From 06e63a4fb89dd92583fc3e72e12750becdd6c8ef Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 25 Jun 2015 06:54:30 +0200 Subject: second parts for configuration refactoring --- .../moa/id/auth/AuthenticationServer.java | 2 - .../moa/id/config/ConfigurationUtils.java | 27 +- .../moa/id/config/ConnectionParameter.java | 16 +- .../moa/id/config/ConnectionParameterForeign.java | 5 +- .../moa/id/config/ConnectionParameterMOASP.java | 5 +- .../moa/id/config/ConnectionParameterMandate.java | 5 +- .../PropertyBasedAuthConfigurationProvider.java | 461 +++++++++++---------- .../moa/id/config/stork/STORKConfig.java | 109 ++--- .../moa/id/config/stork/StorkAttribute.java | 27 ++ .../protocols/pvp2x/utils/MOASAMLSOAPClient.java | 2 +- 10 files changed, 358 insertions(+), 301 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttribute.java (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 1db580530..90e094a03 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -80,8 +80,6 @@ import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.client.SZRGWClient; import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; -import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java index 1a2136ebd..d4cb909d9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java @@ -33,23 +33,18 @@ import at.gv.egovernment.moa.util.Base64Utils; public class ConfigurationUtils { - public static List getTransformInfos(List transformations) { + public static List getTransformInfos(String transform) { List list = new ArrayList(); - - for (TransformsInfoType e1 : transformations) { - - try { - String transform = new String(e1.getTransformation(), "UTF-8"); - String encoded = new String(Base64Utils.decode(transform, false), "UTF-8"); - list.add(encoded); - - } catch (UnsupportedEncodingException e) { - Logger.warn("Transformation can not be loaded. An encoding error ocurs", e); - - } catch (IOException e) { - Logger.warn("Transformation can not be loaded from database.", e); - } - } + try { + String encoded = new String(Base64Utils.decode(transform, false), "UTF-8"); + list.add(encoded); + + } catch (UnsupportedEncodingException e) { + Logger.warn("Transformation can not be loaded. An encoding error ocurs", e); + + } catch (IOException e) { + Logger.warn("Transformation can not be loaded from database.", e); + } return list; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java index ccf2c5a57..e38a4f360 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java @@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.config; import java.util.Properties; -import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +import at.gv.egovernment.moa.util.MiscUtil; public abstract class ConnectionParameter implements ConnectionParameterInterface{ @@ -32,12 +32,12 @@ public abstract class ConnectionParameter implements ConnectionParameterInterfac protected static final String PROP_IDENTIFIER_KEYSTOREPASSWORD = "clientKeyStorePassword"; protected static final String PROP_IDENTIFIER_ACCEPEDSERVERCERTS = "acceptedServerCertificates"; - protected ConnectionParameterClientAuthType database; + protected String url; protected Properties prop; protected String basedirectory; - public ConnectionParameter(ConnectionParameterClientAuthType database, Properties prop, String basedirectory) { - this.database = database; + public ConnectionParameter(String url, Properties prop, String basedirectory) { + this.url = url; this.prop = prop; this.basedirectory = basedirectory; } @@ -62,16 +62,16 @@ public abstract class ConnectionParameter implements ConnectionParameterInterfac public boolean isHTTPSURL() { - if (database==null) + if (MiscUtil.isEmpty(url)) return false; else - return database.getURL().indexOf("https") == 0; + return url.indexOf("https") == 0; } public String getUrl() { - if (database == null) + if (MiscUtil.isEmpty(url)) return null; else - return database.getURL(); + return url; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java index a0b787ec5..27d72f515 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java @@ -24,16 +24,15 @@ package at.gv.egovernment.moa.id.config; import java.util.Properties; -import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; import at.gv.egovernment.moa.util.MiscUtil; public class ConnectionParameterForeign extends ConnectionParameter{ private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.foreignidentities."; - public ConnectionParameterForeign(ConnectionParameterClientAuthType database, + public ConnectionParameterForeign(String url, Properties prop, String basedirectory) { - super(database, prop, basedirectory); + super(url, prop, basedirectory); } public String getAcceptedServerCertificates() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java index 3ba1ec6c3..a96b8a8ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java @@ -24,16 +24,15 @@ package at.gv.egovernment.moa.id.config; import java.util.Properties; -import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; import at.gv.egovernment.moa.util.MiscUtil; public class ConnectionParameterMOASP extends ConnectionParameter{ private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.moasp."; - public ConnectionParameterMOASP(ConnectionParameterClientAuthType database, + public ConnectionParameterMOASP(String url, Properties prop, String basedirectory) { - super(database, prop, basedirectory); + super(url, prop, basedirectory); } public String getAcceptedServerCertificates() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java index f6ca392d1..c25d6826a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java @@ -24,16 +24,15 @@ package at.gv.egovernment.moa.id.config; import java.util.Properties; -import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; import at.gv.egovernment.moa.util.MiscUtil; public class ConnectionParameterMandate extends ConnectionParameter{ private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.onlinemandates."; - public ConnectionParameterMandate(ConnectionParameterClientAuthType database, + public ConnectionParameterMandate(String url, Properties prop, String basedirectory) { - super(database, prop, basedirectory); + super(url, prop, basedirectory); } public String getAcceptedServerCertificates() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index 378dafa23..2cd14e607 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -52,6 +52,9 @@ import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed; import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.util.config.EgovUtilPropertiesConfiguration; @@ -145,7 +148,14 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide */ @Override public Properties getConfigurationWithPrefix(String Prefix) { - return configuration.getPropertySubset(Prefix); + try { + return configuration.getPropertySubset(Prefix); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Loading property with Prefix " + Prefix + " FAILED.", e); + return new Properties(); + + } } /* (non-Javadoc) @@ -325,27 +335,20 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return the list of protocols. */ public List getLegacyAllowedProtocols() { - + + List legacy = new ArrayList(); try { - AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); - - if (authComponentGeneral.getProtocols() != null) { - Protocols procols = authComponentGeneral.getProtocols(); - if (procols.getLegacyAllowed() != null) { - LegacyAllowed legacy = procols.getLegacyAllowed(); - return legacy.getProtocolName(); - } - } - - return new ArrayList(); - - } catch (NullPointerException e) { - Logger.info("No protocols found with legacy allowed flag!"); - return new ArrayList(); - } catch (ConfigurationException e) { - return new ArrayList(); + if (configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_LEGACY, false)) + legacy.add(SAML1Protocol.PATH); + + if (configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_LEGACY, false)) + legacy.add(PVP2XProtocol.PATH); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Load legacy protocol configuration property FAILED.", e); + } - + return legacy; } /** @@ -355,7 +358,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return an OAAuthParameter, or null if none is applicable */ public OAAuthParameter getOnlineApplicationParameter(String oaURL) { - + //TODO: update!!!!! OnlineApplication oa = getActiveOnlineApplication(oaURL); if (oa == null) { Logger.warn("Online application with identifier " + oaURL + " is not found."); @@ -372,7 +375,14 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}. */ public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException { - return getVerifyAuthBlock().getTrustProfileID(); + try { + return configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("AuthBlock validation trustprofile can not be read from configuration.", e); + return null; + } } /** @@ -382,7 +392,14 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}. */ public List getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { - return getVerifyAuthBlock().getVerifyTransformsInfoProfileID(); + try { + return Arrays.asList(configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_AUTHBLOCK_TRANSFORM)); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("AuthBlock transformation can not be read from configuration.", e); + return null; + } } /** @@ -393,14 +410,21 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide */ public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException { ConnectionParameter result = null; - AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); - MOASP moasp = authComponentGeneral.getMOASP(); - if (moasp != null) { - ConnectionParameterClientAuthType connectionParameter = moasp.getConnectionParameter(); - if (connectionParameter != null) { - result = new ConnectionParameterMOASP(moasp.getConnectionParameter(), this.getProperties(), this.getRootConfigFileDir()); + String moaspURL; + try { + moaspURL = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_URL); + if (moaspURL != null) { + result = + new ConnectionParameterMOASP(moaspURL, this.getProperties(), this.getRootConfigFileDir()); + } + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Loading MOA-SP Service URL from configuration FAILED.", e); + } + return result; } @@ -411,15 +435,23 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}. */ public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException { - - AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); - ForeignIdentities foreign = authComponentGeneral.getForeignIdentities(); - if (foreign != null) { - return new ConnectionParameterForeign(foreign.getConnectionParameter(), this.getProperties(), this.getRootConfigFileDir()); - } else { - Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found"); - return null; + ConnectionParameter result = null; + String serviceURL; + try { + serviceURL = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL); + if (serviceURL != null) { + result = + new ConnectionParameterForeign(serviceURL, this.getProperties(), this.getRootConfigFileDir()); + + } + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Loading SZRGW Service URL from configuration FAILED.", e); + } + + return result; } /** @@ -429,13 +461,23 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} */ public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException { - - AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); - OnlineMandates ovs = authComponentGeneral.getOnlineMandates(); - if (ovs != null) { - return new ConnectionParameterMandate(ovs.getConnectionParameter(), this.getProperties(), this.getRootConfigFileDir()); + ConnectionParameter result = null; + String serviceURL; + try { + serviceURL = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL); + if (serviceURL != null) { + result = + new ConnectionParameterMandate(serviceURL, this.getProperties(), this.getRootConfigFileDir()); + + } + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Loading SZRGW Service URL from configuration FAILED.", e); + } - return null; + + return result; } /** @@ -445,20 +487,14 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link VerifyIdentityLink}. */ public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException { - - String result = null; - AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); - MOASP moasp = authComponentGeneral.getMOASP(); - if (moasp != null) { - VerifyIdentityLink verifyIdentityLink = moasp.getVerifyIdentityLink(); - if (verifyIdentityLink != null) { - result = verifyIdentityLink.getTrustProfileID(); - } else { - Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation."); - throw new ConfigurationException("config.02", null); - } + try { + return configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("IdentityLink validation trustprofile can not be read from configuration.", e); + return null; } - return result; } /** @@ -468,22 +504,27 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link SecurityLayer}. */ public List getTransformsInfos() throws ConfigurationException { + try { + String securityLayer = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64); + if (securityLayer != null) { + List result = ConfigurationUtils.getTransformInfos(securityLayer); + + if (result == null || result.isEmpty()) { + Logger.error("No Security-Layer Transformation found."); + throw new ConfigurationException("config.05", new Object[] { "Security-Layer Transformation" }); + } + return result; - AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); - SecurityLayer securityLayer = authComponentGeneral.getSecurityLayer(); - if (securityLayer != null) { - - List result = ConfigurationUtils.getTransformInfos(securityLayer.getTransformsInfo()); - - if (result == null || result.isEmpty()) { - Logger.error("No Security-Layer Transformation found."); - throw new ConfigurationException("config.05", new Object[] { "Security-Layer Transformation" }); + } else { + Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found"); + throw new ConfigurationException("config.02", null); } - return result; - - } else { - Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found"); - throw new ConfigurationException("config.02", null); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.error("No Security-Layer Transformation found."); + throw new ConfigurationException("config.05", new Object[] { "Security-Layer Transformation" }); + } } @@ -498,14 +539,6 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide ArrayList identityLinkX509SubjectNames = new ArrayList(); - AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); - - IdentityLinkSigners idlsigners = authComponentGeneral.getIdentityLinkSigners(); - if (idlsigners != null) { - Logger.debug("Load own IdentityLinkX509SubjectNames"); - identityLinkX509SubjectNames.addAll(new ArrayList(idlsigners.getX509SubjectName())); - } - String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID; for (int i = 0; i < identityLinkSignersWithoutOID.length; i++) { String identityLinkSigner = identityLinkSignersWithoutOID[i]; @@ -524,14 +557,19 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @throws ConfigurationException is never thrown */ public List getSLRequestTemplates() throws ConfigurationException { - - SLRequestTemplates templates = configuration.get(MOAIDConfigurationConstants.SLREQUEST_TEMPLATES_KEY, SLRequestTemplates.class); List templatesList = new ArrayList(); - if (templates != null) { - templatesList.add(templates.getOnlineBKU()); - templatesList.add(templates.getLocalBKU()); - templatesList.add(templates.getHandyBKU()); + try { + templatesList.add(configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL)); + templatesList.add(configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_ONLINE)); + templatesList.add(configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY)); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("SecurtiyLayer request templates are not loadable from configuration.", e); + } return templatesList; } @@ -545,25 +583,30 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @throws ConfigurationException is never thrown */ public String getSLRequestTemplates(String type) throws ConfigurationException { - - SLRequestTemplates templates = configuration.get(MOAIDConfigurationConstants.SLREQUEST_TEMPLATES_KEY, SLRequestTemplates.class); String slRequestTemplate = null; - if (templates != null) { + try { switch (type) { case IOAAuthParameters.ONLINEBKU: - slRequestTemplate = templates.getOnlineBKU(); + slRequestTemplate = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_ONLINE); break; case IOAAuthParameters.LOCALBKU: - slRequestTemplate = templates.getLocalBKU(); + slRequestTemplate = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL); break; case IOAAuthParameters.HANDYBKU: - slRequestTemplate = templates.getHandyBKU(); + slRequestTemplate = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY); break; default: Logger.warn("getSLRequestTemplates: BKU Type does not match: " + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); } + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("SecurtiyLayer request templates are not loadable from configuration.", e); + } return slRequestTemplate; } @@ -575,14 +618,18 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @throws ConfigurationException is never thrown */ public List getDefaultBKUURLs() throws ConfigurationException { - - DefaultBKUs bkuurls = configuration.get(MOAIDConfigurationConstants.DEFAULT_BKUS_KEY, DefaultBKUs.class); List bkuurlsList = new ArrayList(); - - if (bkuurls != null) { - bkuurlsList.add(bkuurls.getOnlineBKU()); - bkuurlsList.add(bkuurls.getLocalBKU()); - bkuurlsList.add(bkuurls.getHandyBKU()); + try { + bkuurlsList.add(configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_ONLINE)); + bkuurlsList.add(configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_LOCAL)); + bkuurlsList.add(configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_HANDY)); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("BKU URLs are not loadable from configuration.", e); + } return bkuurlsList; } @@ -596,25 +643,29 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @throws ConfigurationException is never thrown */ public String getDefaultBKUURL(String type) throws ConfigurationException { - - DefaultBKUs bkuurls = configuration.get(MOAIDConfigurationConstants.DEFAULT_BKUS_KEY, DefaultBKUs.class); String defaultBKUUrl = null; - - if (bkuurls != null) { + try { switch (type) { case IOAAuthParameters.ONLINEBKU: - defaultBKUUrl = bkuurls.getOnlineBKU(); + defaultBKUUrl = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_ONLINE); break; case IOAAuthParameters.LOCALBKU: - defaultBKUUrl = bkuurls.getLocalBKU(); + defaultBKUUrl = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_LOCAL); break; case IOAAuthParameters.HANDYBKU: - defaultBKUUrl = bkuurls.getHandyBKU(); + defaultBKUUrl = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_HANDY); break; default: Logger.warn("getDefaultBKUURL: BKU Type does not match: " + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); } + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("BKU URLs are not loadable from configuration.", e); + } return defaultBKUUrl; } @@ -626,14 +677,14 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} */ public String getSSOTagetIdentifier() throws ConfigurationException { - - AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); - - SSO sso = authComponentGeneral.getSSO(); - if (sso != null) { - return sso.getTarget(); + try { + return configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Single Sign-On Target can not be read from configuration.", e); + return null; } - return null; } /** @@ -642,22 +693,14 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return the SSOFriendlyName or a default String */ public String getSSOFriendlyName() { - - AuthComponentGeneral authComponentGeneral; - String defaultValue = "Default MOA-ID friendly name for SSO"; try { - authComponentGeneral = getAuthComponentGeneral(); - } catch (ConfigurationException e) { - return defaultValue; - } - - SSO sso = authComponentGeneral.getSSO(); - if (sso != null) { - if (MiscUtil.isEmpty(sso.getFriendlyName())) { - return sso.getFriendlyName(); - } + return configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, "Default MOA-ID friendly name for SSO"); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Single Sign-On FriendlyName can not be read from configuration.", e); + return "Default MOA-ID friendly name for SSO"; } - return defaultValue; } /** @@ -666,20 +709,15 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return the SSOSpecialText or an empty String */ public String getSSOSpecialText() { - - AuthComponentGeneral authComponentGeneral; try { - authComponentGeneral = getAuthComponentGeneral(); - } catch (ConfigurationException e) { - return new String(); - } - - SSO sso = authComponentGeneral.getSSO(); - if (sso != null) { - String text = sso.getSpecialText(); + String text = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_SSO_AUTHBLOCK_TEXT); return MiscUtil.isEmpty(text) ? new String() : text; + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Single Sign-On AuthBlockText can not be read from configuration.", e); + return new String(); } - return new String(); } /** @@ -762,22 +800,14 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return the PublicURLPrefix or {@code null} */ public String getPublicURLPrefix() { - - AuthComponentGeneral authComponentGeneral; try { - authComponentGeneral = getAuthComponentGeneral(); - } catch (ConfigurationException e) { + return configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX); + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("MOA-ID PublicURLPrefix can not be read from configuration.", e); return null; } - - String publicURLPreFix = null; - GeneralConfiguration generalConfiguration = authComponentGeneral.getGeneralConfiguration(); - if (generalConfiguration != null && MiscUtil.isNotEmpty(generalConfiguration.getPublicURLPreFix())) { - publicURLPreFix = generalConfiguration.getPublicURLPreFix(); - } else { - Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined."); - } - return publicURLPreFix; } /** @@ -803,15 +833,22 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} */ public STORKConfig getStorkConfig() throws ConfigurationException { - STORKConfig result = null; - AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); - ForeignIdentities foreign = authComponentGeneral.getForeignIdentities(); - if (foreign == null) { - Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); - } else { - result = new STORKConfig(foreign.getSTORK(), this.getProperties(), this.getRootConfigFileDir()); + try { + Properties storkProps = configuration.getPropertySubset( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK); + if (storkProps == null) { + Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); + + } else { + result = new STORKConfig(this.getProperties(), this.getRootConfigFileDir()); + + } + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("MOA-ID PublicURLPrefix can not be read from configuration.", e); + } + return result; } @@ -831,32 +868,32 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide // return authComponentGeneral; // } - /** - * Returns the {@link VerifyAuthBlock}. - * - * @return the {@link VerifyAuthBlock}. - * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}. - */ - private VerifyAuthBlock getVerifyAuthBlock() throws ConfigurationException { - - AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); - MOASP moasp = authComponentGeneral.getMOASP(); - if (moasp != null) { - VerifyAuthBlock vab = moasp.getVerifyAuthBlock(); - if (vab != null) { - VerifyAuthBlock verifyIdl = new VerifyAuthBlock(); - verifyIdl.setTrustProfileID(vab.getTrustProfileID()); - verifyIdl.setVerifyTransformsInfoProfileID(new ArrayList(vab.getVerifyTransformsInfoProfileID())); - return verifyIdl; - } else { - Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation."); - throw new ConfigurationException("config.02", null); - } - } else { - Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found"); - throw new ConfigurationException("config.02", null); - } - } +// /** +// * Returns the {@link VerifyAuthBlock}. +// * +// * @return the {@link VerifyAuthBlock}. +// * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}. +// */ +// private VerifyAuthBlock getVerifyAuthBlock() throws ConfigurationException { +// +// AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); +// MOASP moasp = authComponentGeneral.getMOASP(); +// if (moasp != null) { +// VerifyAuthBlock vab = moasp.getVerifyAuthBlock(); +// if (vab != null) { +// VerifyAuthBlock verifyIdl = new VerifyAuthBlock(); +// verifyIdl.setTrustProfileID(vab.getTrustProfileID()); +// verifyIdl.setVerifyTransformsInfoProfileID(new ArrayList(vab.getVerifyTransformsInfoProfileID())); +// return verifyIdl; +// } else { +// Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation."); +// throw new ConfigurationException("config.02", null); +// } +// } else { +// Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found"); +// throw new ConfigurationException("config.02", null); +// } +// } /** * Small helper method. NOTE: may return empty properties, but never {@code null}. @@ -884,19 +921,11 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide public boolean isTrustmanagerrevoationchecking() { try { - AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); - GeneralConfiguration generalConfiguration = authComponentGeneral.getGeneralConfiguration(); - if (generalConfiguration != null && generalConfiguration.isTrustManagerRevocationChecking() != null) { + return configuration.getBooleanValue( + MOAIDConfigurationConstants.GENERAL_AUTH_REVOCATIONCHECKING, + TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT); - return generalConfiguration.isTrustManagerRevocationChecking(); - - } else { - Logger.warn("No TrustMangerRevoationChecking defined. Use default value = " - + String.valueOf(TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT).toUpperCase()); - return TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT; - } - - } catch (ConfigurationException e) { + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { return TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT; } } @@ -908,25 +937,42 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide */ @Override public String getCertstoreDirectory() { - try { - AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral(); - GeneralConfiguration generalConfiguration = authComponentGeneral.getGeneralConfiguration(); - if (generalConfiguration != null) { - return (rootConfigFileDir + generalConfiguration.getCertStoreDirectory()); - } else { + String path = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL); + if (MiscUtil.isNotEmpty(path)) + return path; + + else { Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined."); return null; + } - - } catch (ConfigurationException e) { + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined.", e); return null; } } @Override public String getTrustedCACertificates() { - return (String) configuration.get(MOAIDConfigurationConstants.TRUSTED_CERTIFICATES_KEY, String.class); + try { + String path = configuration.getStringValue( + MOAIDConfigurationConstants.GENERAL_AUTH_TRUSTSTORE_URL); + if (MiscUtil.isNotEmpty(path)) + return path; + + else { + Logger.warn("Error in MOA-ID Configuration. No TrustStoreDirectory defined."); + return null; + + } + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.warn("Error in MOA-ID Configuration. No TrustStoreDirectory defined.", e); + return null; + } } /** @@ -936,14 +982,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide */ @Override public String getDefaultChainingMode() { - - ChainingModes chainingModes = (ChainingModes) configuration.get(MOAIDConfigurationConstants.CHAINING_MODES_KEY, ChainingModes.class); - if (chainingModes != null) { - return chainingModes.getSystemDefaultMode().value(); - } - - Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found."); - return null; + return "pkix"; } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 136b40295..81caa13ee 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -25,7 +25,6 @@ */ package at.gv.egovernment.moa.id.config.stork; -import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; import java.util.ArrayList; @@ -33,16 +32,13 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Properties; +import java.util.Set; -import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter; -import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; -import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; -import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.xml.sax.SAXException; - -import javax.xml.parsers.ParserConfigurationException; /** * Encapsulates several STORK configuration parameters according MOA configuration @@ -60,57 +56,62 @@ public class STORKConfig { private List attr = null; - public STORKConfig(STORK stork, Properties props, String basedirectory) { + public STORKConfig(Properties props, String basedirectory) throws ConfigurationException { this.basedirectory = basedirectory; this.props = props; //create CPEPS map - //List cpeps = stork.getCPEPS(); - List cpeps = new ArrayList(); // TODO Change this - - try { - cpeps = stork.getCPEPS(); - - } catch (NullPointerException ex) { - Logger.error("CPEPS not configured!"); + List cpeps = new ArrayList(); + + Properties storkCPEPSProps = + AuthConfigurationProviderFactory.getInstance().getConfigurationWithPrefix( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST); + if (storkCPEPSProps != null) { + Set keyValues = storkCPEPSProps.keySet(); + for (Object elObj : keyValues) { + if (elObj instanceof String) { + String el = (String) elObj; + if (el.endsWith(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY)) { + int index = el.indexOf("."); + String listCounter = el.substring(0, index); + try { + CPEPS moacpep = + new CPEPS(storkCPEPSProps.getProperty(listCounter + "." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY), + new URL(storkCPEPSProps.getProperty(listCounter + "." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL)), + Boolean.valueOf(storkCPEPSProps.getProperty(listCounter + "." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_SUPPORT_XMLDSIG))); + cpepsMap.put(moacpep.getCountryCode(), moacpep); + + } catch (MalformedURLException e) { + Logger.warn("CPEPS URL " + + storkCPEPSProps.getProperty(listCounter + "." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL) + + " are not parseable.", e); + + } + } + } + } + } + + attr = new ArrayList(); + Properties storkAttributeProps = + AuthConfigurationProviderFactory.getInstance().getConfigurationWithPrefix( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST); + if (storkAttributeProps != null) { + Set keyValues = storkAttributeProps.keySet(); + for (Object elObj : keyValues) { + if (elObj instanceof String) { + String el = (String) elObj; + if (el.endsWith(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME)) { + int index = el.indexOf("."); + String listCounter = el.substring(0, index); + StorkAttribute moaStorkAttr = + new StorkAttribute(storkAttributeProps.getProperty(listCounter + "." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME), + Boolean.valueOf(storkAttributeProps.getProperty(listCounter + "." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY))); + attr.add(moaStorkAttr); + } + } + } } - - cpepsMap = new HashMap(); - - if (cpeps != null) { - for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) { - - try { - CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL()), cpep.isSupportsXMLSignature()); - - cpepsMap.put(cpep.getCountryCode(), moacpep); - - } catch (MalformedURLException e) { - Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " - + cpep.getCountryCode() + " has an invalid URL and is ignored."); - } - } - /*catch (ParserConfigurationException e) { - Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " - + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); - } catch (SAXException e) { - Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " - + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); - } catch (IOException e) { - Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " - + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); - } catch (MessageEncodingException e) { - Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " - + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); - }*/ - } - attr = new ArrayList(); - if (stork != null && stork.getAttributes() != null) { - for(StorkAttribute current : stork.getAttributes()) { - attr.add(current); - } - } - } public SignatureCreationParameter getSignatureCreationParameter() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttribute.java new file mode 100644 index 000000000..87ec7fb0c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttribute.java @@ -0,0 +1,27 @@ +package at.gv.egovernment.moa.id.config.stork; + +public class StorkAttribute { + + protected Boolean mandatory; + protected String name; + + public StorkAttribute(String name, boolean mandatory) { + this.name = name; + this.mandatory = mandatory; + } + + public Boolean getMandatory() { + return mandatory; + } + public void setMandatory(Boolean mandatory) { + this.mandatory = mandatory; + } + public String getName() { + return name; + } + public void setName(String name) { + this.name = name; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java index 5dad3771d..2915ff683 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java @@ -68,7 +68,7 @@ public class MOASAMLSOAPClient { AuthConfigurationProviderFactory.getInstance().getCertstoreDirectory(), AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(), null, - ChainingModeType.fromValue(AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode()), + AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking()); clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory ); -- cgit v1.2.3