From 2c82d41a98e2617088cdcf3db72b40d9747ae292 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 26 Sep 2013 08:05:52 +0200 Subject: Features: -- Add additional parameters to customize BKUSelectionForm and SendAssertionForm -- change Target configuration -- insert some logging Bugfixes: -- Nullpointerexceptions in combination of an old userdatabase entry and a actual configuration tool version --- .../moa/id/auth/AuthenticationServer.java | 93 +++++++--------------- .../auth/builder/GetIdentityLinkFormBuilder.java | 17 +++- .../moa/id/auth/builder/LoginFormBuilder.java | 36 ++++++++- .../moa/id/auth/builder/SelectBKUFormBuilder.java | 87 -------------------- .../id/auth/builder/SendAssertionFormBuilder.java | 17 +++- .../moa/id/auth/data/AuthenticationSession.java | 2 - .../servlet/GenerateIFrameTemplateServlet.java | 6 ++ .../id/config/auth/AuthConfigurationProvider.java | 10 --- .../moa/id/config/auth/OAAuthParameter.java | 39 +++++++++ .../id/config/legacy/BuildFromLegacyConfig.java | 39 ++------- .../moa/id/moduls/AuthenticationManager.java | 4 +- .../gv/egovernment/moa/id/moduls/SSOManager.java | 4 +- .../moa/id/monitoring/DatabaseTestModule.java | 54 +++++++++---- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 8 +- .../protocols/pvp2x/binding/ArtifactBinding.java | 7 +- .../pvp2x/requestHandler/AuthnRequestHandler.java | 4 + .../moa/id/protocols/saml1/SAML1Protocol.java | 27 +------ .../resources/templates/loginFormFull.html | 35 +++----- .../resources/templates/sendAssertionFormFull.html | 6 +- .../builder/GetIdentityLinkFormBuilderTest.java | 4 +- 20 files changed, 218 insertions(+), 281 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index dec5b81cf..bda1e3bfc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.auth; import iaik.asn1.ObjectID; import iaik.pki.PKIException; -import iaik.x509.CertificateFactory; import iaik.x509.X509Certificate; import iaik.x509.X509ExtensionInitException; @@ -39,12 +38,9 @@ import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Calendar; import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Map; -import java.util.Set; import java.util.Vector; import javax.servlet.http.HttpServletRequest; @@ -75,9 +71,6 @@ import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.InfoboxValidatorParamsBuilder; -import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; -import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder; import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; @@ -85,16 +78,12 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; -import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet; import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; @@ -111,16 +100,12 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; -import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; @@ -130,8 +115,6 @@ import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; @@ -332,32 +315,32 @@ public class AuthenticationServer implements MOAIDAuthConstants { // } // } - /** - * Method readBKUSelectTag. - * - * @param conf - * the ConfigurationProvider - * @param connParam - * the ConnectionParameter for that connection - * @return String - * @throws ConfigurationException - * on config-errors - * @throws PKIException - * on PKI errors - * @throws IOException - * on any data error - * @throws GeneralSecurityException - * on security errors - */ - private String readBKUSelectTag(ConfigurationProvider conf, - ConnectionParameter connParam) throws ConfigurationException, - PKIException, IOException, GeneralSecurityException { - - if (connParam.isHTTPSURL()) - return SSLUtils.readHttpsURL(conf, connParam); - else - return HTTPUtils.readHttpURL(connParam.getUrl()); - } +// /** +// * Method readBKUSelectTag. +// * +// * @param conf +// * the ConfigurationProvider +// * @param connParam +// * the ConnectionParameter for that connection +// * @return String +// * @throws ConfigurationException +// * on config-errors +// * @throws PKIException +// * on PKI errors +// * @throws IOException +// * on any data error +// * @throws GeneralSecurityException +// * on security errors +// */ +// private String readBKUSelectTag(ConfigurationProvider conf, +// ConnectionParameter connParam) throws ConfigurationException, +// PKIException, IOException, GeneralSecurityException { +// +// if (connParam.isHTTPSURL()) +// return SSLUtils.readHttpsURL(conf, connParam); +// else +// return HTTPUtils.readHttpURL(connParam.getUrl()); +// } /** * Processes the beginning of an authentication session. @@ -472,7 +455,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { String htmlForm = new GetIdentityLinkFormBuilder().build(template, session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest, - certInfoDataURL, pushInfobox); + certInfoDataURL, pushInfobox, oaParam); return htmlForm; } @@ -608,13 +591,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIdentityLink(identityLink); // now validate the extended infoboxes - //TODO: check correctness -// verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam -// .getProvideStammzahl()); verifyInfoboxes(session, infoboxReadResponseParameters, false); - - //TODO: make it better!! return "found!"; } @@ -760,22 +738,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { .getOnlineApplicationParameter( session.getPublicOAURLPrefix()); - //TODO: CHECK!! is moved to buildAuthenticationBlock to hold the baseID in identitylink - // if (!fromMandate) { - // BZ.., calculate bPK for signing to be already present in AuthBlock -// IdentityLink identityLink = session.getIdentityLink(); -// if (identityLink.getIdentificationType().equals( -// Constants.URN_PREFIX_BASEID)) { -// // only compute bPK if online application is a public service and we -// // have the Stammzahl -// String bpkBase64 = new BPKBuilder().buildBPK(identityLink -// .getIdentificationValue(), session.getTarget()); -// identityLink.setIdentificationValue(bpkBase64); -// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); -// } - // ..BZ - // } - // builds the AUTH-block String authBlock = buildAuthenticationBlock(session, oaParam); @@ -1924,7 +1886,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, false); - // TODO See Bug #144 // Compare AuthBlock Data with information stored in session, especially // date and time CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index bd8d52031..56cb3a3db 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -29,6 +29,8 @@ import java.io.StringReader; import java.io.StringWriter; import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.util.MiscUtil; /** * Builder for HTML form requesting the security layer implementation @@ -54,6 +56,7 @@ public class GetIdentityLinkFormBuilder extends Builder { private static final String PUSHINFOBOX_TAG = ""; /** special tag in the HTML template to be substituted for the BKU URL */ private static final String MANDATE_TAG = ""; + private static final String COLOR_TAG = ""; /** private static int all contains the representation to replace all tags*/ private static final int ALL = -1; @@ -112,6 +115,7 @@ public class GetIdentityLinkFormBuilder extends Builder { * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to; * may be null, in this case the default URL will be used * @param dataURL DataURL to be sent as a parameter in the form + * @param oaParam */ public String build( String htmlTemplate, @@ -120,7 +124,7 @@ public class GetIdentityLinkFormBuilder extends Builder { String dataURL, String certInfoXMLRequest, String certInfoDataURL, - String pushInfobox) + String pushInfobox, OAAuthParameter oaParam) throws BuildException { String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; @@ -131,6 +135,17 @@ public class GetIdentityLinkFormBuilder extends Builder { //new:wird oben mitreplaced htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL); htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest), true, ALL); htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL); + + if (oaParam != null) { + if (MiscUtil.isNotEmpty(oaParam.getBKUSelectionBackGroundColor())) + htmlForm = replaceTag(htmlForm, COLOR_TAG, oaParam.getBKUSelectionBackGroundColor(), false, ALL); + else + htmlForm = replaceTag(htmlForm, COLOR_TAG, "#DDDDDD", false, ALL); + + } else + htmlForm = replaceTag(htmlForm, COLOR_TAG, "#DDDDDD", false, ALL); + + return htmlForm; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index f90634ab4..3282036b4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -10,17 +10,24 @@ import java.net.URI; import org.apache.commons.io.IOUtils; import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.config.OAParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public class LoginFormBuilder { private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; private static final String HTMLTEMPLATEFULL = "loginFormFull.html"; + private static final String TEMPLATEBGCOLOR = "style=\"background-color: #COLOR#\""; + private static final String TEMPLATEVISIBLE = " display: none"; + private static final String TEMPLATEDISABLED = "disabled=\"true\""; + private static final String TEMPLATECHECKED = "checked=\"true\""; + private static String AUTH_URL = "#AUTH_URL#"; private static String MODUL = "#MODUL#"; private static String ACTION = "#ACTION#"; @@ -30,6 +37,12 @@ public class LoginFormBuilder { private static String BKU_LOCAL = "#LOCAL#"; private static String CONTEXTPATH = "#CONTEXTPATH#"; private static String MOASESSIONID = "#SESSIONID#"; + private static String BACKGROUNDCOLOR = "#BACKGROUNDCOLOR#"; + private static String COLOR = "#COLOR#"; + private static String MANDATEVISIBLE = "#MANDATEVISIBLE#"; + private static String MANDATECHECKED = "#MANDATECHECKED#"; + + private static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate"; @@ -79,7 +92,7 @@ public class LoginFormBuilder { return template; } - public static String buildLoginForm(String modul, String action, String oaname, String contextpath, String moaSessionID) { + public static String buildLoginForm(String modul, String action, OAAuthParameter oaParam, String contextpath, String moaSessionID) { String value = getTemplate(); if(value != null) { @@ -91,9 +104,28 @@ public class LoginFormBuilder { } value = value.replace(MODUL, modul); value = value.replace(ACTION, action); - value = value.replace(OANAME, oaname); + value = value.replace(OANAME, oaParam.getFriendlyName()); value = value.replace(CONTEXTPATH, contextpath); value = value.replace(MOASESSIONID, moaSessionID); + + String bgcolor = oaParam.getBKUSelectionBackGroundColor(); + if (MiscUtil.isNotEmpty(bgcolor)) { + value = value.replace(BACKGROUNDCOLOR, TEMPLATEBGCOLOR); + value = value.replace(COLOR, bgcolor); + } else + value = value.replace(BACKGROUNDCOLOR, ""); + + if (oaParam.isShowMandateCheckBox()) + value = value.replace(MANDATEVISIBLE, ""); + else + value = value.replace(MANDATEVISIBLE, TEMPLATEVISIBLE); + + if (oaParam.isOnlyMandateAllowed()) { + value = value.replace(MANDATECHECKED, TEMPLATECHECKED + " " + TEMPLATEDISABLED); + + } else + value = value.replace(MANDATECHECKED, ""); + } return value; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java deleted file mode 100644 index bfc86d608..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.builder; - -import at.gv.egovernment.moa.id.BuildException; - -/** - * Builder for the BKU selection form requesting the user to choose - * a BKU from a list. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SelectBKUFormBuilder extends Builder { - /** private static String NL contains the NewLine representation in Java*/ - private static final String nl = "\n"; - /** special tag in the HTML template to be substituted for the form action which is - * a URL of MOA-ID Auth */ - private static final String ACTION_TAG = ""; - /** special tag in the HTML template to be substituted for the <select;gt; tag - * containing the BKU selection options */ - private static final String SELECT_TAG = ""; - /** - * Template for the default html-code to be returned as security-layer-selection to be built - */ - private static final String DEFAULT_HTML_TEMPLATE = - "" + nl + - "" + nl + - "" + nl + - "Auswahl der Bürgerkartenumgebung" + nl + - "" + nl + - "" + nl + - "
" + nl + - SELECT_TAG + nl + - " " + nl + - "
" + nl + - "" + nl + - ""; - - /** - * Constructor - */ - public SelectBKUFormBuilder() { - super(); - } - /** - * Method build. Builds the form - * @param htmlTemplate to be used - * @param startAuthenticationURL the url where the startAuthenticationServlet can be found - * @param bkuSelectTag if a special bku should be used - * @return String - * @throws BuildException on any error - */ - public String build(String htmlTemplate, String startAuthenticationURL, String bkuSelectTag) - throws BuildException { - - String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; - htmlForm = replaceTag(htmlForm, ACTION_TAG, startAuthenticationURL, true, 1); - htmlForm = replaceTag(htmlForm, SELECT_TAG, bkuSelectTag, true, 1); - return htmlForm; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java index 3f6a7d9d6..1796af94b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java @@ -15,18 +15,23 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public class SendAssertionFormBuilder { private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; private static final String HTMLTEMPLATEFULL = "sendAssertionFormFull.html"; + private static final String TEMPLATEBGCOLOR = "style=\"background-color: #COLOR#\""; + private static String URL = "#URL#"; private static String MODUL = "#MODUL#"; private static String ACTION = "#ACTION#"; private static String ID = "#ID#"; private static String OANAME = "#OAName#"; private static String CONTEXTPATH = "#CONTEXTPATH#"; + private static String BACKGROUNDCOLOR = "#BACKGROUNDCOLOR#"; + private static String COLOR = "#COLOR#"; private static String SERVLET = CONTEXTPATH+"/SSOSendAssertionServlet"; @@ -69,7 +74,7 @@ public class SendAssertionFormBuilder { return template; } - public static String buildForm(String modul, String action, String id, String oaname, String contextpath) { + public static String buildForm(String modul, String action, String id, OAAuthParameter oaParam, String contextpath) { String value = getTemplate(); if(value != null) { @@ -82,8 +87,16 @@ public class SendAssertionFormBuilder { value = value.replace(MODUL, modul); value = value.replace(ACTION, action); value = value.replace(ID, id); - value = value.replace(OANAME, oaname); + value = value.replace(OANAME, oaParam.getFriendlyName()); value = value.replace(CONTEXTPATH, contextpath); + + String bgcolor = oaParam.getBKUSelectionBackGroundColor(); + if (MiscUtil.isNotEmpty(bgcolor)) { + value = value.replace(BACKGROUNDCOLOR, TEMPLATEBGCOLOR); + value = value.replace(COLOR, bgcolor); + } else + value = value.replace(BACKGROUNDCOLOR, ""); + } return value; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 4560e69cf..540311231 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -196,8 +196,6 @@ public class AuthenticationSession implements Serializable { */ private List extendedSAMLAttributesAUTH; - - //TODO: check if it is in use! /** * If infobox validators are needed after signing, they can be stored in * this list. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index d4484a97c..dfabfccf6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -98,6 +98,12 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { String bkuURL = oaParam.getBKUURL(bkuid); String templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid); + if (oaParam.isOnlyMandateAllowed()) + useMandate = "true"; + + if (!oaParam.isShowMandateCheckBox()) + useMandate = "false"; + //parse all OA parameters i StartAuthentificationParameterParser.parse(moasession, target, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index f2b068568..cc1a1304d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -24,16 +24,12 @@ package at.gv.egovernment.moa.id.config.auth; -import iaik.security.cipher.AESKeyGenerator; - import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.math.BigInteger; import java.net.MalformedURLException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; import java.util.ArrayList; import java.util.Date; import java.util.HashMap; @@ -41,17 +37,11 @@ import java.util.List; import java.util.Map; import java.util.Properties; -import javax.crypto.Cipher; -import javax.crypto.KeyGenerator; -import javax.crypto.NoSuchPaddingException; import javax.xml.bind.JAXBContext; -import javax.xml.bind.Marshaller; import javax.xml.bind.Unmarshaller; -import org.apache.commons.io.CopyUtils; import org.hibernate.cfg.Configuration; - import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 99d15a612..d2a70c527 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -28,6 +28,7 @@ import java.util.ArrayList; import java.util.List; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationType; import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; @@ -41,6 +42,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.OAParameter; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import eu.stork.vidp.messages.builder.STORKMessagesBuilder; import eu.stork.vidp.messages.common.STORKConstants; import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; @@ -283,6 +285,43 @@ public String getIdentityLinkDomainIdentifierType() { return null; } +public String getBKUSelectionBackGroundColor() { + TemplatesType templates = oa_auth.getTemplates(); + if (templates != null) { + BKUSelectionCustomizationType bkuselection = templates.getBKUSelectionCustomization(); + if (bkuselection != null) { + if (MiscUtil.isNotEmpty(bkuselection.getBackGroundColor())) + return bkuselection.getBackGroundColor(); + } + } + return null; +} + + +public boolean isShowMandateCheckBox() { + TemplatesType templates = oa_auth.getTemplates(); + if (templates != null) { + BKUSelectionCustomizationType bkuselection = templates.getBKUSelectionCustomization(); + if (bkuselection != null) { + if (bkuselection.isMandateLoginButton() != null) + return bkuselection.isMandateLoginButton(); + } + } + return true; +} + +public boolean isOnlyMandateAllowed() { + TemplatesType templates = oa_auth.getTemplates(); + if (templates != null) { + BKUSelectionCustomizationType bkuselection = templates.getBKUSelectionCustomization(); + if (bkuselection != null) { + if (bkuselection.isOnlyMandateLoginAllowed() != null) + return bkuselection.isOnlyMandateLoginAllowed(); + } + } + return false; +} + /** * @return the qaaLevel */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index 10729e981..651690166 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -168,21 +168,18 @@ public class BuildFromLegacyConfig { authGeneral.setTimeOuts(timeOuts); generalAuth.setGeneralConfiguration(authGeneral); - - //TODO: set Protocols!!!! Protocols auth_protocols = new Protocols(); generalAuth.setProtocols(auth_protocols); LegacyAllowed prot_legacy = new LegacyAllowed(); auth_protocols.setLegacyAllowed(prot_legacy); - final List PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); //TODO: set default values + final List PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); prot_legacy.setProtocolName(PROTOCOLS_LEGACY_ALLOWED); - //TODO: remove beta test values PVP2 prot_pvp2 = new PVP2(); auth_protocols.setPVP2(prot_pvp2); - prot_pvp2.setPublicURLPrefix("https://labda.iaik.tugraz.at:8443/moa-id-auth/"); - prot_pvp2.setIssuerName("MOA-ID 2.0 Demo IDP"); + prot_pvp2.setPublicURLPrefix("https://...."); + prot_pvp2.setIssuerName("MOA-ID 2.x IDP"); Organization pvp2_org = new Organization(); prot_pvp2.setOrganization(pvp2_org); @@ -213,8 +210,8 @@ public class BuildFromLegacyConfig { //SSO SSO auth_sso = new SSO(); generalAuth.setSSO(auth_sso); - auth_sso.setTarget("BF"); - auth_sso.setFriendlyName("EGIZ MOAID 2.0 Beta"); + auth_sso.setTarget(""); + auth_sso.setFriendlyName(""); //set SecurityLayer Transformations @@ -268,7 +265,6 @@ public class BuildFromLegacyConfig { auth_moaSP.setVerifyAuthBlock(auth_moaSP_verifyAuthBlock); - //TODO: check correctness!!! //set IdentityLinkSigners IdentityLinkSigners auth_idsigners = new IdentityLinkSigners(); generalAuth.setIdentityLinkSigners(auth_idsigners); @@ -399,7 +395,7 @@ public class BuildFromLegacyConfig { //set general OA configuration moa_oa.setCalculateHPI(false); //TODO: Bernd fragen warum das nicht direkt über den Bereichsidentifyer definert wird moa_oa.setFriendlyName(oa.getFriendlyName()); - moa_oa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(oa.getKeyBoxIdentifier())); //TODO: check correctness + moa_oa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(oa.getKeyBoxIdentifier())); moa_oa.setPublicURLPrefix(oa.getPublicURLPrefix()); moa_oa.setTarget(oa.getTarget()); moa_oa.setTargetFriendlyName(oa.getTargetFriendlyName()); @@ -481,22 +477,7 @@ public class BuildFromLegacyConfig { //OA_PVP2 OAPVP2 oa_pvp2 = new OAPVP2(); oa_auth.setOAPVP2(oa_pvp2); - -// oa_pvp2.setMetadataURL("empty"); -// -// //TODO: is only a workaround!!!! -// Properties props = getGeneralPVP2ProperiesConfig(properies); -// File dir = new File(props.getProperty("idp.truststore")); -// File[] files = dir.listFiles(); -// if (files.length > 0) { -// FileInputStream filestream = new FileInputStream(files[0]); -// X509Certificate signerCertificate = new X509Certificate(filestream); -// oa_pvp2.setCertificate(signerCertificate.getEncoded()); -// -// } else { -// oa_pvp2.setCertificate(null); -// } - + moa_oas.add(moa_oa); //ConfigurationDBUtils.save(moa_oa); } @@ -531,11 +512,7 @@ public class BuildFromLegacyConfig { //set trustedCACertificate path moaIDConfig.setTrustedCACertificates(builder.getTrustedCACertificates()); - - //TODO: move to read config functionality - //trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); - - + //Not required in MOAID 2.0 config (DefaultBKUs & SLRequestTemplates) //trustedBKUs = builder.getTrustedBKUs(); //trustedTemplateURLs = builder.getTrustedTemplateURLs(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index f2352e11e..76bf64f3a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -284,7 +284,7 @@ public class AuthenticationManager extends AuthServlet { String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), - target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), moasession.getSessionID()); + target.requestedAction(), oaParam, request.getContextPath(), moasession.getSessionID()); //store MOASession try { @@ -310,7 +310,7 @@ public class AuthenticationManager extends AuthServlet { throws ServletException, IOException, MOAIDException { String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), - target.requestedAction(), target.getRequestID(), oaParam.getFriendlyName(), request.getContextPath()); + target.requestedAction(), target.getRequestID(), oaParam, request.getContextPath()); response.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(response.getOutputStream()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 18eeae58e..e8639a162 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -37,7 +37,6 @@ public class SSOManager { if (instance == null) { instance = new SSOManager(); - //TODO: move to config based timeout! try { sso_timeout = (int) AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionUpdated().longValue(); @@ -101,7 +100,6 @@ public class SSOManager { if (correspondingMoaSession == null) { Logger.info("Get request with old SSO SessionID but no corresponding SSO Session is found."); - //TODO: ist der OldSSOSessionStore zum Aufräumen? return null; } @@ -159,7 +157,7 @@ public class SSOManager { if (cookies != null) { for (Cookie cookie : cookies) { - //TODO: funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird (firefox) + //funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird (firefox) //if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) { if (cookie.getName().equals(SSOCOOKIE)) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java index 24261780a..84aea44a3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java @@ -10,8 +10,10 @@ import org.hibernate.Session; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -48,19 +50,25 @@ public class DatabaseTestModule implements TestModuleInterface{ Date expioredate = new Date(new Date().getTime() - 120); - List results; - Session session = MOASessionDBUtils.getCurrentSession(); - - synchronized (session) { - session.beginTransaction(); - Query query = session.getNamedQuery("getAssertionWithTimeOut"); - query.setTimestamp("timeout", expioredate); - results = query.list(); - session.getTransaction().commit(); + try { + List results; + Session session = MOASessionDBUtils.getCurrentSession(); + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getAssertionWithTimeOut"); + query.setTimestamp("timeout", expioredate); + results = query.list(); + session.getTransaction().commit(); + } + + Logger.trace("Finish Test: MOASessionDatabase"); + return null; + + } catch (Throwable e) { + Logger.warn("Failed Test: MOASessionDatabase", e); + return "MOASessionDatabase: " + e.getMessage(); } - - Logger.trace("Finish Test: MOASessionDatabase"); - return null; } private String testMOAConfigurationDatabase() throws Exception{ @@ -76,8 +84,26 @@ public class DatabaseTestModule implements TestModuleInterface{ private String testMOAAdvancedLoggingDatabase() { - //TODO: insert advanced Logging Database Tests + Date expioredate = new Date(new Date().getTime() - 120); + try { + Session session = StatisticLogDBUtils.getCurrentSession(); + + List results; - return null; + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getAllEntriesNotBeforeTimeStamp"); + query.setTimestamp("timeout", expioredate); + results = query.list(); + session.getTransaction().commit(); + } + + Logger.trace("Finish Test: AdvancedLoggingDataBase"); + return null; + + } catch (Throwable e) { + Logger.warn("Failed Test: AdvancedLoggingDataBase", e); + return "AdvancedLoggingDataBase: " + e.getMessage(); + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 6055484f7..d507385cd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -49,6 +49,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEng import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.VelocityLogAdapter; +import at.gv.egovernment.moa.logging.Logger; public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { @@ -184,6 +185,8 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { String binding = consumerService.getBinding(); String entityID = moaRequest.getEntityMetadata().getEntityID(); + Logger.info("Dispatch PVP2 Request: OAURL=" + oaURL + " Binding=" + binding); + //String oaURL = (String) request.getParameter(PARAM_OA); oaURL = StringEscapeUtils.escapeHtml(oaURL); // if (!ParamValidatorUtils.isValidOA(oaURL)) @@ -194,10 +197,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { config.setBinding(binding); config.setRequest(moaRequest); config.setConsumerURL(consumerService.getLocation()); - - //TODO: set correct target; - config.setTarget(PVPConfiguration.getInstance().getTargetForSP(entityID)); - + String useMandate = request.getParameter(PARAM_USEMANDATE); if(useMandate != null) { if(useMandate.equals("true")) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java index baea32f28..c486d3ff2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java @@ -29,7 +29,6 @@ public class ArtifactBinding implements IDecoder, IEncoder { public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, RequestAbstractType request, String targetLocation) throws MessageEncodingException, SecurityException { - // TODO Auto-generated method stub } @@ -82,19 +81,19 @@ public class ArtifactBinding implements IDecoder, IEncoder { public MOARequest decodeRequest(HttpServletRequest req, HttpServletResponse resp) throws MessageDecodingException, SecurityException { - // TODO Auto-generated method stub + return null; } public MOAResponse decodeRespone(HttpServletRequest req, HttpServletResponse resp) throws MessageDecodingException, SecurityException { - // TODO Auto-generated method stub + return null; } public boolean handleDecode(String action, HttpServletRequest req) { - // TODO Auto-generated method stub + return false; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index f8270cf33..1444cdecf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -93,13 +93,16 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { if (consumerService.getBinding().equals( SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { binding = new RedirectBinding(); + } else if (consumerService.getBinding().equals( SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) { // TODO: not supported YET!! binding = new ArtifactBinding(); + } else if (consumerService.getBinding().equals( SAMLConstants.SAML2_POST_BINDING_URI)) { binding = new PostBinding(); + } if (binding == null) { @@ -109,6 +112,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { try { binding.encodeRespone(req, resp, authResponse, oaURL); // TODO add remoteSessionID to AuthSession ExternalPVPSessionStore + } catch (MessageEncodingException e) { Logger.error("Message Encoding exception", e); throw new MOAIDException("pvp2.01", null, e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index a310b16ff..66124df4a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -88,6 +88,8 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { "auth.12"); config.setOAURL(oaURL); + Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL); + //load Target only from OA config OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(oaURL); @@ -97,10 +99,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { new Object[] { oaURL }); config.setTarget(oaParam.getTarget()); - - - //TODO: set reauthenticate if OA.useSSO=false - + request.getSession().setAttribute(PARAM_OA, oaURL); request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget()); return config; @@ -139,26 +138,6 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { - - //TODO: funktioniert so nicht!!! - -// String oaURL = (String) request.getParameter(PARAM_OA); -// oaURL = StringEscapeUtils.escapeHtml(oaURL); -// String target = (String) request.getParameter(PARAM_TARGET); -// target = StringEscapeUtils.escapeHtml(target); -// -// //the target parameter is used to define the OA in SAML1 standard -// if (target.startsWith("http")) { -// oaURL = target; -// target = null; -// } -// -// if (oaURL != null) { -// if (oaURL.equals(pending.getOAURL())) -// return true; -// else -// return false; -// } return true; } diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html index c6b98dc85..55290d05e 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html @@ -176,43 +176,30 @@

Login mit Bürgerkarte

-
+
-
+
+ style="vertical-align: middle; margin-right: 5px;" + id="mandateCheckBox" #MANDATECHECKED#> -
i
-
+
-
+
- - - -
+ +

@@ -229,7 +216,7 @@

-
+ -