From 4c59c85ac46957ed4610b9f2c19467cf8026705d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 28 Aug 2017 16:05:54 +0200 Subject: catch possible NullPointerException --- .../moa/id/protocols/pvp2x/verification/EntityVerifier.java | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java index 2ded32bac..d05d180e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java @@ -55,6 +55,12 @@ public class EntityVerifier { try { IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID); + if (oa == null) { + Logger.debug("No OnlineApplication with EntityID: " + entityID); + return null; + + } + String certBase64 = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); if (MiscUtil.isNotEmpty(certBase64)) { return Base64Utils.decode(certBase64, false); -- cgit v1.2.3 From 6af6c5fdffb071ce407a303cf3fd307359df1ef1 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 28 Aug 2017 16:29:40 +0200 Subject: update IAIK libs --- .../java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java index f37ae0b0b..d30ce4924 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java @@ -44,9 +44,9 @@ import iaik.security.ec.common.ECParameterSpec; import iaik.security.ec.common.ECPublicKey; import iaik.security.ec.common.ECStandardizedParameterFactory; import iaik.security.ec.common.EllipticCurve; +import iaik.security.ec.math.field.AbstractPrimeField; import iaik.security.ec.math.field.Field; import iaik.security.ec.math.field.FieldElement; -import iaik.security.ec.math.field.PrimeField; public class ECDSAKeyValueConverter { @@ -221,7 +221,7 @@ public class ECDSAKeyValueConverter // Value xValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyXStr, 10)); // publicKeyPointX = field.newElement(xValue); - PrimeField pf = (PrimeField) field; + AbstractPrimeField pf = (AbstractPrimeField) field; publicKeyPointX = pf.newElement(new BigInteger(publicKeyXStr, 10)); // Value yValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyYStr, 10)); // publicKeyPointY = field.newElement(yValue); -- cgit v1.2.3 From 211fd182136ba3def6b31f6acd86b91c1521d092 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 6 Sep 2017 12:38:50 +0200 Subject: update StatisticLogger to handle unknown BKUTypes --- .../gv/egovernment/moa/id/advancedlogging/StatisticLogger.java | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index b57e6ed69..55b1a7c9a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -69,6 +69,7 @@ public class StatisticLogger implements IStatisticLogger{ private static final String GENERIC_LOCALBKU = ":3496/https-security-layer-request"; private static final String GENERIC_HANDYBKU = "https://www.handy-signatur.at/"; + private static final String GENERIC_ONLINE_BKU = "bkuonline"; private static final String MANTATORTYPE_JUR = "jur"; private static final String MANTATORTYPE_NAT = "nat"; @@ -422,8 +423,13 @@ public class StatisticLogger implements IStatisticLogger{ return IOAAuthParameters.HANDYBKU; } - Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.ONLINEBKU); - return IOAAuthParameters.ONLINEBKU; + if (bkuURL.contains(GENERIC_ONLINE_BKU)) { + Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.ONLINEBKU); + return IOAAuthParameters.ONLINEBKU; + } + + Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.AUTHTYPE_OTHERS); + return IOAAuthParameters.AUTHTYPE_OTHERS; } } -- cgit v1.2.3 From 22ccfa1baf256635268a3a65ac59d5a415d19356 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 19 Sep 2017 14:28:36 +0200 Subject: update TransactionUtis for MDC logging and add unique OA identifier as additional MDC variable --- .../moa/id/advancedlogging/TransactionIDUtils.java | 45 +++++++++++++++++++--- .../moa/id/auth/AuthenticationSessionCleaner.java | 14 +++++-- .../moa/id/auth/servlet/AbstractController.java | 7 ++-- .../AbstractProcessEngineSignalController.java | 9 +---- .../UniqueSessionIdentifierInterceptor.java | 6 +-- .../moa/id/data/ExceptionContainer.java | 24 ++++++++++-- .../moa/id/moduls/AuthenticationManager.java | 15 +++++--- .../egovernment/moa/id/moduls/RequestStorage.java | 5 +-- 8 files changed, 91 insertions(+), 34 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java index 6d53fd510..0b066f3b9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java @@ -23,10 +23,8 @@ package at.gv.egovernment.moa.id.advancedlogging; -import java.util.Date; - import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moa.id.commons.api.IRequest; /** * @author tlenz @@ -34,6 +32,43 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class TransactionIDUtils { + /** + * Set all MDC variables from pending request to this threat context
+ * These includes SessionID, TransactionID, and unique service-provider identifier + * + * @param pendingRequest + */ + public static void setAllLoggingVariables(IRequest pendingRequest) { + setTransactionId(pendingRequest.getUniqueTransactionIdentifier()); + setSessionId(pendingRequest.getUniqueSessionIdentifier()); + setServiceProviderId(pendingRequest.getOnlineApplicationConfiguration().getPublicURLPrefix()); + + } + + /** + * Remove all MDC variables from this threat context + * + */ + public static void removeAllLoggingVariables() { + removeSessionId(); + removeTransactionId(); + removeServiceProviderId(); + + } + + + public static void setServiceProviderId(String oaUniqueId) { + org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID, oaUniqueId); + org.slf4j.MDC.put(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID, oaUniqueId); + + } + + public static void removeServiceProviderId() { + org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID); + org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID); + + } + public static void setTransactionId(String pendingRequestID) { org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID, "TID-" + pendingRequestID); @@ -50,9 +85,9 @@ public class TransactionIDUtils { public static void setSessionId(String uniqueSessionId) { org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, - "TID-" + uniqueSessionId); + "SID-" + uniqueSessionId); org.slf4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, - "TID-" + uniqueSessionId); + "SID-" + uniqueSessionId); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java index bbb322a4f..34d0d4be1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java @@ -74,20 +74,26 @@ public class AuthenticationSessionCleaner implements Runnable { ExceptionContainer exContainer = (ExceptionContainer) entry; if (exContainer.getExceptionThrown() != null) { - //add session and transaction ID to log if exists + //add session, transaction, and service-provider IDs into logging context if exists if (MiscUtil.isNotEmpty(exContainer.getUniqueTransactionID())) TransactionIDUtils.setTransactionId(exContainer.getUniqueTransactionID()); if (MiscUtil.isNotEmpty(exContainer.getUniqueSessionID())) TransactionIDUtils.setSessionId(exContainer.getUniqueSessionID()); + if (MiscUtil.isNotEmpty(exContainer.getUniqueServiceProviderId())) + TransactionIDUtils.setServiceProviderId(exContainer.getUniqueServiceProviderId()); + //log exception to technical log logExceptionToTechnicalLog(exContainer.getExceptionThrown()); //remove session and transaction ID from thread - TransactionIDUtils.removeSessionId(); - TransactionIDUtils.removeTransactionId(); - } + TransactionIDUtils.removeAllLoggingVariables(); + + } else { + Logger.warn("Receive an ExceptionContainer that includes no 'Exception' object. Somethinge is suspect!!!!!"); + + } } } catch (Exception e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java index 1431911a3..353261085 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java @@ -33,6 +33,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.ExceptionHandler; import com.google.common.net.MediaType; + import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; @@ -139,13 +140,11 @@ public abstract class AbstractController extends MOAIDAuthConstants { if (pendingReq != null) { revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR); transactionStorage.put(key, - new ExceptionContainer(pendingReq.getUniqueSessionIdentifier(), - pendingReq.getUniqueTransactionIdentifier(), loggedException),-1); + new ExceptionContainer(pendingReq, loggedException),-1); } else { transactionStorage.put(key, - new ExceptionContainer(null, - null, loggedException),-1); + new ExceptionContainer(null, loggedException),-1); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java index 0ce7b0050..32f103ca7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java @@ -45,11 +45,7 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont //change pending-request ID requestStorage.changePendingRequestID(pendingReq); pendingRequestID = pendingReq.getRequestID(); - - //add transactionID and unique sessionID to Logger - TransactionIDUtils.setSessionId(pendingReq.getUniqueSessionIdentifier()); - TransactionIDUtils.setTransactionId(pendingReq.getUniqueTransactionIdentifier()); - + // process instance is mandatory if (pendingReq.getProcessInstanceId() == null) { throw new MOAIllegalStateException("process.03", new Object[]{"MOA session does not provide process instance id."}); @@ -64,8 +60,7 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont } finally { //MOASessionDBUtils.closeSession(); - TransactionIDUtils.removeTransactionId(); - TransactionIDUtils.removeSessionId(); + TransactionIDUtils.removeAllLoggingVariables(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java index bedc67513..466364adb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java @@ -57,8 +57,8 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { String uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId); if (MiscUtil.isEmpty(uniqueSessionIdentifier)) uniqueSessionIdentifier = Random.nextRandom(); - TransactionIDUtils.setSessionId(uniqueSessionIdentifier); + TransactionIDUtils.setSessionId(uniqueSessionIdentifier); request.setAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier); return true; @@ -79,8 +79,8 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { - // TODO Auto-generated method stub - + TransactionIDUtils.removeAllLoggingVariables(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java index 1c6fdcb65..4820b6fdc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.data; import java.io.Serializable; +import at.gv.egovernment.moa.id.commons.api.IRequest; + /** * @author tlenz * @@ -34,13 +36,21 @@ public class ExceptionContainer implements Serializable { private Throwable exceptionThrown = null; private String uniqueSessionID = null; private String uniqueTransactionID = null; + private String uniqueServiceProviderId = null; /** * */ - public ExceptionContainer(String uniqueSessionID, String uniqueTransactionID, Throwable exception) { - this.uniqueSessionID = uniqueSessionID; - this.uniqueTransactionID = uniqueTransactionID; + public ExceptionContainer(IRequest pendingReq, Throwable exception) { + if (pendingReq != null) { + this.uniqueSessionID = pendingReq.getUniqueSessionIdentifier(); + this.uniqueTransactionID = pendingReq.getUniqueTransactionIdentifier(); + + if (pendingReq.getOnlineApplicationConfiguration() != null) + this.uniqueServiceProviderId = pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix(); + + } + this.exceptionThrown = exception; } @@ -62,6 +72,14 @@ public class ExceptionContainer implements Serializable { public String getUniqueTransactionID() { return uniqueTransactionID; } + + /** + * @return the uniqueServiceProviderId + */ + public String getUniqueServiceProviderId() { + return uniqueServiceProviderId; + } + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index ab0a1ec40..60b8b31de 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -47,6 +47,7 @@ import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; @@ -202,6 +203,14 @@ public class AuthenticationManager extends MOAIDAuthConstants { public AuthenticationSession doAuthentication(HttpServletRequest httpReq, HttpServletResponse httpResp, RequestImpl pendingReq) throws MOADatabaseException, ServletException, IOException, MOAIDException { + //load OA configuration from pending request + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + + //set logging context and log unique OA identifier to revision log + TransactionIDUtils.setServiceProviderId(pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix()); + revisionsLogger.logEvent(oaParam, + pendingReq, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, pendingReq.getOAURL()); + //generic authentication request validation if (pendingReq.isPassiv() && pendingReq.forceAuth()) { @@ -236,12 +245,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); // check if Service-Provider allows SSO sessions - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); boolean useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP(); - - revisionsLogger.logEvent(oaParam, - pendingReq, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, pendingReq.getOAURL()); - + //if a legacy request is used SSO should not be allowed in case of mandate authentication boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(httpReq); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java index eec48e0f3..90ccb3c27 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java @@ -52,9 +52,8 @@ public class RequestStorage implements IRequestStorage{ } //set transactionID and sessionID to Logger - TransactionIDUtils.setTransactionId(pendingRequest.getUniqueTransactionIdentifier()); - TransactionIDUtils.setSessionId(pendingRequest.getUniqueSessionIdentifier()); - + TransactionIDUtils.setAllLoggingVariables(pendingRequest); + return pendingRequest; } catch (MOADatabaseException | NullPointerException e) { -- cgit v1.2.3 From 3c81d3fef06204f2259b6c0377c8a2a00974c614 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 20 Sep 2017 12:15:20 +0200 Subject: make SAML2 http POST-Binding template and mandate-service selection-template configurable for every online application --- .../tasks/GenerateBKUSelectionFrameTask.java | 8 +- .../GenerateSSOConsentEvaluatorFrameTask.java | 8 +- .../id/auth/servlet/GUILayoutBuilderServlet.java | 22 ++-- .../moa/id/moduls/AuthenticationManager.java | 4 +- .../moa/id/opemsaml/MOAIDHTTPPostEncoder.java | 114 +++++++++++++++++++++ .../id/protocols/pvp2x/AttributQueryAction.java | 6 +- .../id/protocols/pvp2x/AuthenticationAction.java | 8 +- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 8 +- .../moa/id/protocols/pvp2x/SingleLogOutAction.java | 4 +- .../moa/id/protocols/pvp2x/binding/IEncoder.java | 7 +- .../id/protocols/pvp2x/binding/PostBinding.java | 53 +++++++--- .../protocols/pvp2x/binding/RedirectBinding.java | 7 +- .../id/protocols/pvp2x/binding/SoapBinding.java | 7 +- .../pvp2x/builder/PVPAuthnRequestBuilder.java | 9 +- .../pvp2x/builder/SingleLogOutBuilder.java | 11 +- 15 files changed, 217 insertions(+), 59 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java index c582050ad..710008714 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java @@ -32,7 +32,7 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad; import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; @@ -68,10 +68,10 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); } - - IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + + IGUIBuilderConfiguration config = new SPSpecificGUIBuilderConfigurationWithDBLoad( pendingReq, - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_BKUSELECTION, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_BKUSELECTION, GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); guiBuilder.build(response, config, "BKU-Selection form"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java index ca99e9ba3..475009cf2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java @@ -31,7 +31,7 @@ import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad; import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; @@ -67,10 +67,10 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas //store pending request requestStoreage.storePendingRequest(pendingReq); - //build consents evaluator form - IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + //build consents evaluator form + IGUIBuilderConfiguration config = new SPSpecificGUIBuilderConfigurationWithDBLoad( pendingReq, - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_SENDASSERTION, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_SENDASSERTION, GeneralProcessEngineSignalController.ENDPOINT_SENDASSERTION_EVALUATION); guiBuilder.build(response, config, "SendAssertion-Evaluation"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java index 9b658d81b..416e787a7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java @@ -34,7 +34,7 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IRequest; @@ -71,17 +71,17 @@ public class GUILayoutBuilderServlet extends AbstractController { IRequest pendingReq = extractPendingRequest(req); //initialize GUI builder configuration - ServiceProviderSpecificGUIFormBuilderConfiguration config = null; + SPSpecificGUIBuilderConfigurationWithDBLoad config = null; if (pendingReq != null) - config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + config = new SPSpecificGUIBuilderConfigurationWithDBLoad( pendingReq, - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_CSS, null); else - config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + config = new SPSpecificGUIBuilderConfigurationWithDBLoad( HTTPUtils.extractAuthURLFromRequest(req), - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_CSS, null); //build GUI component @@ -100,17 +100,17 @@ public class GUILayoutBuilderServlet extends AbstractController { IRequest pendingReq = extractPendingRequest(req); //initialize GUI builder configuration - ServiceProviderSpecificGUIFormBuilderConfiguration config = null; + SPSpecificGUIBuilderConfigurationWithDBLoad config = null; if (pendingReq != null) - config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + config = new SPSpecificGUIBuilderConfigurationWithDBLoad( pendingReq, - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_JS, GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); else - config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + config = new SPSpecificGUIBuilderConfigurationWithDBLoad( HTTPUtils.extractAuthURLFromRequest(req), - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_JS, GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); //build GUI component diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 60b8b31de..7c581d470 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -620,7 +620,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { //send SLO response to SLO request issuer SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq); LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs()); - sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState); + sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq); } else { //print SLO information directly @@ -656,7 +656,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { if (pvpReq != null) { SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq); LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); - sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState); + sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq); revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java new file mode 100644 index 000000000..b05e60e94 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java @@ -0,0 +1,114 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.opemsaml; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStreamWriter; +import java.io.Writer; + +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.opensaml.common.binding.SAMLMessageContext; +import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.transport.http.HTTPOutTransport; +import org.opensaml.ws.transport.http.HTTPTransportUtils; + +import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class MOAIDHTTPPostEncoder extends HTTPPostEncoder { + + private VelocityEngine velocityEngine; + private IGUIBuilderConfiguration guiConfig; + private GUIFormBuilderImpl guiBuilder; + + /** + * @param engine + * @param templateId + */ + public MOAIDHTTPPostEncoder(IGUIBuilderConfiguration guiConfig, GUIFormBuilderImpl guiBuilder, VelocityEngine engine) { + super(engine, null); + this.velocityEngine = engine; + this.guiConfig = guiConfig; + this.guiBuilder = guiBuilder; + + } + + /** + * Base64 and POST encodes the outbound message and writes it to the outbound transport. + * + * @param messageContext current message context + * @param endpointURL endpoint URL to which to encode message + * + * @throws MessageEncodingException thrown if there is a problem encoding the message + */ + protected void postEncode(SAMLMessageContext messageContext, String endpointURL) throws MessageEncodingException { + Logger.debug("Invoking Velocity template to create POST body"); + InputStream is = null; + try { + //build Velocity Context from GUI input paramters + VelocityContext context = guiBuilder.generateVelocityContextFromConfiguration(guiConfig); + + //load template + is = guiBuilder.getTemplateInputStream(guiConfig); + + //populate velocity context with SAML2 parameters + populateVelocityContext(context, messageContext, endpointURL); + + //populate transport parameter + HTTPOutTransport outTransport = (HTTPOutTransport) messageContext.getOutboundMessageTransport(); + HTTPTransportUtils.addNoCacheHeaders(outTransport); + HTTPTransportUtils.setUTF8Encoding(outTransport); + HTTPTransportUtils.setContentType(outTransport, "text/html"); + + //evaluate template and write content to response + Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8"); + velocityEngine.evaluate(context, out, "SAML2_POST_BINDING", new BufferedReader(new InputStreamReader(is))); + out.flush(); + + } catch (Exception e) { + Logger.error("Error invoking Velocity template", e); + throw new MessageEncodingException("Error creating output document", e); + + } finally { + if (is != null) { + try { + is.close(); + + } catch (IOException e) { + Logger.error("Can NOT close GUI-Template InputStream.", e); + } + } + + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java index 365a31fe1..643e30ac9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -39,6 +39,7 @@ import org.opensaml.saml2.core.Response; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; @@ -79,6 +80,7 @@ public class AttributQueryAction implements IAction { @Autowired private IDPCredentialProvider pvpCredentials; @Autowired private AuthConfiguration authConfig; @Autowired(required=true) private MOAMetadataProvider metadataProvider; + @Autowired(required=true) ApplicationContext springContext; private final static List DEFAULTSTORKATTRIBUTES = Arrays.asList( new String[]{PVPConstants.EID_STORK_TOKEN_NAME}); @@ -141,9 +143,9 @@ public class AttributQueryAction implements IAction { metadataProvider, issuerEntityID, attrQuery, date, assertion, authConfig.isPVP2AssertionEncryptionActive()); - SoapBinding decoder = new SoapBinding(); + SoapBinding decoder = springContext.getBean("PVPSOAPBinding", SoapBinding.class); decoder.encodeRespone(httpReq, httpResp, authResponse, null, null, - pvpCredentials.getIDPAssertionSigningCredential()); + pvpCredentials.getIDPAssertionSigningCredential(), pendingReq); return null; } catch (MessageEncodingException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java index aac49844e..9d60ae4b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java @@ -35,6 +35,7 @@ import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; @@ -62,6 +63,7 @@ public class AuthenticationAction implements IAction { @Autowired IDPCredentialProvider pvpCredentials; @Autowired AuthConfiguration authConfig; @Autowired(required=true) private MOAMetadataProvider metadataProvider; + @Autowired(required=true) ApplicationContext springContext; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { @@ -102,11 +104,11 @@ public class AuthenticationAction implements IAction { if (consumerService.getBinding().equals( SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - binding = new RedirectBinding(); + binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class); } else if (consumerService.getBinding().equals( SAMLConstants.SAML2_POST_BINDING_URI)) { - binding = new PostBinding(); + binding = springContext.getBean("PVPPOSTBinding", PostBinding.class); } @@ -117,7 +119,7 @@ public class AuthenticationAction implements IAction { try { binding.encodeRespone(httpReq, httpResp, authResponse, consumerService.getLocation(), moaRequest.getRelayState(), - pvpCredentials.getIDPAssertionSigningCredential()); + pvpCredentials.getIDPAssertionSigningCredential(), req); //set protocol type sloInformation.setProtocolType(req.requestedModule()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index a7a249eed..216d7a8b1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -444,13 +444,13 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { IEncoder encoder = null; if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - encoder = new RedirectBinding(); + encoder = applicationContext.getBean("PVPRedirectBinding", RedirectBinding.class); } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { - encoder = new PostBinding(); + encoder = applicationContext.getBean("PVPPOSTBinding", PostBinding.class); } else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) { - encoder = new SoapBinding(); + encoder = applicationContext.getBean("PVPSOAPBinding", SoapBinding.class); } if(encoder == null) { @@ -465,7 +465,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { X509Credential signCred = pvpCredentials.getIDPAssertionSigningCredential(); encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerURL(), - relayState, signCred); + relayState, signCred, protocolRequest); return true; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index ff703d585..f709da213 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -111,7 +111,7 @@ public class SingleLogOutAction implements IAction { //LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null); Logger.info("Sending SLO success message to requester ..."); - sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); + sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState(), pvpReq); return null; } else { @@ -127,7 +127,7 @@ public class SingleLogOutAction implements IAction { //LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null); Logger.info("Sending SLO success message to requester ..."); - sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); + sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState(), pvpReq); return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java index 3b2fb3687..ccbef6e6c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java @@ -31,6 +31,7 @@ import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; public interface IEncoder { @@ -43,12 +44,13 @@ public interface IEncoder { * @param targetLocation URL, where the request should be transmit * @param relayState token for session handling * @param credentials Credential to sign the request object + * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null * @throws MessageEncodingException * @throws SecurityException * @throws PVP2Exception */ public void encodeRequest(HttpServletRequest req, - HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials) + HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException, PVP2Exception; /** @@ -59,10 +61,11 @@ public interface IEncoder { * @param targetLocation URL, where the request should be transmit * @param relayState token for session handling * @param credentials Credential to sign the response object + * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null * @throws MessageEncodingException * @throws SecurityException */ public void encodeRespone(HttpServletRequest req, - HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials) + HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException, PVP2Exception; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index 9977e607b..c7688c14b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -25,13 +25,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.velocity.app.VelocityEngine; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.common.binding.decoding.URIComparator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; -import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.metadata.IDPSSODescriptor; @@ -49,8 +47,17 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.opemsaml.MOAIDHTTPPostEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; @@ -62,10 +69,14 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@Service("PVPPOSTBinding") public class PostBinding implements IDecoder, IEncoder { + + @Autowired(required=true) AuthConfiguration authConfig; + @Autowired(required=true) GUIFormBuilderImpl guiBuilder; public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation, String relayState, Credential credentials) + RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException { try { @@ -75,9 +86,18 @@ public class PostBinding implements IDecoder, IEncoder { //load default PVP security configurations MOADefaultBootstrap.initializeDefaultPVPConfiguration(); - VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); - HTTPPostEncoder encoder = new HTTPPostEncoder(engine, - "resources/templates/pvp_postbinding_template.html"); + //initialize POST binding encoder with template decoration + IGUIBuilderConfiguration guiConfig = + new SPSpecificGUIBuilderConfigurationWithFileSystemLoad( + pendingReq, + "pvp_postbinding_template.html", + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, + null, + authConfig.getRootConfigFileDir()); + MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder, + VelocityProvider.getClassPathVelocityEngine()); + + //set OpenSAML2 process parameter into binding context dao HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( resp, true); BasicSAMLMessageContext context = new BasicSAMLMessageContext(); @@ -103,22 +123,27 @@ public class PostBinding implements IDecoder, IEncoder { } public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, - StatusResponseType response, String targetLocation, String relayState, Credential credentials) + StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException { try { -// X509Credential credentials = credentialProvider -// .getIDPAssertionSigningCredential(); - //load default PVP security configurations MOADefaultBootstrap.initializeDefaultPVPConfiguration(); Logger.debug("create SAML POSTBinding response"); - VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); - - HTTPPostEncoder encoder = new HTTPPostEncoder(engine, - "resources/templates/pvp_postbinding_template.html"); + //initialize POST binding encoder with template decoration + IGUIBuilderConfiguration guiConfig = + new SPSpecificGUIBuilderConfigurationWithFileSystemLoad( + pendingReq, + "pvp_postbinding_template.html", + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, + null, + authConfig.getRootConfigFileDir()); + MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder, + VelocityProvider.getClassPathVelocityEngine()); + + //set OpenSAML2 process parameter into binding context dao HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( resp, true); BasicSAMLMessageContext context = new BasicSAMLMessageContext(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 279038967..4f44a6202 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -50,7 +50,9 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; +import org.springframework.stereotype.Service; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; @@ -62,10 +64,11 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@Service("PVPRedirectBinding") public class RedirectBinding implements IDecoder, IEncoder { public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation, String relayState, Credential credentials) + RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException { // try { @@ -100,7 +103,7 @@ public class RedirectBinding implements IDecoder, IEncoder { public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, - Credential credentials) throws MessageEncodingException, SecurityException { + Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException { // try { // X509Credential credentials = credentialProvider // .getIDPAssertionSigningCredential(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java index 94d91694a..552b64ac6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java @@ -48,7 +48,9 @@ import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.signature.SignableXMLObject; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; @@ -60,6 +62,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@Service("PVPSOAPBinding") public class SoapBinding implements IDecoder, IEncoder { @Autowired(required=true) private MOAMetadataProvider metadataProvider; @@ -136,13 +139,13 @@ public class SoapBinding implements IDecoder, IEncoder { } public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation, String relayState, Credential credentials) + RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException, PVP2Exception { } public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, - StatusResponseType response, String targetLocation, String relayState, Credential credentials) + StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException, PVP2Exception { // try { // Credential credentials = credentialProvider diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java index 01ef4a43d..f29418853 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java @@ -44,6 +44,8 @@ import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.commons.api.IRequest; @@ -64,6 +66,7 @@ import at.gv.egovernment.moa.util.MiscUtil; @Service("PVPAuthnRequestBuilder") public class PVPAuthnRequestBuilder { + @Autowired(required=true) ApplicationContext springContext; /** * Build a PVP2.x specific authentication request @@ -202,17 +205,17 @@ public class PVPAuthnRequestBuilder { IEncoder binding = null; if (endpoint.getBinding().equals( SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - binding = new RedirectBinding(); + binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class); } else if (endpoint.getBinding().equals( SAMLConstants.SAML2_POST_BINDING_URI)) { - binding = new PostBinding(); + binding = springContext.getBean("PVPPOSTBinding", PostBinding.class); } //encode message binding.encodeRequest(null, httpResp, authReq, - endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential()); + endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential(), pendingReq); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java index de59e6055..4fef52aec 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java @@ -59,6 +59,7 @@ import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.SignatureConstants; import org.opensaml.xml.signature.Signer; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; import org.w3c.dom.Document; @@ -95,7 +96,9 @@ import at.gv.egovernment.moa.logging.Logger; public class SingleLogOutBuilder { @Autowired(required=true) private MOAMetadataProvider metadataProvider; + @Autowired(required=true) ApplicationContext springContext; @Autowired private IDPCredentialProvider credentialProvider; + public void checkStatusCode(ISLOInformationContainer sloContainer, LogoutResponse logOutResp) { Status status = logOutResp.getStatus(); @@ -185,15 +188,15 @@ public class SingleLogOutBuilder { public void sendFrontChannelSLOMessage(SingleLogoutService consumerService, LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp, - String relayState) throws MOAIDException { + String relayState, PVPTargetConfiguration pvpReq) throws MOAIDException { IEncoder binding = null; if (consumerService.getBinding().equals( SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - binding = new RedirectBinding(); + binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class); } else if (consumerService.getBinding().equals( SAMLConstants.SAML2_POST_BINDING_URI)) { - binding = new PostBinding(); + binding = springContext.getBean("PVPPOSTBinding", PostBinding.class); } @@ -204,7 +207,7 @@ public class SingleLogOutBuilder { try { binding.encodeRespone(req, resp, sloResp, consumerService.getLocation(), relayState, - credentialProvider.getIDPAssertionSigningCredential()); + credentialProvider.getIDPAssertionSigningCredential(), pvpReq); } catch (MessageEncodingException e) { Logger.error("Message Encoding exception", e); -- cgit v1.2.3