From bb1b12ac5b240629e16ea1c7a50891e99f4adc14 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 27 Aug 2015 11:32:05 +0200 Subject: Use test- and productive TrustStore configurations in one IDP instance - every service configuration could select its preferred TrustStore --- .../moa/id/auth/AuthenticationServer.java | 118 ++++++++++----------- .../moa/id/config/auth/AuthConfiguration.java | 6 +- .../moa/id/config/auth/IOAAuthParameters.java | 3 + .../moa/id/config/auth/OAAuthParameter.java | 26 +++++ .../PropertyBasedAuthConfigurationProvider.java | 54 +++++++++- .../config/auth/data/DynamicOAAuthParameters.java | 18 ++++ 6 files changed, 161 insertions(+), 64 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 63bdab919..e2b0f78a5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -353,7 +353,7 @@ public class AuthenticationServer extends MOAIDAuthConstants { // builds a for a call of MOA-SP Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() .build(identityLink, authConf - .getMoaSpIdentityLinkTrustProfileID()); + .getMoaSpIdentityLinkTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseIDLTestTrustStore())); // invokes the call Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() @@ -586,63 +586,63 @@ public class AuthenticationServer extends MOAIDAuthConstants { return createXMLSignatureRequest; } - /** - * Processes an <CreateXMLSignatureResponse> sent by the - * security layer implementation.
- * - * - * @param sessionID ID of associated authentication session data - * @param createXMLSignatureResponseParameters The parameters from the response returned from the BKU - * including the <CreateXMLSignatureResponse> - * @throws BKUException - */ - public X509Certificate verifyXMLSignature(String sessionID, - Map createXMLSignatureResponseParameters) - throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ValidateException, ServiceException, BKUException { - - if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[]{ - REQ_GET_FOREIGN_ID, PARAM_SESSIONID}); - - String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters - .get(PARAM_XMLRESPONSE); - - if (isEmpty(xmlCreateXMLSignatureResponse)) - throw new AuthenticationException("auth.10", new Object[]{ - REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE}); - - AuthConfiguration authConf = AuthConfigurationProviderFactory - .getInstance(); - - // parses the - CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser( - xmlCreateXMLSignatureResponse); - CreateXMLSignatureResponse createXMLSignatureResponse = p - .parseResponseDsig(); - - // builds a for a call of MOA-SP - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() - .buildDsig(createXMLSignatureResponse, authConf - .getMoaSpAuthBlockTrustProfileID()); - - // invokes the call - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() - .verifyXMLSignature(domVerifyXMLSignatureRequest); - - // parses the - VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( - domVerifyXMLSignatureResponse).parseData(); - - return verifyXMLSignatureResponse.getX509certificate(); - - } +// /** +// * Processes an <CreateXMLSignatureResponse> sent by the +// * security layer implementation.
+// *
    +// *
  • Validates given <CreateXMLSignatureResponse>
    • +// *
  • Parses response enclosed in +// * <CreateXMLSignatureResponse>
    • +// *
  • Verifies signature by calling the MOA SP component
    • +// *
  • Returns the signer certificate
    • +// *
+// * +// * @param sessionID ID of associated authentication session data +// * @param createXMLSignatureResponseParameters The parameters from the response returned from the BKU +// * including the <CreateXMLSignatureResponse> +// * @throws BKUException +// */ +// public X509Certificate verifyXMLSignature(String sessionID, +// Map createXMLSignatureResponseParameters) +// throws AuthenticationException, BuildException, ParseException, +// ConfigurationException, ValidateException, ServiceException, BKUException { +// +// if (isEmpty(sessionID)) +// throw new AuthenticationException("auth.10", new Object[]{ +// REQ_GET_FOREIGN_ID, PARAM_SESSIONID}); +// +// String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters +// .get(PARAM_XMLRESPONSE); +// +// if (isEmpty(xmlCreateXMLSignatureResponse)) +// throw new AuthenticationException("auth.10", new Object[]{ +// REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE}); +// +// AuthConfiguration authConf = AuthConfigurationProviderFactory +// .getInstance(); +// +// // parses the +// CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser( +// xmlCreateXMLSignatureResponse); +// CreateXMLSignatureResponse createXMLSignatureResponse = p +// .parseResponseDsig(); +// +// // builds a for a call of MOA-SP +// Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() +// .buildDsig(createXMLSignatureResponse, authConf +// .getMoaSpAuthBlockTrustProfileID()); +// +// // invokes the call +// Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() +// .verifyXMLSignature(domVerifyXMLSignatureRequest); +// +// // parses the +// VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( +// domVerifyXMLSignatureResponse).parseData(); +// +// return verifyXMLSignatureResponse.getX509certificate(); +// +// } /** * Processes an <CreateXMLSignatureResponse> sent by the @@ -1122,7 +1122,7 @@ public class AuthenticationServer extends MOAIDAuthConstants { // builds a for a MOA-SPSS call List vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); - String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); + String tpid = authConf.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore()); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); // debug output diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java index d8f1a28c5..c98a7d537 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java @@ -35,7 +35,7 @@ public interface AuthConfiguration extends ConfigurationProvider{ public OAAuthParameter getOnlineApplicationParameter(String oaURL); - public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException; + public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException; public List getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException; @@ -44,8 +44,8 @@ public interface AuthConfiguration extends ConfigurationProvider{ public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException; public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException; - - public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException; + + public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException; public List getTransformsInfos() throws ConfigurationException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java index 92d0856ba..b68f42086 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java @@ -188,6 +188,9 @@ public interface IOAAuthParameters { List getTestCredentialOIDs(); + boolean isUseIDLTestTrustStore(); + boolean isUseAuthBlockTestTestStore(); + PrivateKey getBPKDecBpkDecryptionKey(); /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 8f3091e42..fdd125156 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -888,4 +888,30 @@ public List getReversionsLoggingEventCodes() { return null; } + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseIDLTestTrustStore() + */ +@Override +public boolean isUseIDLTestTrustStore() { + String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_USETESTIDLTRUSTSTORE); + if (MiscUtil.isNotEmpty(value)) + return Boolean.parseBoolean(value); + else + return false; +} + + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseAuthBlockTestTestStore() + */ +@Override +public boolean isUseAuthBlockTestTestStore() { + String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_USETESTAUTHBLOCKTRUSTSTORE); + if (MiscUtil.isNotEmpty(value)) + return Boolean.parseBoolean(value); + else + return false; +} + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index cb9ac890d..702cd3ce3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -334,7 +334,14 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return a string with a url-reference to the VerifyAuthBlock trust profile ID. * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}. */ - public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException { + public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException { + if (useTestTrustStore) + return getMoaSpAuthBlockTestTrustProfileID(); + else + return getMoaSpAuthBlockTrustProfileID(); + } + + private String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException { try { return configuration.getStringValue( MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD); @@ -344,7 +351,39 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide return null; } } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getMoaSpAuthBlockTestTrustProfileID() + */ + private String getMoaSpAuthBlockTestTrustProfileID() + throws ConfigurationException { + try { + return configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_TEST); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Test-AuthBlock validation trustprofile can not be read from configuration.", e); + return null; + } + } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getMoaSpIdentityLinkTestTrustProfileID() + */ + private String getMoaSpIdentityLinkTestTrustProfileID() + throws ConfigurationException { + try { + return configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_TEST); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Test-IdentityLink validation trustprofile can not be read from configuration.", e); + return null; + } + } + + /** * Returns a list of strings with references to all verify transform info IDs within the moa-sp part of the authentication component. * @@ -446,7 +485,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return String with a url-reference to the VerifyIdentityLink trust profile ID * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link VerifyIdentityLink}. */ - public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException { + private String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException { try { return configuration.getStringValue( MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD); @@ -1060,4 +1099,15 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide return null; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getMoaSpIdentityLinkTrustProfileID(boolean) + */ + @Override + public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) + throws ConfigurationException { + if (useTestTrustStore) + return getMoaSpIdentityLinkTestTrustProfileID(); + else + return getMoaSpIdentityLinkTrustProfileID(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index e59ac827b..386e04f45 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -468,4 +468,22 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ // TODO Auto-generated method stub return null; } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseIDLTestTrustStore() + */ + @Override + public boolean isUseIDLTestTrustStore() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseAuthBlockTestTestStore() + */ + @Override + public boolean isUseAuthBlockTestTestStore() { + // TODO Auto-generated method stub + return false; + } } -- cgit v1.2.3