From 45e170310a012dca93d5e5d4dc0b54e6b0808e95 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 9 Aug 2013 11:01:40 +0200 Subject: BugFixes: >>PVP2 Metadata: - Load OA only if Authentication is required - Load Metadata enityID from Database >>LegacyConfigParser - Solve problems if no OnlineMandate or STORK config is included - try to load DefaultBKUURLs from TrustedBKUs - if old MOA-ID 2.x config exists, use this DefaultBKUs to import OnlineApplications >> ConfigurationTool - change LayOut --- .../id/config/auth/AuthConfigurationProvider.java | 38 ++++-- .../id/config/legacy/BuildFromLegacyConfig.java | 103 ++++++++++++----- .../moa/id/entrypoints/DispatcherServlet.java | 127 +++++++++++---------- .../moa/id/protocols/pvp2x/MetadataAction.java | 2 +- 4 files changed, 165 insertions(+), 105 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index da3a79d32..f4cdeddb7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -323,7 +323,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { String legacyconfig = props.getProperty("configuration.xml.legacy"); String xmlconfig = props.getProperty("configuration.xml"); - String xmlconfigout = props.getProperty("configuration.xml.out"); +// String xmlconfigout = props.getProperty("configuration.xml.out"); //check if XML config should be used @@ -344,8 +344,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider { if (MiscUtil.isNotEmpty(legacyconfig)) { Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!"); - MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir); + MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir, null); + + List oas = moaconfig.getOnlineApplication(); + for (OnlineApplication oa : oas) + ConfigurationDBUtils.save(oa); + + moaconfig.setOnlineApplication(null); ConfigurationDBUtils.save(moaconfig); + Logger.info("Legacy Configuration load is completed."); @@ -361,6 +368,13 @@ public class AuthConfigurationProvider extends ConfigurationProvider { File file = new File(xmlconfig); MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file); //ConfigurationDBUtils.save(moaconfig); + + List importoas = moaconfig.getOnlineApplication(); + for (OnlineApplication importoa : importoas) { + ConfigurationDBUtils.saveOrUpdate(importoa); + } + + moaconfig.setOnlineApplication(null); ConfigurationDBUtils.saveOrUpdate(moaconfig); } catch (Exception e) { @@ -375,16 +389,16 @@ public class AuthConfigurationProvider extends ConfigurationProvider { Logger.info("MOA-ID 2.0 is loaded."); - //TODO: only for Testing!!! - if (MiscUtil.isNotEmpty(xmlconfigout)) { - Logger.info("Write MOA-ID 2.x xml config into " + xmlconfig); - JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); - Marshaller m = jc.createMarshaller(); - m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); - File test = new File(xmlconfigout); - m.marshal(moaidconfig, test); - - } +// //TODO: only for Testing!!! +// if (MiscUtil.isNotEmpty(xmlconfigout)) { +// Logger.info("Write MOA-ID 2.x xml config into " + xmlconfig); +// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); +// Marshaller m = jc.createMarshaller(); +// m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); +// File test = new File(xmlconfigout); +// m.marshal(moaidconfig, test); +// +// } //build STORK Config AuthComponentGeneral auth = getAuthComponentGeneral(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index 762669a70..c807fdc7d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -17,6 +17,7 @@ import java.util.Map; import java.util.Properties; import java.util.Set; +import org.bouncycastle.crypto.macs.OldHMac; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.xml.XMLObject; import org.w3c.dom.Element; @@ -77,12 +78,17 @@ import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.MiscUtil; public class BuildFromLegacyConfig { private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID"; + + private static final String SEARCHBKUTEMPLATE_LOCAL = "https://127.0.0.1:3496/"; + private static final String SEARCHBKUTEMPLATE_HANDY = "https://www.handy-signatur.at"; + private static final String SEARCHBKUTEMPLATE_ONLINE = "bkuonline/http-security-layer-request"; - public static MOAIDConfiguration build(File fileName, String rootConfigFileDir) throws ConfigurationException { + public static MOAIDConfiguration build(File fileName, String rootConfigFileDir, MOAIDConfiguration oldconfig) throws ConfigurationException { InputStream stream = null; Element configElem; ConfigurationBuilder builder; @@ -109,6 +115,10 @@ public class BuildFromLegacyConfig { } try { + String oldbkuonline = ""; + String oldbkulocal = ""; + String oldbkuhandy = ""; + // build the internal datastructures builder = new ConfigurationBuilder(configElem, rootConfigFileDir); @@ -309,24 +319,31 @@ public class BuildFromLegacyConfig { } auth_foreign_stork.setCPEPS(auth_foreign_stork_cpeps); + //set SAMLSigningParameter - SAMLSigningParameter auth_foreign_stork_samlSign = new SAMLSigningParameter(); - auth_foreign_stork.setSAMLSigningParameter(auth_foreign_stork_samlSign); - - SignatureCreationParameterType stork_saml_creat = new SignatureCreationParameterType(); - auth_foreign_stork_samlSign.setSignatureCreationParameter(stork_saml_creat); - KeyStore stork_saml_creat_keystore = new KeyStore(); - stork_saml_creat.setKeyStore(stork_saml_creat_keystore); - stork_saml_creat_keystore.setPassword(storkConfig.getSignatureCreationParameter().getKeyStorePassword()); - stork_saml_creat_keystore.setValue(storkConfig.getSignatureCreationParameter().getKeyStorePath()); - KeyName stork_saml_creat_keyname = new KeyName(); - stork_saml_creat.setKeyName(stork_saml_creat_keyname); - stork_saml_creat_keyname.setValue(storkConfig.getSignatureCreationParameter().getKeyName()); - stork_saml_creat_keyname.setPassword(storkConfig.getSignatureCreationParameter().getKeyPassword()); - - SignatureVerificationParameterType stork_saml_verify = new SignatureVerificationParameterType(); - auth_foreign_stork_samlSign.setSignatureVerificationParameter(stork_saml_verify); - stork_saml_verify.setTrustProfileID(storkConfig.getSignatureVerificationParameter().getTrustProfileID()); + if (storkConfig.getSignatureCreationParameter() != null && + storkConfig.getSignatureVerificationParameter() != null) { + SAMLSigningParameter auth_foreign_stork_samlSign = new SAMLSigningParameter(); + auth_foreign_stork.setSAMLSigningParameter(auth_foreign_stork_samlSign); + + SignatureCreationParameterType stork_saml_creat = new SignatureCreationParameterType(); + auth_foreign_stork_samlSign.setSignatureCreationParameter(stork_saml_creat); + KeyStore stork_saml_creat_keystore = new KeyStore(); + stork_saml_creat.setKeyStore(stork_saml_creat_keystore); + stork_saml_creat_keystore.setPassword(storkConfig.getSignatureCreationParameter().getKeyStorePassword()); + stork_saml_creat_keystore.setValue(storkConfig.getSignatureCreationParameter().getKeyStorePath()); + KeyName stork_saml_creat_keyname = new KeyName(); + stork_saml_creat.setKeyName(stork_saml_creat_keyname); + stork_saml_creat_keyname.setValue(storkConfig.getSignatureCreationParameter().getKeyName()); + stork_saml_creat_keyname.setPassword(storkConfig.getSignatureCreationParameter().getKeyPassword()); + + + + SignatureVerificationParameterType stork_saml_verify = new SignatureVerificationParameterType(); + auth_foreign_stork_samlSign.setSignatureVerificationParameter(stork_saml_verify); + stork_saml_verify.setTrustProfileID(storkConfig.getSignatureVerificationParameter().getTrustProfileID()); + + } //TODO: check correctness //set QualityAuthenticationAssurance @@ -335,20 +352,44 @@ public class BuildFromLegacyConfig { //set OnlineMandates config ConnectionParameter onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter(); - OnlineMandates auth_mandates = new OnlineMandates(); - generalAuth.setOnlineMandates(auth_mandates); - auth_mandates.setConnectionParameter( + if (onlineMandatesConnectionParameter != null) { + OnlineMandates auth_mandates = new OnlineMandates(); + generalAuth.setOnlineMandates(auth_mandates); + auth_mandates.setConnectionParameter( parseConnectionParameterClientAuth(onlineMandatesConnectionParameter)); + } //TODO: add auth template configuration!!! + + if (oldconfig != null) { + if (oldconfig.getDefaultBKUs() != null) { + oldbkuhandy = oldconfig.getDefaultBKUs().getHandyBKU(); + oldbkulocal = oldconfig.getDefaultBKUs().getLocalBKU(); + oldbkuonline = oldconfig.getDefaultBKUs().getOnlineBKU(); + } + } else { + List trustbkus = builder.getTrustedBKUs(); + for (String trustbku : trustbkus) { + if (MiscUtil.isEmpty(oldbkuonline) && trustbku.endsWith(SEARCHBKUTEMPLATE_ONLINE)) + oldbkuonline = trustbku; + + if (MiscUtil.isEmpty(oldbkuhandy) && trustbku.startsWith(SEARCHBKUTEMPLATE_HANDY)) + oldbkuhandy = trustbku; + + if (MiscUtil.isEmpty(oldbkulocal) && trustbku.startsWith(SEARCHBKUTEMPLATE_LOCAL)) + oldbkulocal = trustbku; + } + + } + //set OnlineApplications OAAuthParameter[] onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID); - // ArrayList moa_oas = new ArrayList(); -// moaIDConfig.setOnlineApplication(moa_oas); + ArrayList moa_oas = new ArrayList(); + moaIDConfig.setOnlineApplication(moa_oas); for (OAAuthParameter oa : onlineApplicationAuthParameters) { OnlineApplication moa_oa = new OnlineApplication(); @@ -375,9 +416,9 @@ public class BuildFromLegacyConfig { //BKUURLs BKUURLS bkuurls = new BKUURLS(); - bkuurls.setOnlineBKU("https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request"); - bkuurls.setHandyBKU("https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"); - bkuurls.setLocalBKU("https://127.0.0.1:3496/https-security-layer-request"); + bkuurls.setOnlineBKU(oldbkuonline); + bkuurls.setHandyBKU(oldbkuhandy); + bkuurls.setLocalBKU(oldbkulocal); oa_auth.setBKUURLS(bkuurls); //IdentificationNumber @@ -451,8 +492,8 @@ public class BuildFromLegacyConfig { // oa_pvp2.setCertificate(null); // } - //moa_oas.add(moa_oa); - ConfigurationDBUtils.save(moa_oa); + moa_oas.add(moa_oa); + //ConfigurationDBUtils.save(moa_oa); } //removed from MOAID 2.0 config @@ -498,9 +539,9 @@ public class BuildFromLegacyConfig { //set DefaultBKUs DefaultBKUs moa_defaultbkus = new DefaultBKUs(); moaIDConfig.setDefaultBKUs(moa_defaultbkus); - moa_defaultbkus.setOnlineBKU("https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request"); - moa_defaultbkus.setHandyBKU("https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"); - moa_defaultbkus.setLocalBKU("https://127.0.0.1:3496/https-security-layer-request"); + moa_defaultbkus.setOnlineBKU(oldbkuonline); + moa_defaultbkus.setHandyBKU(oldbkuhandy); + moa_defaultbkus.setLocalBKU(oldbkulocal); //set SLRequest Templates diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 2a28bcd15..604077844 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -315,27 +315,21 @@ public class DispatcherServlet extends AuthServlet{ } } - - - - //load Parameters from OnlineApplicationConfiguration - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(protocolRequest.getOAURL()); - - if (oaParam == null) { - throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); - } RequestStorage.setPendingRequest(httpSession, protocolRequests); - AuthenticationManager authmanager = AuthenticationManager.getInstance(); - + AuthenticationManager authmanager = AuthenticationManager.getInstance(); SSOManager ssomanager = SSOManager.getInstance(); + String moasessionID = null; + AuthenticationSession moasession = null; + //get SSO Cookie for Request String ssoId = ssomanager.getSSOSessionID(req); - - if (moduleAction.needAuthentication(protocolRequest, req, resp)) { + + boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp); + + if (needAuthentication) { //check SSO session if (ssoId != null) { @@ -349,6 +343,15 @@ public class DispatcherServlet extends AuthServlet{ ssomanager.deleteSSOSessionID(req, resp); } } + + //load Parameters from OnlineApplicationConfiguration + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(protocolRequest.getOAURL()); + + if (oaParam == null) { + throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); + } + isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); useSSOOA = oaParam.useSSO(); @@ -387,72 +390,74 @@ public class DispatcherServlet extends AuthServlet{ return; } } - - } - - String moasessionID = null; - AuthenticationSession moasession = null; - - if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension - { - - //TODO SSO Question!!!! - if (useSSOOA && isValidSSOSession) { - moasessionID = ssomanager.getMOASession(ssoId); - moasession = AuthenticationSessionStoreage.getSession(moasessionID); + + if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension + { + + //TODO SSO Question!!!! + if (useSSOOA && isValidSSOSession) { - //use new OAParameter - if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) { - authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam); - return; - } - } - else { + moasessionID = ssomanager.getMOASession(ssoId); + moasession = AuthenticationSessionStoreage.getSession(moasessionID); + + //use new OAParameter + if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) { + authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam); + return; + } + } + else { + + //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest! + moasessionID = (String) req.getParameter(PARAM_SESSIONID); + +// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), +// AuthenticationManager.MOA_SESSION, null); + + moasession = AuthenticationSessionStoreage.getSession(moasessionID); + } - //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest! - moasessionID = (String) req.getParameter(PARAM_SESSIONID); + //save SSO session usage in Database + String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); + + if (newSSOSessionId != null) { + ssomanager.setSSOSessionID(req, resp, newSSOSessionId); + } else { + ssomanager.deleteSSOSessionID(req, resp); + } + + } else { // moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), -// AuthenticationManager.MOA_SESSION, null); +// AuthenticationManager.MOA_SESSION, null); + + moasessionID = (String) req.getParameter(PARAM_SESSIONID); moasession = AuthenticationSessionStoreage.getSession(moasessionID); } + - //save SSO session usage in Database - String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); - - if (newSSOSessionId != null) { - ssomanager.setSSOSessionID(req, resp, newSSOSessionId); - - } else { - ssomanager.deleteSSOSessionID(req, resp); - } - - } else { -// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), -// AuthenticationManager.MOA_SESSION, null); - - moasessionID = (String) req.getParameter(PARAM_SESSIONID); - - moasession = AuthenticationSessionStoreage.getSession(moasessionID); + } - + moduleAction.processRequest(protocolRequest, req, resp, moasession); RequestStorage.removePendingRequest(protocolRequests, protocolRequestID); - boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID); + if (needAuthentication) { + boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID); - if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension + if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension && !moasession.getUseMandate()) - { + { - } else { - authmanager.logout(req, resp, moasessionID); - } + } else { + authmanager.logout(req, resp, moasessionID); + } //authmanager.logout(req, resp); + } } catch (Throwable e) { e.printStackTrace(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index 9fc213a48..3d0fd80bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -63,7 +63,7 @@ public class MetadataAction implements IAction { idpEntitiesDescriptor.getEntityDescriptors().add(idpEntityDescriptor); idpEntityDescriptor - .setEntityID("https://localhost:8443/moa-id-auth"); + .setEntityID(PVPConfiguration.getInstance().getIDPPublicPath()); List persons = PVPConfiguration.getInstance() .getIDPContacts(); -- cgit v1.2.3