From da0174d3b037468d243fad688ca1fd91c2049d24 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 16 Oct 2018 08:07:10 +0200 Subject: update third party libs to solve incompatibility with JDK11 --- .../at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java index 8d36e81bb..5149186f6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java @@ -36,7 +36,7 @@ import org.springframework.dao.DataAccessException; import org.springframework.data.redis.core.RedisOperations; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.data.redis.core.SessionCallback; -import org.springframework.data.redis.serializer.JacksonJsonRedisSerializer; +import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer; import org.springframework.stereotype.Service; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; @@ -58,7 +58,7 @@ public class RedisTransactionStorage implements ITransactionStorage { protected AuthConfiguration authConfig; @Autowired - private JacksonJsonRedisSerializer assertionStoreSerializer; + private GenericJackson2JsonRedisSerializer assertionStoreSerializer; public RedisTemplate getTemplate(){ return this.redisTemplate; -- cgit v1.2.3 From f9cdab97942aac748915cd07c32669f37de57500 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 4 Feb 2019 07:56:51 +0100 Subject: update Spring Redis Backend --- .../gv/egovernment/moa/id/storage/RedisTransactionStorage.java | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java index 5149186f6..df43316ca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java @@ -36,7 +36,7 @@ import org.springframework.dao.DataAccessException; import org.springframework.data.redis.core.RedisOperations; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.data.redis.core.SessionCallback; -import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer; +import org.springframework.data.redis.serializer.RedisSerializer; import org.springframework.stereotype.Service; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; @@ -58,7 +58,7 @@ public class RedisTransactionStorage implements ITransactionStorage { protected AuthConfiguration authConfig; @Autowired - private GenericJackson2JsonRedisSerializer assertionStoreSerializer; + private RedisSerializer assertionStoreSerializer; public RedisTemplate getTemplate(){ return this.redisTemplate; @@ -69,10 +69,11 @@ public class RedisTransactionStorage implements ITransactionStorage { } public boolean containsKey(String key) { + try { searchInDatabase(key); return true; - + } catch (MOADatabaseException e) { return false; } @@ -371,7 +372,7 @@ public void putRaw(String key, Object element) throws EAAFException { + " found. Process gets stopped."); } - redisTemplate.opsForValue().set(as.getArtifact(), new String(assertionStoreSerializer.serialize(element)),expTime,TimeUnit.MILLISECONDS); + redisTemplate.opsForValue().set(as.getArtifact(), new String(assertionStoreSerializer.serialize(as)),expTime,TimeUnit.MILLISECONDS); } -- cgit v1.2.3 From f24d03991c8ada1bfb9e402b04d68cf01906cbee Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 4 Feb 2019 07:58:24 +0100 Subject: move code for Cookie management into CookieUtils.java --- .../gv/egovernment/moa/id/moduls/SSOManager.java | 72 +++++++++++----------- .../at/gv/egovernment/moa/id/util/CookieUtils.java | 37 +++++++++++ 2 files changed, 73 insertions(+), 36 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index b5005d0c9..2b550f21e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -26,7 +26,6 @@ import java.util.Date; import java.util.Map; import java.util.Map.Entry; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -59,6 +58,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.CookieUtils; import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -329,12 +329,12 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf } else { //check if IDP cookie is set - String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION); + String cookie = CookieUtils.getValueFromCookie(httpReq, SSOINTERFEDERATION); if (MiscUtil.isNotEmpty(cookie)) { Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie); moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, cookie); - deleteCookie(httpReq, httpResp, SSOINTERFEDERATION); + CookieUtils.deleteCookie(httpReq, httpResp, SSOINTERFEDERATION); } } @@ -345,7 +345,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf } public void setInterfederationIDPCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String value) { - setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE); + CookieUtils.setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE); } @@ -443,7 +443,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf public String getSSOSessionID(HttpServletRequest httpReq) { - return getValueFromCookie(httpReq, SSOCOOKIE); + return CookieUtils.getValueFromCookie(httpReq, SSOCOOKIE); } @@ -510,43 +510,43 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf private void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) { - setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1); + CookieUtils.setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1); } private void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) { - deleteCookie(httpReq, httpResp, SSOCOOKIE); + CookieUtils.deleteCookie(httpReq, httpResp, SSOCOOKIE); } - private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { - Cookie[] cookies = httpReq.getCookies(); - - if (cookies != null) { - for (Cookie cookie : cookies) { - if (cookie.getName().equals(cookieName)) { - return cookie.getValue(); - } - } - } - return null; - } - - private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, - String cookieName, String cookieValue, int maxAge) { - - Cookie cookie = new Cookie(cookieName, cookieValue); - cookie.setMaxAge(maxAge); - cookie.setSecure(true); - cookie.setHttpOnly(true); - cookie.setPath(httpReq.getContextPath()); - - httpResp.addCookie(cookie); - } - - private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { - setCookie(httpReq, httpResp, cookieName, "", 0); - - } +// private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { +// Cookie[] cookies = httpReq.getCookies(); +// +// if (cookies != null) { +// for (Cookie cookie : cookies) { +// if (cookie.getName().equals(cookieName)) { +// return cookie.getValue(); +// } +// } +// } +// return null; +// } +// +// private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, +// String cookieName, String cookieValue, int maxAge) { +// +// Cookie cookie = new Cookie(cookieName, cookieValue); +// cookie.setMaxAge(maxAge); +// cookie.setSecure(true); +// cookie.setHttpOnly(true); +// cookie.setPath(httpReq.getContextPath()); +// +// httpResp.addCookie(cookie); +// } +// +// private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { +// setCookie(httpReq, httpResp, cookieName, "", 0); +// +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java new file mode 100644 index 000000000..21cbd574f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.util; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +public class CookieUtils { + public static String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { + Cookie[] cookies = httpReq.getCookies(); + + if (cookies != null) { + for (Cookie cookie : cookies) { + if (cookie.getName().equals(cookieName)) { + return cookie.getValue(); + } + } + } + return null; + } + + public static void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, + String cookieName, String cookieValue, int maxAge) { + + Cookie cookie = new Cookie(cookieName, cookieValue); + cookie.setMaxAge(maxAge); + cookie.setSecure(true); + cookie.setHttpOnly(true); + cookie.setPath(httpReq.getContextPath()); + + httpResp.addCookie(cookie); + } + + public static void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { + setCookie(httpReq, httpResp, cookieName, "", 0); + + } +} -- cgit v1.2.3 From 9ddeacf32976d14c3f2f70ec446262998eb8a68e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 4 Feb 2019 08:00:14 +0100 Subject: add code for eID4U attribute collection --- .../tasks/GenericFrontChannelRedirectTask.java | 66 ++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java new file mode 100644 index 000000000..e19d40773 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java @@ -0,0 +1,66 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.internal.tasks; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Component("GenericFrontChannelRedirectTask") +public class GenericFrontChannelRedirectTask extends AbstractAuthServletTask { + + @Autowired IGUIFormBuilder guiBuilder; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + //perform redirect to itself to get out from BKU communication + Logger.trace("Perform generic 'http Redirect' to MOA-ID ... "); + performRedirectToItself(pendingReq, response, GeneralProcessEngineSignalController.ENDPOINT_GENERIC); + + } catch (Exception e) { + Logger.info("Generic redirect to MOA-ID: General Exception. Msg:" + e.getMessage()); + throw new TaskExecutionException(pendingReq, "MOA-ID-Auth: General Exception.", e); + + } + + } + +} -- cgit v1.2.3 From a917335ea69ab857f00bd17679e259fcc215cad9 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 4 Feb 2019 08:58:10 +0100 Subject: update SSLUtils to use default JVM trustStore for SSL connections as optional --- .../moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java | 4 +++- .../moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java | 4 +++- .../src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java | 11 +++++++++++ 3 files changed, 17 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 1fa17c683..4fc37d88f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -145,7 +145,9 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider { try { //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java index d7ada1f36..bd908f894 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java @@ -75,7 +75,9 @@ public class MOASAMLSOAPClient { //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 SecureProtocolSocketFactory sslprotocolsocketfactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, + PVPConstants.SSLSOCKETFACTORYNAME, + AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(), null, AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index 611dff3b1..6bf44a527 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -61,6 +61,7 @@ import javax.net.ssl.SSLSocketFactory; import org.apache.regexp.RE; import org.apache.regexp.RESyntaxException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; @@ -93,6 +94,10 @@ public class SSLUtils { ConfigurationProvider conf, String url ) throws IOException, GeneralSecurityException, ConfigurationException, PKIException { + boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, + false); + // else create new SSLSocketFactory String trustStoreURL = conf.getTrustedCACertificates(); @@ -107,6 +112,7 @@ public class SSLUtils { try { SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( url, + useStandardJavaTrustStore, null, trustStoreURL, acceptedServerCertURL, @@ -148,6 +154,10 @@ public class SSLUtils { ConnectionParameterInterface connParam) throws IOException, GeneralSecurityException, ConfigurationException, PKIException { + boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, + false); + // else create new SSLSocketFactory String trustStoreURL = conf.getTrustedCACertificates(); @@ -162,6 +172,7 @@ public class SSLUtils { try { SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( connParam.getUrl(), + useStandardJavaTrustStore, null, trustStoreURL, acceptedServerCertURL, -- cgit v1.2.3 From f00f82ec9f0f1e4210d17b857cab44e49357daca Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 12 Feb 2019 12:32:20 +0100 Subject: add Log messages --- .../main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java | 1 + .../java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index 0285dd75b..14a2b583b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -105,6 +105,7 @@ public class LogOutServlet { } catch (Exception e) { resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed."); + Logger.warn("Requested URL is not in PublicPrefix Configuration"); return; } finally { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index e5a8bb739..478462adb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -86,7 +86,8 @@ public class RedirectServlet { List allowedPublicUrlPrefixes = authConfig.getPublicURLPrefix(); if ((oa == null && !checkRedirectToItself(url, allowedPublicUrlPrefixes)) - || !authConfig.getPublicURLPrefix().contains(authURL)) { + || !authConfig.getPublicURLPrefix().contains(authURL)) { + Logger.warn("Requested URL " + authURL + " is not in PublicPrefix Configuration"); resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); return; -- cgit v1.2.3 From ffb4fc9f4ff9e1779ae4da8017fc686881a3e8ae Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 18 Feb 2019 08:30:49 +0100 Subject: add 'Austrian eID' demo-mode to simulate attribute behavior from 2020 --- .../id/auth/builder/AuthenticationDataBuilder.java | 49 ++ .../id/config/auth/OAAuthParameterDecorator.java | 24 + .../config/auth/data/DynamicOAAuthParameters.java | 7 +- .../gv/egovernment/moa/id/data/IMOAAuthData.java | 6 + .../moa/id/data/MOAAuthenticationData.java | 658 +-------------------- .../attributes/BPKListAttributeBuilder.java | 52 ++ .../protocols/builder/attributes/EIDAuthBlock.java | 8 + .../MandateFullMandateAttributeBuilder.java | 10 +- .../attributes/SimpleStringAttributeGenerator.java | 68 +++ 9 files changed, 237 insertions(+), 645 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 3e6308bf6..c58f19333 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -75,6 +75,7 @@ import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; @@ -212,6 +213,18 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder try { //generate basic authentication data generateBasicAuthData(authData, protocolRequest, session); + + //set Austrian eID demo-mode flag + authData.setIseIDNewDemoMode(Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))); + + if (authData.isIseIDNewDemoMode()) { + Logger.info("Demo-mode for 'New Austrian eID' is active. Set 'BaseIDTransferRestrication' to true"); + authData.setBaseIDTransferRestrication(true); + + } // #### generate MOA-ID specific authentication data ###### @@ -521,6 +534,26 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder //build foreign bPKs generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested()); + + if (Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))) { + Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... "); + + //build additional bPKs + Logger.debug("Search for additional bPKs"); + generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested()); + + Logger.debug("Clearing identitylink ... "); + authData.setIdentityLink(null); + + Logger.debug("Clearing authBlock ... "); + authData.setAuthBlock(null); + + Logger.info("Post-Processing for Austrian eID finished"); + } + //#################################################################### //copy all generic authentication information, which are not processed before to authData Iterator copyInterator = includedToGenericAuthData.iterator(); @@ -827,4 +860,20 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } + private void generateAdditonalbPK(MOAAuthenticationData authData, List additionalbPKSectorsRequested) throws EAAFBuilderException { + if (additionalbPKSectorsRequested != null && !additionalbPKSectorsRequested.isEmpty()) { + Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + for (String sector : additionalbPKSectorsRequested) { + Logger.trace("Process sector: " + sector + " ... "); + Pair bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( + authData.getIdentificationValue(), + authData.getIdentificationType(), + sector); + + Logger.trace("Calculate additional bPK for sector: " + bpk.getSecond() + " with value: " + bpk.getFirst() ); + authData.addAdditionalbPKPair(bpk); + + } + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java index a2dfeba2f..ab2a07f7c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java @@ -263,6 +263,19 @@ public String getKeyBoxIdentifier() { returnValue.setProvideAllErrors( Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR))); + if (Boolean.parseBoolean( + spConfiguration.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))) { + Logger.info("Demo-mode for 'New Austrian eID' is active. Restrict SAML1 response ... "); + returnValue.setProvideBaseId(false); + returnValue.setProvideAuthBlock(false); + returnValue.setProvideIdl(false); + returnValue.setProvideMandate(false); + + } + + return returnValue; } @@ -920,6 +933,16 @@ public List foreignbPKSectorsRequested() { } +@Override +public List additionalbPKSectorsRequested() { + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS); + if (MiscUtil.isNotEmpty(value)) + return KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(value)); + + else + return null; + +} @Override @@ -1002,4 +1025,5 @@ public boolean isConfigurationValue(String key, boolean defaultValue) { } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index 390b77dab..1b2d203c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -540,6 +540,12 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ return null; } + @Override + public List additionalbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + @Override public boolean containsConfigurationKey(String arg0) { // TODO Auto-generated method stub @@ -593,6 +599,5 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ public String getLoAMatchingMode() { return EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM; } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java index ff4b96aab..415f4db18 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java @@ -35,4 +35,10 @@ public interface IMOAAuthData extends IAuthData{ String getPvpAttribute_OU(); List getAuthenticationRoles(); + /** + * Indicate Austrian eID demo-mode + * + * @return true if it is in demo-mode, otherwise false + */ + public boolean isIseIDNewDemoMode(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java index ca0ae0687..c1545f354 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java @@ -69,6 +69,8 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut private LoALevelMapper loaMapper; + private boolean iseIDNewDemoMode = false; + public MOAAuthenticationData(ILoALevelMapper loaMapper) { if (loaMapper instanceof LoALevelMapper) this.loaMapper = (LoALevelMapper) loaMapper; @@ -321,648 +323,18 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut public void setQualifiedCertificate(boolean qualifiedCertificate) { this.qualifiedCertificate = qualifiedCertificate; } - - -// private static final long serialVersionUID = -1042697056735596866L; -// public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; -// -// /** -// * URL of the MOA-ID Auth component issueing this assertion -// */ -// private String issuer; -// /** -// * time instant of issue of this assertion -// */ -// private Date issueInstant; -// /** -// * user identification value (Stammzahl); null, -// * if the authentication module is configured not to return this data -// */ -// private String identificationValue; -// /** -// * user identification type -// */ -// private String identificationType; -// -// /** -// * user identityLink specialized to OAParamter -// */ -// private IIdentityLink identityLink; -// -// /** -// * application specific user identifier (bPK/wbPK) -// */ -// private String bPK; -// -// /** -// * application specific user identifier type -// */ -// private String bPKType; -// -// /** -// * given name of the user -// */ -// private String givenName; -// /** -// * family name of the user -// */ -// private String familyName; -// /** -// * date of birth of the user -// */ -// private Date dateOfBirth; -// /** -// * says whether the certificate is a qualified certificate or not -// */ -// -// /** -// * says whether the certificate is a public authority or not -// */ -// /** -// * public authority code (Behördenkennzeichen - BKZ) -// */ -// -// -// /** -// * URL of the BKU -// */ -// -// /** -// * the corresponding lt;saml:Assertion> -// */ -// -// private boolean isBaseIDTransferRestrication = true; -// -// -// /** -// * STORK attributes from response -// */ -// private String ccc = null; -// -// private Map genericDataStorate = new HashedMap(); -// -// -// -// private String authBlock = null; -// private List encbPKList = null; -// -// //ISA 1.18 attributes -// private List roles = null; -// private String pvpAttribute_OU = null; -// -// private boolean useMandate = false; -// private IMISMandate mandate = null; -// private String mandateReferenceValue = null; -// -// private boolean foreigner =false; -// private String QAALevel = null; -// -// private boolean ssoSession = false; -// private Date ssoSessionValidTo = null; -// -//// private boolean interfederatedSSOSession = false; -//// private String interfederatedIDP = null; -// -// private String sessionIndex = null; -// private String nameID = null; -// private String nameIDFormat = null; -// -// public AuthenticationData() { -// issueInstant = new Date(); -// } -// -// /** -// * Returns the publicAuthority. -// * @return boolean -// */ -// public boolean isPublicAuthority() { -// return publicAuthority; -// } -// -// /** -// * Returns the publicAuthorityCode. -// * @return String -// */ -// public String getPublicAuthorityCode() { -// return publicAuthorityCode; -// } -// -// /** -// * Returns the qualifiedCertificate. -// * @return boolean -// */ -// public boolean isQualifiedCertificate() { -// return qualifiedCertificate; -// } -// -// /** -// * Returns the bPK. -// * @return String -// */ -// public String getBPK() { -// return bPK; -// } -// -// /** -// * Sets the publicAuthority. -// * @param publicAuthority The publicAuthority to set -// */ -// public void setPublicAuthority(boolean publicAuthority) { -// this.publicAuthority = publicAuthority; -// } -// -// /** -// * Sets the publicAuthorityCode. -// * @param publicAuthorityIdentification The publicAuthorityCode to set -// */ -// public void setPublicAuthorityCode(String publicAuthorityIdentification) { -// this.publicAuthorityCode = publicAuthorityIdentification; -// } -// -// /** -// * Sets the qualifiedCertificate. -// * @param qualifiedCertificate The qualifiedCertificate to set -// */ -// public void setQualifiedCertificate(boolean qualifiedCertificate) { -// this.qualifiedCertificate = qualifiedCertificate; -// } -// -// /** -// * Sets the bPK. -// * @param bPK The bPK to set -// */ -// public void setBPK(String bPK) { -// this.bPK = bPK; -// } -// -// /** -// * Returns the dateOfBirth. -// * @return String -// */ -// public Date getDateOfBirth() { -// return dateOfBirth; -// } -// -// public String getFormatedDateOfBirth() { -// DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); -// if (getDateOfBirth() != null) -// return pvpDateFormat.format(getDateOfBirth()); -// else -// return "2999-12-31"; -// } -// -// /** -// * Returns the familyName. -// * @return String -// */ -// public String getFamilyName() { -// return familyName; -// } -// -// /** -// * Returns the givenName. -// * @return String -// */ -// public String getGivenName() { -// return givenName; -// } -// -// /** -// * Holds the baseID of a citizen -// * -// * @return baseID -// */ -// public String getIdentificationValue() { -// return identificationValue; -// } -// -// /** -// * Holds the type of the baseID -// * -// * @return baseID-Type -// */ -// public String getIdentificationType() { -// return identificationType; -// } -// -// /** -// * Returns the issueInstant. -// * @return String -// */ -// public String getIssueInstantString() { -// return DateTimeUtils.buildDateTimeUTC(issueInstant); -// -// } -// -// /** -// * Returns the issueInstant. -// * @return String -// */ -// public Date getIssueInstant() { -// return issueInstant; -// -// } -// -// public void setIssueInstant(Date date) { -// this.issueInstant = date; -// } -// -// /** -// * Returns the issuer. -// * @return String -// */ -// public String getIssuer() { -// return issuer; -// } -// -// /** -// * Returns the BKU URL. -// * @return String -// */ -// public String getBkuURL() { -// return bkuURL; -// } -// -// /** -// * Sets the dateOfBirth. -// * @param dateOfBirth The dateOfBirth to set -// */ -// public void setDateOfBirth(Date dateOfBirth) { -// this.dateOfBirth = dateOfBirth; -// } -// -// public void setDateOfBirth(String dateOfBirth) { -// try { -// if (MiscUtil.isNotEmpty(dateOfBirth)) { -// DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); -// this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); -// } -// -// } catch (ParseException e) { -// Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e); -// -// } -// } -// -// /** -// * Sets the familyName. -// * @param familyName The familyName to set -// */ -// public void setFamilyName(String familyName) { -// this.familyName = familyName; -// } -// -// /** -// * Sets the givenName. -// * @param givenName The givenName to set -// */ -// public void setGivenName(String givenName) { -// this.givenName = givenName; -// } -// -// /** -// * Sets the identificationValue. -// * @param identificationValue The identificationValue to set -// */ -// public void setIdentificationValue(String identificationValue) { -// this.identificationValue = identificationValue; -// } -// -// /** -// * Sets the identificationType. -// * @param identificationType The identificationType to set -// */ -// public void setIdentificationType(String identificationType) { -// this.identificationType = identificationType; -// } -// -// /** -// * Sets the issuer. -// * @param issuer The issuer to set -// */ -// public void setIssuer(String issuer) { -// this.issuer = issuer; -// } -// -// /** -// * Sets the bkuURL -// * @param url The BKU URL to set -// */ -// public void setBkuURL(String url) { -// this.bkuURL = url; -// } -// -// public String getBPKType() { -// return bPKType; -// } -// -// public void setBPKType(String bPKType) { -// this.bPKType = bPKType; -// } -// - -// -// - -// -// -// public String getEIDASQAALevel() { -// if (this.QAALevel != null && -// this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) { -// String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel); -// if (MiscUtil.isNotEmpty(mappedQAA)) -// return mappedQAA; -// -// else { -// Logger.error("STORK QAA-level:" + this.QAALevel -// + " can not be mapped to eIDAS QAA-level! Use " -// + PVPConstants.EIDAS_QAA_LOW + " as default value."); -// return PVPConstants.EIDAS_QAA_LOW; -// -// } -// -// -// } else -// return this.QAALevel; -// -// } -// -// -// /** -// * @return -// */ -// public boolean isForeigner() { -// return this.foreigner; -// } -// -// -// /** -// * @param foreigner the foreigner to set -// */ -// public void setForeigner(boolean foreigner) { -// this.foreigner = foreigner; -// } -// -// - -// -// /** -// * @return the ssoSession -// */ -// public boolean isSsoSession() { -// return ssoSession; -// } -// -// -// /** -// * @param ssoSession the ssoSession to set -// */ -// public void setSsoSession(boolean ssoSession) { -// this.ssoSession = ssoSession; -// } -// -// /** -// * @return the mandateReferenceValue -// */ -// public String getMandateReferenceValue() { -// return mandateReferenceValue; -// } -// -// /** -// * @param mandateReferenceValue the mandateReferenceValue to set -// */ -// public void setMandateReferenceValue(String mandateReferenceValue) { -// this.mandateReferenceValue = mandateReferenceValue; -// } -// -// /** -// * CountryCode of the citizen which is identified and authenticated -// * -// * @return the CountryCode 
like. AT, SI, ...
-// */ -// public String getCcc() { -// return ccc; -// } -// -// /** -// * @param ccc the ccc to set -// */ -// public void setCcc(String ccc) { -// this.ccc = ccc; -// } -// -// /** -// * @return the sessionIndex -// */ -// public String getSessionIndex() { -// return sessionIndex; -// } -// -// /** -// * @param sessionIndex the sessionIndex to set -// */ -// public void setSessionIndex(String sessionIndex) { -// this.sessionIndex = sessionIndex; -// } -// -// /* (non-Javadoc) -// * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID() -// */ -// @Override -// public String getNameID() { -// return this.nameID; -// } -// -// /** -// * @param nameID the nameID to set -// */ -// public void setNameID(String nameID) { -// this.nameID = nameID; -// } -// -// /** -// * @return the nameIDFormat -// */ -// public String getNameIDFormat() { -// return nameIDFormat; -// } -// -// /** -// * @param nameIDFormat the nameIDFormat to set -// */ -// public void setNameIDFormat(String nameIDFormat) { -// this.nameIDFormat = nameIDFormat; -// } -// -//// /** -//// * @return the interfederatedSSOSession -//// */ -//// public boolean isInterfederatedSSOSession() { -//// return interfederatedSSOSession; -//// } -//// -//// /** -//// * @param interfederatedSSOSession the interfederatedSSOSession to set -//// */ -//// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { -//// this.interfederatedSSOSession = interfederatedSSOSession; -//// } -//// -//// /** -//// * @return the interfederatedIDP -//// */ -//// public String getInterfederatedIDP() { -//// return interfederatedIDP; -//// } -//// -//// /** -//// * @param interfederatedIDP the interfederatedIDP to set -//// */ -//// public void setInterfederatedIDP(String interfederatedIDP) { -//// this.interfederatedIDP = interfederatedIDP; -//// } -// -// /** -// * @return the ssoSessionValidTo -// */ -// public Date getSsoSessionValidTo() { -// return ssoSessionValidTo; -// } -// -// /** -// * @param ssoSessionValidTo the ssoSessionValidTo to set -// */ -// public void setSsoSessionValidTo(Date ssoSessionValidTo) { -// this.ssoSessionValidTo = ssoSessionValidTo; -// } -// -// /** -// * @return the encbPKList -// */ -// public List getEncbPKList() { -// return encbPKList; -// } -// -// /** -// * @param encbPKList the encbPKList to set -// */ -// public void setEncbPKList(List encbPKList) { -// this.encbPKList = encbPKList; -// } -// -// /** -// * @return the roles -// */ -// public List getAuthenticationRoles() { -//// if (this.roles == null) { -//// this.roles = new ArrayList(); -//// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole")); -//// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole")); -//// } -// -// return roles; -// } -// -// //ISA 1.18 attributes -// /** -// * @param roles the roles to set -// */ -// public void addAuthenticationRole(AuthenticationRole role) { -// if (this.roles == null) -// this.roles = new ArrayList(); -// -// this.roles.add(role); -// } -// -// /** -// * @return the pvpAttribute_OU -// */ -// public String getPvpAttribute_OU() { -// return pvpAttribute_OU; -// } -// -// /** -// * @param pvpAttribute_OU the pvpAttribute_OU to set -// */ -// public void setPvpAttribute_OU(String pvpAttribute_OU) { -// this.pvpAttribute_OU = pvpAttribute_OU; -// } -// -// /* (non-Javadoc) -// * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService() -// */ -// @Override -// public boolean isBaseIDTransferRestrication() { -// return isBaseIDTransferRestrication; -// } -// -// /** -// * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set -// */ -// public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) { -// this.isBaseIDTransferRestrication = isBaseIDTransferRestrication; -// } -// -// /** -// * Returns a generic data-object with is stored with a specific identifier -// * -// * @param key The specific identifier of the data object -// * @param clazz The class type which is stored with this key -// * @return The data object or null if no data is found with this key -// */ -// public T getGenericData(String key, final Class clazz) { -// if (MiscUtil.isNotEmpty(key)) { -// Object data = genericDataStorate.get(key); -// -// if (data == null) -// return null; -// -// try { -// @SuppressWarnings("unchecked") -// T test = (T) data; -// return test; -// -// } catch (Exception e) { -// Logger.warn("Generic authentication-data object can not be casted to requsted type", e); -// return null; -// -// } -// -// } -// -// Logger.warn("Can not load generic session-data with key='null'"); -// return null; -// -// } -// -// /** -// * Store a generic data-object to session with a specific identifier -// * -// * @param key Identifier for this data-object -// * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface -// * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage -// */ -// public void setGenericData(String key, Object object) throws SessionDataStorageException { -// if (MiscUtil.isEmpty(key)) { -// Logger.warn("Generic session-data can not be stored with a 'null' key"); -// throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null); -// -// } -// -// if (object != null) { -// if (!Serializable.class.isInstance(object)) { -// Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface"); -// throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null); -// -// } -// } -// -// if (genericDataStorate.containsKey(key)) -// Logger.debug("Overwrite generic data with key:" + key); -// else -// Logger.trace("Add generic data with key:" + key + " to session."); -// -// genericDataStorate.put(key, object); -// } + + + public boolean isIseIDNewDemoMode() { + return iseIDNewDemoMode; + } + + /** + * Set eID demo-mode into AuthData + * @param iseIDNewDemoMode true if it is in demo-mode, otherwise false + */ + public void setIseIDNewDemoMode(boolean iseIDNewDemoMode) { + this.iseIDNewDemoMode = iseIDNewDemoMode; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java new file mode 100644 index 000000000..ec8c7629f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java @@ -0,0 +1,52 @@ + +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; + +@PVPMETADATA +public class BPKListAttributeBuilder extends BPKAttributeBuilder implements IPVPAttributeBuilder { + + private static final Logger log = LoggerFactory.getLogger(BPKListAttributeBuilder.class); + + protected static final String DELIMITER_BPK_LIST = ";"; + + public String getName() { + return BPK_LIST_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + String result = getBpkForSP(authData); + + //add additional bPKs if someone are available + if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) { + log.info("Adding additional bPKs into bPK attribute"); + for (Pair el : authData.getAdditionalbPKs()) { + result += DELIMITER_BPK_LIST + + removeBpkTypePrefix(el.getSecond()) + + DELIMITER_BPKTYPE_BPK + + attrMaxSize(el.getFirst()); + + } + log.trace("Authenticate user with bPK-List: " + result); + } + + log.trace("Authenticate user with bPK/wbPK: " + result); + return g.buildStringAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME, result); + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java index 139bb15cc..a1a5825b3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java @@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@Deprecated @PVPMETADATA public class EIDAuthBlock implements IPVPAttributeBuilder { @@ -49,6 +50,13 @@ public class EIDAuthBlock implements IPVPAttributeBuilder { try { if (authData instanceof IMOAAuthData) { + + if (((IMOAAuthData)authData).isIseIDNewDemoMode()) { + Logger.info(EID_AUTH_BLOCK_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode"); + throw new UnavailableAttributeException(EID_AUTH_BLOCK_NAME); + + } + String authblock = ((IMOAAuthData)authData).getAuthBlock(); if (MiscUtil.isNotEmpty(authblock)) { return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java index a40c0fefb..fb101467a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -48,8 +48,16 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeBuilderException { - if (authData instanceof IMOAAuthData) { + if (authData instanceof IMOAAuthData) { if (((IMOAAuthData)authData).isUseMandate()) { + + if (((IMOAAuthData)authData).isIseIDNewDemoMode()) { + Logger.info(MANDATE_FULL_MANDATE_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode"); + return null; + + } + + //only provide full mandate if it is included. //In case of federation only a short mandate could be include if (((IMOAAuthData)authData).getMandate() != null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java new file mode 100644 index 000000000..5daa71b1f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java @@ -0,0 +1,68 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; + +/** + * @author tlenz + * + */ +public class SimpleStringAttributeGenerator implements IAttributeGenerator { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String) + */ + @Override + public String buildStringAttribute(String friendlyName, String name, String value) { + return value; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int) + */ + @Override + public String buildIntegerAttribute(String friendlyName, String name, int value) { + return String.valueOf(value); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long) + */ + @Override + public String buildLongAttribute(String friendlyName, String name, long value) { + return String.valueOf(value); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String) + */ + @Override + public String buildEmptyAttribute(String friendlyName, String name) { + return null; + } + +} -- cgit v1.2.3 From 19613c89cb1e4680af4dde6c623c42cd00c65f8a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 18 Feb 2019 08:31:36 +0100 Subject: set UTF-8 encoding as default add additional trace logging --- .../at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java | 12 +++--------- .../interceptor/UniqueSessionIdentifierInterceptor.java | 7 ++++++- 2 files changed, 9 insertions(+), 10 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 66093b851..a35b45af2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -63,10 +63,8 @@ public class MOAIDAuthInitializer { */ public static void initialize(GenericWebApplicationContext rootContext) throws ConfigurationException, PKIException, IOException, GeneralSecurityException { - Logger.setHierarchy("moa.id.auth"); - Logger.info("Default java file.encoding: " - + System.getProperty("file.encoding")); - + Logger.info("Set SystemProperty for UTF-8 file.encoding as default"); + System.setProperty("file.encoding", "UTF-8"); //JDK bug workaround according to: // http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier @@ -149,11 +147,7 @@ public class MOAIDAuthInitializer { throw new ConfigurationException("config.10", new Object[] { e .toString() }, e); } - - - //IAIK.addAsProvider(); - //ECCProvider.addAsProvider(); - + Security.insertProviderAt(IAIK.getInstance(), 0); ECCelerate eccProvider = ECCelerate.getInstance(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java index 5aa3a691f..791aa51b7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java @@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moaspss.logging.Logger; /** * @author tlenz @@ -58,6 +59,8 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { String uniqueSessionIdentifier = null; + Logger.trace("PreProcess req. in " + UniqueSessionIdentifierInterceptor.class.getName()); + //if SSOManager is available, search SessionIdentifier in SSO session if (ssomanager != null) { String ssoId = ssomanager.getSSOSessionID(request); @@ -78,8 +81,10 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { } //if NO SSOSession and no PendingRequest create new SessionIdentifier - if (StringUtils.isEmpty(uniqueSessionIdentifier)) + if (StringUtils.isEmpty(uniqueSessionIdentifier)) { uniqueSessionIdentifier = Random.nextHexRandom16(); + Logger.debug("Set new UniqueSessionIdentifier: " + uniqueSessionIdentifier); + } TransactionIDUtils.setSessionId(uniqueSessionIdentifier); request.setAttribute(EAAFConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier); -- cgit v1.2.3 From 1a392b6e0ba5c89e065cc6ad09d494e948a0daea Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 18 Feb 2019 08:32:51 +0100 Subject: remove unused class --- .../id/config/auth/AuthConfigurationProvider.java | 1221 -------------------- 1 file changed, 1221 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java deleted file mode 100644 index c25751aa4..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ /dev/null @@ -1,1221 +0,0 @@ -///******************************************************************************* -// * Copyright 2014 Federal Chancellery Austria -// * MOA-ID has been developed in a cooperation between BRZ, the Federal -// * Chancellery Austria - ICT staff unit, and Graz University of Technology. -// * -// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by -// * the European Commission - subsequent versions of the EUPL (the "Licence"); -// * You may not use this work except in compliance with the Licence. -// * You may obtain a copy of the Licence at: -// * http://www.osor.eu/eupl/ -// * -// * Unless required by applicable law or agreed to in writing, software -// * distributed under the Licence is distributed on an "AS IS" basis, -// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// * See the Licence for the specific language governing permissions and -// * limitations under the Licence. -// * -// * This product combines work with different licenses. See the "NOTICE" text -// * file for details on the various modules and licenses. -// * The "NOTICE" text file is part of the distribution. Any derivative works -// * that you distribute must include a readable copy of the "NOTICE" text file. -// ******************************************************************************/ -///* -// * Copyright 2003 Federal Chancellery Austria -// * MOA-ID has been developed in a cooperation between BRZ, the Federal -// * Chancellery Austria - ICT staff unit, and Graz University of Technology. -// * -// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by -// * the European Commission - subsequent versions of the EUPL (the "Licence"); -// * You may not use this work except in compliance with the Licence. -// * You may obtain a copy of the Licence at: -// * http://www.osor.eu/eupl/ -// * -// * Unless required by applicable law or agreed to in writing, software -// * distributed under the Licence is distributed on an "AS IS" basis, -// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// * See the Licence for the specific language governing permissions and -// * limitations under the Licence. -// * -// * This product combines work with different licenses. See the "NOTICE" text -// * file for details on the various modules and licenses. -// * The "NOTICE" text file is part of the distribution. Any derivative works -// * that you distribute must include a readable copy of the "NOTICE" text file. -// */ -// -// -//package at.gv.egovernment.moa.id.config.auth; -// -//import java.io.File; -//import java.io.FileInputStream; -//import java.io.FileNotFoundException; -//import java.io.IOException; -//import java.math.BigInteger; -//import java.net.MalformedURLException; -//import java.util.ArrayList; -//import java.util.Arrays; -//import java.util.Date; -//import java.util.HashMap; -//import java.util.List; -//import java.util.Map; -//import java.util.Properties; -// -//import javax.xml.bind.JAXBContext; -//import javax.xml.bind.Unmarshaller; -// -//import org.hibernate.cfg.Configuration; -// -//import at.gv.egovernment.moa.id.auth.AuthenticationServer; -//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -//import at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask; -//import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -//import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; -// -//import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; -//import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; -//import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; -//import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; -//import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; -//import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; -//import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; -//import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; -//import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; -//import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; -//import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; -//import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; -//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; -//import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; -//import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; -//import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; -//import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; -//import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; -//import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; -//import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; -//import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; -//import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; -//import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; -//import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; -//import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; -//import at.gv.egovernment.moa.id.config.ConfigurationException; -//import at.gv.egovernment.moa.id.config.ConfigurationProvider; -//import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl; -//import at.gv.egovernment.moa.id.config.ConfigurationUtils; -//import at.gv.egovernment.moa.id.config.ConnectionParameter; -//import at.gv.egovernment.moa.id.config.ConnectionParameterForeign; -//import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; -//import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; -//import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed; -//import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; -//import at.gv.egovernment.moa.id.config.stork.STORKConfig; -//import at.gv.egovernment.moa.id.data.IssuerAndSerial; -//import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore; -//import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; -//import at.gv.egovernment.moa.logging.Logger; -//import at.gv.egovernment.moa.util.MiscUtil; -//import at.gv.util.config.EgovUtilPropertiesConfiguration; -// -//import com.fasterxml.jackson.annotation.JsonIgnore; -//import com.fasterxml.jackson.annotation.JsonProperty; -// -///** -// * A class providing access to the Auth Part of the MOA-ID configuration data. -// * -// *

Configuration data is read from an XML file, whose location is given by -// * the moa.id.configuration system property.

-// *

This class implements the Singleton pattern. The reload() -// * method can be used to update the configuration data. Therefore, it is not -// * guaranteed that consecutive calls to getInstance() will return -// * the same AuthConfigurationProvider all the time. During the -// * processing of a web service request, the current -// * TransactionContext should be used to obtain the -// * AuthConfigurationProvider local to that request.

-// * -// * @author Patrick Peck -// * @author Stefan Knirsch -// * -// * @version $Id$ -// * -// *@deprecated Use {@link AuthConfigProviderFactory} instead -// */ -//public class AuthConfigurationProvider extends ConfigurationProviderImpl implements AuthConfiguration { -// -//// /** DEFAULT_ENCODING is "UTF-8" */ -//// private static final String DEFAULT_ENCODING="UTF-8"; -// /** -// * The name of the generic configuration property giving the authentication session time out. -// */ -// public static final String AUTH_SESSION_TIMEOUT_PROPERTY = -// "AuthenticationSession.TimeOut"; -// /** -// * The name of the generic configuration property giving the authentication data time out. -// */ -// public static final String AUTH_DATA_TIMEOUT_PROPERTY = -// "AuthenticationData.TimeOut"; -// -// /** -// * BKUSelectionType HTMLComplete, according to schema type BKUSelectionType -// */ -// public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE = -// "HTMLComplete"; -// -// /** -// * BKUSelectionType HTMLSelect, according to schema type BKUSelectionType -// */ -// public static final String BKU_SELECTION_TYPE_HTMLSELECT = -// "HTMLSelect"; -// -// /** -// * The name of the generic configuration property allowing https connection to -// * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets) -// */ -// public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY = -// "FrontendServlets.EnableHTTPConnection"; -// -// /** -// * The name of the generic configuration property allowing to set a individual -// * DATA URL used to communicate with the BKU (SecurityLayer) -// */ -// public static final String INDIVIDUAL_DATA_URL_PREFIX = -// "FrontendServlets.DataURLPrefix"; -// -// /** Singleton instance. null, if none has been created. */ -// private static AuthConfigurationProvider instance; -// -// // -// // configuration data -// // -// private static MOAIDConfiguration moaidconfig = null; -// -// private static Properties props = null; -// -// private static STORKConfig storkconfig = null; -// -// private static TimeOuts timeouts = null; -// -// private static PVP2 pvp2general = null; -// -// private static String alternativesourceid = null; -// -// private static List legacyallowedprotocols = new ArrayList(); -// private static ProtocolAllowed allowedProtcols = null; -// -// private static VerifyAuthBlock verifyidl = null; -// -// private static ConnectionParameter MoaSpConnectionParameter = null; -// private static ConnectionParameter ForeignIDConnectionParameter = null; -// private static ConnectionParameter OnlineMandatesConnectionParameter = null; -// -// private static String MoaSpIdentityLinkTrustProfileID = null; -// -// private static List TransformsInfos = null; -// private static List IdentityLinkX509SubjectNames = new ArrayList(); -// -// private static Map SLRequestTemplates = new HashMap(); -// private static Map DefaultBKUURLs = new HashMap(); -// -// private static SSO ssoconfig = null; -// -// private EgovUtilPropertiesConfiguration eGovUtilsConfig = null; -// -// private static Date date = null; -// -// private String publicURLPreFix = null; -// -// /** -// * Return the single instance of configuration data. -// * -// * @return AuthConfigurationProvider The current configuration data. -// * @throws ConfigurationException -// */ -// public static synchronized AuthConfigurationProvider getInstance() -// throws ConfigurationException { -// -// if (instance == null) { -// reload(); -// } -// return instance; -// } -// -// public static Date getTimeStamp() { -// return date; -// } -// -// /** -// * Reload the configuration data and set it if successful. -// * -// * @return AuthConfigurationProvider The loaded configuration data. -// * @throws ConfigurationException Failure to load the configuration data. -// */ -// public static synchronized AuthConfigurationProvider reload() -// throws ConfigurationException { -// String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); -// if (fileName == null) { -// throw new ConfigurationException("config.01", null); -// } -// Logger.info("Loading MOA-ID-AUTH configuration " + fileName); -// -// instance = new AuthConfigurationProvider(fileName); -// return instance; -// } -// -// -// /** -// * Constructor for AuthConfigurationProvider. -// * @param fileName -// * @throws ConfigurationException -// */ -// public AuthConfigurationProvider(String fileName) -// throws ConfigurationException { -// -// load(fileName); -// } -// -// /** -// * Protected constructor. Used by unit tests. -// */ -// protected AuthConfigurationProvider() { -// } -// -// /** -// * Load the configuration data from XML file with the given name and build -// * the internal data structures representing the MOA ID configuration. -// * -// * @param fileName The name of the XML file to load. -// * @throws ConfigurationException The MOA configuration could not be -// * read/built. -// */ -// private void load(String fileName) throws ConfigurationException { -// -// try { -// //Initial Hibernate Framework -// Logger.trace("Initializing Hibernate framework."); -// -// //Load MOAID-2.0 properties file -// File propertiesFile = new File(fileName); -// FileInputStream fis = null; -// props = new Properties(); -// -// // determine the directory of the root config file -// rootConfigFileDir = new File(fileName).getParent(); -// -// try { -// rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); -// -// } catch (MalformedURLException t) { -// throw new ConfigurationException("config.03", null, t); -// } -// -// try { -// fis = new FileInputStream(propertiesFile); -// props.load(fis); -// -// // read MOAID Session Hibernate properties -// Properties moaSessionProp = new Properties(); -// for (Object key : props.keySet()) { -// String propPrefix = "moasession."; -// if (key.toString().startsWith(propPrefix+"hibernate")) { -// String propertyName = key.toString().substring(propPrefix.length()); -// moaSessionProp.put(propertyName, props.get(key.toString())); -// } -// } -// -// // read Config Hibernate properties -// Properties configProp = new Properties(); -// for (Object key : props.keySet()) { -// String propPrefix = "configuration."; -// if (key.toString().startsWith(propPrefix+"hibernate")) { -// String propertyName = key.toString().substring(propPrefix.length()); -// configProp.put(propertyName, props.get(key.toString())); -// } -// } -// -// // read advanced logging properties -// Properties statisticProps = new Properties(); -// for (Object key : props.keySet()) { -// String propPrefix = "advancedlogging."; -// if (key.toString().startsWith(propPrefix+"hibernate")) { -// String propertyName = key.toString().substring(propPrefix.length()); -// statisticProps.put(propertyName, props.get(key.toString())); -// } -// } -// -// // initialize hibernate -// synchronized (AuthConfigurationProvider.class) { -// -// //Initial config Database -// // ConfigurationDBUtils.initHibernate(configProp); -// -// //initial MOAID Session Database -// Configuration config = new Configuration(); -// config.addAnnotatedClass(AssertionStore.class); -// config.addAnnotatedClass(AuthenticatedSessionStore.class); -// config.addAnnotatedClass(OASessionStore.class); -// config.addAnnotatedClass(OldSSOSessionIDStore.class); -// config.addAnnotatedClass(ExceptionStore.class); -// config.addAnnotatedClass(InterfederationSessionStore.class); -// config.addAnnotatedClass(ProcessInstanceStore.class); -// config.addProperties(moaSessionProp); -// MOASessionDBUtils.initHibernate(config, moaSessionProp); -// -// //initial advanced logging -// if (isAdvancedLoggingActive()) { -// Logger.info("Advanced statistic log is activated, starting initialization process ..."); -// Configuration statisticconfig = new Configuration(); -// statisticconfig.addAnnotatedClass(StatisticLog.class); -// statisticconfig.addProperties(statisticProps); -// StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps); -// Logger.info("Advanced statistic log is initialized."); -// } -// -// } -// Logger.trace("Hibernate initialization finished."); -// -// } catch (FileNotFoundException e) { -// throw new ConfigurationException("config.03", null, e); -// -// } catch (IOException e) { -// throw new ConfigurationException("config.03", null, e); -// -// } catch (ExceptionInInitializerError e) { -// throw new ConfigurationException("config.17", null, e); -// -// } finally { -// if (fis != null) -// fis.close(); -// -// } -// -// -// //Initialize OpenSAML for STORK -// Logger.info("Starting initialization of OpenSAML..."); -// MOADefaultBootstrap.bootstrap(); -// //DefaultBootstrap.bootstrap(); -// Logger.debug("OpenSAML successfully initialized"); -// -// -// String legacyconfig = props.getProperty("configuration.xml.legacy"); -// String xmlconfig = props.getProperty("configuration.xml"); -//// String xmlconfigout = props.getProperty("configuration.xml.out"); -// -// -// //configure eGovUtils client implementations -// -// //read eGovUtils client configuration -// Properties eGovUtilsConfigProp = new Properties(); -// for (Object key : props.keySet()) { -// String propPrefix = "service."; -// if (key.toString().startsWith(propPrefix+"egovutil")) { -// String propertyName = key.toString().substring(propPrefix.length()); -// eGovUtilsConfigProp.put(propertyName, props.get(key.toString())); -// } -// } -// if (!eGovUtilsConfigProp.isEmpty()) { -// Logger.info("Start eGovUtils client implementation configuration ..."); -// eGovUtilsConfig = -// new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, rootConfigFileDir); -// } -// -// -// //TODO: removed in MOA-ID 3.x -//// //check if XML config should be used -//// if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) { -//// Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); -//// //moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); -//// moaidconfig = NewConfigurationDBRead.getMOAIDConfiguration(); -//// if (moaidconfig.getAuthComponentGeneral()!= null || moaidconfig.getChainingModes() != null || moaidconfig.getTrustedCACertificates() != null || moaidconfig.getDefaultBKUs() != null -//// || moaidconfig.getSLRequestTemplates() != null || moaidconfig.getTimestampItem() != null || moaidconfig.getPvp2RefreshItem() != null) { -//// -//// // ConfigurationDBUtils.delete(moaidconfig); -//// for(String key : MOAIDConfigurationConstants.getMOAIDConfigurationKeys()){ -//// NewConfigurationDBWrite.delete(key); -//// } -//// } -//// -//// -//// //List oas = ConfigurationDBRead.getAllOnlineApplications(); -//// List oas = NewConfigurationDBRead.getAllOnlineApplications(); -//// if (oas != null && oas.size() > 0) { -//// // for (OnlineApplication oa : oas) -//// // ConfigurationDBUtils.delete(oa); -//// NewConfigurationDBWrite.delete(MOAIDConfigurationConstants.ONLINE_APPLICATIONS_KEY); -//// } -//// } -//// -//// //load legacy config if it is configured -//// if (MiscUtil.isNotEmpty(legacyconfig)) { -//// Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!"); -//// -//// MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir, null); -//// -//// List oas = moaconfig.getOnlineApplication(); -//// // for (OnlineApplication oa : oas) -//// // ConfigurationDBUtils.save(oa); -//// NewConfigurationDBWrite.saveOnlineApplications(oas); -//// -//// moaconfig.setOnlineApplication(null); -//// // ConfigurationDBUtils.save(moaconfig); -//// NewConfigurationDBWrite.save(moaconfig); -//// -//// Logger.info("Legacy Configuration load is completed."); -//// -//// -//// } -//// -//// //load MOA-ID 2.x config from XML -//// if (MiscUtil.isNotEmpty(xmlconfig)) { -//// Logger.warn("Load configuration from MOA-ID 2.x XML configuration"); -//// -//// try { -//// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); -//// Unmarshaller m = jc.createUnmarshaller(); -//// File file = new File(xmlconfig); -//// MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file); -//// //ConfigurationDBUtils.save(moaconfig); -//// -//// List importoas = moaconfig.getOnlineApplication(); -//// // for (OnlineApplication importoa : importoas) { -//// // ConfigurationDBUtils.saveOrUpdate(importoa); -//// // } -//// -//// NewConfigurationDBWrite.saveOnlineApplications(importoas); -//// -//// moaconfig.setOnlineApplication(null); -//// //ConfigurationDBUtils.saveOrUpdate(moaconfig); -//// NewConfigurationDBWrite.save(moaconfig); -//// -//// } catch (Exception e) { -//// Logger.warn("MOA-ID XML configuration can not be loaded from File.", e); -//// throw new ConfigurationException("config.02", null); -//// } -//// Logger.info("XML Configuration load is completed."); -//// } -// -// reloadDataBaseConfig(); -// -// -// } catch (Throwable t) { -// throw new ConfigurationException("config.02", null, t); -// } -// } -// -// protected MOAIDConfiguration loadDataBaseConfig() { -// return ConfigurationDBRead.getMOAIDConfiguration(); -// } -// -// public synchronized void reloadDataBaseConfig() throws ConfigurationException { -// -// Logger.info("Read MOA-ID 2.0 configuration from database."); -// moaidconfig = loadDataBaseConfig(); -// Logger.info("MOA-ID 2.0 is loaded."); -// -// if (moaidconfig == null) { -// Logger.warn("NO MOA-ID configuration found."); -// throw new ConfigurationException("config.18", null); -// } -// -// //build STORK Config -// AuthComponentGeneral auth = getAuthComponentGeneral(); -// ForeignIdentities foreign = auth.getForeignIdentities(); -// if (foreign == null ) { -// Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); -// } else -// storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir); -// -// //load Chaining modes -// ChainingModes cm = moaidconfig.getChainingModes(); -// if (cm != null) { -// defaultChainingMode = cm.getSystemDefaultMode().value(); -// -// List tas = cm.getTrustAnchor(); -// -// chainingModes = new HashMap(); -// for (TrustAnchor ta : tas) { -// IssuerAndSerial is = new IssuerAndSerial(ta.getX509IssuerName(), ta.getX509SerialNumber()); -// chainingModes.put(is, ta.getMode().value()); -// } -// } else { -// Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found."); -// throw new ConfigurationException("config.02", null); -// } -// -// //set Trusted CA certs directory -// trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates(); -// -// //set CertStoreDirectory -// setCertStoreDirectory(); -// -// //set TrustManagerRevocationChecking -// setTrustManagerRevocationChecking(); -// -// //set default timeouts -// timeouts = new TimeOuts(); -// timeouts.setAssertion(new BigInteger("300")); -// timeouts.setMOASessionCreated(new BigInteger("2700")); -// timeouts.setMOASessionUpdated(new BigInteger("1200")); -// -// //search timeouts in config -// if (auth.getGeneralConfiguration() != null) { -// if (auth.getGeneralConfiguration().getTimeOuts() != null) { -// if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() != null) -// timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion()); -// -// if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() != null) -// timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated()); -// -// if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() != null) -// timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated()); -// -// } else { -// Logger.info("No TimeOuts defined. Use default values"); -// } -// } -// -// // sets the authentication session and authentication data time outs -// AuthenticationServer.getInstance() -// .setSecondsSessionTimeOutCreated(timeouts.getMOASessionCreated().longValue()); -// -// AuthenticationServer.getInstance() -// .setSecondsSessionTimeOutUpdated(timeouts.getMOASessionUpdated().longValue()); -// -// AuthenticationServer.getInstance() -// .setSecondsAuthDataTimeOut(timeouts.getAssertion().longValue()); -// -// -// -// //set PVP2 general config -// Protocols protocols = auth.getProtocols(); -// if (protocols != null) { -// -// allowedProtcols = new ProtocolAllowed(); -// -// if (protocols.getSAML1() != null) { -// allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive()); -// -// //load alternative sourceID -// if (MiscUtil.isNotEmpty(protocols.getSAML1().getSourceID())) -// alternativesourceid = protocols.getSAML1().getSourceID(); -// -// } -// -// if (protocols.getOAuth() != null) { -// allowedProtcols.setOAUTHActive(protocols.getOAuth().isIsActive()); -// } -// -// if (protocols.getPVP2() != null) { -// PVP2 el = protocols.getPVP2(); -// -// allowedProtcols.setPVP21Active(el.isIsActive()); -// -// pvp2general = new PVP2(); -// pvp2general.setIssuerName(el.getIssuerName()); -// pvp2general.setPublicURLPrefix(el.getPublicURLPrefix()); -// -// if (el.getOrganization() != null) { -// Organization org = new Organization(); -// pvp2general.setOrganization(org); -// org.setDisplayName(el.getOrganization().getDisplayName()); -// org.setName(el.getOrganization().getName()); -// org.setURL(el.getOrganization().getURL()); -// } -// -// if (el.getContact() != null) { -// List cont = new ArrayList(); -// pvp2general.setContact(cont); -// for (Contact e : el.getContact()) { -// Contact c = new Contact(); -// c.setCompany(e.getCompany()); -// c.setGivenName(e.getGivenName()); -// c.getMail().addAll(e.getMail()); -// c.getPhone().addAll(e.getPhone()); -// c.setSurName(e.getSurName()); -// c.setType(e.getType()); -// cont.add(c); -// } -// } -// } -// } else { -// Logger.warn("Error in MOA-ID Configuration. No general Protcol configuration found."); -// } -// -// //set alternativeSourceID -// if (auth.getGeneralConfiguration() != null) { -// -// //TODO: can be removed in a further version, because it is moved to SAML1 config -// if (MiscUtil.isEmpty(alternativesourceid)) -// alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID(); -// -// if (MiscUtil.isNotEmpty(auth.getGeneralConfiguration().getPublicURLPreFix())) -// publicURLPreFix = auth.getGeneralConfiguration().getPublicURLPreFix(); -// -// else { -// Logger.error("No Public URL Prefix configured."); -// throw new ConfigurationException("config.05", new Object[]{"Public URL Prefix"}); -// } -// -// } else { -// Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined."); -// throw new ConfigurationException("config.02", null); -// } -// -// //set LegacyAllowedProtocols -// try { -// if (auth.getProtocols() != null) { -// Protocols procols = auth.getProtocols(); -// if (procols.getLegacyAllowed() != null) { -// LegacyAllowed legacy = procols.getLegacyAllowed(); -// legacyallowedprotocols = new ArrayList(legacy.getProtocolName()); -// } -// } -// } catch (Exception e) { -// Logger.info("No protocols found with legacy allowed flag!"); -// } -// -// //set VerifyAuthBlockConfig -// MOASP moasp = getMOASPConfig(auth); -// -// VerifyAuthBlock el = moasp.getVerifyAuthBlock(); -// if (el != null) { -// verifyidl = new VerifyAuthBlock(); -// verifyidl.setTrustProfileID(el.getTrustProfileID()); -// verifyidl.setVerifyTransformsInfoProfileID(new ArrayList(el.getVerifyTransformsInfoProfileID())); -// } -// else { -// Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation."); -// throw new ConfigurationException("config.02", null); -// } -// -// //set MOASP connection parameters -// if (moasp.getConnectionParameter() != null) -// MoaSpConnectionParameter = new ConnectionParameterMOASP(moasp.getConnectionParameter(), props, this.rootConfigFileDir); -// else -// MoaSpConnectionParameter = null; -// -// //set ForeignIDConnectionParameters -// if (foreign != null) { -// ForeignIDConnectionParameter = new ConnectionParameterForeign(foreign.getConnectionParameter(), props, this.rootConfigFileDir); -// } else { -// Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found"); -// } -// -// //set OnlineMandateConnectionParameters -// OnlineMandates ovs = auth.getOnlineMandates(); -// if (ovs != null) { -// OnlineMandatesConnectionParameter = new ConnectionParameterMandate(ovs.getConnectionParameter(), props, this.rootConfigFileDir); -// -// } else { -// Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to OVS Service found"); -// } -// -// //set MOASP IdentityLink Trust-ProfileID -// VerifyIdentityLink verifyidl = moasp.getVerifyIdentityLink(); -// if (verifyidl != null) -// MoaSpIdentityLinkTrustProfileID = verifyidl.getTrustProfileID(); -// else { -// Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation."); -// throw new ConfigurationException("config.02", null); -// } -// -// //set SL transformation infos -// SecurityLayer seclayer = auth.getSecurityLayer(); -// if (seclayer == null) { -// Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found"); -// throw new ConfigurationException("config.02", null); -// } else { -// TransformsInfos = ConfigurationUtils.getTransformInfos(seclayer.getTransformsInfo()); -// -// if (TransformsInfos == null || TransformsInfos.size() == 0) { -// Logger.error("No Security-Layer Transformation found."); -// throw new ConfigurationException("config.05", new Object[]{"Security-Layer Transformation"}); -// } -// -// } -// -// //set IdentityLinkSignerSubjectNames -// IdentityLinkX509SubjectNames = new ArrayList(); -// IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners(); -// if (idlsigners != null) { -// Logger.debug("Load own IdentityLinkX509SubjectNames"); -// IdentityLinkX509SubjectNames.addAll(new ArrayList(idlsigners.getX509SubjectName())); -// } -// -// // now add the default identity link signers -// String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID; -// for (int i=0; i getLegacyAllowedProtocols() { -// return legacyallowedprotocols; -// } -// -// -// /** -// * Provides configuration information regarding the online application behind -// * the given URL, relevant to the MOA-ID Auth component. -// * -// * @param oaURL URL requested for an online application -// * @return an OAAuthParameter, or null -// * if none is applicable -// */ -// public OAAuthParameter getOnlineApplicationParameter(String oaURL) { -// -// OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(oaURL); -// -// if (oa == null) { -// Logger.warn("Online application with identifier " + oaURL + " is not found."); -// return null; -// } -// -// return new OAAuthParameter(oa); -// } -// -// -// /** -// * Return a string with a url-reference to the VerifyAuthBlock trust -// * profile id within the moa-sp part of the authentication component -// * -// * @return String with a url-reference to the VerifyAuthBlock trust profile ID -// * @throws ConfigurationException -// */ -// public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException { -// return verifyidl.getTrustProfileID(); -// } -// -// /** -// * Return a string array with references to all verify transform info -// * IDs within the moa-sp part of the authentication component -// * @return A string array containing all urls to the -// * verify transform info IDs -// * @throws ConfigurationException -// */ -// public List getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { -// return verifyidl.getVerifyTransformsInfoProfileID(); -// } -// -// /** -// * Return a ConnectionParameter bean containing all information -// * of the authentication component moa-sp element -// * @return ConnectionParameter of the authentication component moa-sp element -// * @throws ConfigurationException -// */ -// public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException { -// return MoaSpConnectionParameter; -// } -// -// /** -// * Return a ConnectionParameter bean containing all information -// * of the authentication component foreigid element -// * @return ConnectionParameter of the authentication component foreignid element -// * @throws ConfigurationException -// */ -// public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException { -// return ForeignIDConnectionParameter; -// } -// -// /** -// * Return a ConnectionParameter bean containing all information -// * of the authentication component OnlineMandates element -// * @return ConnectionParameter of the authentication component OnlineMandates element -// * @throws ConfigurationException -// */ -// public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException { -// return OnlineMandatesConnectionParameter; -// } -// -// /** -// * Return a string with a url-reference to the VerifyIdentityLink trust -// * profile id within the moa-sp part of the authentication component -// * @return String with a url-reference to the VerifyIdentityLink trust profile ID -// * @throws ConfigurationException -// */ -// public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException { -// return MoaSpIdentityLinkTrustProfileID; -// } -// -// /** -// * Returns the transformsInfos. -// * @return String[] -// * @throws ConfigurationException -// */ -// public List getTransformsInfos() throws ConfigurationException { -// return TransformsInfos; -// } -// -// /** -// * Returns the identityLinkX509SubjectNames. -// * @return List -// * @throws ConfigurationException -// */ -// public List getIdentityLinkX509SubjectNames() throws ConfigurationException { -// return IdentityLinkX509SubjectNames; -// } -// -// public List getSLRequestTemplates() throws ConfigurationException { -// return new ArrayList(SLRequestTemplates.values()); -// } -// -// public String getSLRequestTemplates(String type) throws ConfigurationException { -// String el = SLRequestTemplates.get(type); -// if (MiscUtil.isNotEmpty(el)) -// return el; -// else { -// Logger.warn("getSLRequestTemplates: BKU Type does not match: " -// + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); -// return null; -// } -// } -// -// public List getDefaultBKUURLs() throws ConfigurationException { -// return new ArrayList(DefaultBKUURLs.values()); -// } -// -// public String getDefaultBKUURL(String type) throws ConfigurationException { -// String el = DefaultBKUURLs.get(type); -// if (MiscUtil.isNotEmpty(el)) -// return el; -// else { -// Logger.warn("getSLRequestTemplates: BKU Type does not match: " -// + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); -// return null; -// } -// } -// -//// public boolean isSSOBusinessService() throws ConfigurationException { -//// -//// if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null) -//// return true; -//// else -//// return false; -//// } -// -// public String getSSOTagetIdentifier() throws ConfigurationException { -// if (ssoconfig != null) -// return ssoconfig.getTarget(); -// else -// return null; -// } -// -//// public String getSSOTarget() throws ConfigurationException { -//// if (ssoconfig!= null) -//// return ssoconfig.getTarget(); -//// -//// return null; -//// } -// -// public String getSSOFriendlyName() { -// if (ssoconfig!= null) { -// if (MiscUtil.isNotEmpty(ssoconfig.getFriendlyName())) -// return ssoconfig.getFriendlyName(); -// } -// -// return "Default MOA-ID friendly name for SSO"; -// } -// -// public String getSSOSpecialText() { -// if (ssoconfig!= null) { -// String text = ssoconfig.getSpecialText(); -// if (MiscUtil.isEmpty(text)) -// text = new String(); -// -// return text; -// } -// return new String(); -// } -// -// public String getMOASessionEncryptionKey() { -// -// String prop = props.getProperty("configuration.moasession.key"); -// if (MiscUtil.isEmpty(prop)) -// return null; -// else -// return prop; -// } -// -// /** -// * @return -// */ -// public String getMOAConfigurationEncryptionKey() { -// String prop = props.getProperty("configuration.moaconfig.key"); -// if (MiscUtil.isEmpty(prop)) -// return null; -// else -// return prop; -// } -// -// public boolean isIdentityLinkResigning() { -// String prop = props.getProperty("configuration.resignidentitylink.active", "false"); -// return Boolean.valueOf(prop); -// } -// -// public String getIdentityLinkResigningKey() { -// String prop = props.getProperty("configuration.resignidentitylink.keygroup"); -// if (MiscUtil.isNotEmpty(prop)) -// return prop; -// else -// return null; -// } -// -// /** -// * Checks if is fakeIdL is activated. -// * -// * @return true, if fake IdLs are available for stork -// */ -// public boolean isStorkFakeIdLActive() { -// String prop = props.getProperty("stork.fakeIdL.active", "false"); -// return Boolean.valueOf(prop); -// } -// -// /** -// * Gets the countries which will receive a fake IdL -// * -// * @return the countries -// */ -// public List getStorkFakeIdLCountries() { -// String prop = props.getProperty("stork.fakeIdL.countries", ""); -// return Arrays.asList(prop.replaceAll(" ", "").split(",")); -// } -// -// /** -// * Gets the resigning key (group) for the stork fake IdL. -// * -// * @return the resigning key -// */ -// public String getStorkFakeIdLResigningKey() { -// String prop = props.getProperty("stork.fakeIdL.keygroup"); -// if (MiscUtil.isNotEmpty(prop)) -// return prop; -// else -// return null; -// } -// -// /** -// * Gets the countries for which it is configured to require no signature -// * -// * @return the stork no signature countries -// */ -// public List getStorkNoSignatureCountries() { -// String prop = props.getProperty("stork.fakeIdL.noSignatureCountries", ""); -// return Arrays.asList(prop.replaceAll(" ", "").split(",")); -// } -// -// @JsonProperty("isMonitoringActive") -// public boolean isMonitoringActive() { -// String prop = props.getProperty("configuration.monitoring.active", "false"); -// return Boolean.valueOf(prop); -// } -// -// public String getMonitoringTestIdentityLinkURL() { -// String prop = props.getProperty("configuration.monitoring.test.identitylink.url"); -// if (MiscUtil.isNotEmpty(prop)) -// return prop; -// else -// return null; -// } -// -// public String getMonitoringMessageSuccess() { -// String prop = props.getProperty("configuration.monitoring.message.success"); -// if (MiscUtil.isNotEmpty(prop)) -// return prop; -// else -// return null; -// } -// -// public boolean isAdvancedLoggingActive() { -// String prop = props.getProperty("configuration.advancedlogging.active", "false"); -// return Boolean.valueOf(prop); -// } -// -// public String getPublicURLPrefix() { -// return publicURLPreFix; -// } -// -// public boolean isPVP2AssertionEncryptionActive() { -// String prop = props.getProperty("protocols.pvp2.assertion.encryption.active", "true"); -// return Boolean.valueOf(prop); -// } -// -// public boolean isCertifiacteQCActive() { -// String prop = props.getProperty("configuration.validation.certificate.QC.ignore", "false"); -// return !Boolean.valueOf(prop); -// } -// -// -// //Load document service url from moa properties -// public String getDocumentServiceUrl() { -// String prop = props.getProperty("stork.documentservice.url", "false"); -// return prop; -// } -// -// -// public boolean isPVPSchemaValidationActive() { -// String prop = props.getProperty("protocols.pvp2.schemavalidation", "true"); -// return Boolean.valueOf(prop); -// } -// -// /** -// * Returns the STORK Configuration -// * @return STORK Configuration -// * @throws ConfigurationException -// */ -// public STORKConfig getStorkConfig() throws ConfigurationException { -// -// return storkconfig; -// } -// -// /** -// * @return the eGovUtilsConfig -// */ -//@JsonIgnore -//public EgovUtilPropertiesConfiguration geteGovUtilsConfig() { -// return eGovUtilsConfig; -//} -// -//private void setCertStoreDirectory() throws ConfigurationException { -// AuthComponentGeneral auth = getAuthComponentGeneral(); -// -// if (auth.getGeneralConfiguration() != null) -// certstoreDirectory = rootConfigFileDir + auth.getGeneralConfiguration().getCertStoreDirectory(); -// else { -// Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined."); -// throw new ConfigurationException("config.02", null); -// } -// } -// -// private void setTrustManagerRevocationChecking() throws ConfigurationException { -// AuthComponentGeneral auth = getAuthComponentGeneral(); -// -// if (auth.getGeneralConfiguration() != null && -// auth.getGeneralConfiguration().isTrustManagerRevocationChecking() != null) -// trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking(); -// else { -// Logger.warn("No TrustMangerRevoationChecking defined. Use default value = TRUE"); -// throw new ConfigurationException("config.02", null); -// } -// } -// -// private static AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException { -// AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral(); -// if (authgeneral == null) { -// Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found"); -// throw new ConfigurationException("config.02", null); -// } -// return authgeneral; -// } -// -// private static MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException { -// MOASP moasp = authgeneral.getMOASP(); -// -// if (moasp == null) { -// Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found"); -// throw new ConfigurationException("config.02", null); -// } -// return moasp; -// } -// -///* (non-Javadoc) -// * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getConfigurationWithPrefix(java.lang.String) -// */ -//@Override -//public Properties getConfigurationWithPrefix(String Prefix) { -// // TODO Auto-generated method stub -// return null; -//} -// -///* (non-Javadoc) -// * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getConfigurationWithKey(java.lang.String) -// */ -//@Override -//public String getConfigurationWithKey(String key) { -// // TODO Auto-generated method stub -// return null; -//} -// -//} -- cgit v1.2.3 From c7cd9327bbc4d7e180bab9b6bff2a17028c166dc Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 19 Feb 2019 11:28:24 +0100 Subject: add some more attribute functionality for 'Austrian eID' demo-mode --- .../id/auth/builder/AuthenticationDataBuilder.java | 58 +++++++- .../gv/egovernment/moa/id/data/IMOAAuthData.java | 18 ++- .../moa/id/data/MOAAuthenticationData.java | 44 +++++- .../attributes/BPKListAttributeBuilder.java | 14 +- .../attributes/EncryptedBPKAttributeBuilder.java | 31 +++-- .../MandateNaturalPersonBPKAttributeBuilder.java | 154 +++++++++++++++------ ...andateNaturalPersonBPKListAttributeBuilder.java | 83 +++++++++++ ...ateNaturalPersonEncBPKListAttributeBuilder.java | 62 +++++++++ ...dateNaturalPersonSourcePinAttributeBuilder.java | 1 + ...NaturalPersonSourcePinTypeAttributeBuilder.java | 1 + 10 files changed, 391 insertions(+), 75 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index c58f19333..acf59cebf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -36,6 +36,7 @@ import java.util.Map.Entry; import javax.annotation.PostConstruct; +import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.w3c.dom.DOMException; @@ -81,6 +82,9 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; @@ -532,7 +536,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } //build foreign bPKs - generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested()); + generateForeignbPK(oaParam, authData); if (Boolean.parseBoolean( @@ -806,9 +810,41 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } - private void generateForeignbPK(MOAAuthenticationData authData, List foreignSectors) { + private void generateForeignbPK(IOAAuthParameters oaParam, MOAAuthenticationData authData) { + List foreignSectors = oaParam.foreignbPKSectorsRequested(); + if (foreignSectors != null && !foreignSectors.isEmpty()) { - Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + + + String mandatorBaseId = null; + String mandatorBaseIdType = null; + boolean isMandatorBaseIdAvailable = false; + if (authData.isUseMandate()) { + try { + Logger.trace("Mandates are used. Extracting mandators sourceID from mandate to calculate foreign encrypted bPKs... "); + + //TODO: remove this workaround in a further version!!! + boolean flagBak = authData.isBaseIDTransferRestrication(); + authData.setBaseIDTransferRestrication(false); + mandatorBaseId = new MandateNaturalPersonSourcePinAttributeBuilder().build( + oaParam, authData, new SimpleStringAttributeGenerator()); + mandatorBaseIdType = new MandateNaturalPersonSourcePinTypeAttributeBuilder().build( + oaParam, authData, new SimpleStringAttributeGenerator()); + authData.setBaseIDTransferRestrication(flagBak); + + isMandatorBaseIdAvailable = StringUtils.isNotEmpty(mandatorBaseId) && StringUtils.isNotEmpty(mandatorBaseIdType); + if (!isMandatorBaseIdAvailable) + Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate."); + + } catch (Exception e) { + Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate. Reason: " + e.getMessage()); + if (Logger.isTraceEnabled()) + Logger.warn("Detail: ", e); + + } + } + for (String foreignSector : foreignSectors) { Logger.trace("Process sector: " + foreignSector + " ... "); if (encKeyMap.containsKey(foreignSector)) { @@ -838,9 +874,23 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder authData.getIdentificationType(), sector); String foreignbPK = BPKBuilder.encryptBPK(bpk.getFirst(), bpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey()); - authData.getEncbPKList().add("(" + foreignSector + "|" + foreignbPK + ")"); + + authData.getEncbPKList().add(Pair.newInstance(foreignbPK, foreignSector)); Logger.debug("Foreign bPK for sector: " + foreignSector + " created."); + + //calculate foreign bPKs for natural-person mandates + if (isMandatorBaseIdAvailable) { + Pair mandatorbpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( + mandatorBaseId, + mandatorBaseIdType, + sector); + String foreignMandatorbPK = BPKBuilder.encryptBPK(mandatorbpk.getFirst(), mandatorbpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey()); + + authData.getEncMandateNaturalPersonbPKList().add(Pair.newInstance(foreignMandatorbPK, foreignSector)); + Logger.debug("Foreign mandator bPK for sector: " + foreignSector + " created."); + + } } } catch (Exception e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java index 415f4db18..af4cf6fa7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java @@ -5,6 +5,7 @@ import java.util.List; import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; public interface IMOAAuthData extends IAuthData{ @@ -17,7 +18,22 @@ public interface IMOAAuthData extends IAuthData{ */ String getQAALevel(); - List getEncbPKList(); + /** + * Get a List of Pair, where the bPKTarget is formated according + * to Section 3.2.7 ENC-BPK-LIST in PVP Attribute-Profile 2.1.3 + * + * @return + */ + List> getEncbPKList(); + + /** + * Get a List of Pair for natural-person mandates, where + * the bPKTarget is formated according to Section 3.2.7 ENC-BPK-LIST in PVP Attribute-Profile 2.1.3 + * + * @return + */ + List> getEncMandateNaturalPersonbPKList(); + byte[] getSignerCertificate(); String getAuthBlock(); boolean isPublicAuthority(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java index c1545f354..897a06e62 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java @@ -29,6 +29,7 @@ import java.util.List; import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; @@ -54,8 +55,10 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut private byte[] signerCertificate = null; private String authBlock = null; private String QAALevel = null; - private List encbPKList; - + + private List> encbPKList; + private List> encMandateNaturalPersonbPKList; + //ISA 1.18 attributes private List roles = null; private String pvpAttribute_OU = null; @@ -106,9 +109,9 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut } @Override - public List getEncbPKList() { + public List> getEncbPKList() { if (this.encbPKList == null) - this.encbPKList = new ArrayList(); + this.encbPKList = new ArrayList>(); return this.encbPKList; } @@ -293,10 +296,27 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut } /** + * Set a List of encrypted bPKs where each List element is formated according + * to Section 3.2.7 ENC-BPK-LIST in PVP Attribte-Profile 2.1.3 + * * @param encbPKList the encbPKList to set */ public void setEncbPKList(List encbPKList) { - this.encbPKList = encbPKList; + if (encbPKList != null) { + for (String el : encbPKList) { + Logger.trace("Processing foreign bPK string: " + el ); + int index = el.indexOf("|"); + if (index >= 0) { + String encbPK = el.substring(index+1); + String second = el.substring(0, index); + getEncbPKList().add(Pair.newInstance(encbPK, second)); + + } else + Logger.info("Foreign bPK: " + el + " is misformatted. Ignore it"); + + } + + } } @@ -336,5 +356,19 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut public void setIseIDNewDemoMode(boolean iseIDNewDemoMode) { this.iseIDNewDemoMode = iseIDNewDemoMode; } + + public List> getEncMandateNaturalPersonbPKList() { + if (this.encMandateNaturalPersonbPKList == null) + this.encMandateNaturalPersonbPKList = new ArrayList>(); + + return this.encMandateNaturalPersonbPKList; + + } + + public void setEncMandateNaturalPersonbPKList(List> encMandateNaturalPersonbPKList) { + this.encMandateNaturalPersonbPKList = encMandateNaturalPersonbPKList; + } + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java index ec8c7629f..c5a8d88b7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java @@ -18,7 +18,9 @@ public class BPKListAttributeBuilder extends BPKAttributeBuilder implements IPVP private static final Logger log = LoggerFactory.getLogger(BPKListAttributeBuilder.class); - protected static final String DELIMITER_BPK_LIST = ";"; + public static final String DELIMITER_BPK_LIST = ";"; + public static final String LIST_ELEMENT_START = "("; + public static final String LIST_ELEMENT_END = ")"; public String getName() { return BPK_LIST_NAME; @@ -26,16 +28,18 @@ public class BPKListAttributeBuilder extends BPKAttributeBuilder implements IPVP public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeBuilderException { - String result = getBpkForSP(authData); + String result = LIST_ELEMENT_START + getBpkForSP(authData) + LIST_ELEMENT_END; //add additional bPKs if someone are available if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) { log.info("Adding additional bPKs into bPK attribute"); for (Pair el : authData.getAdditionalbPKs()) { result += DELIMITER_BPK_LIST - + removeBpkTypePrefix(el.getSecond()) - + DELIMITER_BPKTYPE_BPK - + attrMaxSize(el.getFirst()); + + LIST_ELEMENT_START + + removeBpkTypePrefix(el.getSecond()) + + DELIMITER_BPKTYPE_BPK + + attrMaxSize(el.getFirst()) + + LIST_ELEMENT_END; } log.trace("Authenticate user with bPK-List: " + result); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java index 44043ec40..bf7187e51 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java @@ -28,6 +28,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; @@ -35,6 +36,8 @@ import at.gv.egovernment.moa.logging.Logger; @PVPMETADATA public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { + public static final String DELIMITER_ENCBPK_TARGET = "|"; + public String getName() { return ENC_BPK_LIST_NAME; } @@ -45,12 +48,22 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { if (authData instanceof IMOAAuthData) { if (((IMOAAuthData)authData).getEncbPKList() != null && ((IMOAAuthData)authData).getEncbPKList().size() > 0) { - String value = ((IMOAAuthData)authData).getEncbPKList().get(0); - for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++) - value += ";"+((IMOAAuthData)authData).getEncbPKList().get(i); + Pair value = ((IMOAAuthData)authData).getEncbPKList().get(0); + String result = BPKListAttributeBuilder.LIST_ELEMENT_START + + value.getSecond() + DELIMITER_ENCBPK_TARGET + value.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++) { + Pair el = ((IMOAAuthData)authData).getEncbPKList().get(i); + result += BPKListAttributeBuilder.DELIMITER_BPK_LIST + + BPKListAttributeBuilder.LIST_ELEMENT_START + + el.getSecond() + DELIMITER_ENCBPK_TARGET + el.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + } return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, - value); + result); } @@ -59,16 +72,6 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { throw new UnavailableAttributeException(ENC_BPK_LIST_NAME); -// String encbpk = "XXX01234567890XXX"; -// String type = "Bereich"; -// String vkz = "Verfahrenskennzeichen"; -// -// //TODO: implement encrypted bPK support -// -// Logger.trace("Authenticate user with encrypted bPK " + vkz + "+" + type + "|" + encbpk); -// -// return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, -// vkz + "+" + type + "|" + encbpk); } public ATT buildEmpty(IAttributeGenerator g) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java index f67f79dcf..4d41cc19b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -22,11 +22,13 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; +import org.apache.commons.lang3.StringUtils; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; @@ -36,9 +38,9 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; @@ -57,42 +59,10 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeBuilderException { try { - Pair calcResult = internalBPKGenerator((IOAAuthParameters)oaParam, authData); - if (calcResult != null) { - String bpk = calcResult.getFirst(); - String type = calcResult.getSecond(); - - if (MiscUtil.isEmpty(bpk)) - throw new UnavailableAttributeException(BPK_NAME); - - if (type != null) { - if (type.startsWith(Constants.URN_PREFIX_WBPK)) - type = type.substring((Constants.URN_PREFIX_WBPK + "+").length()); - - else if (type.startsWith(Constants.URN_PREFIX_CDID)) - type = type.substring((Constants.URN_PREFIX_CDID + "+").length()); - - else if (type.startsWith(Constants.URN_PREFIX_EIDAS)) - type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length()); - - } else { - Logger.debug("bPK type is 'null' --> use it as it is"); - - } - - if (bpk.length() > BPK_MAX_LENGTH) { - bpk = bpk.substring(0, BPK_MAX_LENGTH); - } - - Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); - - if (type != null) - return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, type + ":" + bpk); - else - return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bpk); - - } - + String bPKResult = getBpkAttributeStringForSP(oaParam, authData); + if (StringUtils.isNoneEmpty(bPKResult)) + return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bPKResult); + } catch (BuildException | ConfigurationException | EAAFBuilderException e) { Logger.error("Failed to generate IdentificationType"); @@ -103,12 +73,109 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui return null; } - + public ATT buildEmpty(IAttributeGenerator g) { return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME); } - protected Pair internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException { + protected Pair getBpkForSp(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException { + Pair baseId = getBaseIdFromMandate(oaParam, authData); + Pair bPKResult = null; + + if (baseId != null) { + if (baseId.getSecond() != null && baseId.getSecond().equals(Constants.URN_PREFIX_BASEID)) + bPKResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(baseId.getFirst(), + oaParam.getAreaSpecificTargetIdentifier()); + else { + Logger.debug("No BaseId target in mandate. Use it as it is ... "); + bPKResult = Pair.newInstance(baseId.getFirst(), null); + + } + } + + return bPKResult; + + } + + + /** + * Generate the bPK String for this specific SP + * + * @param oaParam + * @param authData + * @return + * @throws UnavailableAttributeException + * @throws EAAFBuilderException + * @throws ConfigurationException + * @throws BuildException + * @throws NoMandateDataAttributeException + */ + protected String getBpkAttributeStringForSP(ISPConfiguration oaParam, IAuthData authData) throws UnavailableAttributeException, EAAFBuilderException, NoMandateDataAttributeException, BuildException, ConfigurationException { + Pair bPKResult = getBpkForSp(oaParam, authData); + if (bPKResult != null) { + String bpk = bPKResult.getFirst(); + String type = bPKResult.getSecond(); + + if (MiscUtil.isEmpty(bpk)) + throw new UnavailableAttributeException(BPK_NAME); + + if (type != null) + type = removeBpkTypePrefix(type); + else + Logger.debug("bPK type is 'null' --> use it as it is"); + + bpk = attrMaxSize(bpk); + + Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); + + if (type != null) + return type + BPKAttributeBuilder.DELIMITER_BPKTYPE_BPK + bpk; + else + return bpk; + + } + + return null; + + } + + + /** + * Limit the attribute value to maximum size + * + * @param attr + * @return + */ + protected String attrMaxSize(String attr) { + if (attr != null && attr.length() > BPK_MAX_LENGTH) { + attr = attr.substring(0, BPK_MAX_LENGTH); + } + return attr; + + } + + /** + * Remove bPKType prefix if available + * + * @param type + * @return + */ + protected String removeBpkTypePrefix(String type) { + if (type.startsWith(EAAFConstants.URN_PREFIX_WBPK)) + return type.substring((EAAFConstants.URN_PREFIX_WBPK).length()); + + else if (type.startsWith(EAAFConstants.URN_PREFIX_CDID)) + return type.substring((EAAFConstants.URN_PREFIX_CDID).length()); + + else if (type.startsWith(EAAFConstants.URN_PREFIX_EIDAS)) + return type.substring((EAAFConstants.URN_PREFIX_EIDAS).length()); + + else + return type; + + } + + protected Pair getBaseIdFromMandate(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException { //get PVP attribute directly, if exists Pair calcResult = null; if (authData instanceof IMOAAuthData) { @@ -136,13 +203,8 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui Logger.info("Failed to generate IdentificationType"); throw new NoMandateDataAttributeException(); } - - - if (id.getType().equals(Constants.URN_PREFIX_BASEID)) - calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), - oaParam.getAreaSpecificTargetIdentifier()); - else - calcResult = Pair.newInstance(id.getValue().getValue(), id.getType()); + + calcResult = Pair.newInstance(id.getValue().getValue(), id.getType()); } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java new file mode 100644 index 000000000..fd00e2f61 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java @@ -0,0 +1,83 @@ + +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +@PVPMETADATA +public class MandateNaturalPersonBPKListAttributeBuilder extends MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_BPK_LIST_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + + try { + String result = getBpkAttributeStringForSP(oaParam, authData); + + if (result != null) { + result = BPKListAttributeBuilder.LIST_ELEMENT_START + result + BPKListAttributeBuilder.LIST_ELEMENT_END; + + //add additional bPKs if someone are available + if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) { + Logger.info("Additional bPKs available. Calculate additional bPKs for mandate ... "); + Pair baseId = getBaseIdFromMandate(oaParam, authData); + if (baseId != null && StringUtils.isNotEmpty(baseId.getSecond()) + && baseId.getSecond().equals(Constants.URN_PREFIX_BASEID)) { + for (Pair el : authData.getAdditionalbPKs()) { + + Pair addBpk = + new BPKBuilder().generateAreaSpecificPersonIdentifier( + baseId.getFirst(), + el.getSecond()); + + Logger.trace("Calculate bPK with " + addBpk.toString()); + + result += BPKListAttributeBuilder.DELIMITER_BPK_LIST + + BPKListAttributeBuilder.LIST_ELEMENT_START + + removeBpkTypePrefix(addBpk.getSecond()) + + BPKAttributeBuilder.DELIMITER_BPKTYPE_BPK + + attrMaxSize(addBpk.getFirst()) + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + } + } + } + + Logger.trace("Authenticate user with List of bPK/wbPK: " + result + " for mandate"); + return g.buildStringAttribute(MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_LIST_NAME, result); + + } + + return null; + + } catch (BuildException | ConfigurationException | EAAFBuilderException e) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAttributeException(); + + } + + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_LIST_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java new file mode 100644 index 000000000..220ccd94e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java @@ -0,0 +1,62 @@ + +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.logging.Logger; + +@PVPMETADATA +public class MandateNaturalPersonEncBPKListAttributeBuilder implements IPVPAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_ENC_BPK_LIST_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData) authData).isUseMandate()) { + if (((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList() != null && + ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().size() > 0) { + Pair value = ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().get(0); + String result = BPKListAttributeBuilder.LIST_ELEMENT_START + + value.getSecond() + EncryptedBPKAttributeBuilder.DELIMITER_ENCBPK_TARGET + value.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + for (int i=1; i<((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().size(); i++) { + Pair el = ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().get(i); + result += BPKListAttributeBuilder.DELIMITER_BPK_LIST + + BPKListAttributeBuilder.LIST_ELEMENT_START + + el.getSecond() + EncryptedBPKAttributeBuilder.DELIMITER_ENCBPK_TARGET + el.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + } + + return g.buildStringAttribute(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_ENC_BPK_LIST_NAME, + result); + + } + + } else + Logger.trace(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME + " is only availabe if mandates are used"); + + } else + Logger.info(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME + " is only available in MOA-ID context"); + + throw new UnavailableAttributeException(MANDATE_NAT_PER_ENC_BPK_LIST_NAME); + + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_ENC_BPK_LIST_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java index 32b45a595..88648b56e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java @@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.No import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +@Deprecated @PVPMETADATA public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttributeBuilder { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java index 90a0d61c9..223994e6e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java @@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.No import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +@Deprecated @PVPMETADATA public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder { -- cgit v1.2.3