From 4795b273bb734f04056babe963d8588ffbf50fb0 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 21 Jul 2015 15:30:40 +0200
Subject: fix MOA-ID-Auth problems

---
 .../moa/id/auth/MOAIDAuthInitializer.java          |  3 +-
 .../moa/id/config/auth/OAAuthParameter.java        | 21 +++++++-
 .../moa/id/entrypoints/DispatcherServlet.java      |  2 +-
 .../moa/id/moduls/AuthenticationManager.java       | 28 ++++++----
 .../protocols/pvp2x/config/PVPConfiguration.java   |  5 +-
 .../pvp2x/metadata/MOAMetadataProvider.java        | 59 +++++++++++++++++-----
 6 files changed, 87 insertions(+), 31 deletions(-)

(limited to 'id/server/idserverlib/src/main/java/at')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 65e3b10d7..e1086bbd1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -22,6 +22,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider;
 import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.SSLUtils;
@@ -174,7 +175,7 @@ public class MOAIDAuthInitializer {
         	System.exit(-1);
         	
         }
-                
+        
         // Starts the session cleaner thread to remove unpicked authentication data
         AuthenticationSessionCleaner.start();
         AuthConfigLoader.start();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 9386330cc..987603227 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -865,7 +865,26 @@ public boolean isRemovePBKFromAuthBlock() {
  */
 @Override
 public List<Integer> getReversionsLoggingEventCodes() {
-	// TODO Auto-generated method stub
+	String isEnabled = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_ENABLED);
+	if (MiscUtil.isNotEmpty(isEnabled) && Boolean.parseBoolean(isEnabled)) {
+		String eventCodes = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES);
+		if (MiscUtil.isNotEmpty(eventCodes)) {
+			String[] codes = eventCodes.split(",");
+			List<Integer> result = new ArrayList<Integer>();
+			for (String el : codes) {
+				try {
+					result.add(Integer.valueOf(el.trim()));
+					
+				} catch (NumberFormatException e) {
+					Logger.warn("EventCode can not parsed to Integer.", e);
+					
+				}
+			}
+			if (!result.isEmpty())
+				return result;
+			
+		}		
+	}
 	return null;
 }
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 5584e8ca6..45eecec84 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -311,7 +311,7 @@ public class DispatcherServlet extends AuthServlet{
 								MiscUtil.isNotEmpty(protocolRequest.getRequestID())) {
 							
 							OAAuthParameter oaParams = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL());
-							if (oaParams.isSTORKPVPGateway() || !oaParams.isPerformLocalAuthenticationOnInterfederationError()) {
+							if (!oaParams.isPerformLocalAuthenticationOnInterfederationError()) {
 								// -> send end error to service provider
 								Logger.info("Federated authentication for entity " + protocolRequest.getOAURL() 
 										+ " FAILED. Sending error message to service provider.");								
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 06b55fb66..f3c40707e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -400,18 +400,22 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 		Logger.debug("Build PVP 2.1 authentication request");
  		
 		//get IDP metadata
-		try {
-			OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getRequestedIDP());
-			OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getOAURL());
+		
+		OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getRequestedIDP());
+		OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getOAURL());
 			
-			if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
-				Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation.");
-				Logger.info("Switch to local authentication on this IDP ... ");
-				perfomLocalAuthentication(request, response, target);
-				return;
+		if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
+			Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation.");
+			Logger.debug("isInderfederationIDP:" + String.valueOf(idp.isInderfederationIDP())
+					+ " isInboundSSOAllowed:" + String.valueOf(idp.isInboundSSOInterfederationAllowed()));
+			Logger.info("Switch to local authentication on this IDP ... ");
+			
+			perfomLocalAuthentication(request, response, target);
+			return;
 				
-			} 
+		}
 			
+		try {	
 			EntityDescriptor idpEntity = MOAMetadataProvider.getInstance().
 					getEntityDescriptor(target.getRequestedIDP());
 			
@@ -556,7 +560,11 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 		
 		if (requiredLocalAuthentication) {
 			Logger.info("Switch to local authentication on this IDP ... ");
-			perfomLocalAuthentication(request, response, target);
+			if (idp.isPerformLocalAuthenticationOnInterfederationError())
+				perfomLocalAuthentication(request, response, target);
+			
+			else
+				throw new AuthenticationException("auth.29", new String[]{target.getRequestedIDP()});
 		}
 	}
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index de58c34a1..87a63a8a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -115,10 +115,7 @@ public class PVPConfiguration {
 			//generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig();
 			props = AuthConfigurationProviderFactory.getInstance().getGeneralPVP2ProperiesConfig();
 			rootDir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir();				
-			
-			//load PVP2X metadata for all active online applications
-			MOAMetadataProvider.getInstance();
-			
+						
 		} catch (ConfigurationException e) {
 			e.printStackTrace();
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 389b9825f..824c9be0b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -26,14 +26,11 @@ import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Collections;
-import java.util.Date;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
-import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.Timer;
 
 import javax.net.ssl.SSLHandshakeException;
@@ -49,7 +46,6 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
-import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider.Observer;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
 
@@ -74,7 +70,6 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
 
 	private static MOAMetadataProvider instance = null;
 	private static Object mutex = new Object();
-	private List<ObservableMetadataProvider.Observer> observers;
 	
 	
 	public static MOAMetadataProvider getInstance() {
@@ -338,8 +333,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
 					Logger.warn("MetadataProvider can not be destroyed.");
 				}
 			}
-			
-			this.observers = Collections.emptyList();			
+				
 			instance = null;
 		} else {
 			Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
@@ -348,14 +342,12 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
 	
 	private MOAMetadataProvider() {
 		ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
-		this.observers = new CopyOnWriteArrayList<Observer>();
 		
 		Logger.info("Loading metadata");		
 		Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
 		try {
-			//TODO: database search does not work!!!!!
 			Map<String, String> allOAs = AuthConfigurationProviderFactory.getInstance().getConfigurationWithWildCard(
-					MOAIDConfigurationConstants.PREFIX_SERVICES 
+					MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES 
 					+ ".%." 
 					+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
 			
@@ -373,7 +365,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
 				
 						try {
 							String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-							if (MiscUtil.isNotEmpty(certBase64) || MiscUtil.isNotEmpty(metadataurl)) {
+							if (MiscUtil.isNotEmpty(certBase64) && MiscUtil.isNotEmpty(metadataurl)) {
 								byte[] cert = Base64Utils.decode(certBase64, false);
 								
 								
@@ -543,14 +535,53 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
 		return internalProvider.getMetadata();
 	}
 
-	public EntitiesDescriptor getEntitiesDescriptor(String name)
+	public EntitiesDescriptor getEntitiesDescriptor(String entitiesID)
 			throws MetadataProviderException {
-		return internalProvider.getEntitiesDescriptor(name);
+		EntitiesDescriptor entitiesDesc = null;
+		try {
+			entitiesDesc = internalProvider.getEntitiesDescriptor(entitiesID);
+		
+			if (entitiesDesc == null) {
+				Logger.debug("Can not find PVP metadata for entityID: " + entitiesID 
+						+ " Start refreshing process ...");
+				if (refreshMetadataProvider(entitiesID))
+					return internalProvider.getEntitiesDescriptor(entitiesID);
+									
+			}			
+			
+		} catch (MetadataProviderException e) {
+			Logger.debug("Can not find PVP metadata for entityID: " + entitiesID 
+					+ " Start refreshing process ...");
+			if (refreshMetadataProvider(entitiesID))
+				return internalProvider.getEntitiesDescriptor(entitiesID);
+			
+		}	
+		
+		return entitiesDesc;
 	}
 
 	public EntityDescriptor getEntityDescriptor(String entityID)
 			throws MetadataProviderException {
-		return internalProvider.getEntityDescriptor(entityID);
+		EntityDescriptor entityDesc = null;
+		try {
+			entityDesc = internalProvider.getEntityDescriptor(entityID);
+			if (entityDesc == null) {
+				Logger.debug("Can not find PVP metadata for entityID: " + entityID 
+						+ " Start refreshing process ...");
+				if (refreshMetadataProvider(entityID))
+					return internalProvider.getEntityDescriptor(entityID);
+									
+			}
+			
+		} catch (MetadataProviderException e) {
+			Logger.debug("Can not find PVP metadata for entityID: " + entityID 
+					+ " Start refreshing process ...");
+			if (refreshMetadataProvider(entityID))
+				return internalProvider.getEntityDescriptor(entityID);
+			
+		}
+		
+		return entityDesc;
 	}
 
 	public List<RoleDescriptor> getRole(String entityID, QName roleName)
-- 
cgit v1.2.3