { + if (oaParam.getBusinessService()) { + Element idlassertion = idl.getSamlAssertion(); + //set bpk/wpbk; + Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + prIdentification.getFirstChild().setNodeValue(authData.getBPK()); + //set bkp/wpbk type + Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); + prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); + + IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); + IdentityLink businessServiceIdl = idlparser.parseIdentityLink(); + + //resign IDL + IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); + Element resignedilAssertion; + resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion()); + IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion); + IdentityLink resignedIDL = resignedIDLParser.parseIdentityLink(); + + authData.setIdentityLink(resignedIDL); + + } else + authData.setIdentityLink(idl); + + + } + + private static void buildOAspecificbPK(IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException { + + if (oaParam.getBusinessService()) { + //since we have foreigner, wbPK is not calculated in BKU + if (baseIDType.equals(Constants.URN_PREFIX_BASEID)) { + + String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); + + if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { + // If domainIdentifier starts with prefix + // "urn:publicid:gv.at:wbpk+"; remove this prefix + registerAndOrdNr = registerAndOrdNr + .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + + registerAndOrdNr); + } + + String wbpkBase64 = new BPKBuilder().buildWBPK(baseID, registerAndOrdNr); + authData.setBPK(wbpkBase64); + authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); + + } else { + authData.setBPK(baseID); + authData.setBPKType(baseIDType); + + } + + Logger.trace("Authenticate user with wbPK " + authData.getBPK()); + + } else { + + if (baseIDType.equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK(baseID, oaParam.getTarget()); + authData.setBPK(bpkBase64); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); + } + + Logger.trace("Authenticate user with bPK " + authData.getBPK()); + } + + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index a62de27fc..23369fecc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -113,6 +113,8 @@ import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.util.config.EgovUtilConfiguration; +import at.gv.util.config.EgovUtilPropertiesConfiguration; /** * A class providing access to the Auth Part of the MOA-ID configuration data. @@ -210,6 +212,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider { private static SSO ssoconfig = null; + private EgovUtilPropertiesConfiguration eGovUtilsConfig = null; + private static Date date = null; private String publicURLPreFix = null; @@ -325,7 +329,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { statisticProps.put(propertyName, props.get(key.toString())); } } - + // initialize hibernate synchronized (AuthConfigurationProvider.class) { @@ -384,6 +388,24 @@ public class AuthConfigurationProvider extends ConfigurationProvider { // String xmlconfigout = props.getProperty("configuration.xml.out"); + //configure eGovUtils client implementations + + //read eGovUtils client configuration + Properties eGovUtilsConfigProp = new Properties(); + for (Object key : props.keySet()) { + String propPrefix = "service."; + if (key.toString().startsWith(propPrefix+"egovutil")) { + String propertyName = key.toString().substring(propPrefix.length()); + eGovUtilsConfigProp.put(propertyName, props.get(key.toString())); + } + } + if (!eGovUtilsConfigProp.isEmpty()) { + Logger.info("Start eGovUtils client implementation configuration ..."); + eGovUtilsConfig = + new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, rootConfigFileDir); + } + + //check if XML config should be used if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) { Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); @@ -1035,7 +1057,14 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return storkconfig; } - private void setCertStoreDirectory() throws ConfigurationException { + /** + * @return the eGovUtilsConfig + */ +public EgovUtilPropertiesConfiguration geteGovUtilsConfig() { + return eGovUtilsConfig; +} + +private void setCertStoreDirectory() throws ConfigurationException { AuthComponentGeneral auth = getAuthComponentGeneral(); if (auth.getGeneralConfiguration() != null) @@ -1075,5 +1104,5 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } return moasp; } - + } -- cgit v1.2.3 From c48b11484a7c0b71a4259a33de279a9501a5cdef Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 15 Oct 2014 13:04:03 +0200 Subject: update AuthData builder --- .../id/auth/builder/AuthenticationDataBuilder.java | 135 +++++++++++++++------ 1 file changed, 96 insertions(+), 39 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 0510f545a..cd2bfcf91 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -361,6 +361,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { authData.setBPK(pvpbPK.split(":")[1]); } + boolean foundEncryptedbPKForOA = false; if (extractor.containsAttribute(PVPConstants.ENC_BPK_LIST_NAME)) { List encbPKList = Arrays.asList( extractor.getAttribute(PVPConstants.ENC_BPK_LIST_NAME).split(";")); @@ -377,6 +378,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { + oaParam.getPublicURLPrefix() + " Start decryption process ..."); PrivateKey privKey = oaParam.getBPKDecBpkDecryptionKey(); + foundEncryptedbPKForOA = true; if (privKey != null) { try { String bPK = BPKBuilder.decryptBPK(encbPK, oaParam.getTarget(), privKey); @@ -411,54 +413,82 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { } } - if (MiscUtil.isEmpty(authData.getBPK()) && authData.getEncbPKList().size() == 0 && - MiscUtil.isEmpty(authData.getIdentificationValue())) { + if (MiscUtil.isEmpty(authData.getIdentificationValue()) && + MiscUtil.isEmpty(authData.getBPK()) && + !foundEncryptedbPKForOA) { Logger.info("Federated assertion include no bPK, encrypted bPK or baseID"); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME + + " or " + PVPConstants.ENC_BPK_LIST_NAME); - try { - EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProvider.getInstance().geteGovUtilsConfig(); - if (eGovClientsConfig != null) { - SZRClient szrclient = new SZRClient(eGovClientsConfig); + } + + //check if received bPK matchs to online application configuration + //and no encrypted bPK is found for this oa + if (!matchsReceivedbPKToOnlineApplication(oaParam, authData) + && !foundEncryptedbPKForOA) { + Logger.info("Received bPK/wbPK does not match to online application"); + + if (MiscUtil.isEmpty(authData.getIdentificationValue())) { + Logger.info("No baseID found. Connect SZR to reveive baseID ..."); + try { + EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProvider.getInstance().geteGovUtilsConfig(); + if (eGovClientsConfig != null) { + SZRClient szrclient = new SZRClient(eGovClientsConfig); + + Logger.debug("Create SZR request to get baseID ... "); + PersonInfoType personInfo = new PersonInfoType(); + at.gv.util.xsd.szr.persondata.PhysicalPersonType person = new at.gv.util.xsd.szr.persondata.PhysicalPersonType(); + personInfo.setPerson(person); + at.gv.util.xsd.szr.persondata.PersonNameType name = new at.gv.util.xsd.szr.persondata.PersonNameType(); + person.setName(name); + at.gv.util.xsd.szr.persondata.IdentificationType idValue = new at.gv.util.xsd.szr.persondata.IdentificationType(); + person.setIdentification(idValue); + + //set bPK or wbPK + idValue.setValue(authData.getBPK()); + idValue.setType(authData.getBPKType()); + + //set person information + name.setGivenName(authData.getGivenName()); + name.setFamilyName(authData.getFamilyName()); + if (authData.getDateOfBirth() != null) + person.setDateOfBirth(authData.getFormatedDateOfBirth()); + + //request szr and store baseID + authData.setIdentificationValue(szrclient.getStammzahl(personInfo)); + authData.setIdentificationType(Constants.URN_PREFIX_BASEID); + + } else { + Logger.warn("No SZR clieht configuration found. Interfederation SSO login not possible."); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME); + + } + + } catch (ConfigurationException e) { + Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME); - Logger.debug("Create SZR request to get baseID ... "); - PersonInfoType personInfo = new PersonInfoType(); - at.gv.util.xsd.szr.persondata.PhysicalPersonType person = new at.gv.util.xsd.szr.persondata.PhysicalPersonType(); - personInfo.setPerson(person); - at.gv.util.xsd.szr.persondata.PersonNameType name = new at.gv.util.xsd.szr.persondata.PersonNameType(); - person.setName(name); + } catch (EgovUtilException e) { + Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME); - name.setGivenName(authData.getGivenName()); - name.setFamilyName(authData.getFamilyName()); - if (authData.getDateOfBirth() != null) - person.setDateOfBirth(authData.getFormatedDateOfBirth()); - - authData.setIdentificationValue(szrclient.getStammzahl(personInfo)); - authData.setIdentificationType(Constants.URN_PREFIX_BASEID); - - } else { - Logger.warn("No SZR clieht configuration found. Interfederation SSO login not possible."); + } catch (SZRException e) { + Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + " or " + PVPConstants.EID_SOURCE_PIN_NAME); } - - } catch (ConfigurationException e) { - Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); - throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME - + " or " + PVPConstants.EID_SOURCE_PIN_NAME); - - } catch (EgovUtilException e) { - Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); - throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME - + " or " + PVPConstants.EID_SOURCE_PIN_NAME); - - } catch (SZRException e) { - Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); - throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME - + " or " + PVPConstants.EID_SOURCE_PIN_NAME); - } - + + //build OA specific bPK/wbPK information + buildOAspecificbPK(oaParam, authData, + authData.getIdentificationValue(), + authData.getIdentificationType()); + } if (MiscUtil.isEmpty(authData.getBPK())) { @@ -672,6 +702,33 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { authData.setPublicAuthority(false); } + /** + * @param oaParam + * @param authData + * @return + */ + private static boolean matchsReceivedbPKToOnlineApplication( + IOAAuthParameters oaParam, AuthenticationData authData) { + + String oaTarget = null; + if (oaParam.getBusinessService()) { + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK)) + oaTarget = oaParam.getIdentityLinkDomainIdentifier(); + else + oaTarget = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); + + } else { + oaTarget = Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget(); + + } + + + if (oaTarget.equals(authData.getBPKType())) + return true; + else + return false; + } + private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, IOAAuthParameters oaParam) throws BuildException, ConfigurationException { -- cgit v1.2.3 From 45a8fe220eabaf060ef42704a2b51104de7f73a8 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 22 Oct 2014 13:01:39 +0200 Subject: add PVP gateway configuration --- .../java/at/gv/egovernment/moa/id/config/OAParameter.java | 11 +++++++++++ .../gv/egovernment/moa/id/config/auth/OAAuthParameter.java | 13 +++++++++++++ 2 files changed, 24 insertions(+) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index b2bcd443f..d87dfd3b5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -70,6 +70,8 @@ public class OAParameter { this.isInderfederationIDP = oa.isIsInterfederationIDP(); + this.isSTORKPVPGateway = oa.isIsInterfederationGateway(); + } /** @@ -107,6 +109,8 @@ public class OAParameter { private Boolean isInderfederationIDP; + private Boolean isSTORKPVPGateway; + /** * Contains the oAuth 2.0 configuration (client id, secret and redirect uri) */ @@ -154,6 +158,13 @@ public class OAParameter { return isInderfederationIDP; } + public boolean isSTORKPVPGateway() { + if (isSTORKPVPGateway == null) + return false; + + return isSTORKPVPGateway; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 673d23373..d235f54fd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -61,6 +61,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationT import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationGatewayType; import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationIDPType; import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem; @@ -99,6 +100,7 @@ public class OAAuthParameter extends OAParameter implements IOAAuthParameters { private AuthComponentOA oa_auth; private String keyBoxIdentifier; private InterfederationIDPType inderfederatedIDP = null; + private InterfederationGatewayType interfederatedGateway = null; public OAAuthParameter(OnlineApplication oa) { super(oa); @@ -108,6 +110,8 @@ public class OAAuthParameter extends OAParameter implements IOAAuthParameters { this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value(); this.inderfederatedIDP = oa.getInterfederationIDP(); + + this.interfederatedGateway = oa.getInterfederationGateway(); } @@ -537,6 +541,15 @@ public boolean isIDPPublicService() { } +public String getSTORKPVPForwardEntity() { + if (interfederatedGateway != null) { + return interfederatedGateway.getForwardIDPIdentifier(); + + } else + return null; + +} + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isTestCredentialEnabled() */ -- cgit v1.2.3 From deebaf058efe2203f0e6844de7cb6b09374cab7c Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 22 Oct 2014 13:03:52 +0200 Subject: add VIDP gateway process-flow to national infrastructure --- .../gv/egovernment/moa/id/moduls/SSOManager.java | 1 + .../id/protocols/stork2/AuthenticationRequest.java | 16 +++++---- .../moa/id/protocols/stork2/STORKProtocol.java | 38 +++++++++++++++++++--- .../resources/properties/id_messages_de.properties | 3 +- .../protocol_response_statuscodes_de.properties | 1 + 5 files changed, 47 insertions(+), 12 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index ff294dc3d..68545e1c2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -100,6 +100,7 @@ public class SSOManager { if (MiscUtil.isNotEmpty(protocolRequest.getRequestedIDP())) { Logger.info("Protocolspecific preprocessing already set interfederation IDP " + protocolRequest.getRequestedIDP()); + return; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 3bd827667..95597e0ad 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -22,7 +22,6 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.stork2; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -38,6 +37,7 @@ import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import eu.stork.peps.auth.commons.*; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; @@ -67,14 +67,11 @@ public class AuthenticationRequest implements IAction { private VelocityEngine velocityEngine; - private IAuthData authData = null; private MOASTORKRequest moaStorkRequest = null; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - this.authData = authData; - if ((req instanceof MOASTORKRequest)) { // && ( ((MOASTORKRequest) req).getCitizenCountryCode() == null || ((MOASTORKRequest) req).getCitizenCountryCode().equals("AT") )) { this.moaStorkRequest = (MOASTORKRequest) req; @@ -111,7 +108,10 @@ public class AuthenticationRequest implements IAction { // } // Get personal attributtes from MOA/IdentityLink - moaStorkResponse.setPersonalAttributeList(populateAttributes(oaParam)); + + //build STORK attributes from local authentication information + if (authData != null) + moaStorkResponse.setPersonalAttributeList(populateAttributes(authData, oaParam)); } //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); @@ -390,6 +390,10 @@ public class AuthenticationRequest implements IAction { public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + //redirect to national PVP IDP infrastructure if special attributes are requested + if (MiscUtil.isEmpty(req.getRequestedIDP()) && req instanceof MOASTORKRequest) + return !STORKPVPUtilits.performAuthenticationOnNationalIDP((MOASTORKRequest) req); + // // authentication is not needed if we have authentication request from SP for citizen of configured PEPS country // if (req instanceof MOASTORKRequest) { // MOASTORKRequest moastorkRequest = (MOASTORKRequest) req; @@ -444,7 +448,7 @@ public class AuthenticationRequest implements IAction { } - public PersonalAttributeList populateAttributes(IOAAuthParameters oaParam) { + public PersonalAttributeList populateAttributes(IAuthData authData, IOAAuthParameters oaParam) { IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList(); Logger.info("Found " + attrLst.size() + " personal attributes in the request."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 440121417..57531992d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -23,11 +23,15 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import eu.stork.peps.auth.commons.*; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; @@ -145,20 +149,23 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { STORKAuthnRequest authnRequest = null; STORKAttrQueryRequest attrRequest = null; - - + // check if valid authn request is contained try { authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); + } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); + } catch (ClassCastException e) { // we do not have a authnRequest // check if a valid attr request is container try { attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken); + } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); + } } @@ -176,11 +183,32 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { Logger.error("Exception, attributes: " + e.getMessage()); } - STORK2Request.setSTORKAuthnRequest(authnRequest); STORK2Request.setSTORKAttrRequest(attrRequest); - - + + //check if OA is instance of VIDP or STORKPVPGateway + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(STORK2Request.getOAURL()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[]{STORK2Request.getOAURL()}); + + else { + if (oaParam.isSTORKPVPGateway()) { + if (MiscUtil.isNotEmpty(oaParam.getSTORKPVPForwardEntity())) { + Logger.info("Received request for STORK->PVP gateway. " + + "Forward to PVP portal with entiyID " + oaParam.getSTORKPVPForwardEntity() + + " ..." ); + STORK2Request.setRequestedIDP(oaParam.getSTORKPVPForwardEntity()); + + } else { + Logger.error("InterfederatedGateway configuration with ID " + STORK2Request.getOAURL() + + " not configure a forward entityID."); + throw new MOAIDException("", null); + + } + } + + } + return STORK2Request; } else { throw new MOAIDException("stork.14", null); // TODO Specify message diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 9bfa14a7c..361c6b5ee 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -72,7 +72,8 @@ config.17=Fehler beim initialisieren von Hibernate config.18=Keine MOA-ID 2.x Konfiguration gefunden. config.19=Kein Schl\u00FCssel f\u00FCr die Resignierung der Personenbindung gefunden. config.20=Umgebungsvariable "moa.id.proxy.configuration" nicht gesetzt -config.21=F\u00FCr diese Online Applikation sind keine Vollmachtsprofile hinterlegt. +config.21=F\u00FCr diese Online Applikation sind keine Vollmachtsprofile hinterlegt. +config.22=F\u00FCr den Interfederation-Gateway mit der ID {0} ist kein Endpunkt zur Weiterleitung konfiguriert. parser.00=Leichter Fehler beim Parsen: {0} parser.01=Fehler beim Parsen: {0} diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index 3f9cf2f1d..085625972 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -52,6 +52,7 @@ config.18=9199 config.19=9199 config.20=9199 config.21=9006 +config.22=9008 parser.00=1101 parser.01=1101 -- cgit v1.2.3 From f4e83ea671c3bd743fca894f7f48a29e95dcb4dc Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 22 Oct 2014 13:05:23 +0200 Subject: add sequence priority to STORK attribute providers --- .../id/protocols/stork2/AttributeCollector.java | 11 +++++--- .../protocols/stork2/AttributeProviderFactory.java | 8 +++--- .../attributeproviders/AttributeProvider.java | 31 ++++++++++++++++++++-- .../EHvdAttributeProviderPlugin.java | 7 +++++ .../EHvdAttribute_deprecatedProviderPlugin.java | 7 +++++ .../MandateAttributeRequestProvider.java | 7 +++++ .../SignedDocAttributeRequestProvider.java | 8 ++++++ .../StorkAttributeRequestProvider.java | 8 ++++++ 8 files changed, 79 insertions(+), 8 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 456baf49f..6f29744b5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import java.util.ArrayList; +import java.util.Iterator; import java.util.List; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -135,9 +136,11 @@ public class AttributeCollector implements IAction { // find the attribute provider plugin that can handle the response IPersonalAttributeList newAttributes = null; - for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) + + Iterator attibuteProvidersInterator = AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs()); + while(attibuteProvidersInterator.hasNext()) try { - newAttributes = current.parse(httpReq); + newAttributes = attibuteProvidersInterator.next().parse(httpReq); // stop as soon as we hit a capable plugin break; @@ -203,7 +206,9 @@ public class AttributeCollector implements IAction { addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes); // - check if we can find a suitable AttributeProvider Plugin - for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { + Iterator attibuteProvidersInterator = AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs()); + while(attibuteProvidersInterator.hasNext()) { + AttributeProvider currentProvider = attibuteProvidersInterator.next(); // build a section of attribute provider's predefined attributes and missing attributes // only missing attributes that can be handled by attribute provider will be sent to it diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index ec64f7eb1..bcc031741 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -32,7 +32,9 @@ import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.StorkAttribu import at.gv.egovernment.moa.logging.Logger; import java.util.ArrayList; +import java.util.Iterator; import java.util.List; +import java.util.PriorityQueue; /** * A factory for creating AttributeProvider objects. @@ -89,16 +91,16 @@ public class AttributeProviderFactory { * @param configuredAPs the configured a ps * @return the configured plugins */ - public static List getConfiguredPlugins( + public static Iterator getConfiguredPlugins( List configuredAPs) { - List result = new ArrayList(); + PriorityQueue result = new PriorityQueue(); for (AttributeProviderPlugin current : configuredAPs) { result.add(create(current.getName(), current.getUrl(), current.getAttributes())); Logger.debug("Adding configured attribute provider: " + current.getClass().getName() + current.getName() + " at " + current.getUrl()); } - return result; + return result.iterator(); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java index a8454b37c..4b50e2593 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java @@ -40,7 +40,7 @@ import eu.stork.peps.auth.commons.PersonalAttribute; * An {@link AttributeProvider} can fetch a set of stork attributes. It might complete the query within one method call, * but might also need to redirect to another webservice to accomplish its task. */ -public abstract class AttributeProvider { +public abstract class AttributeProvider implements Comparable{ protected String attributes; @@ -107,5 +107,32 @@ public abstract class AttributeProvider { return supportedAttributeNames; } - + + /** + * Returns the sequence priority of this attribute provider. + * Providers with small numbers are requested first. + * + * @return a sequence priority of this provider + */ + public abstract int getPriority(); + + /** + * Compare the sequence priority of two attribute providers + * @param o attribute provider + * @return 0 if priority is equal + * @return -1 if priority if this is higher then from o + * @return +1 if priority if o is higher then from this + */ + @Override + public int compareTo(AttributeProvider o) { + if (this.getPriority() == o.getPriority()) + return 0; + + if (this.getPriority() < o.getPriority()) + return -1; + + else + return +1; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java index 8af35673f..51cb472f2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java @@ -241,5 +241,12 @@ public class EHvdAttributeProviderPlugin extends AttributeProvider { throw new UnsupportedAttributeException(); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#getPriority() + */ + @Override + public int getPriority() { + return 99; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttribute_deprecatedProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttribute_deprecatedProviderPlugin.java index fb62e43e5..c390f9407 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttribute_deprecatedProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttribute_deprecatedProviderPlugin.java @@ -246,5 +246,12 @@ public class EHvdAttribute_deprecatedProviderPlugin extends AttributeProvider { throw new UnsupportedAttributeException(); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#getPriority() + */ + @Override + public int getPriority() { + return 99; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java index 07e5b70ba..2d92b7406 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java @@ -205,5 +205,12 @@ public class MandateAttributeRequestProvider extends AttributeProvider { return null; // } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#getPriority() + */ + @Override + public int getPriority() { + return 99; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java index 13b14b0be..5dc6b801e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java @@ -616,4 +616,12 @@ public class SignedDocAttributeRequestProvider extends AttributeProvider { return success; } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#getPriority() + */ + @Override + public int getPriority() { + return 99; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java index cb3a33c69..161e7193a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java @@ -180,5 +180,13 @@ public class StorkAttributeRequestProvider extends AttributeProvider { Logger.info("STORK AttrRequest successfully rendered!"); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#getPriority() + */ + @Override + public int getPriority() { + return 99; + } + } -- cgit v1.2.3 From 503cfcb406551c32f23ad0f4809f56d2d0d605d1 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 22 Oct 2014 14:01:00 +0200 Subject: change Attribute Provider interface --- .../moa/id/protocols/stork2/AttributeCollector.java | 2 +- .../stork2/attributeproviders/AttributeProvider.java | 11 ++++++----- .../attributeproviders/EHvdAttributeProviderPlugin.java | 5 +++-- .../EHvdAttribute_deprecatedProviderPlugin.java | 5 +++-- .../attributeproviders/MandateAttributeRequestProvider.java | 9 +++++---- .../attributeproviders/SignedDocAttributeRequestProvider.java | 3 ++- .../attributeproviders/StorkAttributeRequestProvider.java | 5 +++-- 7 files changed, 23 insertions(+), 17 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 6f29744b5..e3b9992aa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -228,7 +228,7 @@ public class AttributeCollector implements IAction { //aquiredAttributes = currentProvider.acquire(currentAttribute, container.getRequest().getSpCountry(), moasession); //aquiredAttributes = currentProvider.acquire(missingAttributes, container.getRequest().getSpCountry(), moasession); - aquiredAttributes = currentProvider.acquire(currentProviderConfiguredAttributes, container.getRequest().getSpCountry(), authData); + aquiredAttributes = currentProvider.acquire(currentProviderConfiguredAttributes, container.getRequest(), authData); Logger.info(currentProvider.getClass().getSimpleName() + " can handle attribute '" + currentAttribute.getName() + "'"); break; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java index 4b50e2593..aaf13a779 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java @@ -32,6 +32,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; +import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -53,19 +54,19 @@ public abstract class AttributeProvider implements Comparable * for redirecting the user to an external service. Use {@link AttributeProvider#parse(HttpServletRequest)} to parse * the response. * - * @param attributes the list of attributes to be acquired - * @param spCountyCode the sp county code + * @param currentProviderConfiguredAttributes the list of attributes to be acquired + * @param moastorkRequest the sp county code * @param authData the moasession * @return the personal attribute * @throws UnsupportedAttributeException the unsupported attribute exception * @throws ExternalAttributeRequestRequiredException an attribute request to an external service has to be done * @throws MOAIDException the mOAID exception */ - protected abstract IPersonalAttributeList acquire(PersonalAttribute attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException; + protected abstract IPersonalAttributeList acquire(PersonalAttribute currentProviderConfiguredAttributes, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException; - public IPersonalAttributeList acquire(List attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + public IPersonalAttributeList acquire(List attributes, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { if (attributes.size() == 1) { - return acquire(attributes.get(0), spCountyCode, authData); + return acquire(attributes.get(0), moastorkRequest, authData); } else { throw new MOAIDException("stork.13", new Object[] { }); // TODO message only one attribute supported by this provider diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java index 51cb472f2..761460971 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java @@ -46,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; +import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; @@ -77,7 +78,7 @@ public class EHvdAttributeProviderPlugin extends AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute) */ @Override - protected IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData) + protected IPersonalAttributeList acquire(PersonalAttribute attribute, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { @@ -214,7 +215,7 @@ public class EHvdAttributeProviderPlugin extends AttributeProvider { // add stork id for verification ArrayList value = new ArrayList(); - value.add(new BPKBuilder().buildStorkeIdentifier(authData.getIdentityLink(), spCountryCode)); + value.add(new BPKBuilder().buildStorkeIdentifier(authData.getIdentityLink(), moastorkRequest.getSpCountry())); result.add(new PersonalAttribute("eIdentifier", false, value, "Available")); return result; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttribute_deprecatedProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttribute_deprecatedProviderPlugin.java index c390f9407..2000ef928 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttribute_deprecatedProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttribute_deprecatedProviderPlugin.java @@ -46,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; +import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; @@ -78,7 +79,7 @@ public class EHvdAttribute_deprecatedProviderPlugin extends AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute) */ @Override - protected IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData) + protected IPersonalAttributeList acquire(PersonalAttribute attribute, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { @@ -219,7 +220,7 @@ public class EHvdAttribute_deprecatedProviderPlugin extends AttributeProvider { // add stork id for verification ArrayList value = new ArrayList(); - value.add(new BPKBuilder().buildStorkeIdentifier(authData.getIdentityLink(), spCountryCode)); + value.add(new BPKBuilder().buildStorkeIdentifier(authData.getIdentityLink(), moastorkRequest.getSpCountry())); result.add(new PersonalAttribute("eIdentifier", false, value, "Available")); return result; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java index 2d92b7406..f4d963645 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java @@ -36,6 +36,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; +import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.VelocityProvider; @@ -73,9 +74,9 @@ public class MandateAttributeRequestProvider extends AttributeProvider { } @Override - protected IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + protected IPersonalAttributeList acquire(PersonalAttribute attribute, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { Logger.info("Acquiring attribute: " + attribute.getName() + ", by: " + getAttrProviderName()); - this.spCountryCode = spCountryCode; + this.spCountryCode = moastorkRequest.getSpCountry(); requestedAttributes = new PersonalAttributeList(1); requestedAttributes.add(attribute); @@ -94,9 +95,9 @@ public class MandateAttributeRequestProvider extends AttributeProvider { } @Override - public IPersonalAttributeList acquire(List attributes, String spCountryCode, IAuthData moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + public IPersonalAttributeList acquire(List attributes, MOASTORKRequest moastorkRequest, IAuthData moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { Logger.info("Acquiring " + attributes.size() + " attributes, by: " + getAttrProviderName()); - this.spCountryCode = spCountryCode; + this.spCountryCode = moastorkRequest.getSpCountry(); requestedAttributes = new PersonalAttributeList(attributes.size()); for (PersonalAttribute personalAttribute : attributes) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java index 5dc6b801e..06cb99da0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java @@ -58,6 +58,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; +import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; @@ -124,7 +125,7 @@ public class SignedDocAttributeRequestProvider extends AttributeProvider { * .lang.String) */ @Override - protected IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, + protected IPersonalAttributeList acquire(PersonalAttribute attribute, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { if(!attributes.contains(attribute.getName())) { throw new UnsupportedAttributeException(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java index 161e7193a..5ee0e380e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java @@ -35,6 +35,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; +import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.VelocityProvider; @@ -77,13 +78,13 @@ public class StorkAttributeRequestProvider extends AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ @Override - protected IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, IAuthData authData) + protected IPersonalAttributeList acquire(PersonalAttribute attribute, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { if (!attributes.contains(attribute.getName())) throw new UnsupportedAttributeException(); - this.spCountryCode = spCountyCode; + this.spCountryCode = moastorkRequest.getSpCountry(); requestedAttributes = new PersonalAttributeList(1); requestedAttributes.add(attribute); -- cgit v1.2.3 From 5a5ab5c36c94157e431a6128e3189db314626859 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 22 Oct 2014 14:01:31 +0200 Subject: add PVPAuthentication provider --- .../protocols/stork2/AttributeProviderFactory.java | 3 + .../moa/id/protocols/stork2/STORKPVPUtilits.java | 49 +++++ .../PVPAuthenticationProvider.java | 238 +++++++++++++++++++++ 3 files changed, 290 insertions(+) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKPVPUtilits.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index bcc031741..a1525db0a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -27,6 +27,7 @@ import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributePro import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.EHvdAttributeProviderPlugin; import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.EHvdAttribute_deprecatedProviderPlugin; import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.MandateAttributeRequestProvider; +import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.PVPAuthenticationProvider; import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.SignedDocAttributeRequestProvider; import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.StorkAttributeRequestProvider; import at.gv.egovernment.moa.logging.Logger; @@ -80,6 +81,8 @@ public class AttributeProviderFactory { ex.printStackTrace(); return null; } + } else if (shortname.equals("PVPAuthenticationProvider")) { + return new PVPAuthenticationProvider(url, attributes); } else { return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKPVPUtilits.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKPVPUtilits.java new file mode 100644 index 000000000..d923eccde --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKPVPUtilits.java @@ -0,0 +1,49 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.util.Arrays; +import java.util.List; + +/** + * @author tlenz + * + */ +public class STORKPVPUtilits { + + public static final List attributesRequirePVPAuthentication = + Arrays.asList("ECApplicationRole"); + + + + public static boolean performAuthenticationOnNationalIDP(MOASTORKRequest moastorkRequest) { + for (String el : attributesRequirePVPAuthentication) { + if (moastorkRequest.getPersonalAttributeList().containsKey(el)) { + return true; + + } + } + return false; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java new file mode 100644 index 000000000..95af3565e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java @@ -0,0 +1,238 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.stork2.attributeproviders; + +import java.io.StringWriter; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; + +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; +import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; +import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.VelocityProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.STORKAttrQueryRequest; +import eu.stork.peps.auth.commons.STORKAttrQueryResponse; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.STORKAuthnResponse; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; + +/** + * @author tlenz + * + */ +public class PVPAuthenticationProvider extends AttributeProvider { + + private String destination = null; + private MOASTORKRequest moastorkRequest = null; + + /** + * @param attributes + * @param attributes2 + */ + public PVPAuthenticationProvider(String url, String attributes) { + super(attributes); + this.destination = url; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute, java.lang.String, at.gv.egovernment.moa.id.data.IAuthData) + */ + @Override + protected IPersonalAttributeList acquire(PersonalAttribute attribute, + MOASTORKRequest moastorkRequest, IAuthData authData) + throws UnsupportedAttributeException, + ExternalAttributeRequestRequiredException, MOAIDException { + + this.moastorkRequest = moastorkRequest; + // break if we cannot handle the requested attribute + if (!attributes.contains(attribute.getName())) { + Logger.info("Attribute " + attribute.getName() + " not supported by the provider: " + getAttrProviderName()); + throw new UnsupportedAttributeException(); + + } + + Logger.info("Thrown external request by: " + getAttrProviderName()); + throw new ExternalAttributeRequestRequiredException(this); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#performRedirect(java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.config.auth.OAAuthParameter) + */ + @Override + public void performRedirect(String url, HttpServletRequest req, + HttpServletResponse resp, OAAuthParameter oaParam) + throws MOAIDException { + + String spSector = "Business"; + String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); + String spApplication = spInstitution; + String spCountryCode = moastorkRequest.getSpCountry(); + + if ((spCountryCode == null) || (spCountryCode.length()<2)) { + spCountryCode = oaParam.getTarget(); + Logger.info("Setting spcountry target: " + oaParam.getTarget()); + Logger.info("idlink ident " + oaParam.getIdentityLinkDomainIdentifier()); + Logger.info("idlink type " + oaParam.getIdentityLinkDomainIdentifierType()); + Logger.info("Setting spcountry target friendly : " + oaParam.getTargetFriendlyName()); + Logger.info("Oatype : " + oaParam.getOaType()); + Logger.info("puburl : " + oaParam.getPublicURLPrefix()); + if ("STORK".equals(oaParam.getIdentityLinkDomainIdentifierType())) { + + spCountryCode = oaParam.getIdentityLinkDomainIdentifier().substring(oaParam.getIdentityLinkDomainIdentifier().length()-2); + Logger.info("Set to " +spCountryCode); + } + + } + + //generate AttrQueryRequest + STORKAuthnRequest authRequest = new STORKAuthnRequest(); + authRequest.setDestination(destination); + authRequest.setAssertionConsumerServiceURL(url); + authRequest.setIssuer(HTTPUtils.getBaseURL(req)); + authRequest.setQaa(oaParam.getQaaLevel()); + authRequest.setSpInstitution(spInstitution); + authRequest.setCountry(spCountryCode); + authRequest.setSpCountry(spCountryCode); + authRequest.setSpApplication(spApplication); + authRequest.setSpSector(spSector); + authRequest.setPersonalAttributeList(moastorkRequest.getPersonalAttributeList()); + + authRequest.setCitizenCountryCode("AT"); + authRequest.setQaa(oaParam.getQaaLevel()); + + if (authRequest.getQaa() == 0 ) { + authRequest.setQaa(4); // workaround + } + + + + Logger.info("STORK AttrRequest successfully assembled."); + + STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("VIDP"); + try { + + authRequest = samlEngine.generateSTORKAuthnRequest(authRequest); + } catch (STORKSAMLEngineException e) { + Logger.error("Could not sign STORK SAML AttrRequest.", e); + throw new MOAIDException("stork.00", null); + } + + Logger.info("STORK AttrRequest successfully signed!"); + + //validate AuthnRequest + try { + samlEngine.validateSTORKAuthnRequest(authRequest.getTokenSaml()); + } catch (STORKSAMLEngineException e) { + Logger.error("STORK SAML AuthnRequest not valid.", e); + throw new MOAIDException("stork.01", null); + } + + Logger.debug("STORK AuthnRequest successfully internally validated."); + + try { + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); + VelocityContext context = new VelocityContext(); + context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authRequest.getTokenSaml())); + context.put("action", destination); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + resp.getOutputStream().write(writer.toString().getBytes("UTF-8")); + + } catch (Exception e) { + Logger.error("Error sending STORK SAML AttrRequest.", e); + throw new MOAIDException("stork.11", null); + + } + Logger.info("STORK AttrRequest successfully rendered!"); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) + */ + @Override + public IPersonalAttributeList parse(HttpServletRequest httpReq) + throws UnsupportedAttributeException, MOAIDException { + + Logger.info(this.getClass().getSimpleName() + " tries to extract SAMLResponse out of HTTP Request"); + + //extract STORK Response from HTTP Request + //Decodes SAML Response + byte[] decSamlToken; + try { + decSamlToken = PEPSUtil.decodeSAMLToken(httpReq.getParameter("SAMLResponse")); + } catch(NullPointerException e) { + throw new UnsupportedAttributeException(); + } + + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + + STORKAuthnResponse authnResponse = null; + try { + //validate SAML Token + Logger.debug("Starting validation of SAML response"); + authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) httpReq.getRemoteHost()); + Logger.info("SAML response successfully verified!"); + + }catch(STORKSAMLEngineException e){ + Logger.error("Failed to verify STORK SAML Response", e); + throw new MOAIDException("stork.05", null); + } + + return authnResponse.getPersonalAttributeList(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#getPriority() + */ + @Override + public int getPriority() { + return 1; + } + + public String getAttrProviderName() { + return this.getClass().getName(); + } +} -- cgit v1.2.3 From cf30fab96d66c6beb46f1c69bf8a9d4bed2fb715 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 Oct 2014 13:42:40 +0200 Subject: refactor bPK/wbPK builder --- .../moa/id/auth/builder/BPKBuilder.java | 69 ++++++++++++---------- 1 file changed, 37 insertions(+), 32 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index b122ba17e..a2570ed7e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -46,7 +46,6 @@ package at.gv.egovernment.moa.id.auth.builder; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.logging.Logger; @@ -54,7 +53,6 @@ import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; -import java.io.UnsupportedEncodingException; import java.security.InvalidKeyException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -103,14 +101,7 @@ public class BPKBuilder { else basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); - String hashBase64 = Base64Utils.encode(hash); - return hashBase64; - } catch (Exception ex) { - throw new BuildException("builder.00", new Object[]{"bPK", ex.toString()}, ex); - } + return calculatebPKwbPK(basisbegriff); } /** @@ -139,16 +130,24 @@ public class BPKBuilder { else basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); - String hashBase64 = Base64Utils.encode(hash); - return hashBase64; - } catch (Exception ex) { - throw new BuildException("builder.00", new Object[]{"wbPK", ex.toString()}, ex); - } + return calculatebPKwbPK(basisbegriff); } + public String buildbPKorwbPK(String baseID, String bPKorwbPKTarget) throws BuildException { + if (MiscUtil.isEmpty(baseID) || + !(bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_CDID + "+") || + bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_WBPK + "+") || + bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_STORK + "+")) ) { + throw new BuildException("builder.00", + new Object[]{"bPK/wbPK", "bPK or wbPK target " + bPKorwbPKTarget + + " has an unkown prefix."}); + + } + + return calculatebPKwbPK(baseID + "+" + bPKorwbPKTarget); + + } + public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException { MiscUtil.assertNotNull(bpk, "BPK"); MiscUtil.assertNotNull(publicKey, "publicKey"); @@ -211,7 +210,8 @@ public class BPKBuilder { */ public String buildStorkeIdentifier(IdentityLink identityLink, String destinationCountry) throws BuildException { - return buildStorkbPK(identityLink, "AT", destinationCountry); + return buildStorkbPK(identityLink.getIdentificationValue(), + identityLink.getIdentificationType(), "AT", destinationCountry); } /** @@ -224,10 +224,7 @@ public class BPKBuilder { */ public String buildStorkeIdentifier(String identificationType, String identificationValue, String destinationCountry) throws BuildException { - IdentityLink tempIdentity = new IdentityLink(); - tempIdentity.setIdentificationType(identificationType); - tempIdentity.setIdentificationValue(identificationValue); - return buildStorkbPK(tempIdentity, "AT", destinationCountry); + return buildStorkbPK(identificationValue, identificationType, "AT", destinationCountry); } /** @@ -239,16 +236,17 @@ public class BPKBuilder { * @return storkid in a BASE64 encoding * @throws BuildException if an error occurs on building the wbPK */ - public String buildStorkbPK(IdentityLink identityLink, String sourceCountry, String destinationCountry) + public String buildStorkbPK(String baseID, String baseIDType, String sourceCountry, String destinationCountry) throws BuildException { String identificationValue = null; // check if we have been called by public sector application - if (identityLink.getIdentificationType().startsWith(Constants.URN_PREFIX_BASEID)) { - identificationValue = calculateStorkeIdentifierBase(identityLink, sourceCountry, destinationCountry); + if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) { + identificationValue = calculateStorkeIdentifierBase(baseID, sourceCountry, destinationCountry); + } else { // if not, sector identification value is already calculated by BKU Logger.info("STORK eIdentifier already provided by BKU"); - identificationValue = identityLink.getIdentificationValue(); + identificationValue = baseID; } if ((identificationValue == null || @@ -266,19 +264,26 @@ public class BPKBuilder { return eIdentifier; } - - private String calculateStorkeIdentifierBase(IdentityLink identityLink, String sourceCountry, String destinationCountry) throws BuildException { - String basisbegriff = identityLink.getIdentificationValue() + "+" + Constants.URN_PREFIX_STORK + "+" + sourceCountry + "+" + destinationCountry; - Logger.info("Building STORK identification from: [identValue]+" + Constants.URN_PREFIX_STORK + "+" + sourceCountry + "+" + destinationCountry); - try { + + private String calculateStorkeIdentifierBase(String baseID, String sourceCountry, String destinationCountry) throws BuildException { + String basisbegriff = baseID + "+" + Constants.URN_PREFIX_STORK + "+" + sourceCountry + "+" + destinationCountry; + Logger.info("Building STORK identification from: [identValue]+" + Constants.URN_PREFIX_STORK + "+" + sourceCountry + "+" + destinationCountry); + return calculatebPKwbPK(basisbegriff); + + } + + private String calculatebPKwbPK(String basisbegriff) throws BuildException { + try { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); String hashBase64 = Base64Utils.encode(hash); Logger.debug("STORK identification defined as: " + hashBase64); return hashBase64; + } catch (Exception ex) { throw new BuildException("builder.00", new Object[]{"storkid", ex.toString()}, ex); } + } private static byte[] encrypt(byte[] inputBytes, PublicKey publicKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { -- cgit v1.2.3 From 422bce78a84746c95298facd6c00ade2d48683ad Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 Oct 2014 13:43:19 +0200 Subject: fix possible NullpointerException --- .../egovernment/moa/id/advancedlogging/StatisticLogger.java | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index f20339506..b68db92a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -110,8 +110,7 @@ public class StatisticLogger { Logger.warn("Advanced logging failed: OA can not be found in database."); return; } - - + StatisticLog dblog = new StatisticLog(); //set actual date and time @@ -125,12 +124,8 @@ public class StatisticLogger { dblog.setOafriendlyName(dbOA.getFriendlyName()); boolean isbusinessservice = isBusinessService(dbOA); - dblog.setBusinessservice(isbusinessservice); - - if (isbusinessservice) - dblog.setOatarget(dbOA.getAuthComponentOA().getIdentificationNumber().getValue()); - else - dblog.setOatarget(dbOA.getTarget()); + dblog.setBusinessservice(isbusinessservice); + dblog.setOatarget(authData.getBPKType()); dblog.setInterfederatedSSOSession(authData.isInterfederatedSSOSession()); -- cgit v1.2.3 From a9e03893056cf1b349148b0f1048c37c9073e557 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 Oct 2014 13:44:54 +0200 Subject: update dynamic OA generation --- .../builder/DynamicOAAuthParameterBuilder.java | 37 ++++++++++++++- .../gv/egovernment/moa/id/config/OAParameter.java | 18 +++---- .../moa/id/config/auth/IOAAuthParameters.java | 12 +++++ .../moa/id/config/auth/OAAuthParameter.java | 29 +++++++++++- .../config/auth/data/DynamicOAAuthParameters.java | 55 +++++++++------------- 5 files changed, 106 insertions(+), 45 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java index 132b6af01..49f87122d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java @@ -33,7 +33,9 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -62,7 +64,7 @@ public class DynamicOAAuthParameterBuilder { attrValue.startsWith(Constants.URN_PREFIX_STORK) ) { dynamicOA.setBusinessService(true); dynamicOA.setTarget(attrValue); - + } else { Logger.error("Sector identification " + attrValue + " is not a valid Target or BusinessServiceArea"); throw new DynamicOABuildException("Sector identification " + attrValue + " is not a valid Target or BusinessServiceArea", null); @@ -106,4 +108,37 @@ public class DynamicOAAuthParameterBuilder { } + + /** + * @param oaParam + * @param protocolRequest + * @return + */ + public static IOAAuthParameters buildFromAuthnRequest( + IOAAuthParameters oaParam, IRequest protocolRequest) { + + DynamicOAAuthParameters dynOAParams = new DynamicOAAuthParameters(); + dynOAParams.setApplicationID(oaParam.getPublicURLPrefix()); + dynOAParams.setBusinessService(oaParam.getBusinessService()); + + if (protocolRequest instanceof MOASTORKRequest) + return buildFromSTORKRequest(dynOAParams, (MOASTORKRequest) protocolRequest); + + Logger.warn("Dynamic OA generation failed. RequestType is not implemented."); + return null; + } + + /** + * @param oaParam + * @param protocolRequest + * @return + */ + private static IOAAuthParameters buildFromSTORKRequest( + DynamicOAAuthParameters oaParam, MOASTORKRequest protocolRequest) { + + oaParam.setBusinessTarget(Constants.URN_PREFIX_STORK + "+" + "AT" + "+" + protocolRequest.getSpCountry()); + oaParam.setBusinessService(true); + + return oaParam; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index d87dfd3b5..a2e8bab9b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -47,6 +47,8 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; */ public class OAParameter { + public OAParameter() { } + public OAParameter(OnlineApplication oa) { this.oaType = oa.getType(); @@ -83,33 +85,33 @@ public class OAParameter { * specifies whether the online application is a business application or not (true * if value of {@link #oaType} is "businessService" */ - private boolean businessService; + protected boolean businessService; /** * public URL prefix of the online application */ - private String publicURLPrefix; + protected String publicURLPrefix; /** * specifies a human readable name of the Online Application */ - private String friendlyName; + protected String friendlyName; /** * specified a specific target for the Online Application (overwrites the target in der request) */ - private String target; + protected String target; /** * specifies a friendly name for the target */ - private String targetFriendlyName; + protected String targetFriendlyName; - private boolean removePBKFromAuthblock; + protected boolean removePBKFromAuthblock; - private Boolean isInderfederationIDP; + protected Boolean isInderfederationIDP; - private Boolean isSTORKPVPGateway; + protected Boolean isSTORKPVPGateway; /** * Contains the oAuth 2.0 configuration (client id, secret and redirect uri) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java index 4c6519b57..c336eb316 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java @@ -54,6 +54,8 @@ public interface IOAAuthParameters { public boolean isInderfederationIDP(); + public boolean isSTORKPVPGateway(); + /** * @return the identityLinkDomainIdentifier */ @@ -152,5 +154,15 @@ public interface IOAAuthParameters { List getTestCredentialOIDs(); PrivateKey getBPKDecBpkDecryptionKey(); + + /** + * @return + */ + boolean isPassivRequestUsedForInterfederation(); + + /** + * @return + */ + boolean isPerformLocalAuthenticationOnInterfederationError(); } \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index d235f54fd..90b72b72b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -443,6 +443,9 @@ public List getRequestedAttributes() { @Override public boolean isRequireConsentForStorkAttributes() { try{ + if (isSTORKPVPGateway()) + return false; + return oa_auth.getOASTORK().isRequireConsent(); }catch(Exception e) { @@ -457,7 +460,13 @@ public boolean isRequireConsentForStorkAttributes() { */ @Override public List getStorkAPs() { - return oa_auth.getOASTORK().getAttributeProviders(); + if (oa_auth.getOASTORK() != null && + oa_auth.getOASTORK().getAttributeProviders() != null) + return oa_auth.getOASTORK().getAttributeProviders(); + + else + return new ArrayList(); + } /* (non-Javadoc) @@ -527,10 +536,26 @@ public boolean isOutboundSSOInterfederationAllowed() { return false; } +@Override +public boolean isPassivRequestUsedForInterfederation() { + if (inderfederatedIDP != null) + return inderfederatedIDP.isPerformPassivRequest().booleanValue(); + else + return false; +} + +@Override +public boolean isPerformLocalAuthenticationOnInterfederationError() { + if (inderfederatedIDP != null) + return inderfederatedIDP.isPerformLocalAuthenticationOnError().booleanValue(); + else + return false; +} + @Override public boolean isInterfederationSSOStorageAllowed() { if (inderfederatedIDP != null) - return inderfederatedIDP.isStoreSSOSession(); + return inderfederatedIDP.isStoreSSOSession().booleanValue(); else return false; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index 7dbdcfa52..e576522bf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -32,31 +32,19 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; +import at.gv.egovernment.moa.id.config.OAParameter; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; /** * @author tlenz * */ -public class DynamicOAAuthParameters implements IOAAuthParameters { - - private String applicationID = null; +public class DynamicOAAuthParameters extends OAParameter implements IOAAuthParameters { - private boolean isBusinessService; - private String target; private String businessTarget; - private boolean inderfederatedIDP; private String IDPQueryURL; - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBusinessService() - */ - @Override - public boolean getBusinessService() { - return this.isBusinessService; - } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget() */ @@ -73,14 +61,6 @@ public class DynamicOAAuthParameters implements IOAAuthParameters { return this.businessTarget; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInderfederationIDP() - */ - @Override - public boolean isInderfederationIDP() { - return this.inderfederatedIDP; - } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL() */ @@ -309,7 +289,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters { * @param isBusinessService the isBusinessService to set */ public void setBusinessService(boolean isBusinessService) { - this.isBusinessService = isBusinessService; + businessService = isBusinessService; } /** @@ -330,7 +310,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters { * @param inderfederatedIDP the inderfederatedIDP to set */ public void setInderfederatedIDP(boolean inderfederatedIDP) { - this.inderfederatedIDP = inderfederatedIDP; + isInderfederationIDP = inderfederatedIDP; } /** @@ -340,19 +320,11 @@ public class DynamicOAAuthParameters implements IOAAuthParameters { IDPQueryURL = iDPQueryURL; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPublicURLPrefix() - */ - @Override - public String getPublicURLPrefix() { - return this.applicationID; - } - /** * @param applicationID the applicationID to set */ public void setApplicationID(String applicationID) { - this.applicationID = applicationID; + publicURLPrefix = applicationID; } /* (non-Javadoc) @@ -409,6 +381,21 @@ public class DynamicOAAuthParameters implements IOAAuthParameters { return null; } - + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isPassivRequestUsedForInterfederation() + */ + @Override + public boolean isPassivRequestUsedForInterfederation() { + // TODO Auto-generated method stub + return false; + } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isPerformLocalAuthenticationOnInterfederationError() + */ + @Override + public boolean isPerformLocalAuthenticationOnInterfederationError() { + // TODO Auto-generated method stub + return false; + } } -- cgit v1.2.3 From d553bf08d1c70d9a1705f38d9fe1c7c3a3730b0d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 Oct 2014 13:47:00 +0200 Subject: update STORK <-> PVP gateway functionality --- .../id/auth/builder/AuthenticationDataBuilder.java | 103 +++++++++++---------- .../moa/id/data/AuthenticationData.java | 20 ++++ .../at/gv/egovernment/moa/id/data/IAuthData.java | 2 + .../moa/id/entrypoints/DispatcherServlet.java | 22 ++++- .../moa/id/moduls/AuthenticationManager.java | 7 +- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 2 +- .../moa/id/protocols/pvp2x/PVPConstants.java | 2 +- .../pvp2x/builder/AttributQueryBuilder.java | 3 +- .../pvp2x/utils/AssertionAttributeExtractor.java | 27 +++++- .../protocols/stork2/AttributeProviderFactory.java | 2 +- .../id/protocols/stork2/AuthenticationRequest.java | 2 +- .../moa/id/protocols/stork2/MOASTORKRequest.java | 52 +++++++---- .../PVPAuthenticationProvider.java | 1 + .../resources/properties/id_messages_de.properties | 1 + .../protocol_response_statuscodes_de.properties | 1 + .../moa/id/commons/db/ConfigurationDBUtils.java | 4 +- 16 files changed, 166 insertions(+), 85 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index cd2bfcf91..2c20e96ed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -78,6 +78,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; @@ -175,7 +176,11 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { //get OnlineApplication from MOA-ID-Auth configuration oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(oaID); - + + //build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway + if (oaParam.isSTORKPVPGateway()) + oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, protocolRequest); + } else { //build OnlineApplication dynamic from requested attributes oaParam = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes, interfIDP); @@ -347,24 +352,24 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { Logger.debug("Build AuthData from assertion starts ...."); - authData.setFamilyName(extractor.getAttribute(PVPConstants.PRINCIPAL_NAME_NAME)); - authData.setGivenName(extractor.getAttribute(PVPConstants.GIVEN_NAME_NAME)); - authData.setDateOfBirth(extractor.getAttribute(PVPConstants.BIRTHDATE_NAME)); - authData.setBPKType(extractor.getAttribute(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)); - authData.setCcc(extractor.getAttribute(PVPConstants.EID_ISSUING_NATION_NAME)); - authData.setBkuURL(extractor.getAttribute(PVPConstants.EID_CCS_URL_NAME)); - authData.setIdentificationValue(extractor.getAttribute(PVPConstants.EID_SOURCE_PIN_NAME)); - authData.setIdentificationType(extractor.getAttribute(PVPConstants.EID_SOURCE_PIN_TYPE_NAME)); + authData.setFamilyName(extractor.getSingleAttributeValue(PVPConstants.PRINCIPAL_NAME_NAME)); + authData.setGivenName(extractor.getSingleAttributeValue(PVPConstants.GIVEN_NAME_NAME)); + authData.setDateOfBirth(extractor.getSingleAttributeValue(PVPConstants.BIRTHDATE_NAME)); + authData.setBPKType(extractor.getSingleAttributeValue(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)); + authData.setCcc(extractor.getSingleAttributeValue(PVPConstants.EID_ISSUING_NATION_NAME)); + authData.setBkuURL(extractor.getSingleAttributeValue(PVPConstants.EID_CCS_URL_NAME)); + authData.setIdentificationValue(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_NAME)); + authData.setIdentificationType(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_TYPE_NAME)); if (extractor.containsAttribute(PVPConstants.BPK_NAME)) { - String pvpbPK = extractor.getAttribute(PVPConstants.BPK_NAME); + String pvpbPK = extractor.getSingleAttributeValue(PVPConstants.BPK_NAME); authData.setBPK(pvpbPK.split(":")[1]); } boolean foundEncryptedbPKForOA = false; if (extractor.containsAttribute(PVPConstants.ENC_BPK_LIST_NAME)) { List encbPKList = Arrays.asList( - extractor.getAttribute(PVPConstants.ENC_BPK_LIST_NAME).split(";")); + extractor.getSingleAttributeValue(PVPConstants.ENC_BPK_LIST_NAME).split(";")); authData.setEncbPKList(encbPKList); for (String fullEncbPK : encbPKList) { int index = fullEncbPK.indexOf("|"); @@ -501,11 +506,11 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + - extractor.getAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)); + extractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)); if (extractor.containsAttribute(PVPConstants.EID_AUTH_BLOCK_NAME)) { try { - byte[] authBlock = Base64Utils.decode(extractor.getAttribute(PVPConstants.EID_AUTH_BLOCK_NAME), false); + byte[] authBlock = Base64Utils.decode(extractor.getSingleAttributeValue(PVPConstants.EID_AUTH_BLOCK_NAME), false); authData.setAuthBlock(new String(authBlock, "UTF-8")); } catch (IOException e) { @@ -517,7 +522,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (extractor.containsAttribute(PVPConstants.EID_SIGNER_CERTIFICATE_NAME)) { try { authData.setSignerCertificate(Base64Utils.decode( - extractor.getAttribute(PVPConstants.EID_SIGNER_CERTIFICATE_NAME), false)); + extractor.getSingleAttributeValue(PVPConstants.EID_SIGNER_CERTIFICATE_NAME), false)); } catch (IOException e) { Logger.error("Received SignerCertificate is not valid", e); @@ -527,7 +532,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (extractor.containsAttribute(PVPConstants.EID_IDENTITY_LINK_NAME)) { try { - InputStream idlStream = Base64Utils.decodeToStream(extractor.getAttribute(PVPConstants.EID_IDENTITY_LINK_NAME), false); + InputStream idlStream = Base64Utils.decodeToStream(extractor.getSingleAttributeValue(PVPConstants.EID_IDENTITY_LINK_NAME), false); IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink(); buildOAspecificIdentityLink(oaParam, authData, idl); @@ -542,12 +547,12 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { // set mandate attributes - authData.setMandateReferenceValue(extractor.getAttribute(PVPConstants.MANDATE_REFERENCE_VALUE_NAME)); + authData.setMandateReferenceValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME)); if (extractor.containsAttribute(PVPConstants.MANDATE_FULL_MANDATE_NAME)) { try { byte[] mandate = Base64Utils.decode( - (extractor.getAttribute(PVPConstants.MANDATE_FULL_MANDATE_NAME)), false); + (extractor.getSingleAttributeValue(PVPConstants.MANDATE_FULL_MANDATE_NAME)), false); if (authData.getMISMandate() == null) authData.setMISMandate(new MISMandate()); @@ -588,9 +593,9 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { legalperson.getIdentification().add(legalID ); mandator.setCorporateBody(legalperson ); - legalperson.setFullName(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)); - legalID.setType(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME)); - idvalue.setValue(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME)); + legalperson.setFullName(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)); + legalID.setType(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME)); + idvalue.setValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME)); //build natural person short mandate } else if ( (extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME) || @@ -610,18 +615,18 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { Value idValue = new Value(); persID.setValue(idValue ); - String[] pvp2GivenName = extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME).split(" "); + String[] pvp2GivenName = extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME).split(" "); for(int i=0; i roles = Arrays.asList(pvpRoles.split(";")); + for (String role : roles) { + authData.addAuthenticationRole(AuthenticationRoleFactory.buildFormPVPole(role)); + } + } + } + //set STORK attributes if (extractor.containsAttribute(PVPConstants.EID_STORK_TOKEN_NAME)) { - authData.setStorkAuthnResponse(extractor.getAttribute(PVPConstants.EID_STORK_TOKEN_NAME)); + authData.setStorkAuthnResponse(extractor.getSingleAttributeValue(PVPConstants.EID_STORK_TOKEN_NAME)); authData.setForeigner(true); } @@ -712,10 +728,15 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { String oaTarget = null; if (oaParam.getBusinessService()) { - if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK)) + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK) || + oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_STORK)) oaTarget = oaParam.getIdentityLinkDomainIdentifier(); - else - oaTarget = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); + + else { + Logger.warn("BusinessIdentifier can not be clearly assigned, because it starts without a prefix."); + return false; + + } } else { oaTarget = Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget(); @@ -891,22 +912,10 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (oaParam.getBusinessService()) { //since we have foreigner, wbPK is not calculated in BKU if (baseIDType.equals(Constants.URN_PREFIX_BASEID)) { - String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); - - if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { - // If domainIdentifier starts with prefix - // "urn:publicid:gv.at:wbpk+"; remove this prefix - registerAndOrdNr = registerAndOrdNr - .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " - + registerAndOrdNr); - } - - String wbpkBase64 = new BPKBuilder().buildWBPK(baseID, registerAndOrdNr); - authData.setBPK(wbpkBase64); - authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); - + authData.setBPK(new BPKBuilder().buildbPKorwbPK(baseID, registerAndOrdNr)); + authData.setBPKType(registerAndOrdNr); + } else { authData.setBPK(baseID); authData.setBPKType(baseIDType); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 6fd327add..050706d7a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -26,6 +26,7 @@ import java.io.Serializable; import java.text.DateFormat; import java.text.ParseException; import java.text.SimpleDateFormat; +import java.util.ArrayList; import java.util.Date; import java.util.List; @@ -129,6 +130,7 @@ public class AuthenticationData implements IAuthData, Serializable { private String authBlock = null; private List encbPKList = null; + private List roles = null; private boolean useMandate = false; private MISMandate mandate = null; @@ -688,6 +690,24 @@ public class AuthenticationData implements IAuthData, Serializable { public void setEncbPKList(List encbPKList) { this.encbPKList = encbPKList; } + + /** + * @return the roles + */ + public List getAuthenticationRoles() { + return roles; + } + + /** + * @param roles the roles to set + */ + public void addAuthenticationRole(AuthenticationRole role) { + if (this.roles == null) + this.roles = new ArrayList(); + + this.roles.add(role); + } + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java index 8ce33021d..0d55dbdd1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java @@ -69,6 +69,8 @@ public interface IAuthData { byte[] getSignerCertificate(); String getAuthBlock(); + List getAuthenticationRoles(); + boolean isPublicAuthority(); String getPublicAuthorityCode(); boolean isQualifiedCertificate(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 1e38bd4ff..03cb6c1c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -276,11 +276,27 @@ public class DispatcherServlet extends AuthServlet{ Logger.info("PreProcessing of SSO interfederation response complete. "); - //request is a not valid interfederation response -> Restart local authentication + //request is a not valid interfederation response } else if (protocolRequest != null && MiscUtil.isNotEmpty(protocolRequest.getRequestID())) { - Logger.info("Restart authentication with stored " + protocolRequest.requestedModule() - + " AuthnRequest for OnlineApplication " + protocolRequest.getOAURL()); + + OAAuthParameter oaParams = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); + if (oaParams.isSTORKPVPGateway() || !oaParams.isPerformLocalAuthenticationOnInterfederationError()) { + // -> send end error to service provider + Logger.info("Federated authentication for entity " + protocolRequest.getOAURL() + + " FAILED. Sending error message to service provider."); + MOAIDException e = new MOAIDException("auth.27", new Object[]{}); + IModulInfo requestedModul = ModulStorage.getModuleByPath(protocolRequest.requestedModule()); + if (!requestedModul.generateErrorMessage(e, req, resp, protocolRequest)) + handleErrorNoRedirect(e.getMessage(), e, req, + resp); + + return; + + } else + //-> Restart local authentication + Logger.info("Restart authentication with stored " + protocolRequest.requestedModule() + + " AuthnRequest for OnlineApplication " + protocolRequest.getOAURL()); //request is a new authentication request } else if (protocolRequest != null && diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index daa70efce..a4d63b144 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -381,14 +381,15 @@ public class AuthenticationManager extends AuthServlet { //get IDP metadata try { OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(target.getRequestedIDP()); + if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) { Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation."); Logger.info("Switch to local authentication on this IDP ... "); perfomLocalAuthentication(request, response, target); return; - } - + } + EntityDescriptor idpEntity = MOAMetadataProvider.getInstance(). getEntityDescriptor(target.getRequestedIDP()); @@ -417,7 +418,7 @@ public class AuthenticationManager extends AuthServlet { authReq.setID(gen.generateIdentifier()); //send passive AuthnRequest - authReq.setIsPassive(true); + authReq.setIsPassive(idp.isPassivRequestUsedForInterfederation()); authReq.setAssertionConsumerServiceIndex(0); authReq.setIssueInstant(new DateTime()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 0da846f9e..cf20db7d9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -664,7 +664,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { } else { Logger.debug("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() + " from interfederated IDP."); - + } } catch (IOException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java index 47c297914..1f3e86ff6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -41,7 +41,7 @@ public interface PVPConstants { public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3"; public static final String STORK_QAA_1_4 = "http://www.stork.gov.eu/1.0/citizenQAALevel/4"; - public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/1.0/"; + public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/"; public static final String URN_OID_PREFIX = "urn:oid:"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java index 6296d102f..91888df5c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java @@ -49,6 +49,7 @@ import org.opensaml.xml.signature.Signer; import org.w3c.dom.Document; import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator; @@ -66,7 +67,7 @@ import at.gv.egovernment.moa.util.Constants; */ public class AttributQueryBuilder { - public static List buildSAML2AttributeList(OAAuthParameter oa, Iterator iterator) { + public static List buildSAML2AttributeList(IOAAuthParameters oa, Iterator iterator) { Logger.debug("Build OA specific Attributes for AttributQuery request"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java index a16fed9cd..c5ad26744 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java @@ -36,6 +36,7 @@ import org.opensaml.saml2.core.AuthnStatement; import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.core.Subject; +import org.opensaml.xml.XMLObject; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; @@ -48,7 +49,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class AssertionAttributeExtractor { private Assertion assertion = null; - private Map attributs = new HashMap(); + private Map> attributs = new HashMap>(); private PersonalAttributeList storkAttributes = new PersonalAttributeList(); private final List minimalAttributeNameList = Arrays.asList( @@ -74,13 +75,21 @@ public class AssertionAttributeExtractor { for (Attribute attr : attrStat.getAttributes()) { if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) { List storkAttrValues = new ArrayList(); - storkAttrValues.add(attr.getAttributeValues().get(0).getDOM().getTextContent()); + for (XMLObject el : attr.getAttributeValues()) + storkAttrValues.add(el.getDOM().getTextContent()); + PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), false, storkAttrValues , "Available"); storkAttributes.put(attr.getName(), storkAttr ); - } else - attributs.put(attr.getName(), attr.getAttributeValues().get(0).getDOM().getTextContent()); + } else { + List attrList = new ArrayList(); + for (XMLObject el : attr.getAttributeValues()) + attrList.add(el.getDOM().getTextContent()); + + attributs.put(attr.getName(), attrList); + + } } } @@ -129,7 +138,15 @@ public class AssertionAttributeExtractor { } - public String getAttribute(String attributeName) { + public String getSingleAttributeValue(String attributeName) { + if (attributs.containsKey(attributeName)) + return attributs.get(attributeName).get(0); + else + return null; + + } + + public List getAttributeValues(String attributeName) { return attributs.get(attributeName); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index a1525db0a..10b325234 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -54,7 +54,7 @@ public class AttributeProviderFactory { result.add("EHvdAttributeProvider"); result.add("SignedDocAttributeRequestProvider"); result.add("MandateAttributeRequestProvider"); - + result.add("PVPAuthenticationProvider"); return result; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 95597e0ad..aa018d5a3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -455,7 +455,7 @@ public class AuthenticationRequest implements IAction { // Define attribute list to be populated PersonalAttributeList attributeList = new PersonalAttributeList(); - MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData.getIdentityLink(), moaStorkRequest); + MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData, moaStorkRequest); try { for (PersonalAttribute personalAttribute : attrLst) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index 076139018..f4b02ee2d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -22,13 +22,23 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.stork2; +import java.util.ArrayList; import java.util.List; import org.opensaml.saml2.core.Attribute; +import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.commons.STORKAuthnRequest; @@ -205,30 +215,32 @@ public class MOASTORKRequest extends RequestImpl { return this.storkAuthnRequest.getCitizenCountryCode(); } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedIDP() - */ - @Override - public String getRequestedIDP() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getInterfederationResponse() - */ - @Override - public MOAResponse getInterfederationResponse() { - // TODO Auto-generated method stub - return null; - } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() */ @Override public List getRequestedAttributes() { - // TODO Auto-generated method stub - return null; +// //TODO: only for testing with MOA-ID as PVP Stammportal +// IOAAuthParameters oa; +// try { +// List reqAttr = new ArrayList(); +// reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION); +// +// oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); +// oa = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oa, this); +// +// DynamicOAAuthParameters tmp = (DynamicOAAuthParameters) oa; +// tmp.setBusinessTarget(Constants.URN_PREFIX_CDID + "+BF"); +// +// return AttributQueryBuilder.buildSAML2AttributeList(tmp, reqAttr.iterator()); +// +// } catch (ConfigurationException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// return null; +// } + + return new ArrayList(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java index 95af3565e..88c59ccf9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java @@ -129,6 +129,7 @@ public class PVPAuthenticationProvider extends AttributeProvider { authRequest.setCountry(spCountryCode); authRequest.setSpCountry(spCountryCode); authRequest.setSpApplication(spApplication); + authRequest.setProviderName(spApplication); authRequest.setSpSector(spSector); authRequest.setPersonalAttributeList(moastorkRequest.getPersonalAttributeList()); diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 361c6b5ee..848866090 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -44,6 +44,7 @@ auth.23=Das BKU-Selektion Template entspricht nicht der Spezifikation von MOA-ID auth.24=Das Send-Assertion Template entspricht nicht der Spezifikation von MOA-ID 2.x. auth.25=Fehler beim validieren der SZR-Gateway Response. auth.26=SessionID unbekannt. +auth.27=Federated authentication FAILED. init.00=MOA ID Authentisierung wurde erfolgreich gestartet init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index 085625972..27f735028 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -24,6 +24,7 @@ auth.23=9000 auth.24=9001 auth.25=1109 auth.26=1100 +auth.27=4401 init.00=9199 init.01=9199 diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java index cdb19340d..3dcfa8aa9 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java @@ -156,8 +156,8 @@ public final class ConfigurationDBUtils { tx.begin(); session.merge(dbo); tx.commit(); - - //session.clear(); + + session.clear(); } return true; -- cgit v1.2.3 From 73cdf1fbc4794e173e97da67557a44c2026e1ad6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 Oct 2014 13:47:52 +0200 Subject: Refactore STORK attribute generation from AuthData --- .../id/protocols/stork2/MOAAttributeProvider.java | 75 +++++++++++++++++----- 1 file changed, 60 insertions(+), 15 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index a0ec1eb45..d7d6601c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -25,23 +25,31 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKStatusCode; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; +import java.util.List; import java.util.Map; +import javassist.expr.Instanceof; + /** * @author bsuzic * Date: 2/19/14, Time: 4:42 PM + * + * @author tlenz + * Date: 23.10.14 */ public class MOAAttributeProvider { - private final IdentityLink identityLink; + private final IAuthData authData; private static final Map storkAttributeSimpleMapping; private static final Map storkAttributeFunctionMapping; private final MOASTORKRequest moastorkRequest; @@ -50,17 +58,18 @@ public class MOAAttributeProvider { Map tempSimpleMap = new HashMap(); tempSimpleMap.put("givenName", "getGivenName"); tempSimpleMap.put("surname", "getFamilyName"); - tempSimpleMap.put("dateOfBirth", "getDateOfBirth"); + tempSimpleMap.put("dateOfBirth", "getFormatedDateOfBirth"); storkAttributeSimpleMapping = Collections.unmodifiableMap(tempSimpleMap); Map tempFunctionMap = new HashMap(); tempFunctionMap.put("eIdentifier", "geteIdentifier"); + tempFunctionMap.put("ECApplicationRole","getECApplicationRole"); storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap); } - public MOAAttributeProvider(IdentityLink identityLink, MOASTORKRequest moastorkRequest) { - this.identityLink = identityLink; + public MOAAttributeProvider(IAuthData authData, MOASTORKRequest moastorkRequest) { + this.authData = authData; this.moastorkRequest = moastorkRequest; - Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue()); + Logger.debug("identity " + authData.getIdentificationType() + " " + authData.getIdentificationValue()); } public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) { @@ -68,8 +77,8 @@ public class MOAAttributeProvider { if (storkAttributeSimpleMapping.containsKey(storkAttribute)) { Logger.debug("Trying to get value for attribute using simple mapping [" + storkAttribute + "]"); try { - Method method = identityLink.getClass().getDeclaredMethod(storkAttributeSimpleMapping.get(storkAttribute)); - populateAttributeWithMethod(method, identityLink, attributeList, storkAttribute, requestedAttribute.isRequired()); + Method method = authData.getClass().getDeclaredMethod(storkAttributeSimpleMapping.get(storkAttribute)); + populateAttributeWithMethod(method, authData, attributeList, storkAttribute, requestedAttribute.isRequired()); } catch (NoSuchMethodException e) { Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute); e.printStackTrace(); @@ -91,27 +100,63 @@ public class MOAAttributeProvider { } private String geteIdentifier() { - Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkRequest.getStorkAuthnRequest().getSpCountry()); + Logger.debug("Using base urn for identification value: " + authData.getIdentificationType() + " and target country: " + moastorkRequest.getStorkAuthnRequest().getSpCountry()); try { - return new BPKBuilder().buildStorkeIdentifier(identityLink, moastorkRequest.getStorkAuthnRequest().getSpCountry()); + return new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(), + moastorkRequest.getStorkAuthnRequest().getSpCountry()); } catch (BuildException be) { Logger.error("Stork eid could not be constructed; " + be.getMessage()); return null; // TODO error } } + private List getECApplicationRole() { + List storkRoles = null; + + if (authData.getAuthenticationRoles() != null + && authData.getAuthenticationRoles().size() > 0) { + + + //TODO: implement PVP role -> STORK role mapping +// storkRoles = new ArrayList(); +// storkRoles.add("CIRCABC/viewer"); + + } + + return storkRoles; + } private void populateAttributeWithMethod(Method method, Object object, PersonalAttributeList attributeList, String storkAttribute, Boolean isRequired) { try { - String attributeValue = method.invoke(object, new Class[]{}).toString(); + Object attributeValue = method.invoke(object, new Class[]{}).toString(); + PersonalAttribute newAttribute = new PersonalAttribute(); newAttribute.setName(storkAttribute); - - newAttribute.setStatus("Available"); newAttribute.setIsRequired(isRequired); - Logger.info("Got attribute value: " + attributeValue); - newAttribute.setValue(new ArrayList(Collections.singletonList(attributeValue))); - attributeList.add(newAttribute); + + if (attributeValue != null) { + newAttribute.setStatus(STORKStatusCode.STATUS_AVAILABLE.name()); + Logger.info("Got attribute value: " + attributeValue); + + if (attributeValue instanceof String) + newAttribute.setValue(new ArrayList(Collections.singletonList((String)attributeValue))); + + else if (attributeValue instanceof List) { + List attributeValueList = (List) attributeValue; + if (attributeValueList.size() > 0 && attributeValueList.get(0) instanceof String) + newAttribute.setValue((List) attributeValueList); + + } else { + Logger.error("Receive an unsupported type for attribute " + storkAttribute); + + } + attributeList.add(newAttribute); + + } else { + Logger.info("Attribute " + storkAttribute + " is not available."); + newAttribute.setStatus(STORKStatusCode.STATUS_NOT_AVAILABLE.name()); + } + } catch (InvocationTargetException e) { Logger.error("Invocation target exception while getting attribute: " + storkAttribute); e.printStackTrace(); -- cgit v1.2.3 From 77cf01db81c74ebbe0e0d2da58e22c5f7c861ab5 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 Oct 2014 13:48:32 +0200 Subject: add new classes for Role management --- .../conf/moa-spss/SampleMOASPSSConfiguration.xml | 2 +- .../handbook/interfederation/interfederation.html | 12 +++ id/server/doc/handbook/protocol/protocol.html | 8 ++ id/server/idserverlib/pom.xml | 4 + .../moa/id/data/AuthenticationRole.java | 110 +++++++++++++++++++++ .../moa/id/data/AuthenticationRoleFactory.java | 76 ++++++++++++++ pom.xml | 4 +- 7 files changed, 213 insertions(+), 3 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml index 9759f1ac5..8d26a1893 100644 --- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml +++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml @@ -79,7 +79,7 @@ - + MOAIDTransformAuthBlockTable_DE_2.0 profiles/MOAIDTransformAuthBlockTable_DE_2.0.xml diff --git a/id/server/doc/handbook/interfederation/interfederation.html b/id/server/doc/handbook/interfederation/interfederation.html index bd97061ab..f0aaf8776 100644 --- a/id/server/doc/handbook/interfederation/interfederation.html +++ b/id/server/doc/handbook/interfederation/interfederation.html @@ -152,6 +152,18 @@   Wenn eingehende SSO Intefederation erlaubt ist besteht zusätzlich die Möglichkeit diesen einmal verwendeten IDP an die Benutzersession zu binden. In diesem Fall können weitere SSO Authentifizierungen über diesen interfederation IDP auch ohne Angabe des IDP Identifiers (siehe Sequenzdiagramm oder Integration in bestehende Systeme) durchgeführt werden. + + Verwende SAML2 isPassive Attribut +   +   + Dieser Parameter kann das isPassive Attribut des SAML2 Authentifizierungsrequests an diesen IDP konfiguriert werden. Wird dieses Attribut gesetzt erfolgt an diesem IDP keine Authentifzierung wenn keine aktive SSO Session vorhanden ist. + + + Im Fehlerfall Authentifizierung lokal durchführen +   +   + Dieser Parameter definert das Verhalten für den Fall dass an diesem IDP keine Authentifizierung möglich war. Bei ausgewähltem Parameter wird im Fehlerfall die Authentifizerung an der lokalen IDP Instanz wiederholt. + AttributQuery Service URL https://demo.egiz.gv.at/moa-id-auth/pvp2/attributequery diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index e7658875c..c2dcddd03 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -700,6 +700,10 @@ Redirect Binding 4400 Fehler beim Generieren der Anmeldedaten + + 4401 + Die Anmeldung am federierten IDP ist fehlgeschlagen. +

1.3.3 Statuscodes 6xxxx

Alles Statuscodes beginnend mit der Zahl sechs beschreiben protokollspezifische Fehler die nicht durch das jeweilige Authentifizierungsprotokoll abgebildet werden.

@@ -811,6 +815,10 @@ Redirect Binding 9007 Der SZR-Gateway Client konnte nicht initialisiert werden. + + 9008 + Fehlerhafte Interfederation Konfiguration +

1.3.4.2 Interne Fehler (91xxx)

diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 833f869e5..872ca3916 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -257,6 +257,10 @@ org.slf4jlog4j-over-slf4j + + bcprov-jdk15on + org.bouncycastle + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java new file mode 100644 index 000000000..91514ca62 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java @@ -0,0 +1,110 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +/** + * @author tlenz + * + */ +public class AuthenticationRole { + + private String roleName = null; + private List> params = null; + + public AuthenticationRole(String roleName) { + this.roleName = roleName; + } + + public void addParameter(String key, String value) { + if (params == null) + params = new ArrayList>(); + params.add(new Entry(key, value)); + + } + + /** + * @return the roleName + */ + public String getRoleName() { + return roleName; + } + + /** + * @return the params + */ + public List> getParams() { + return params; + } + + /** + * @return the params + */ + public Iterator> getParamsInterator() { + return params.iterator(); + } + + static class Entry implements Map.Entry { + + private K key; + private V value; + + Entry(K k, V v) { + key = k; + value = v; + } + + /* (non-Javadoc) + * @see java.util.Map.Entry#getKey() + */ + @Override + public K getKey() { + return key; + } + + /* (non-Javadoc) + * @see java.util.Map.Entry#getValue() + */ + @Override + public V getValue() { + return value; + } + + /* (non-Javadoc) + * @see java.util.Map.Entry#setValue(java.lang.Object) + */ + @Override + public V setValue(V newValue) { + V oldValue = value; + value = newValue; + return oldValue; + } + + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java new file mode 100644 index 000000000..7d4dc6eff --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java @@ -0,0 +1,76 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.util.Arrays; +import java.util.List; + +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class AuthenticationRoleFactory { + + public static AuthenticationRole buildFormPVPole(String pvprole) { + AuthenticationRole role = null; + + int first = pvprole.indexOf("("); + + if (first < 0) { + //no role paramters found + role = new AuthenticationRole(pvprole.trim()); + Logger.debug("Add authentication role with name=" + pvprole.trim()); + + } else { + role = new AuthenticationRole(pvprole.substring(0, first).trim()); + Logger.debug("Add authentication role with name=" + pvprole.substring(0, first).trim()); + String params = pvprole.substring(first + 1, pvprole.length() - 1); + + List param = Arrays.asList(params.split(",")); + String test = new String(); + for (String el : param) { + test = test.concat(el); + if (!test.endsWith("\\") || + (test.endsWith("\\\\") && !test.endsWith("\\\\\\")) ) { + String[] keyValue = test.split("="); + if (keyValue.length < 2) { + role.addParameter(keyValue[0].trim(), ""); + Logger.debug("Add authentication roleparameter with key=" + keyValue[0].trim()); + + } else { + role.addParameter(keyValue[0].trim(), keyValue[1].trim()); + Logger.debug("Add authentication roleparameter with key=" + keyValue[0].trim() + + " value=" + keyValue[1].trim()); + + } + + test = new String(); + } + } + } + + return role; + } +} diff --git a/pom.xml b/pom.xml index bed1565c6..e939d0491 100644 --- a/pom.xml +++ b/pom.xml @@ -12,10 +12,10 @@ UTF-8 2.0.0 - 2.1.1 + 2.1.2 2.0.0 2.0.2 - 1.1.2 + 1.1.4 2.0.2 -- cgit v1.2.3 From 33be86224cfb2dd95a0654b92ae2e36ae1b3a85b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 Oct 2014 13:49:59 +0200 Subject: add authentication role management --- .../moa/id/data/AuthenticationRole.java | 110 --------------------- .../moa/id/data/AuthenticationRoleFactory.java | 76 -------------- 2 files changed, 186 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java deleted file mode 100644 index 91514ca62..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.data; - -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; -import java.util.Map; - -/** - * @author tlenz - * - */ -public class AuthenticationRole { - - private String roleName = null; - private List> params = null; - - public AuthenticationRole(String roleName) { - this.roleName = roleName; - } - - public void addParameter(String key, String value) { - if (params == null) - params = new ArrayList>(); - params.add(new Entry(key, value)); - - } - - /** - * @return the roleName - */ - public String getRoleName() { - return roleName; - } - - /** - * @return the params - */ - public List> getParams() { - return params; - } - - /** - * @return the params - */ - public Iterator> getParamsInterator() { - return params.iterator(); - } - - static class Entry implements Map.Entry { - - private K key; - private V value; - - Entry(K k, V v) { - key = k; - value = v; - } - - /* (non-Javadoc) - * @see java.util.Map.Entry#getKey() - */ - @Override - public K getKey() { - return key; - } - - /* (non-Javadoc) - * @see java.util.Map.Entry#getValue() - */ - @Override - public V getValue() { - return value; - } - - /* (non-Javadoc) - * @see java.util.Map.Entry#setValue(java.lang.Object) - */ - @Override - public V setValue(V newValue) { - V oldValue = value; - value = newValue; - return oldValue; - } - - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java deleted file mode 100644 index 7d4dc6eff..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.data; - -import java.util.Arrays; -import java.util.List; - -import at.gv.egovernment.moa.logging.Logger; - -/** - * @author tlenz - * - */ -public class AuthenticationRoleFactory { - - public static AuthenticationRole buildFormPVPole(String pvprole) { - AuthenticationRole role = null; - - int first = pvprole.indexOf("("); - - if (first < 0) { - //no role paramters found - role = new AuthenticationRole(pvprole.trim()); - Logger.debug("Add authentication role with name=" + pvprole.trim()); - - } else { - role = new AuthenticationRole(pvprole.substring(0, first).trim()); - Logger.debug("Add authentication role with name=" + pvprole.substring(0, first).trim()); - String params = pvprole.substring(first + 1, pvprole.length() - 1); - - List param = Arrays.asList(params.split(",")); - String test = new String(); - for (String el : param) { - test = test.concat(el); - if (!test.endsWith("\\") || - (test.endsWith("\\\\") && !test.endsWith("\\\\\\")) ) { - String[] keyValue = test.split("="); - if (keyValue.length < 2) { - role.addParameter(keyValue[0].trim(), ""); - Logger.debug("Add authentication roleparameter with key=" + keyValue[0].trim()); - - } else { - role.addParameter(keyValue[0].trim(), keyValue[1].trim()); - Logger.debug("Add authentication roleparameter with key=" + keyValue[0].trim() - + " value=" + keyValue[1].trim()); - - } - - test = new String(); - } - } - } - - return role; - } -} -- cgit v1.2.3 From 4e2b4b026d1fb70d145643f7dfb906555ddb77c6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 Oct 2014 13:53:12 +0200 Subject: Revert "add authentication role management" This reverts commit 33be86224cfb2dd95a0654b92ae2e36ae1b3a85b. --- .../moa/id/data/AuthenticationRole.java | 110 +++++++++++++++++++++ .../moa/id/data/AuthenticationRoleFactory.java | 76 ++++++++++++++ 2 files changed, 186 insertions(+) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java new file mode 100644 index 000000000..91514ca62 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java @@ -0,0 +1,110 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +/** + * @author tlenz + * + */ +public class AuthenticationRole { + + private String roleName = null; + private List> params = null; + + public AuthenticationRole(String roleName) { + this.roleName = roleName; + } + + public void addParameter(String key, String value) { + if (params == null) + params = new ArrayList>(); + params.add(new Entry(key, value)); + + } + + /** + * @return the roleName + */ + public String getRoleName() { + return roleName; + } + + /** + * @return the params + */ + public List> getParams() { + return params; + } + + /** + * @return the params + */ + public Iterator> getParamsInterator() { + return params.iterator(); + } + + static class Entry implements Map.Entry { + + private K key; + private V value; + + Entry(K k, V v) { + key = k; + value = v; + } + + /* (non-Javadoc) + * @see java.util.Map.Entry#getKey() + */ + @Override + public K getKey() { + return key; + } + + /* (non-Javadoc) + * @see java.util.Map.Entry#getValue() + */ + @Override + public V getValue() { + return value; + } + + /* (non-Javadoc) + * @see java.util.Map.Entry#setValue(java.lang.Object) + */ + @Override + public V setValue(V newValue) { + V oldValue = value; + value = newValue; + return oldValue; + } + + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java new file mode 100644 index 000000000..7d4dc6eff --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java @@ -0,0 +1,76 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.util.Arrays; +import java.util.List; + +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class AuthenticationRoleFactory { + + public static AuthenticationRole buildFormPVPole(String pvprole) { + AuthenticationRole role = null; + + int first = pvprole.indexOf("("); + + if (first < 0) { + //no role paramters found + role = new AuthenticationRole(pvprole.trim()); + Logger.debug("Add authentication role with name=" + pvprole.trim()); + + } else { + role = new AuthenticationRole(pvprole.substring(0, first).trim()); + Logger.debug("Add authentication role with name=" + pvprole.substring(0, first).trim()); + String params = pvprole.substring(first + 1, pvprole.length() - 1); + + List param = Arrays.asList(params.split(",")); + String test = new String(); + for (String el : param) { + test = test.concat(el); + if (!test.endsWith("\\") || + (test.endsWith("\\\\") && !test.endsWith("\\\\\\")) ) { + String[] keyValue = test.split("="); + if (keyValue.length < 2) { + role.addParameter(keyValue[0].trim(), ""); + Logger.debug("Add authentication roleparameter with key=" + keyValue[0].trim()); + + } else { + role.addParameter(keyValue[0].trim(), keyValue[1].trim()); + Logger.debug("Add authentication roleparameter with key=" + keyValue[0].trim() + + " value=" + keyValue[1].trim()); + + } + + test = new String(); + } + } + } + + return role; + } +} -- cgit v1.2.3 From 9c7c8c568ba83e0730e7667e09a221bc2e79afe2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 27 Oct 2014 10:16:58 +0100 Subject: store additional raw PVP role String --- .../at/gv/egovernment/moa/id/data/AuthenticationRole.java | 14 +++++++++++++- .../egovernment/moa/id/data/AuthenticationRoleFactory.java | 4 ++-- 2 files changed, 15 insertions(+), 3 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java index 91514ca62..cde4ad7d4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java @@ -34,10 +34,12 @@ import java.util.Map; public class AuthenticationRole { private String roleName = null; + private String rawRoleString = null; private List> params = null; - public AuthenticationRole(String roleName) { + public AuthenticationRole(String roleName, String rawRoleString) { this.roleName = roleName; + this.rawRoleString = rawRoleString; } public void addParameter(String key, String value) { @@ -68,6 +70,16 @@ public class AuthenticationRole { return params.iterator(); } + + /** + * @return the rawRoleString + */ + public String getRawRoleString() { + return rawRoleString; + } + + + static class Entry implements Map.Entry { private K key; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java index 7d4dc6eff..8915b2442 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java @@ -40,11 +40,11 @@ public class AuthenticationRoleFactory { if (first < 0) { //no role paramters found - role = new AuthenticationRole(pvprole.trim()); + role = new AuthenticationRole(pvprole.trim(), pvprole.trim()); Logger.debug("Add authentication role with name=" + pvprole.trim()); } else { - role = new AuthenticationRole(pvprole.substring(0, first).trim()); + role = new AuthenticationRole(pvprole.substring(0, first).trim(), pvprole.trim()); Logger.debug("Add authentication role with name=" + pvprole.substring(0, first).trim()); String params = pvprole.substring(first + 1, pvprole.length() - 1); -- cgit v1.2.3 From 54f672c214839a655f66ea5caa804f4d4b68eb90 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 29 Oct 2014 12:00:46 +0100 Subject: Update authdate generation from interfedered assertion information --- .../id/auth/builder/AuthenticationDataBuilder.java | 5 ++ .../moa/id/data/AuthenticationData.java | 23 ++++++ .../at/gv/egovernment/moa/id/data/IAuthData.java | 1 + .../pvp2x/builder/attributes/EIDSourcePIN.java | 2 +- .../pvp2x/builder/attributes/EIDSourcePINType.java | 2 +- .../pvp2x/utils/AssertionAttributeExtractor.java | 2 +- .../moa/id/util/PVPtoSTORKRoleMapper.java | 83 ++++++++++++++++++++++ 7 files changed, 115 insertions(+), 3 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 2c20e96ed..48933d5c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -352,6 +352,8 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { Logger.debug("Build AuthData from assertion starts ...."); + authData.setIsBusinessService(oaParam.getBusinessService()); + authData.setFamilyName(extractor.getSingleAttributeValue(PVPConstants.PRINCIPAL_NAME_NAME)); authData.setGivenName(extractor.getSingleAttributeValue(PVPConstants.GIVEN_NAME_NAME)); authData.setDateOfBirth(extractor.getSingleAttributeValue(PVPConstants.BIRTHDATE_NAME)); @@ -706,6 +708,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { } authData.setSsoSession(true); + authData.setInterfederatedSSOSession(true); if (extractor.getFullAssertion().getConditions() != null && extractor.getFullAssertion().getConditions().getNotOnOrAfter() != null) authData.setSsoSessionValidTo(extractor.getFullAssertion().getConditions().getNotOnOrAfter().toDate()); @@ -791,6 +794,8 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { authData.setForeigner(session.isForeigner()); authData.setQAALevel(session.getQAALevel()); + authData.setIsBusinessService(oaParam.getBusinessService()); + if (session.isForeigner()) { try { //TODO: replace with TSL lookup when TSL is ready! diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 050706d7a..e20c805ac 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -27,6 +27,7 @@ import java.text.DateFormat; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.ArrayList; +import java.util.Arrays; import java.util.Date; import java.util.List; @@ -117,6 +118,8 @@ public class AuthenticationData implements IAuthData, Serializable { * the corresponding lt;saml:Assertion> */ + private boolean businessService; + /** * STORK attributes from response */ @@ -695,6 +698,12 @@ public class AuthenticationData implements IAuthData, Serializable { * @return the roles */ public List getAuthenticationRoles() { +// if (this.roles == null) { +// this.roles = new ArrayList(); +// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole")); +// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole")); +// } + return roles; } @@ -708,6 +717,20 @@ public class AuthenticationData implements IAuthData, Serializable { this.roles.add(role); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService() + */ + @Override + public boolean isBusinessService() { + // TODO Auto-generated method stub + return this.businessService; + } + + public void setIsBusinessService(boolean flag) { + this.businessService = flag; + + } + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java index 0d55dbdd1..ebbf62ce7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java @@ -42,6 +42,7 @@ public interface IAuthData { Date getIssueInstant(); String getIssuer(); + boolean isBusinessService(); boolean isSsoSession(); boolean isInterfederatedSSOSession(); boolean isUseMandate(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java index 16de43e11..1327c634b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java @@ -38,7 +38,7 @@ public class EIDSourcePIN implements IPVPAttributeBuilder { public ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeException { - if (oaParam.getBusinessService()) + if (authData.isBusinessService()) throw new AttributePolicyException(EID_SOURCE_PIN_NAME); else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java index 0681419fc..2145e3af7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java @@ -36,7 +36,7 @@ public class EIDSourcePINType implements IPVPAttributeBuilder { public ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeException { - if (oaParam.getBusinessService()) + if (authData.isBusinessService()) throw new UnavailableAttributeException(EID_SOURCE_PIN_TYPE_NAME); else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java index c5ad26744..f0373e214 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java @@ -139,7 +139,7 @@ public class AssertionAttributeExtractor { } public String getSingleAttributeValue(String attributeName) { - if (attributs.containsKey(attributeName)) + if (attributs.containsKey(attributeName) && attributs.get(attributeName).size() > 0) return attributs.get(attributeName).get(0); else return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java new file mode 100644 index 000000000..20f541a1a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java @@ -0,0 +1,83 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.util; + +import java.io.IOException; +import java.util.Properties; + +import at.gv.egovernment.moa.id.data.AuthenticationRole; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class PVPtoSTORKRoleMapper { + + private static final String MAPPING_RESOURCE = + "resources/properties/pvp-stork_role_mapping.properties"; + + private Properties mapping = null; + + private static PVPtoSTORKRoleMapper instance = null; + + public static PVPtoSTORKRoleMapper getInstance() { + if (instance == null) { + instance = new PVPtoSTORKRoleMapper(); + } + + return instance; + } + + private PVPtoSTORKRoleMapper() { + try { + mapping = new Properties(); + mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE)); + Logger.debug("PVP -> STORK Role mapping initialisation finished."); + + } catch (IOException e) { + Logger.error("PVP -> STORK Role mapping initialisation FAILED." , e); + mapping = null; + + } + + + } + + /** + * @param el + * @return + */ + public String map(AuthenticationRole el) { + if (mapping != null) { + String ecRole = mapping.getProperty(el.getRawRoleString()); + if (MiscUtil.isNotEmpty(ecRole)) { + Logger.info("Map PVPRole " + el.getRawRoleString() + " to ECRole " + ecRole); + return ecRole; + } + } + Logger.warn("NO mapping for PVPRole "+ el.getRawRoleString() + " !"); + return null; + } +} -- cgit v1.2.3 From 4f49161f9e3999871fc75741803163f5dfa20692 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 29 Oct 2014 12:01:31 +0100 Subject: print StackTrace if an general error occurs --- .../moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index fa5d252bd..3b01e91ad 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -121,7 +121,7 @@ public class PVP2AssertionBuilder implements PVPConstants { } catch (Exception e) { Logger.error( "General Attribute generation failed! for " - + reqAttributName); + + reqAttributName, e); } } -- cgit v1.2.3 From af0f895ce9fac2fd5eb0faf4570881aace2198fa Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 29 Oct 2014 12:04:43 +0100 Subject: update STORK specific attribute build process --- .../id/protocols/stork2/MOAAttributeProvider.java | 48 ++++++++++++++------- .../moa/id/protocols/stork2/MOASTORKRequest.java | 49 +++++++++++++--------- 2 files changed, 63 insertions(+), 34 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index d7d6601c9..021eaee37 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -25,8 +25,11 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.data.AuthenticationRole; import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.util.PVPtoSTORKRoleMapper; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; import eu.stork.peps.auth.commons.STORKStatusCode; @@ -58,11 +61,11 @@ public class MOAAttributeProvider { Map tempSimpleMap = new HashMap(); tempSimpleMap.put("givenName", "getGivenName"); tempSimpleMap.put("surname", "getFamilyName"); - tempSimpleMap.put("dateOfBirth", "getFormatedDateOfBirth"); storkAttributeSimpleMapping = Collections.unmodifiableMap(tempSimpleMap); Map tempFunctionMap = new HashMap(); tempFunctionMap.put("eIdentifier", "geteIdentifier"); tempFunctionMap.put("ECApplicationRole","getECApplicationRole"); + tempSimpleMap.put("dateOfBirth", "getFormatedDateOfBirth"); storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap); } @@ -112,23 +115,34 @@ public class MOAAttributeProvider { private List getECApplicationRole() { List storkRoles = null; - - if (authData.getAuthenticationRoles() != null + + if (true || authData.getAuthenticationRoles() != null && authData.getAuthenticationRoles().size() > 0) { - - - //TODO: implement PVP role -> STORK role mapping -// storkRoles = new ArrayList(); -// storkRoles.add("CIRCABC/viewer"); - - } - + + storkRoles = new ArrayList(); + PVPtoSTORKRoleMapper mapper = PVPtoSTORKRoleMapper.getInstance(); + for (AuthenticationRole el : authData.getAuthenticationRoles()) { + String storkRole = mapper.map(el); + if (MiscUtil.isNotEmpty(storkRole)) + storkRoles.add(storkRole); + + } + } return storkRoles; } + private String getFormatedDateOfBirth() { + if (authData.getDateOfBirth() != null) + return authData.getFormatedDateOfBirth(); + + else + return null; + + } + private void populateAttributeWithMethod(Method method, Object object, PersonalAttributeList attributeList, String storkAttribute, Boolean isRequired) { try { - Object attributeValue = method.invoke(object, new Class[]{}).toString(); + Object attributeValue = method.invoke(object, new Class[]{}); PersonalAttribute newAttribute = new PersonalAttribute(); newAttribute.setName(storkAttribute); @@ -143,9 +157,15 @@ public class MOAAttributeProvider { else if (attributeValue instanceof List) { List attributeValueList = (List) attributeValue; - if (attributeValueList.size() > 0 && attributeValueList.get(0) instanceof String) + if (attributeValueList.size() > 0 && attributeValueList.get(0) instanceof String) { newAttribute.setValue((List) attributeValueList); - + + } else { + Logger.info("Attribute " + storkAttribute + " is not available."); + newAttribute.setStatus(STORKStatusCode.STATUS_NOT_AVAILABLE.name()); + + } + } else { Logger.error("Receive an unsupported type for attribute " + storkAttribute); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index f4b02ee2d..a92d02e08 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import org.opensaml.saml2.core.Attribute; @@ -34,6 +35,7 @@ import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; @@ -51,6 +53,16 @@ import eu.stork.peps.auth.commons.STORKAuthnResponse; */ public class MOASTORKRequest extends RequestImpl { + public static final List DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList( + new String[] { + PVPConstants.BPK_NAME, + PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, + PVPConstants.GIVEN_NAME_NAME, + PVPConstants.PRINCIPAL_NAME_NAME, + PVPConstants.BIRTHDATE_NAME, + PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, + }); + /** The Constant serialVersionUID. */ private static final long serialVersionUID = 4581953368724501376L; @@ -220,27 +232,24 @@ public class MOASTORKRequest extends RequestImpl { */ @Override public List getRequestedAttributes() { -// //TODO: only for testing with MOA-ID as PVP Stammportal -// IOAAuthParameters oa; -// try { -// List reqAttr = new ArrayList(); -// reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION); -// -// oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); -// oa = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oa, this); -// -// DynamicOAAuthParameters tmp = (DynamicOAAuthParameters) oa; -// tmp.setBusinessTarget(Constants.URN_PREFIX_CDID + "+BF"); -// -// return AttributQueryBuilder.buildSAML2AttributeList(tmp, reqAttr.iterator()); -// -// } catch (ConfigurationException e) { -// // TODO Auto-generated catch block -// e.printStackTrace(); -// return null; -// } + //TODO: only for testing with MOA-ID as PVP Stammportal + IOAAuthParameters oa; + try { + oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); + oa = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oa, this); + + DynamicOAAuthParameters tmp = (DynamicOAAuthParameters) oa; + tmp.setBusinessTarget(Constants.URN_PREFIX_CDID + "+BF"); + + return AttributQueryBuilder.buildSAML2AttributeList(tmp, DEFAULTREQUESTEDATTRFORINTERFEDERATION.iterator()); + + } catch (ConfigurationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + return null; + } - return new ArrayList(); + //return new ArrayList(); } } -- cgit v1.2.3 From 53c6beba7017b74955818f4768b76133f08e784e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 29 Oct 2014 12:06:22 +0100 Subject: Update third-party libs - some implementation updates was required --- id/server/auth/pom.xml | 4 + id/server/idserverlib/pom.xml | 39 ++- .../gv/egovernment/moa/id/client/SZRGWClient.java | 26 +- .../stork2/CorporateBodyMandateContainer.java | 7 - .../moa/id/protocols/stork2/MandateContainer.java | 2 +- .../stork2/PhyPersonMandateContainer.java | 4 - .../protocols/stork2/SimpleNamespaceContext.java | 83 +++++++ .../properties/pvp-stork_role_mapping.properties | 2 + .../resources/resources/wsdl/szrgw/W3C-XMLDSig.xsd | 265 +++++++++++++++++++++ .../wsdl/szrgw/cs-sstc-schema-assertion-01.xsd | 194 +++++++++++++++ .../wsdl/szrgw/cs-sstc-schema-protocol-01.xsd | 127 ++++++++++ .../resources/wsdl/szrgw/mis/mis-1.0.3.xsd | 98 ++++++++ .../resources/wsdl/szrgw/szr-gw-0.0.3.xsd | 4 - id/server/moa-id-commons/pom.xml | 4 +- .../moa/id/commons/db/ConfigurationDBRead.java | 6 +- pom.xml | 10 +- spss/server/serverlib/pom.xml | 6 + 17 files changed, 849 insertions(+), 32 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SimpleNamespaceContext.java create mode 100644 id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties create mode 100644 id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/W3C-XMLDSig.xsd create mode 100644 id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-assertion-01.xsd create mode 100644 id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-protocol-01.xsd create mode 100644 id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/mis/mis-1.0.3.xsd (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index b43a0e736..dd75ee6aa 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -108,6 +108,10 @@ iaik_pki_module iaik + + axis-wsdl4j + axis + diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 833f869e5..32c8f5705 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -71,6 +71,10 @@ javax.servlet servlet-api + + axis-wsdl4j + axis + @@ -92,7 +96,8 @@ at.gv.util egovutils - 1.0.7 + + 2.0.0 com.sun @@ -102,6 +107,14 @@ org.slf4j * + + xalan + * + + + bcprov-jdk16 + bouncycastle + @@ -247,6 +260,14 @@ org.slf4j log4j-over-slf4j + + org.apache.xerces + * + + + xalan + * + @@ -257,6 +278,22 @@ org.slf4j log4j-over-slf4j + + org.slf4j + log4j-over-slf4j + + + org.apache.xerces + * + + + xalan + * + + + bcprov-jdk15on + org.bouncycastle + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java index c675885c9..9e4f3fa36 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java @@ -38,9 +38,14 @@ import at.gv.util.wsdl.szrgw.SZRGWType; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; -import com.sun.xml.ws.developer.JAXWSProperties; import javax.xml.ws.BindingProvider; +import org.apache.cxf.configuration.jsse.TLSClientParameters; +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.transport.http.HTTPConduit; +import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; + public class SZRGWClient { private SSLSocketFactory sslContext = null; @@ -57,9 +62,6 @@ public class SZRGWClient { SZRGWService service = new SZRGWService(url, new QName("http://reference.e-government.gv.at/namespace/szrgw/20070807/wsdl", "SZRGWService")); SZRGWType port = service.getSZRGWPort(); - - - BindingProvider bindingProvider = (BindingProvider) port; Map requestContext = bindingProvider.getRequestContext(); requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, serviceUrl); @@ -72,12 +74,24 @@ public class SZRGWClient { throw new SZRGWClientException(); } - requestContext.put(JAXWSProperties.SSL_SOCKET_FACTORY, sslContext); + Client client = ClientProxy.getClient(port); + HTTPConduit http = (HTTPConduit) client.getConduit(); + HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); + + httpClientPolicy.setConnectionTimeout(36000); + httpClientPolicy.setReceiveTimeout(32000); + + http.setClient(httpClientPolicy); + TLSClientParameters tlsParams = new TLSClientParameters(); + tlsParams.setSSLSocketFactory(sslContext); + + http.setTlsClientParameters(tlsParams ); + // check for lax hostname if (true) { Logger.trace("LaxHostnameVerifier enabled. This setting is not recommended to use."); - requestContext.put(JAXWSProperties.HOSTNAME_VERIFIER, new LaxHostNameVerifier()); + tlsParams.setHostnameVerifier(new LaxHostNameVerifier()); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java index b358436ae..3e16db7d2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java @@ -24,17 +24,10 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.logging.Logger; -import javanet.staxutils.SimpleNamespaceContext; import org.xml.sax.InputSource; -import javax.xml.xpath.XPath; import javax.xml.xpath.XPathExpressionException; -import javax.xml.xpath.XPathFactory; import java.io.StringReader; -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; -import java.util.HashMap; - /** * Physical person representing corporate body * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java index 25350e686..e6c58b503 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java @@ -24,11 +24,11 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.logging.Logger; -import javanet.staxutils.SimpleNamespaceContext; import javax.xml.xpath.XPath; import javax.xml.xpath.XPathExpressionException; import javax.xml.xpath.XPathFactory; + import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.util.HashMap; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java index 853d17318..ba89663ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java @@ -24,14 +24,10 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.logging.Logger; -import javanet.staxutils.SimpleNamespaceContext; import org.xml.sax.InputSource; -import javax.xml.xpath.XPath; import javax.xml.xpath.XPathExpressionException; -import javax.xml.xpath.XPathFactory; import java.io.StringReader; -import java.util.HashMap; /** * Physical person representing physical person diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SimpleNamespaceContext.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SimpleNamespaceContext.java new file mode 100644 index 000000000..2c2df3e54 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SimpleNamespaceContext.java @@ -0,0 +1,83 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map.Entry; +import java.util.Set; + +import javax.xml.namespace.NamespaceContext; + +/** + * @author tlenz + * + */ +public class SimpleNamespaceContext implements NamespaceContext { + + HashMap prefMap = null; + /** + * @param prefMap + */ + SimpleNamespaceContext(HashMap prefMap) { + this.prefMap = prefMap; + } + + /* (non-Javadoc) + * @see javax.xml.namespace.NamespaceContext#getNamespaceURI(java.lang.String) + */ + @Override + public String getNamespaceURI(String prefix) { + if (prefMap.containsKey(prefix)) + return prefMap.get(prefix); + else + return null; + } + + /* (non-Javadoc) + * @see javax.xml.namespace.NamespaceContext#getPrefix(java.lang.String) + */ + @Override + public String getPrefix(String namespaceURI) { + if (prefMap.containsValue(namespaceURI)) { + Set> set = prefMap.entrySet(); + for (Entry el : set) { + if (el.getValue().equals(namespaceURI)) + return el.getKey(); + + } + } + + return null; + } + + /* (non-Javadoc) + * @see javax.xml.namespace.NamespaceContext#getPrefixes(java.lang.String) + */ + @Override + public Iterator getPrefixes(String namespaceURI) { + // TODO Auto-generated method stub + return null; + } + +} diff --git a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties new file mode 100644 index 000000000..5bcfc7bd2 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties @@ -0,0 +1,2 @@ +xxpvprole=CIRCABC/viewer +yypvprole=CIRCABC/admin \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/W3C-XMLDSig.xsd b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/W3C-XMLDSig.xsd new file mode 100644 index 000000000..522cae082 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/W3C-XMLDSig.xsd @@ -0,0 +1,265 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-assertion-01.xsd b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-assertion-01.xsd new file mode 100644 index 000000000..8ef08727d --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-assertion-01.xsd @@ -0,0 +1,194 @@ + + + + + + + Document identifier: cs-sstc-schema-assertion-01 + Location: http://www.oasis-open.org/committees/security/docs/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-protocol-01.xsd b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-protocol-01.xsd new file mode 100644 index 000000000..eeb9bef9f --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-protocol-01.xsd @@ -0,0 +1,127 @@ + + + + + + + + Document identifier: cs-sstc-schema-protocol-01 + Location: http://www.oasis-open.org/committees/security/docs/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/mis/mis-1.0.3.xsd b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/mis/mis-1.0.3.xsd new file mode 100644 index 000000000..48ef60187 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/mis/mis-1.0.3.xsd @@ -0,0 +1,98 @@ + + + + + + + Request to MIS + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Response from MIS + + + + + + + + + + + + + + + + + + Organwalter oder berufsm. Parteienvertreter + + + + + bPK des Organwalters + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/szr-gw-0.0.3.xsd b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/szr-gw-0.0.3.xsd index c97822427..211e59d53 100644 --- a/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/szr-gw-0.0.3.xsd +++ b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/szr-gw-0.0.3.xsd @@ -1,9 +1,5 @@ - - - - diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index e6d708eca..ebda03801 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -82,7 +82,7 @@ com.sun.xml.bind jaxb-xjc - 2.2.7 + 2.2.11 @@ -118,7 +118,7 @@ mysql mysql-connector-java - 5.1.32 + 5.1.33 diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java index 46d3ca558..a3f445fcf 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java @@ -27,11 +27,13 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -import org.apache.commons.lang.StringEscapeUtils; +//import org.apache.commons.lang.StringEscapeUtils; import javax.persistence.EntityManager; import javax.persistence.PersistenceException; +import org.apache.commons.lang3.StringEscapeUtils; + import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -70,7 +72,7 @@ public class ConfigurationDBRead { javax.persistence.Query query = session.createQuery(QUERIES.get("getActiveOnlineApplicationWithID")); //query.setParameter("id", id+"%"); - query.setParameter("id", StringEscapeUtils.escapeHtml(id)); + query.setParameter("id", StringEscapeUtils.escapeHtml4(id)); result = query.getResultList(); Logger.trace("Found entries: " + result.size()); diff --git a/pom.xml b/pom.xml index bed1565c6..89f710a4c 100644 --- a/pom.xml +++ b/pom.xml @@ -406,7 +406,7 @@ javax.xml.bind jaxb-api - 2.2.11 + 2.2.12 @@ -445,7 +445,7 @@ xerces xercesImpl - 2.9.1 + 2.11.0 compile + 2.11.0 runtime xalan-bin-dist serializer - 2.7.1 + 2.7.2 runtime diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml index 3cf8d0bd7..7c11659e1 100644 --- a/spss/server/serverlib/pom.xml +++ b/spss/server/serverlib/pom.xml @@ -161,6 +161,12 @@ + + com.sun.xml.bind + jaxb-impl + 2.2.11 + +