From 8af729fe3025f384a8232a0c3de9f029d24d2e5d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 26 Sep 2018 14:07:41 +0200 Subject: remove unused dependency --- id/server/moa-id-commons/pom.xml | 4 ++-- .../gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java | 2 -- 2 files changed, 2 insertions(+), 4 deletions(-) (limited to 'id/server/moa-id-commons') diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 55a7e7be9..7ec1ddf73 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -270,13 +270,13 @@ - + com.fasterxml.jackson.core jackson-databind com.fasterxml.jackson.core - jackson-annotations + jackson-annotations diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java index 4c6cd16c0..7114552b4 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java @@ -37,7 +37,6 @@ import javax.persistence.Table; import org.hibernate.annotations.DynamicUpdate; -import com.fasterxml.jackson.annotation.JsonCreator; @@ -57,7 +56,6 @@ public class AssertionStore implements Serializable{ - @JsonCreator public AssertionStore(){ } -- cgit v1.2.3 From b76b6e6212784d622ca79bd258fa3e529b353346 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 28 Sep 2018 14:19:50 +0200 Subject: add first code for eID4U --- .../src/main/java/at/gv/egovernment/moa/util/Constants.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'id/server/moa-id-commons') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java index 47abbf29a..b3655c0c0 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java @@ -398,8 +398,7 @@ public interface Constants { /* Prefix and Schema definition for eIDAS specific SAML2 extensions*/ public static final String SAML2_eIDAS_EXTENSIONS_PREFIX = "eidas"; public static final String SAML2_eIDAS_EXTENSIONS = "http://eidas.europa.eu/saml-extensions"; - public static final String SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "eIDAS_saml_extensions.xsd"; - + public static final String SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "eIDAS_saml_extensions.xsd"; /* Prefix and Schema for SAML2 Entity Attributes */ public static final String SAML2_MDATTR_EXTENSIONS_PREFIX = "mdattr"; -- cgit v1.2.3 From f33643667ae2daf3525be8744fff7e73ef4d7974 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 4 Feb 2019 07:59:44 +0100 Subject: update http-Proxy injection --- .../egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'id/server/moa-id-commons') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java index 7121c4a2a..31c66376c 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java @@ -72,8 +72,9 @@ public class HttpClientWithProxySupport { String user = System.getProperty("http.proxyUser"); //$NON-NLS-1$ String pass = System.getProperty("http.proxyPassword"); //$NON-NLS-1$ if (MiscUtil.isNotEmpty(user) && pass != null) { - CredentialsProvider credsProvider = new BasicCredentialsProvider(); - credsProvider.setCredentials(new AuthScope(host, p), new UsernamePasswordCredentials(user, pass)); + CredentialsProvider proxyCredsProvider = new BasicCredentialsProvider(); + proxyCredsProvider.setCredentials(new AuthScope(host, p), new UsernamePasswordCredentials(user, pass)); + clientBuilder.setDefaultCredentialsProvider(proxyCredsProvider); } } -- cgit v1.2.3 From a917335ea69ab857f00bd17679e259fcc215cad9 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 4 Feb 2019 08:58:10 +0100 Subject: update SSLUtils to use default JVM trustStore for SSL connections as optional --- .../moa/id/commons/api/AuthConfiguration.java | 1 + .../utils/MOAHttpProtocolSocketFactory.java | 20 ++++++---- .../moa/id/commons/utils/ssl/SSLUtils.java | 44 +++++++++++++++++----- 3 files changed, 48 insertions(+), 17 deletions(-) (limited to 'id/server/moa-id-commons') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java index a787cea00..4dd0a857f 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java @@ -11,6 +11,7 @@ import iaik.pki.revocation.RevocationSourceTypes; public interface AuthConfiguration extends ConfigurationProvider{ + public static final String PROP_KEY_SSL_USE_JVM_TRUSTSTORE = "configuration.ssl.useStandardJavaTrustStore"; public static final String PROP_KEY_SSL_HOSTNAME_VALIDATION = "configuration.ssl.validation.hostname"; public static final String PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION = "service.onlinemandates.ssl.validation.hostname"; public static final String PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER = "protocols.pvp2.metadata.entitycategories.active"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java index bdadf681d..6c8c092ed 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java @@ -34,7 +34,6 @@ import java.util.Arrays; import java.util.List; import javax.net.ssl.SSLException; -import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; @@ -51,7 +50,6 @@ import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.Logger; import iaik.pki.PKIException; -import sun.security.ssl.ProtocolVersion; /** * @author tlenz @@ -77,14 +75,15 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory * @throws MOAHttpProtocolSocketFactoryException */ public MOAHttpProtocolSocketFactory ( - String url, + String url, + boolean useStandardJavaTrustStore, String trustStoreURL, String acceptedServerCertURL, String chainingMode, boolean checkRevocation, String[] revocationMethodOrder, boolean verifyHostName) throws MOAHttpProtocolSocketFactoryException { - internalInitialize(url, null, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder); + internalInitialize(url, useStandardJavaTrustStore, null, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder); this.verifyHostName = verifyHostName; @@ -103,26 +102,31 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory * @param verifyHostName Enables / Disables hostName verfication * @throws MOAHttpProtocolSocketFactoryException */ - public MOAHttpProtocolSocketFactory(String url, String certStoreDirectory, String trustStoreURL, + public MOAHttpProtocolSocketFactory(String url, boolean useStandardJavaTrustStore, + String certStoreDirectory, + String trustStoreURL, String acceptedServerCertURL, String chainingMode, boolean checkRevocation, String[] revocationMethodOrder, boolean verifyHostName) throws MOAHttpProtocolSocketFactoryException { - internalInitialize(url, certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder); + internalInitialize(url, useStandardJavaTrustStore, certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder); this.verifyHostName = verifyHostName; } - private void internalInitialize(String url, String certStoreDirectory, String trustStoreURL, + private void internalInitialize(String url, boolean useStandardJavaTrustStore, + String certStoreDirectory, + String trustStoreURL, String acceptedServerCertURL, String chainingMode, boolean checkRevocation, String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException { try { this.sslfactory = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( - url, + url, + useStandardJavaTrustStore, certStoreDirectory, trustStoreURL, acceptedServerCertURL, diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java index e6efca4ea..a96daead3 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java @@ -108,8 +108,29 @@ public class SSLUtils { } } + /** + * Get SSLSocketFactory with TrustStore and KeyStore implementations + * + * @param url URL of the Service that should be connected + * @param useStandardJavaTrustStore Flag to use standard JVM truststore + * @param certStoreRootDirParam Path to certStore, if own truststore is used + * @param trustStoreURL Path to truststore, if own truststore is used + * @param acceptedServerCertURL Path to whitelist with EE-Server certificats, if own truststore is used + * @param chainingMode PKIX-Mode or Onion-Model for certificate validation, if own truststore is used + * @param checkRevocation Flag to activate or deactivate revocation checks, if own truststore is used + * @param revocationMethodOrder Revocation check order (CLR, OCSP), if own truststore is used + * @param clientKeyStoreURL Path to KeyStore for SSL Client-Authentication, or null + * @param clientKeyStorePassword KeyStore password + * @param clientKeyStoreType KeyStore type + * @return + * @throws IOException + * @throws GeneralSecurityException + * @throws SSLConfigurationException + * @throws PKIException + */ public static SSLSocketFactory getSSLSocketFactory( - String url, + String url, + boolean useStandardJavaTrustStore, String certStoreRootDirParam, String trustStoreURL, String acceptedServerCertURL, @@ -130,14 +151,19 @@ public class SSLUtils { return ssf; } - - TrustManager[] tms = getTrustManagers( - certStoreRootDirParam, - chainingMode, - trustStoreURL, - acceptedServerCertURL, - checkRevocation, - revocationMethodOrder); + + //initialize own trust-store implementation + TrustManager[] tms = null; + if (useStandardJavaTrustStore) { + tms = getTrustManagers( + certStoreRootDirParam, + chainingMode, + trustStoreURL, + acceptedServerCertURL, + checkRevocation, + revocationMethodOrder); + + } KeyManager[] kms = getKeyManagers( clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); -- cgit v1.2.3 From 087e317a0633eb761f2a9361c4a10a75680fc742 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 12 Feb 2019 12:34:14 +0100 Subject: fix bug in UseStandardTrustStore flag remove unnecessary maven dependency --- .../main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/moa-id-commons') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java index a96daead3..8aaf94fad 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java @@ -154,7 +154,7 @@ public class SSLUtils { //initialize own trust-store implementation TrustManager[] tms = null; - if (useStandardJavaTrustStore) { + if (!useStandardJavaTrustStore) { tms = getTrustManagers( certStoreRootDirParam, chainingMode, -- cgit v1.2.3 From ffb4fc9f4ff9e1779ae4da8017fc686881a3e8ae Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 18 Feb 2019 08:30:49 +0100 Subject: add 'Austrian eID' demo-mode to simulate attribute behavior from 2020 --- .../moa/id/commons/api/IOAAuthParameters.java | 12 +++++++++- .../config/ConfigurationMigrationUtils.java | 25 ++++++++++++++++++++- .../config/MOAIDConfigurationConstants.java | 2 ++ .../dao/config/deprecated/OnlineApplication.java | 26 +++++++++++++++++++++- 4 files changed, 62 insertions(+), 3 deletions(-) (limited to 'id/server/moa-id-commons') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java index 5df4a4163..00b39daec 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java @@ -22,7 +22,6 @@ */ package at.gv.egovernment.moa.id.commons.api; -import java.io.Serializable; import java.security.PrivateKey; import java.util.Collection; import java.util.List; @@ -235,4 +234,15 @@ public interface IOAAuthParameters extends ISPConfiguration{ */ public List foreignbPKSectorsRequested(); + + /** + * Get a List of sectors for that this service provider requires additional unencrypted bPKs + * + * @return list of sectors, or null if no sectors are defined + */ + public List additionalbPKSectorsRequested(); + + + + } \ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index 4555f61d2..4adff7f19 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -176,12 +176,25 @@ public class ConfigurationMigrationUtils { } } + //Austrian eID demo-mode + if (oa.getIseIDDemoModeActive() != null) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, oa.getIseIDDemoModeActive().toString()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, Boolean.FALSE.toString()); + if (MiscUtil.isNotEmpty(oa.getForeignbPKTargetList())) result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, oa.getForeignbPKTargetList()); else result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, StringUtils.EMPTY); - + if (MiscUtil.isNotEmpty(oa.getAdditionalbPKTargetList())) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS, oa.getAdditionalbPKTargetList()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS, StringUtils.EMPTY); + + + + //convert selected SZR-GW service if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL())) result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL, oa.getSelectedSZRGWServiceURL()); @@ -857,9 +870,19 @@ public class ConfigurationMigrationUtils { } } + //Austrian eID demo-mode + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE))) + dbOA.setIseIDDemoModeActive(Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE))); + else + dbOA.setIseIDDemoModeActive(false); + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN))) dbOA.setForeignbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN)); + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS))) + dbOA.setAdditionalbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS)); + + //store BKU-URLs BKUURLS bkuruls = new BKUURLS(); authoa.setBKUURLS(bkuruls); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index a6315fe2c..1be97c49d 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -64,6 +64,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String SERVICE_AUTH_TARGET_BUSINESS_TYPE = SERVICE_AUTH_TARGET_BUSINESS + ".type"; public static final String SERVICE_AUTH_TARGET_BUSINESS_VALUE = SERVICE_AUTH_TARGET_BUSINESS + ".value"; public static final String SERVICE_AUTH_TARGET_FOREIGN = SERVICE_AUTH_TARGET + ".foreign"; + public static final String SERVICE_AUTH_TARGET_ADDITIONAL_BPKS = SERVICE_AUTH_TARGET + ".additionalbPKs"; + public static final String SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE = AUTH + ".austrianeIDdemomode"; public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET = SERVICE_AUTH_TARGET_PUBLIC + ".target"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java index e37873a72..510fd0581 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java @@ -115,10 +115,15 @@ public class OnlineApplication @XmlTransient protected String mandateServiceSelectionTemplateURL = null; - @XmlTransient + @XmlTransient protected String foreignbPKTargetList = null; + @XmlTransient + protected String additionalbPKTargetList = null; + @XmlTransient + protected Boolean iseIDDemoModeActive = false; + public String getForeignbPKTargetList() { return foreignbPKTargetList; @@ -128,6 +133,25 @@ public class OnlineApplication this.foreignbPKTargetList = foreignbPKTargetList; } + + + + public String getAdditionalbPKTargetList() { + return additionalbPKTargetList; + } + + public void setAdditionalbPKTargetList(String additionalbPKTargetList) { + this.additionalbPKTargetList = additionalbPKTargetList; + } + + public Boolean getIseIDDemoModeActive() { + return iseIDDemoModeActive; + } + + public void setIseIDDemoModeActive(Boolean iseIDDemoModeActive) { + this.iseIDDemoModeActive = iseIDDemoModeActive; + } + /** * @return the saml2PostBindingTemplateURL */ -- cgit v1.2.3