From 41275a296c73a5ecb29d52829116f4b6e99ce006 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 6 Sep 2017 12:39:48 +0200 Subject: add xsd schema for eIDAS specific SAML2 extensions --- .../src/main/java/at/gv/egovernment/moa/util/Constants.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'id/server/moa-id-commons/src/main/java') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java index 129478270..2a4e3b362 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java @@ -394,6 +394,12 @@ public interface Constants { public static final String SAML2_METADATA_SCHEMA_LOCATION = SCHEMA_ROOT + "saml-schema-metadata-2.0.xsd"; + + /* Prefix and Schema definition for eIDAS specific SAML2 extensions*/ + public static final String SAML2_eIDAS_EXTENSIONS_PREFIX = "eidas"; + public static final String SAML2_eIDAS_EXTENSIONS = "http://eidas.europa.eu/saml-extensions"; + public static final String SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "eIDAS_saml_extensions.xsd"; + /** * Contains all namespaces and local schema locations for XML schema * definitions relevant for MOA. For use in validating XML parsers. @@ -427,7 +433,8 @@ public interface Constants { + (STORK_NS_URI + " " + STORK_SCHEMA_LOCATION + " ") + (STORKP_NS_URI + " " + STORKP_SCHEMA_LOCATION + " ") + (SAML2_METADATA_URI + " " + SAML2_METADATA_SCHEMA_LOCATION + " ") - + (XENC_NS_URI + " " + XENC_SCHEMA_LOCATION); + + (XENC_NS_URI + " " + XENC_SCHEMA_LOCATION) + + (SAML2_eIDAS_EXTENSIONS + " " + SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION); /** URN prefix for bPK and wbPK. */ public static final String URN_PREFIX = "urn:publicid:gv.at"; -- cgit v1.2.3 From cfc0d2f6db21b4a07ef80ec31d589cbeb1f32a92 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 6 Sep 2017 14:31:25 +0200 Subject: add static variable and update demo OA --- .../java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java | 1 + 1 file changed, 1 insertion(+) (limited to 'id/server/moa-id-commons/src/main/java') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java index 971e401ca..bba6d0541 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java @@ -43,6 +43,7 @@ public interface IOAAuthParameters { public static final String LOCALBKU = "local"; public static final String INDERFEDERATEDIDP = "interfederated"; public static final String EIDAS = "eIDAS"; + public static final String AUTHTYPE_OTHERS = "others"; /** * Get the full key/value configuration for this online application -- cgit v1.2.3 From eb32c9b2cc8720c69090e9fd82fbd6861429b599 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 8 Sep 2017 14:34:10 +0200 Subject: remove unused code --- .../moa/id/commons/utils/ssl/SSLUtils.java | 27 ++++++++++------------ 1 file changed, 12 insertions(+), 15 deletions(-) (limited to 'id/server/moa-id-commons/src/main/java') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java index 109390132..abf2d211c 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java @@ -49,7 +49,6 @@ package at.gv.egovernment.moa.id.commons.utils.ssl; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.KeyStore; -import java.security.Security; import java.util.HashMap; import java.util.Map; @@ -66,8 +65,6 @@ import at.gv.egovernment.moaspss.logging.LoggingContextManager; import iaik.pki.DefaultPKIConfiguration; import iaik.pki.PKIException; import iaik.pki.PKIFactory; -//import iaik.pki.jsse.IAIKX509TrustManager; -import iaik.security.provider.IAIK; /** @@ -83,18 +80,18 @@ public class SSLUtils { /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/ private static Map sslSocketFactories = new HashMap(); - /** - * Initializes the SSLSocketFactory store. - */ - public static void initialize() { - sslSocketFactories = new HashMap(); - // JSSE Abhängigkeit - //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - Security.addProvider(new IAIK()); - //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); - - - } +// /** +// * Initializes the SSLSocketFactory store. +// */ +// public static void initialize() { +// sslSocketFactories = new HashMap(); +// // JSSE Abhängigkeit +// //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); +// Security.addProvider(new IAIK()); +// //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); +// +// +// } /** * IAIK PKI module and MOA-SIG uses a ThreadLocal variable for logging -- cgit v1.2.3 From 22ccfa1baf256635268a3a65ac59d5a415d19356 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 19 Sep 2017 14:28:36 +0200 Subject: update TransactionUtis for MDC logging and add unique OA identifier as additional MDC variable --- .../main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java | 2 ++ 1 file changed, 2 insertions(+) (limited to 'id/server/moa-id-commons/src/main/java') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java index b16941f51..d8d3dbeee 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java @@ -171,8 +171,10 @@ public class MOAIDAuthConstants extends MOAIDConstants{ public static final String REGEX_PATTERN_TARGET = "^[A-Za-z]{2}(-.*)?$"; + //MDC variables for logging public static final String MDC_TRANSACTION_ID = "transactionId"; public static final String MDC_SESSION_ID = "sessionId"; + public static final String MDC_SERVICEPROVIDER_ID = "oaId"; //AuthnRequest IssueInstant validation public static final int TIME_JITTER = 5; //all 5 minutes time jitter -- cgit v1.2.3 From 3c81d3fef06204f2259b6c0377c8a2a00974c614 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 20 Sep 2017 12:15:20 +0200 Subject: make SAML2 http POST-Binding template and mandate-service selection-template configurable for every online application --- .../config/ConfigurationMigrationUtils.java | 7 ++++- .../config/MOAIDConfigurationConstants.java | 3 ++ .../dao/config/deprecated/OnlineApplication.java | 34 ++++++++++++++++++++++ 3 files changed, 43 insertions(+), 1 deletion(-) (limited to 'id/server/moa-id-commons/src/main/java') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index b8284c8f9..5091195d8 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -143,7 +143,9 @@ public class ConfigurationMigrationUtils { if (MiscUtil.isNotEmpty(oa.getEventCodes())) { result.put(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES, oa.getEventCodes()); } - + + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL, oa.getMandateServiceSelectionTemplateURL()); + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, oa.getSaml2PostBindingTemplateURL()); //convert target String target_full = oa.getTarget(); @@ -769,6 +771,9 @@ public class ConfigurationMigrationUtils { } dbOA.setSelectedSZRGWServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL)); + + dbOA.setMandateServiceSelectionTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL)); + dbOA.setSaml2PostBindingTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL)); if (Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE))) { dbOA.setType(MOA_CONFIG_BUSINESSSERVICE); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index 9fe90daa4..b72034002 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -105,6 +105,9 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT = SERVICE_AUTH_TEMPLATES_CUSTOMIZATION + ".applet.hight"; public static final String SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH = SERVICE_AUTH_TEMPLATES_CUSTOMIZATION + ".applet.width"; + public static final String SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL = SERVICE_AUTH_TEMPLATES + ".saml2.postbinding.url"; + public static final String SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL = SERVICE_AUTH_TEMPLATES + ".elga.mandateserviceselection.url"; + private static final String SERVICE_AUTH_TESTCREDENTIALS = AUTH + "." + TESTCREDENTIALS; public static final String SERVICE_AUTH_TESTCREDENTIALS_ENABLED = SERVICE_AUTH_TESTCREDENTIALS + ".enabled"; public static final String SERVICE_AUTH_TESTCREDENTIALS_OIDs = SERVICE_AUTH_TESTCREDENTIALS + ".oids"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java index 4aee10bc1..196923ce6 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java @@ -109,10 +109,44 @@ public class OnlineApplication @XmlTransient protected String selectedSZRGWServiceURL = null; + @XmlTransient + protected String saml2PostBindingTemplateURL = null; + + @XmlTransient + protected String mandateServiceSelectionTemplateURL = null; + /** + * @return the saml2PostBindingTemplateURL + */ + public String getSaml2PostBindingTemplateURL() { + return saml2PostBindingTemplateURL; + } + + /** + * @param saml2PostBindingTemplateURL the saml2PostBindingTemplateURL to set + */ + public void setSaml2PostBindingTemplateURL(String saml2PostBindingTemplateURL) { + this.saml2PostBindingTemplateURL = saml2PostBindingTemplateURL; + } + + /** + * @return the mandateServiceSelectionTemplateURL + */ + public String getMandateServiceSelectionTemplateURL() { + return mandateServiceSelectionTemplateURL; + } + + /** + * @param mandateServiceSelectionTemplateURL the mandateServiceSelectionTemplateURL to set + */ + public void setMandateServiceSelectionTemplateURL(String mandateServiceSelectionTemplateURL) { + this.mandateServiceSelectionTemplateURL = mandateServiceSelectionTemplateURL; + } + + /** * @return the selectedSZRGWServiceURL */ public String getSelectedSZRGWServiceURL() { -- cgit v1.2.3