From c38588d66605e8345664ff7fd935aafbf27237f9 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 6 Feb 2014 09:14:23 +0100 Subject: first short changes for BRZ *use different SystemConfigParam for moa-id-proxy *allow legacy request with no SL-template (use it from OA config) Bugfix: *general PVP2 config is not reloaded from database *use idp entityID in as issuer in AuthnResponse --- .../StartAuthentificationParameterParser.java | 10 +++++++- .../moa/id/config/ConfigurationProvider.java | 7 ++++++ .../config/proxy/ProxyConfigurationProvider.java | 2 +- .../protocols/pvp2x/config/PVPConfiguration.java | 29 ++++++++++------------ .../pvp2x/requestHandler/AuthnRequestHandler.java | 4 ++- .../XMLLoginParameterResolverEncryptedData.java | 2 +- .../moa/id/util/ParamValidatorUtils.java | 6 +++-- 7 files changed, 38 insertions(+), 22 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 67433dde7..bcd7cdc78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -22,6 +22,8 @@ ******************************************************************************/ package at.gv.egovernment.moa.id.auth.parser; +import iaik.util.logging.Log; + import java.io.UnsupportedEncodingException; import java.util.List; @@ -238,6 +240,12 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ moasession.setBkuURL(bkuURL); + if (MiscUtil.isEmpty(templateURL)) { + templateURL = oaParam.getTemplateURL().get(0).getURL(); + Log.info("No SL-Template in request, load SL-Template from OA config (URL: " + templateURL + ")"); + + } + if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL())) throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); moasession.setTemplateURL(templateURL); @@ -275,7 +283,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ oaURL = request.getOAURL(); target = request.getTarget(); - + parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java index 84265f4ba..3432a19b1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java @@ -76,6 +76,13 @@ public class ConfigurationProvider { public static final String CONFIG_PROPERTY_NAME = "moa.id.configuration"; + /** + * The name of the system property which contains the file name of the + * configuration file. + */ + public static final String PROXY_CONFIG_PROPERTY_NAME = + "moa.id.proxy.configuration"; + /** * The name of the generic configuration property giving the certstore directory path. */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java index ecde454dd..93de902ef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java @@ -116,7 +116,7 @@ public class ProxyConfigurationProvider extends ConfigurationProvider { */ public static synchronized ProxyConfigurationProvider reload() throws ConfigurationException { - String fileName = System.getProperty(CONFIG_PROPERTY_NAME); + String fileName = System.getProperty(PROXY_CONFIG_PROPERTY_NAME); if (fileName == null) { throw new ConfigurationException("config.01", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index 769e36fc1..5d71b915f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -25,9 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.config; import iaik.x509.X509Certificate; import java.io.File; -import java.io.IOException; import java.net.URL; -import java.net.URLClassLoader; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.List; @@ -50,7 +48,6 @@ import org.opensaml.saml2.metadata.TelephoneNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; -import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -111,12 +108,12 @@ public class PVPConfiguration { private static String moaIDVersion = null; - PVP2 generalpvpconfigdb; + //PVP2 generalpvpconfigdb; Properties props; private PVPConfiguration() { try { - generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig(); + //generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig(); props = AuthConfigurationProvider.getInstance().getGeneralPVP2ProperiesConfig(); } catch (ConfigurationException e) { @@ -124,8 +121,8 @@ public class PVPConfiguration { } } - public String getIDPPublicPath() { - String publicPath = generalpvpconfigdb.getPublicURLPrefix(); + public String getIDPPublicPath() throws ConfigurationException { + String publicPath = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig().getPublicURLPrefix(); if(publicPath != null) { if(publicPath.endsWith("/")) { int length = publicPath.length(); @@ -135,15 +132,15 @@ public class PVPConfiguration { return publicPath; } - public String getIDPSSOPostService() { + public String getIDPSSOPostService() throws ConfigurationException { return getIDPPublicPath() + PVP2_POST; } - public String getIDPSSORedirectService() { + public String getIDPSSORedirectService() throws ConfigurationException { return getIDPPublicPath() + PVP2_REDIRECT; } - public String getIDPSSOMetadataService() { + public String getIDPSSOMetadataService() throws ConfigurationException { return getIDPPublicPath() + PVP2_METADATA; } @@ -171,13 +168,13 @@ public class PVPConfiguration { return props.getProperty(IDP_KEY_PASSASSERTION); } - public String getIDPIssuerName() { + public String getIDPIssuerName() throws ConfigurationException { if (moaIDVersion == null) { moaIDVersion = parseMOAIDVersionFromManifest(); } - return generalpvpconfigdb.getIssuerName() + moaIDVersion; + return AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig().getIssuerName() + moaIDVersion; } public List getMetadataFiles() { @@ -250,10 +247,10 @@ public class PVPConfiguration { } } - public List getIDPContacts() { + public List getIDPContacts() throws ConfigurationException { List list = new ArrayList(); - List contacts = generalpvpconfigdb.getContact(); + List contacts = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig().getContact(); if (contacts != null) { @@ -344,10 +341,10 @@ public class PVPConfiguration { return list; } - public Organization getIDPOrganisation() { + public Organization getIDPOrganisation() throws ConfigurationException { Organization org = SAML2Utils.createSAMLObject(Organization.class); - at.gv.egovernment.moa.id.commons.db.dao.config.Organization organisation = generalpvpconfigdb.getOrganization(); + at.gv.egovernment.moa.id.commons.db.dao.config.Organization organisation = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig().getOrganization(); String org_name = null; String org_dispname = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index f4b48ece3..21c0d85a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -96,7 +96,9 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { Response authResponse = SAML2Utils.createSAMLObject(Response.class); Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); - nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); + + //change to entity value from entity name to IDP EntityID (URL) + nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); nissuer.setFormat(NameID.ENTITY); authResponse.setIssuer(nissuer); authResponse.setInResponseTo(authnRequest.getID()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java index 86da34e1c..9f3de08aa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java @@ -267,7 +267,7 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes //make file name absolut (if it is relative to main config file) //TODO MOAID XMLLPR check - String moaIDConfigFileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); + String moaIDConfigFileName = System.getProperty(ConfigurationProvider.PROXY_CONFIG_PROPERTY_NAME); String rootConfigFileDir = new File(moaIDConfigFileName).getParent(); this.identityFile = FileUtils.makeAbsoluteURL(configuration, rootConfigFileDir); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 3b6e001bf..327170054 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -266,7 +266,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ // if non parameter is given return true if (StringUtils.isEmpty(template)) { Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL ist null"); - return true; + return false; } // check if template is a valid URL @@ -524,7 +524,9 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ return false; } - if (StringUtils.isEmpty(oaURL) || StringUtils.isEmpty(templateURL) || StringUtils.isEmpty(bkuURL)) + if (StringUtils.isEmpty(oaURL) + //|| StringUtils.isEmpty(templateURL) + || StringUtils.isEmpty(bkuURL) ) return false; else return true; -- cgit v1.2.3