From 642fe4866c23e1a25b0316f12f0028c9f0673c3d Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Wed, 8 May 2013 11:22:25 +0200 Subject: Added pvp2 configuration file --- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 1 + .../protocols/pvp2x/binding/ArtifactBinding.java | 56 ++--------- .../id/protocols/pvp2x/binding/PostBinding.java | 111 ++++++--------------- .../protocols/pvp2x/binding/RedirectBinding.java | 63 ++---------- .../id/protocols/pvp2x/binding/SoapBinding.java | 77 ++++++++++++++ .../protocols/pvp2x/config/PVPConfiguration.java | 63 ++++++++++++ .../pvp2x/metadata/MOAMetadataProvider.java | 4 +- .../pvp2x/requestHandler/ArtifactResolution.java | 42 ++++++++ .../pvp2x/requestHandler/AuthnRequestHandler.java | 10 +- .../pvp2x/requestHandler/IRequestHandler.java | 3 +- .../pvp2x/requestHandler/RequestManager.java | 3 +- .../protocols/pvp2x/signer/CredentialProvider.java | 52 ++++++++++ .../signer/CredentialsNotAvailableException.java | 17 ++++ 13 files changed, 310 insertions(+), 192 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java (limited to 'id/server/idserverlib/src') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index feaf59cb2..673b65243 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -47,6 +47,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { public static final String REDIRECT = "Redirect"; public static final String POST = "Post"; + public static final String SOAP = "Soap"; private static List servletList = new ArrayList(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java index a7b4a5bc7..8f83812a6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java @@ -1,14 +1,10 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding; -import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; -import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; import java.security.UnrecoverableKeyException; -import java.security.cert.Certificate; import java.security.cert.CertificateException; import javax.servlet.http.HttpServletRequest; @@ -19,7 +15,6 @@ import org.apache.velocity.runtime.RuntimeConstants; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder; -import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.metadata.SingleSignOnService; @@ -28,13 +23,12 @@ import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.BasicCredential; -import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.signature.Signature; -import org.opensaml.xml.signature.SignatureConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; public class ArtifactBinding implements IDecoder, IEncoder { @@ -48,30 +42,13 @@ public class ArtifactBinding implements IDecoder, IEncoder { public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, StatusResponseType response, String targetLocation) throws MessageEncodingException, SecurityException { - KeyStore keyStore; - try { - keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); - - FileInputStream inputStream = new FileInputStream( - "/home/afitzek/server/moaid_conf/moaid/pvp.ks"); - keyStore.load(inputStream, "123456".toCharArray()); - inputStream.close(); - - BasicCredential credentials = new BasicCredential(); - PrivateKey key = (PrivateKey) keyStore.getKey("pvpIDP", - "123456".toCharArray()); - Certificate cert = keyStore.getCertificate("pvpIDP"); - credentials.setPublicKey(cert.getPublicKey()); - credentials.setPrivateKey(key); - credentials.setUsageType(UsageType.SIGNING); - - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(credentials); + Credential credentials = CredentialProvider + .getIDPSigningCredential(); + Signature signer = CredentialProvider.getIDPSignature(credentials); response.setSignature(signer); + VelocityEngine engine = new VelocityEngine(); engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); @@ -100,24 +77,9 @@ public class ArtifactBinding implements IDecoder, IEncoder { context.setOutboundMessageTransport(responseAdapter); encoder.encode(context); - } catch (KeyStoreException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (FileNotFoundException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (NoSuchAlgorithmException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (CertificateException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (UnrecoverableKeyException e) { - // TODO Auto-generated catch block + } catch (CredentialsNotAvailableException e) { e.printStackTrace(); + throw new SecurityException(e); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index 38be055be..c7d779fa2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -1,16 +1,5 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.UnrecoverableKeyException; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -31,49 +20,31 @@ import org.opensaml.ws.transport.http.HttpServletRequestAdapter; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.BasicCredential; -import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.signature.Signature; -import org.opensaml.xml.signature.SignatureConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; public class PostBinding implements IDecoder, IEncoder { public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation) throws MessageEncodingException, - SecurityException{ + RequestAbstractType request, String targetLocation) + throws MessageEncodingException, SecurityException { // TODO Auto-generated method stub - + } public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, - StatusResponseType response, String targetLocation) throws MessageEncodingException, - SecurityException{ - KeyStore keyStore; + StatusResponseType response, String targetLocation) + throws MessageEncodingException, SecurityException { try { - keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); - - FileInputStream inputStream = new FileInputStream( - "/home/afitzek/server/moaid_conf/moaid/pvp.ks"); - keyStore.load(inputStream, "123456".toCharArray()); - inputStream.close(); - - BasicCredential credentials = new BasicCredential(); - PrivateKey key = (PrivateKey) keyStore.getKey("pvpIDP", - "123456".toCharArray()); - Certificate cert = keyStore.getCertificate("pvpIDP"); - credentials.setPublicKey(cert.getPublicKey()); - credentials.setPrivateKey(key); - credentials.setUsageType(UsageType.SIGNING); - - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(credentials); + Credential credentials = CredentialProvider + .getIDPSigningCredential(); + Signature signer = CredentialProvider.getIDPSignature(credentials); response.setSignature(signer); VelocityEngine engine = new VelocityEngine(); @@ -81,11 +52,11 @@ public class PostBinding implements IDecoder, IEncoder { engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); - engine.setProperty("classpath.resource.loader.class", + engine.setProperty("classpath.resource.loader.class", "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); engine.init(); - - HTTPPostEncoder encoder = new HTTPPostEncoder(engine, + + HTTPPostEncoder encoder = new HTTPPostEncoder(engine, "resources/templates/pvp_postbinding_template.html"); HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( resp, true); @@ -101,68 +72,46 @@ public class PostBinding implements IDecoder, IEncoder { context.setOutboundMessageTransport(responseAdapter); encoder.encode(context); - } catch (KeyStoreException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (FileNotFoundException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (NoSuchAlgorithmException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (CertificateException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (UnrecoverableKeyException e) { - // TODO Auto-generated catch block + } catch (CredentialsNotAvailableException e) { e.printStackTrace(); + throw new SecurityException(e); } } public MOARequest decodeRequest(HttpServletRequest req, HttpServletResponse resp) throws MessageDecodingException, - SecurityException{ - - - + SecurityException { + HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); - BasicSAMLMessageContext messageContext = - new BasicSAMLMessageContext(); + BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter( - req)); + .setInboundMessageTransport(new HttpServletRequestAdapter(req)); decode.decode(messageContext); RequestAbstractType inboundMessage = (RequestAbstractType) messageContext .getInboundMessage(); - + MOARequest request = new MOARequest(inboundMessage); - + return request; - + } public MOAResponse decodeRespone(HttpServletRequest req, HttpServletResponse resp) throws MessageDecodingException, - SecurityException{ - + SecurityException { + HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); - BasicSAMLMessageContext messageContext = - new BasicSAMLMessageContext(); + BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter( - req)); + .setInboundMessageTransport(new HttpServletRequestAdapter(req)); decode.decode(messageContext); - Response inboundMessage = (Response) messageContext - .getInboundMessage(); - + Response inboundMessage = (Response) messageContext.getInboundMessage(); + MOAResponse moaResponse = new MOAResponse(inboundMessage); return moaResponse; - + } public boolean handleDecode(String action) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 2cae67e97..92a6b6002 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -1,16 +1,5 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.UnrecoverableKeyException; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -35,14 +24,13 @@ import org.opensaml.ws.transport.http.HttpServletRequestAdapter; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.BasicCredential; -import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.signature.Signature; -import org.opensaml.xml.signature.SignatureConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; public class RedirectBinding implements IDecoder, IEncoder { @@ -56,30 +44,13 @@ public class RedirectBinding implements IDecoder, IEncoder { public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, StatusResponseType response, String targetLocation) throws MessageEncodingException, SecurityException { - KeyStore keyStore; - try { - keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); - - FileInputStream inputStream = new FileInputStream( - "/home/afitzek/server/moaid_conf/moaid/pvp.ks"); - keyStore.load(inputStream, "123456".toCharArray()); - inputStream.close(); - - BasicCredential credentials = new BasicCredential(); - PrivateKey key = (PrivateKey) keyStore.getKey("pvpIDP", - "123456".toCharArray()); - Certificate cert = keyStore.getCertificate("pvpIDP"); - credentials.setPublicKey(cert.getPublicKey()); - credentials.setPrivateKey(key); - credentials.setUsageType(UsageType.SIGNING); - - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(credentials); + Credential credentials = CredentialProvider + .getIDPSigningCredential(); + Signature signer = CredentialProvider.getIDPSignature(credentials); response.setSignature(signer); + HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( @@ -96,26 +67,10 @@ public class RedirectBinding implements IDecoder, IEncoder { context.setOutboundMessageTransport(responseAdapter); encoder.encode(context); - } catch (KeyStoreException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (FileNotFoundException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (NoSuchAlgorithmException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (CertificateException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (UnrecoverableKeyException e) { - // TODO Auto-generated catch block + } catch (CredentialsNotAvailableException e) { e.printStackTrace(); + throw new SecurityException(e); } - } public MOARequest decodeRequest(HttpServletRequest req, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java new file mode 100644 index 000000000..027dab15a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java @@ -0,0 +1,77 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.xml.security.SecurityException; + +import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; + +public class SoapBinding implements IDecoder, IEncoder { + + public MOARequest decodeRequest(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(); + BasicSAMLMessageContext messageContext = + new BasicSAMLMessageContext(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter( + req)); + soapDecoder.decode(messageContext); + + RequestAbstractType inboundMessage = (RequestAbstractType) messageContext + .getInboundMessage(); + + MOARequest request = new MOARequest(inboundMessage); + + return request; + } + + public MOAResponse decodeRespone(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(); + BasicSAMLMessageContext messageContext = + new BasicSAMLMessageContext(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter( + req)); + soapDecoder.decode(messageContext); + + Response inboundMessage = (Response) messageContext + .getInboundMessage(); + + MOAResponse moaResponse = new MOAResponse(inboundMessage); + return moaResponse; + } + + public boolean handleDecode(String action) { + return (action.equals(PVP2XProtocol.SOAP)); + } + + public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, + RequestAbstractType request, String targetLocation) + throws MessageEncodingException, SecurityException { + // TODO Auto-generated method stub + + } + + public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, + StatusResponseType response, String targetLocation) + throws MessageEncodingException, SecurityException { + HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java new file mode 100644 index 000000000..5ec852d46 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -0,0 +1,63 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.config; + +import java.io.File; +import java.io.FileInputStream; +import java.util.Properties; + +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.logging.Logger; + +public class PVPConfiguration { + private static PVPConfiguration instance; + + public static PVPConfiguration getInstance() { + if(instance == null) { + instance = new PVPConfiguration(); + } + return instance; + } + + public static final String PVP_CONFIG_FILE = "pvp2config.properties"; + public static final String IDP_JAVAKEYSTORE = "idp.ks.file"; + public static final String IDP_KEYALIAS = "idp.ks.alias"; + public static final String IDP_KS_PASS = "idp.ks.kspassword"; + public static final String IDP_KEY_PASS = "idp.ks.keypassword"; + public static final String METADATA_FILE = "md.file"; + + Properties props = new Properties(); + + private PVPConfiguration() { + try { + String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); + String pathName = (new File(fileName)).getParent(); + String configFile = pathName + File.pathSeparator + PVP_CONFIG_FILE; + + Logger.info("PVP Config file " + configFile); + FileInputStream is = new FileInputStream(configFile); + props.load(is); + is.close(); + } catch(Exception e) { + e.printStackTrace(); + } + } + + public String getIDPKeyStoreFilename() { + return props.getProperty(IDP_JAVAKEYSTORE); + } + + public String getIDPKeyStorePassword() { + return props.getProperty(IDP_KS_PASS); + } + + public String getIDPKeyAlias() { + return props.getProperty(IDP_KEYALIAS); + } + + public String getIDPKeyPassword() { + return props.getProperty(IDP_KEY_PASS); + } + + public String getMetadataFile() { + return props.getProperty(METADATA_FILE); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 346883a94..94741df73 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -15,6 +15,8 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.xml.XMLObject; import org.opensaml.xml.parse.BasicParserPool; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; + public class MOAMetadataProvider implements MetadataProvider { MetadataProvider internalProvider; @@ -24,7 +26,7 @@ public class MOAMetadataProvider implements MetadataProvider { public MOAMetadataProvider() throws MetadataProviderException { FilesystemMetadataProvider fsProvider = new FilesystemMetadataProvider( - new File(MD_FILE)); + new File(PVPConfiguration.getInstance().getMetadataFile())); fsProvider.setParserPool(new BasicParserPool()); internalProvider = fsProvider; fsProvider.initialize(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java new file mode 100644 index 000000000..3d2bd33b0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java @@ -0,0 +1,42 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.joda.time.DateTime; +import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry; +import org.opensaml.saml2.core.ArtifactResolve; +import org.opensaml.saml2.core.ArtifactResponse; + +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; + +public class ArtifactResolution implements IRequestHandler { + + public boolean handleObject(MOARequest obj) { + return (obj.getSamlRequest() instanceof ArtifactResolve); + } + + public void process(MOARequest obj, HttpServletRequest req, + HttpServletResponse resp) { + if(!handleObject(obj)) { + // TODO: throw exception + return; + } + + ArtifactResolve artifactResolve = (ArtifactResolve)obj.getSamlRequest(); + String artifactID = artifactResolve.getArtifact().getArtifact(); + + PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance(); + if(!pvpAssertion.contains(artifactID)) { + // TODO: send not found ... + } else { + SAMLArtifactMapEntry assertion = pvpAssertion.get(artifactID); + ArtifactResponse response = SAML2Utils.createSAMLObject(ArtifactResponse.class); + response.setMessage(assertion.getSamlMessage()); + response.setIssueInstant(new DateTime()); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 27e248081..5fc1dc785 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -17,6 +17,7 @@ import org.opensaml.saml2.core.Subject; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; +import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; @@ -32,10 +33,9 @@ public class AuthnRequestHandler implements IRequestHandler { } public void process(MOARequest obj, HttpServletRequest req, - HttpServletResponse resp) { + HttpServletResponse resp) throws MOAIDException { if(!handleObject(obj)) { - // TODO: throw exception - return; + throw new MOAIDException("INVALID HANDLER SELECETED", null); } AuthnRequest authnRequest = (AuthnRequest)obj.getSamlRequest(); @@ -95,14 +95,10 @@ public class AuthnRequestHandler implements IRequestHandler { try { binding.encodeRespone(req, resp, authResponse, oaURL); } catch (MessageEncodingException e) { - // TODO Auto-generated catch block - e.printStackTrace(); } catch (SecurityException e) { // TODO Auto-generated catch block e.printStackTrace(); } - - System.out.println("AuthnRequest"); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java index a971df93b..002713f79 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java @@ -3,11 +3,12 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; public interface IRequestHandler { public boolean handleObject(MOARequest obj); public void process(MOARequest obj, HttpServletRequest req, - HttpServletResponse resp); + HttpServletResponse resp) throws MOAIDException; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java index 3f1049482..0e5fa9b1e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java @@ -7,6 +7,7 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.protocols.pvp2x.SAMLRequestNotSupported; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; @@ -29,7 +30,7 @@ public class RequestManager { } public void handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp) - throws SAMLRequestNotSupported { + throws SAMLRequestNotSupported, MOAIDException { Iterator it = handler.iterator(); while(it.hasNext()) { IRequestHandler handler = it.next(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java new file mode 100644 index 000000000..ec65f6bce --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java @@ -0,0 +1,52 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.signer; + +import java.io.FileInputStream; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.cert.Certificate; + +import org.opensaml.xml.security.credential.BasicCredential; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; + +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; + +public class CredentialProvider { + public static Credential getIDPSigningCredential() throws CredentialsNotAvailableException { + KeyStore keyStore; + PVPConfiguration config = PVPConfiguration.getInstance(); + try { + keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); + + FileInputStream inputStream = new FileInputStream( + config.getIDPKeyStoreFilename()); + keyStore.load(inputStream, config.getIDPKeyStorePassword().toCharArray()); + inputStream.close(); + + BasicCredential credentials = new BasicCredential(); + PrivateKey key = (PrivateKey) keyStore.getKey(config.getIDPKeyAlias(), + config.getIDPKeyPassword().toCharArray()); + Certificate cert = keyStore.getCertificate(config.getIDPKeyAlias()); + credentials.setPublicKey(cert.getPublicKey()); + credentials.setPrivateKey(key); + credentials.setUsageType(UsageType.SIGNING); + return credentials; + } catch(Exception e) { + Logger.error("Failed to generate IDP Signing credentials"); + e.printStackTrace(); + throw new CredentialsNotAvailableException(e.getMessage(), null); + } + } + + public static Signature getIDPSignature(Credential credentials) { + Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(credentials); + return signer; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java new file mode 100644 index 000000000..56864bc1f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.signer; + +import at.gv.egovernment.moa.id.MOAIDException; + +public class CredentialsNotAvailableException extends MOAIDException { + + public CredentialsNotAvailableException(String messageId, + Object[] parameters) { + super(messageId, parameters); + } + + /** + * + */ + private static final long serialVersionUID = -2564476345552842599L; + +} -- cgit v1.2.3