From 576f5ea5cfaf2ea174f198dc5df238c1ca0c331a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 10 Mar 2016 15:35:48 +0100 Subject: MOA-ID, which use MOA-Sig (includes new IAIK-MOA, with iaik_xect, iaik_eccelerate, and new iaik_PKI module --- .../utils/MOAHttpProtocolSocketFactory.java | 7 +- .../utils/ssl/CertStoreConfigurationImpl.java | 20 +- .../id/commons/utils/ssl/MOAIDTrustManager.java | 11 +- .../id/commons/utils/ssl/PKIConfigurationImpl.java | 20 +- .../moa/id/commons/utils/ssl/PKIProfileImpl.java | 25 ++- .../utils/ssl/RevocationConfigurationImpl.java | 44 +++- .../moa/id/commons/utils/ssl/SSLUtils.java | 81 ++++++- .../java/at/gv/egovernment/moa/logging/LogMsg.java | 67 ------ .../gv/egovernment/moa/logging/LoggingContext.java | 70 ------ .../moa/logging/LoggingContextManager.java | 80 ------- .../gv/egovernment/moa/util/MOAEntityResolver.java | 3 +- .../gv/egovernment/moa/util/MOAErrorHandler.java | 2 +- .../java/at/gv/egovernment/moa/util/SSLUtils.java | 244 --------------------- 13 files changed, 176 insertions(+), 498 deletions(-) delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java (limited to 'id/server/moa-id-commons/src/main/java/at/gv') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java index 2ade63c1c..142e9a23a 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java @@ -22,15 +22,12 @@ */ package at.gv.egovernment.moa.id.commons.utils; -import iaik.pki.PKIException; - import java.io.IOException; import java.net.InetAddress; import java.net.Socket; import java.net.UnknownHostException; import java.security.GeneralSecurityException; -import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import org.apache.commons.httpclient.ConnectTimeoutException; @@ -39,7 +36,7 @@ import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException; -import at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils; +import iaik.pki.PKIException; /** * @author tlenz @@ -62,7 +59,7 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory super(); try { - this.sslfactory = SSLUtils.getSSLSocketFactory( + this.sslfactory = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( url, certStoreRootDirParam, trustStoreURL, diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java index 00e750f58..dcbec6bf6 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java @@ -46,13 +46,17 @@ package at.gv.egovernment.moa.id.commons.utils.ssl; +import java.io.File; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + import at.gv.egovernment.moa.logging.Logger; import iaik.pki.store.certstore.CertStoreConfiguration; import iaik.pki.store.certstore.CertStoreParameters; import iaik.pki.store.certstore.CertStoreTypes; import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters; - -import java.io.File; +import iaik.pki.store.certstore.directory.VirtualCertStore; /** * Implementation of interface needed to initialize an IAIK JSSE TrustManager @@ -153,4 +157,16 @@ public class CertStoreConfigurationImpl extends ObservableImpl return CertStoreTypes.DIRECTORY; } + /* (non-Javadoc) + * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getVirtualStores() + */ + @Override + public Set getVirtualStores() { + //TODO: only for Testing and not complete !!!Ask Harald !!!! + + Map vCertStore = new HashMap(); + return vCertStore.keySet(); + + } + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java index eaef3f1d4..bcd38c638 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java @@ -57,9 +57,8 @@ import java.util.ArrayList; import java.util.List; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; - +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; import iaik.pki.jsse.IAIKX509TrustManager; /** @@ -95,14 +94,14 @@ public class MOAIDTrustManager extends IAIKX509TrustManager { * Fixes a bug occuring in the case MOA-SP is called by API. * In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP. * This method must be called before a MOAIDTrustManager is constructed, - * from every thread. - */ + * from every thread. + */ public static void initializeLoggingContext() { if (LoggingContextManager.getInstance().getLoggingContext() == null) LoggingContextManager.getInstance().setLoggingContext( new LoggingContext(Thread.currentThread().getName())); } - + /** * Builds an Array of accepted server certificates from an URL, diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java index 5d8c7a54e..3eb4707c8 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java @@ -60,6 +60,10 @@ import iaik.pki.store.revocation.archive.ArchiveConfiguration; * @version $Id$ */ public class PKIConfigurationImpl implements PKIConfiguration { + + private static final int TIMEOUT_READ = 60; //[sec] + private static final int TIMEOUT_CONNECTION = 60; //[sec] + /** The configuration for the CertStore */ private CertStoreConfiguration certStoreConfiguration; /** The configuration for the RevocationChecks */ @@ -108,11 +112,19 @@ public class PKIConfigurationImpl implements PKIConfiguration { } /* (non-Javadoc) - * @see iaik.pki.PKIConfiguration#getTimeout() + * @see iaik.pki.PKIConfiguration#getConnectTimeout() */ - public int getTimeout() { - // TODO Auto-generated method stub - return 0; +@Override +public int getConnectTimeout() { + return TIMEOUT_CONNECTION * 1000; +} + +/* (non-Javadoc) + * @see iaik.pki.PKIConfiguration#getReadTimeout() + */ +@Override +public int getReadTimeout() { + return TIMEOUT_READ * 1000; } } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java index 59994a257..a34fa9b8b 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java @@ -95,13 +95,6 @@ public class PKIProfileImpl extends ObservableImpl setId("id-" + id); } - /** - * @see iaik.pki.PKIProfile#autoAddCertificates() - */ - public boolean autoAddCertificates() { - return true; - } - /** * @see iaik.pki.PKIProfile#getRevocationProfile() */ @@ -227,4 +220,22 @@ public class PKIProfileImpl extends ObservableImpl public void setId(String id) { this.id = id; } + +/* (non-Javadoc) + * @see iaik.pki.PKIProfile#autoAddCertificates() + */ +@Override +public int autoAddCertificates() { + //TODO: ask harald!!!!! + return 1; +} + +/* (non-Javadoc) + * @see iaik.pki.PKIProfile#getIndirectRevocationTrustStoreProfile() + */ +@Override +public TrustStoreProfile getIndirectRevocationTrustStoreProfile() { + //TODO: ask harald!!!!! + return null; +} } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java index b5e0543db..40d081ea4 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java @@ -46,13 +46,16 @@ package at.gv.egovernment.moa.id.commons.utils.ssl; -import iaik.pki.revocation.RevocationConfiguration; - import java.security.cert.X509Certificate; import java.util.Collections; import java.util.Date; +import java.util.HashMap; +import java.util.Map; import java.util.Set; +import iaik.pki.revocation.RevocationConfiguration; +import iaik.pki.revocation.dbcrl.config.DBCrlConfig; + /** * Implementation of interface needed to initialize an IAIK JSSE TrustManager * @author Paul Ivancsics @@ -81,4 +84,41 @@ public class RevocationConfigurationImpl extends ObservableImpl implements Revoc return null; } +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#getKeepRevocationInfo() + */ +@Override +public boolean getKeepRevocationInfo() { + return false; +} + +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#getPositiveOCSPResponders() + */ +@Override +public Set getPositiveOCSPResponders() { + + //TODO: !!!!! ASK Harald !!!!! + Map test = new HashMap(); + test.put("ALL", "ALL"); + return test.keySet(); +} + +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#skipIndirectCRLCheckForAlternativeDistributionPoints() + */ +@Override +public boolean skipIndirectCRLCheckForAlternativeDistributionPoints() { + //TODO: !!!!! ASK Harald !!!!! + return false; +} + +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#getDataBaseCRLConfig() + */ +@Override +public DBCrlConfig getDataBaseCRLConfig() { + return null; +} + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java index 68437a04d..503e0bfc4 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java @@ -46,25 +46,28 @@ package at.gv.egovernment.moa.id.commons.utils.ssl; -import iaik.pki.PKIConfiguration; -import iaik.pki.PKIException; -import iaik.pki.PKIFactory; -import iaik.pki.PKIProfile; -import iaik.pki.jsse.IAIKX509TrustManager; -import iaik.security.provider.IAIK; - import java.io.IOException; import java.security.GeneralSecurityException; +import java.security.KeyStore; import java.security.Security; import java.util.HashMap; import java.util.Map; import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.KeyStoreUtils; +import iaik.pki.PKIConfiguration; +import iaik.pki.PKIException; +import iaik.pki.PKIFactory; +import iaik.pki.PKIProfile; +import iaik.pki.jsse.IAIKX509TrustManager; +//import iaik.pki.jsse.IAIKX509TrustManager; +import iaik.security.provider.IAIK; /** @@ -136,7 +139,7 @@ public class SSLUtils { acceptedServerCertURL, checkRevocation); - KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers( + KeyManager[] kms = getKeyManagers( clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(kms, tms, null); @@ -153,6 +156,68 @@ public class SSLUtils { } + /** + * Loads the client key store from file and gets the + * KeyManagers from a default KeyManagerFactory, + * initialized from the given client key store. + * @param clientKeyStoreType key store type of clientKeyStore + * @param clientKeyStoreURL URL of key store containing keys to be used for + * client authentication; if null, the default key store will be utilized + * @param clientKeyStorePassword password used to check the integrity of the client key store; + * if null, it will not be checked + * @return KeyManagers to be used for creating an + * SSLSocketFactory utilizing the given client key store + * @throws IOException thrown while reading from the key store file + * @throws GeneralSecurityException thrown while initializing the + * default KeyManagerFactory + */ + public static KeyManager[] getKeyManagers ( + String clientKeyStoreType, + String clientKeyStoreURL, + String clientKeyStorePassword) + throws IOException, GeneralSecurityException { + + if (clientKeyStoreURL == null) + return null; + + // Set up the KeyStore to use. We need to load the file into + // a KeyStore instance. + KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore( + clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); + return getKeyManagers(clientKeyStore, clientKeyStorePassword); + } + /** + * Gets the KeyManagers from a default KeyManagerFactory, + * initialized from the given client key store. + * @param clientKeyStore client key store + * @param clientKeyStorePassword if provided, it will be used to check + * the integrity of the client key store; if omitted, it will not be checked + * @return KeyManagers to be used for creating an + * SSLSocketFactory utilizing the given client key store + * @throws GeneralSecurityException thrown while initializing the + * default KeyManagerFactory + */ + public static KeyManager[] getKeyManagers ( + KeyStore clientKeyStore, + String clientKeyStorePassword) + throws GeneralSecurityException { + + if (clientKeyStore == null) + return null; + + // Now we initialize the default KeyManagerFactory with this KeyStore + String alg=KeyManagerFactory.getDefaultAlgorithm(); + KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg); + char[] password = null; + if (clientKeyStorePassword != null) + password = clientKeyStorePassword.toCharArray(); + kmFact.init(clientKeyStore, password); + + // And now get the KeyManagers + KeyManager[] kms=kmFact.getKeyManagers(); + return kms; + } + /** * Initializes an IAIKX509TrustManager for a given trust store, * using configuration data. diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java deleted file mode 100644 index 51667f010..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.logging; - -/** - * A unified message type to log messages from inside the MOA subsystem. - * - * @author Patrick Peck - * @version $Id$ - */ -public class LogMsg { - /** The message to log. */ - private Object message; - - /** - * Create a LogMsg object. - * - * @param message The actual message to log. May be null. - */ - public LogMsg(Object message) { - this.message = message; - } - - /** - * Convert this log message to a String. - * - * @return The String representation of this log message. - */ - public String toString() { - StringBuffer msg = new StringBuffer(); - LoggingContext ctx = - LoggingContextManager.getInstance().getLoggingContext(); - String tid = ctx != null ? ctx.getTransactionID() : null; - String nodeId = ctx != null ? ctx.getNodeID() : null; - - msg.append("TID="); - msg.append(tid != null ? tid : ""); - msg.append(" NID="); - msg.append(nodeId != null ? nodeId : ""); - msg.append(" MSG="); - msg.append(message != null ? message.toString() : ""); - - return msg.toString(); - } -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java deleted file mode 100644 index db4b93a0b..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.logging; - -/** - * Encapsulates contextual information (i.e. per request information) for - * logging purposes. - * - * @author Patrick Peck - * @version $Id$ - */ -public class LoggingContext { - /** The name of the node ID system property. */ - public static final String NODE_ID_PROPERTY = "moa.node-id"; - - /** The current transaction ID. */ - private String transactionID; - /** The node ID. */ - private String nodeID; - - /** - * Create a new LoggingContext. - * - * @param transactionID The transaction ID. May be null. - */ - public LoggingContext(String transactionID) { - this.transactionID = transactionID; - this.nodeID = System.getProperty(NODE_ID_PROPERTY); - } - - /** - * Return the transaction ID. - * - * @return The transaction ID. - */ - public String getTransactionID() { - return transactionID; - } - - /** - * Return the node ID. - * - * @return The node ID. - */ - public String getNodeID() { - return nodeID; - } -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java deleted file mode 100644 index f0d7b4c07..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.logging; - -/** - * Provides each thread with a single instance of LoggingContext. - * - * @author Patrick Peck - * @version $Id$ - */ -public class LoggingContextManager { - /** The single instance of this class. */ - private static LoggingContextManager instance = null; - - /** The LoggingContext for each thread. */ - private ThreadLocal context; - - /** - * Get the single instance of the LoggingContextManager class. - * - * @return LoggingContextManager The single instance. - */ - public static synchronized LoggingContextManager getInstance() { - if (instance == null) { - instance = new LoggingContextManager(); - } - return instance; - } - - /** - * Creates a new LoggingContextManager. - * - * Protected to disallow direct instantiation. - */ - protected LoggingContextManager() { - context = new ThreadLocal(); - } - - /** - * Set the LoggingContext context for the current thread. - * - * @param ctx The LoggingContext for the current thread. - */ - public void setLoggingContext(LoggingContext ctx) { - context.set(ctx); - } - - /** - * Return the LoggingContext for the current thread. - * - * @return LoggingContext The LoggingContext for the current - * thread, or null if none has been set. - */ - public LoggingContext getLoggingContext() { - return (LoggingContext) context.get(); - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java index 8f3ffd4c6..b1a3f8446 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java @@ -31,7 +31,6 @@ import org.apache.xerces.util.URI.MalformedURIException; import org.xml.sax.EntityResolver; import org.xml.sax.InputSource; -import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; /** @@ -72,7 +71,7 @@ public class MOAEntityResolver implements EntityResolver { if (Logger.isDebugEnabled()) { Logger.debug( - new LogMsg("resolveEntity: p=" + publicId + " s=" + systemId)); + new at.gv.egovernment.moaspss.logging.LogMsg("resolveEntity: p=" + publicId + " s=" + systemId)); } if (publicId != null) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java index 3769b264d..ea71a677f 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java @@ -28,8 +28,8 @@ import org.apache.xml.utils.DefaultErrorHandler; import org.xml.sax.SAXException; import org.xml.sax.SAXParseException; -import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moaspss.logging.LogMsg; /** * An ErrorHandler that logs a message and throws a diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java deleted file mode 100644 index c2c67ec58..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java +++ /dev/null @@ -1,244 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.util; - -import java.io.IOException; -import java.io.InputStream; -import java.security.GeneralSecurityException; -import java.security.KeyStore; - -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; - -/** - * Utility for connecting to server applications via SSL. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SSLUtils { - - /** - * Creates an SSLSocketFactory which utilizes the given trust store. - * - * @param trustStoreType key store type of trust store - * @param trustStoreInputStream input stream for reading JKS trust store containing - * trusted server certificates; if null, the default - * trust store will be utilized - * @param trustStorePassword if provided, it will be used to check - * the integrity of the trust store; if omitted, it will not be checked - * @return SSLSocketFactory to be used by an HttpsURLConnection - * @throws IOException thrown while reading from the input stream - * @throws GeneralSecurityException thrown while creating the socket factory - */ - public static SSLSocketFactory getSSLSocketFactory( - String trustStoreType, - InputStream trustStoreInputStream, - String trustStorePassword) - throws IOException, GeneralSecurityException { - - TrustManager[] tms = getTrustManagers(trustStoreType, trustStoreInputStream, trustStorePassword); - SSLContext ctx = SSLContext.getInstance("TLS"); - ctx.init(null, tms, null); - - SSLSocketFactory sf = ctx.getSocketFactory(); - return sf; - } - /** - * Creates an SSLSocketFactory which utilizes the - * given trust store and keystore. - * - * @param trustStore trust store containing trusted server certificates; - * if null, the default trust store will be utilized - * @param clientKeyStoreType key store type of clientKeyStore - * @param clientKeyStoreURL URL of key store containing keys to be used for - * client authentication; if null, the default key store will be utilized - * @param clientKeyStorePassword if provided, it will be used to check - * the integrity of the client key store; if omitted, it will not be checked - * @return SSLSocketFactory to be used by an HttpsURLConnection - * @throws IOException thrown while reading key store file - * @throws GeneralSecurityException thrown while creating the socket factory - */ - public static SSLSocketFactory getSSLSocketFactory( - KeyStore trustStore, - String clientKeyStoreType, - String clientKeyStoreURL, - String clientKeyStorePassword) - throws IOException, GeneralSecurityException { - - SSLContext ctx = getSSLContext( - trustStore, clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); - SSLSocketFactory sf = ctx.getSocketFactory(); - return sf; - } - /** - * Creates an SSLContext initialized for the - * given trust store and keystore. - * - * @param trustStore trust store containing trusted server certificates; - * if null, the default trust store will be utilized - * @param clientKeyStoreType key store type of clientKeyStore - * @param clientKeyStoreURL URL of key store containing keys to be used for - * client authentication; if null, the default key store will be utilized - * @param clientKeyStorePassword if provided, it will be used to check - * the integrity of the client key store; if omitted, it will not be checked - * @return SSLContext to be used for creating an SSLSocketFactory - * @throws IOException thrown while reading key store file - * @throws GeneralSecurityException thrown while creating the SSL context - */ - public static SSLContext getSSLContext( - KeyStore trustStore, - String clientKeyStoreType, - String clientKeyStoreURL, - String clientKeyStorePassword) - throws IOException, GeneralSecurityException { - - TrustManager[] tms = getTrustManagers(trustStore); - KeyManager[] kms = getKeyManagers(clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); - SSLContext ctx = SSLContext.getInstance("TLS"); - ctx.init(kms, tms, null); - return ctx; - } - /** - * Loads the trust store from an input stream and gets the - * TrustManagers from a default TrustManagerFactory, - * initialized from the given trust store. - * @param trustStoreType key store type of trust store - * @param trustStoreInputStream input stream for reading JKS trust store containing - * trusted server certificates; if null, the default - * trust store will be utilized - * @param trustStorePassword if provided, it will be used to check - * the integrity of the trust store; if omitted, it will not be checked - * @return TrustManagers to be used for creating an - * SSLSocketFactory utilizing the given trust store - * @throws IOException thrown while reading from the input stream - * @throws GeneralSecurityException thrown while initializing the - * default TrustManagerFactory - */ - protected static TrustManager[] getTrustManagers( - String trustStoreType, - InputStream trustStoreInputStream, - String trustStorePassword) - throws IOException, GeneralSecurityException { - - if (trustStoreInputStream == null) - return null; - - // Set up the TrustStore to use. We need to load the file into - // a KeyStore instance. - KeyStore trustStore = KeyStoreUtils.loadKeyStore(trustStoreType, trustStoreInputStream, trustStorePassword); - return getTrustManagers(trustStore); - } - /** - * Gets the TrustManagers from a default TrustManagerFactory, - * initialized from the given trust store. - * - * @param trustStore the trust store to use - * @return TrustManagers to be used for creating an - * SSLSocketFactory utilizing the given trust store - * @throws GeneralSecurityException thrown while initializing the - * default TrustManagerFactory - */ - protected static TrustManager[] getTrustManagers(KeyStore trustStore) - throws GeneralSecurityException { - - if (trustStore == null) - return null; - - // Initialize the default TrustManagerFactory with this KeyStore - String alg=TrustManagerFactory.getDefaultAlgorithm(); - TrustManagerFactory tmFact=TrustManagerFactory.getInstance(alg); - tmFact.init(trustStore); - - // And now get the TrustManagers - TrustManager[] tms=tmFact.getTrustManagers(); - return tms; - } - /** - * Loads the client key store from file and gets the - * KeyManagers from a default KeyManagerFactory, - * initialized from the given client key store. - * @param clientKeyStoreType key store type of clientKeyStore - * @param clientKeyStoreURL URL of key store containing keys to be used for - * client authentication; if null, the default key store will be utilized - * @param clientKeyStorePassword password used to check the integrity of the client key store; - * if null, it will not be checked - * @return KeyManagers to be used for creating an - * SSLSocketFactory utilizing the given client key store - * @throws IOException thrown while reading from the key store file - * @throws GeneralSecurityException thrown while initializing the - * default KeyManagerFactory - */ - public static KeyManager[] getKeyManagers ( - String clientKeyStoreType, - String clientKeyStoreURL, - String clientKeyStorePassword) - throws IOException, GeneralSecurityException { - - if (clientKeyStoreURL == null) - return null; - - // Set up the KeyStore to use. We need to load the file into - // a KeyStore instance. - KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore( - clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); - return getKeyManagers(clientKeyStore, clientKeyStorePassword); - } - /** - * Gets the KeyManagers from a default KeyManagerFactory, - * initialized from the given client key store. - * @param clientKeyStore client key store - * @param clientKeyStorePassword if provided, it will be used to check - * the integrity of the client key store; if omitted, it will not be checked - * @return KeyManagers to be used for creating an - * SSLSocketFactory utilizing the given client key store - * @throws GeneralSecurityException thrown while initializing the - * default KeyManagerFactory - */ - public static KeyManager[] getKeyManagers ( - KeyStore clientKeyStore, - String clientKeyStorePassword) - throws GeneralSecurityException { - - if (clientKeyStore == null) - return null; - - // Now we initialize the default KeyManagerFactory with this KeyStore - String alg=KeyManagerFactory.getDefaultAlgorithm(); - KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg); - char[] password = null; - if (clientKeyStorePassword != null) - password = clientKeyStorePassword.toCharArray(); - kmFact.init(clientKeyStore, password); - - // And now get the KeyManagers - KeyManager[] kms=kmFact.getKeyManagers(); - return kms; - } -} -- cgit v1.2.3 From 8175d726cecf103b3a433313f4d2ef54d09ebadf Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 9 May 2016 11:05:15 +0200 Subject: fix some problems in configuration tool --- .../config/ConfigurationMigrationUtils.java | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) (limited to 'id/server/moa-id-commons/src/main/java/at/gv') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index 63d8f463c..fb2ef456c 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -22,8 +22,6 @@ moaidconfigmoaidconfigmoaidconfig * Copyright 2014 Federal Chancellery Austria */ package at.gv.egovernment.moa.id.commons.config; -import iaik.x509.X509Certificate; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateException; @@ -88,6 +86,7 @@ import at.gv.egovernment.moa.id.commons.validation.TargetValidator; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate; /** * @author tlenz @@ -1259,10 +1258,16 @@ public class ConfigurationMigrationUtils { if (list.contains(MOA_CONFIG_PROTOCOL_SAML1)) result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_LEGACY, Boolean.TRUE.toString()); + else + result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_LEGACY, + Boolean.FALSE.toString()); if (list.contains(MOA_CONFIG_PROTOCOL_PVP2)) result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_LEGACY, Boolean.TRUE.toString()); + else + result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_LEGACY, + Boolean.FALSE.toString()); } SAML1 saml1 = protocols.getSAML1(); @@ -1277,14 +1282,18 @@ public class ConfigurationMigrationUtils { result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_SOURCEID, saml1.getSourceID()); - } + } else + result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_ENABLED, + Boolean.FALSE.toString()); OAuth oauth = protocols.getOAuth(); if (oauth != null) { result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_OPENID_ENABLED, String.valueOf(oauth.isIsActive())); - } + } else + result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_OPENID_ENABLED, + Boolean.FALSE.toString()); PVP2 pvp2 = protocols.getPVP2(); if (pvp2 != null) { @@ -1323,7 +1332,10 @@ public class ConfigurationMigrationUtils { result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG_URL, org.getURL()); } - } + + } else + result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_ENABLED, + Boolean.FALSE.toString()); } SecurityLayer seclayer = auth.getSecurityLayer(); -- cgit v1.2.3 From 7964878c89cb32408b644cb58edac1fc475deb0a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 12 May 2016 15:46:18 +0200 Subject: fix missing ID generation strategy --- .../egovernment/moa/id/commons/db/dao/session/AssertionStore.java | 6 ++++-- .../moa/id/commons/db/dao/session/AuthenticatedSessionStore.java | 7 +++++-- .../moa/id/commons/db/dao/session/InterfederationSessionStore.java | 4 +++- .../egovernment/moa/id/commons/db/dao/session/OASessionStore.java | 4 +++- .../moa/id/commons/db/dao/session/OldSSOSessionIDStore.java | 4 +++- .../egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java | 4 +++- 6 files changed, 21 insertions(+), 8 deletions(-) (limited to 'id/server/moa-id-commons/src/main/java/at/gv') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java index c2f5ec962..73f8a3031 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java @@ -27,6 +27,8 @@ import java.util.Date; import javax.persistence.Column; import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.Lob; import javax.persistence.NamedQueries; @@ -50,10 +52,10 @@ public class AssertionStore implements Serializable{ private static final long serialVersionUID = 1L; @Id - //@GeneratedValue(strategy = GenerationType.AUTO) + @GeneratedValue(strategy = GenerationType.AUTO) @Column(name = "id", unique=true, nullable=false) private long id; - + @Column(name = "artifact", unique=true, nullable=false) private String artifact; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java index 6333451b9..128dd79df 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java @@ -31,6 +31,8 @@ import javax.persistence.CascadeType; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.FetchType; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.Lob; import javax.persistence.NamedQueries; @@ -63,12 +65,13 @@ import org.hibernate.annotations.DynamicUpdate; public class AuthenticatedSessionStore implements Serializable{ private static final long serialVersionUID = 1L; - + @Id - //@GeneratedValue(strategy = GenerationType.AUTO) + @GeneratedValue(strategy = GenerationType.AUTO) @Column(name = "id", unique=true, nullable=false) private long id; + @Column(name = "sessionid", unique=true, nullable=false) private String sessionid; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java index c62e8be32..54216edc4 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java @@ -28,6 +28,8 @@ import java.util.Date; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.FetchType; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; @@ -44,7 +46,7 @@ public class InterfederationSessionStore implements Serializable{ private static final long serialVersionUID = 1L; @Id - //@GeneratedValue(strategy = GenerationType.AUTO) + @GeneratedValue(strategy = GenerationType.AUTO) @Column(name = "id", unique=true, nullable=false) private long id; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java index a11d94af4..44ae43115 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java @@ -28,6 +28,8 @@ import java.util.Date; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.FetchType; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; @@ -44,7 +46,7 @@ public class OASessionStore implements Serializable{ private static final long serialVersionUID = 1L; @Id - //@GeneratedValue(strategy = GenerationType.AUTO) + @GeneratedValue(strategy = GenerationType.AUTO) @Column(name = "idOASession", unique=true, nullable=false) private long idOASession; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java index 195406a37..a85bdf2ca 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java @@ -27,6 +27,8 @@ import java.io.Serializable; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.FetchType; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; @@ -49,7 +51,7 @@ public class OldSSOSessionIDStore implements Serializable{ private static final long serialVersionUID = 1L; @Id - //@GeneratedValue(strategy = GenerationType.AUTO) + @GeneratedValue(strategy = GenerationType.AUTO) @Column(name = "idOldSSOSession", unique=true, nullable=false) private long idOldSSOSession; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java index 6040d9870..97f26812f 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java @@ -27,6 +27,8 @@ import java.util.Date; import javax.persistence.Column; import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; @@ -48,7 +50,7 @@ public class StatisticLog implements Serializable{ private static final long serialVersionUID = 1L; @Id - //@GeneratedValue(strategy = GenerationType.AUTO) + @GeneratedValue(strategy = GenerationType.AUTO) @Column(name = "id", unique=true, nullable=false) private long id; -- cgit v1.2.3 From 56521a4773a8bf4722669dc15ecbc450054b22de Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 17 May 2016 11:26:29 +0200 Subject: fix problem with MS-SQL and indexing strategy --- .../at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/moa-id-commons/src/main/java/at/gv') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java index 73f8a3031..46683a928 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java @@ -52,7 +52,7 @@ public class AssertionStore implements Serializable{ private static final long serialVersionUID = 1L; @Id - @GeneratedValue(strategy = GenerationType.AUTO) + @GeneratedValue(strategy = GenerationType.AUTO) @Column(name = "id", unique=true, nullable=false) private long id; -- cgit v1.2.3 From 26363c01da4887fe3252941e12afc32dbf1f9854 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 30 May 2016 13:11:16 +0200 Subject: fix problem with MOA-ID-configuration GUI and SecurityLayer Templates in legacy mode --- .../moa/id/commons/config/ConfigurationMigrationUtils.java | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'id/server/moa-id-commons/src/main/java/at/gv') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index fb2ef456c..a221d30e4 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -239,17 +239,20 @@ public class ConfigurationMigrationUtils { if (templates != null) { List templatetype = templates.getTemplate(); if (templatetype != null) { - if (templatetype.size() > 0) { + if (templatetype.size() > 0 && + MiscUtil.isNotEmpty(templatetype.get(0).getURL())) { result.put(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE, templatetype.get(0).getURL()); result.put(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_LEGACY, Boolean.TRUE.toString()); } else result.put(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_LEGACY, Boolean.FALSE.toString()); - if (templatetype.size() > 1) + if (templatetype.size() > 1 && + MiscUtil.isNotEmpty(templatetype.get(1).getURL())) result.put(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE, templatetype.get(1).getURL()); - if (templatetype.size() > 2) + if (templatetype.size() > 2 && + MiscUtil.isNotEmpty(templatetype.get(2).getURL())) result.put(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE, templatetype.get(2).getURL()); } -- cgit v1.2.3 From 8778f159556fab8853eac6e9c97e659973be0d78 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 21 Jun 2016 11:23:31 +0200 Subject: refactor metadataprovider to Spring implementation --- .../src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'id/server/moa-id-commons/src/main/java/at/gv') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java index b23b4474b..25919a937 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.commons.api; import java.util.Collection; +import org.opensaml.saml2.metadata.provider.MetadataProvider; + import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; public interface IRequest { @@ -193,9 +195,10 @@ public interface IRequest { /** * This method get a Set of PVP 2.1 attribute, which are request by this pending-request. + * @param metadataProvider SAML2 Metadata Provider, or null if no metadata provider is required * * @return A set of PVP attribute names or null if no attributes are requested * or the Service Provider, which sends this request needs no attributes */ - public Collection getRequestedAttributes(); + public Collection getRequestedAttributes(MetadataProvider metadataProvider); } -- cgit v1.2.3 From 811ba264eccb93c901db971423022d8e12ca7c69 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 21 Jun 2016 14:15:26 +0200 Subject: fix Bug in 'parse document from input stream' method which produce a SaxParserException if DebugLevel is 'debug' --- .../src/main/java/at/gv/egovernment/moa/util/DOMUtils.java | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'id/server/moa-id-commons/src/main/java/at/gv') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java index 95cd63643..fed968443 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java @@ -49,6 +49,7 @@ import javax.xml.transform.TransformerFactory; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; +import org.apache.commons.io.IOUtils; import org.apache.xerces.parsers.DOMParser; import org.apache.xerces.parsers.SAXParser; import org.apache.xerces.parsers.XMLGrammarPreparser; @@ -225,12 +226,13 @@ public class DOMUtils { byte buffer [] = null; ByteArrayInputStream baStream = null; if(true == Logger.isDebugEnabled()) { - int len = inputStream.available(); - buffer = new byte[len]; - inputStream.read(buffer); + buffer = IOUtils.toByteArray(inputStream); baStream = new ByteArrayInputStream(buffer); - } + } + + + // create the DOM parser if (symbolTable != null) { parser = new DOMParser(symbolTable, grammarPool); @@ -298,7 +300,7 @@ public class DOMUtils { else parser.parse(new InputSource(inputStream)); } catch(SAXException e) { - if(true == Logger.isDebugEnabled() && null != buffer) { + if(true == Logger.isDebugEnabled() && null != buffer) { String xmlContent = new String(buffer); Logger.debug("SAXException in:\n" + xmlContent); } -- cgit v1.2.3 From e96e4e6cc59ce5ae538b44c45ca9a6a83419a911 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 21 Jun 2016 15:34:36 +0200 Subject: add eIDAS bPK prefix: urn:publicid:gv.at:eidasid+ --- .../at/gv/egovernment/moa/id/commons/MOAIDConstants.java | 3 +++ .../moa/id/commons/config/ConfigurationMigrationUtils.java | 12 +++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) (limited to 'id/server/moa-id-commons/src/main/java/at/gv') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java index 6726aacb5..27744273f 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java @@ -40,11 +40,13 @@ public class MOAIDConstants { public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+"; public static final String PREFIX_STORK = "urn:publicid:gv.at:storkid+"; + public static final String PREFIX_EIDAS = "urn:publicid:gv.at:eidasid+"; public static final String IDENIFICATIONTYPE_FN = "FN"; public static final String IDENIFICATIONTYPE_ERSB = "ERSB"; public static final String IDENIFICATIONTYPE_ZVR = "ZVR"; public static final String IDENIFICATIONTYPE_STORK = "STORK"; + public static final String IDENIFICATIONTYPE_EIDAS = "eIDAS"; public static final String KEYBOXIDENTIFIER_SECURE = "SecureSignatureKeypair"; public static final String KEYBOXIDENTIFIER_CERTIFIED = "CertifiedKeypair"; @@ -71,6 +73,7 @@ public class MOAIDConstants { tmp.put(IDENIFICATIONTYPE_ZVR, "Vereinsnummer"); tmp.put(IDENIFICATIONTYPE_ERSB, "ERsB Kennzahl"); tmp.put(IDENIFICATIONTYPE_STORK, "STORK"); + tmp.put(IDENIFICATIONTYPE_EIDAS, "eIDAS"); BUSINESSSERVICENAMES = Collections.unmodifiableMap(tmp); List awbpk = new ArrayList(); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index a221d30e4..e865c4ed6 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -184,6 +184,10 @@ public class ConfigurationMigrationUtils { if (MOAIDConfigurationConstants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) { result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, split[1]); result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, split[2]); + + } else if (MOAIDConfigurationConstants.PREFIX_EIDAS.startsWith(split[0]) && split.length >= 2) { + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, MOAIDConfigurationConstants.IDENIFICATIONTYPE_EIDAS); + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, split[1] + "+" + split[2]); } else if (MOAIDConfigurationConstants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) { result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK); @@ -759,9 +763,15 @@ public class ConfigurationMigrationUtils { if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE) != null && oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE) != null) { - if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE).equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK)) { + + if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE).equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_EIDAS)) { + idnumber.setValue(MOAIDConfigurationConstants.PREFIX_EIDAS + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE)); + idnumber.setType(MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE))); + + } else if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE).equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK)) { idnumber.setValue(MOAIDConfigurationConstants.PREFIX_STORK + "AT" + "+" + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE)); idnumber.setType(MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE))); + } else { idnumber.setValue(MOAIDConfigurationConstants.PREFIX_WPBK + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE) + "+" + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE)); idnumber.setType(MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE))); -- cgit v1.2.3